audit reference

Audit Quick ReferenceAudit Requirements (Reference: ISO 9001:2000, 8.2.2) 1. Conduct audits at planned intervals 6. Select impartial and objective auditors 2. Assess for conformity and effectiveness 7. Document an audit procedure covering 3. Plan the audit program to consider: responsibilities and requirements for: - status and importance of audited areas - audit planning and execution - previous audit results - audit reporting and recordkeeping 4. Determine the audit criteria and scope 8. Ensure timely corrective action by auditee 5. Define the audit frequency and methods 9. Verify corrective actions and report results

Audit Activities (Reference: ISO 19011:2002, 6.2-6.8)

(Audit Initiation) – ISO 19011:2002, 6.2 1. Clarify the reason for the requested audit 4. Determine the feasibility of the audit 2. Appoint the audit team leader 5. Select the audit team members 3. Define objectives, scope, and criteria 6. Establish initial contact with the auditee

(Document Review) – ISO 19011:2002, 6.3 1. Review documents before onsite audit 5. Defer until onsite audit if not detrimental 2. Take into account audit objective and scope 6. Determine conformity with audit criteria 3. Consider organization size and complexity 7. Report any documentation concerns 4. Include relevant documents and records 8. Decide to continue audit or postpone it

(Audit Preparation) – ISO 19011:2002, 6.4 1. Prepare audit plan as basis for agreement 4. Assign work to the audit team members 2. Use plan to schedule and control the audit 5. Prepare process diagram and audit checklist 3. Keep flexible to permit changes during audit 6. Confirm audit arrangements and logistics

Process Diagram

(Audit Execution) – ISO 19011:2002, 6.5 1. Hold opening meeting and explain objective 12. Follow trails to other areas based on scope 2. Define the role of guides and observers 13. Check the facts (use other sources) 3. Interview people at their workplace 14. Record the evidence (checklist notes) 4. Put the person at ease (lower anxiety) 15. Make tentative conclusions (no secrets) 5. Explain your purpose (what you want) 16. Give opportunity to discuss other subjects 6. Ask about job and applicable documents 17. Avoid consulting on cause and solution 7. Use open-ended questions (5 Ws and H) 18. Thank for time and cooperation 8. Verify responses (confirm understanding) 19. Review progress periodically with audit team 9. Remember to ask for proof (show me) 20. Compare audit evidence to audit criteria10. Observe activities and examine records 21. Generate findings and prepare conclusions11. Take random, yet representative samples 22. Conduct closing meeting and report results

Requirement Sources: Evidence Sources: 1. Standard (e.g., ISO 9001:2000) 1. Interviews (personnel statements) 2. Company (policies and procedures) 2. Observations (demonstrated practices) 3. Customer (contracts and orders) 3. Documents (plans, procedures, specs) 4. Legal (statutes and regulations) 4. Records (tests, minutes, completed forms)

© 2005 <www.WhittingtonAssociates.com> V1.R2 of 4

PROCESS OUTPUTSINPUTS

WHAT

METHODS MEASURES

WHO What (Resources) equipment; tools; software.

Inputswhat received;when; from who.

Methodsprocedures; forms;instructions; controls.

Who (Resources)people; skills; experience.

Outputswhat delivered;when; to who.

Measuresquality objectives; performance results.. results.

Audit Quick ReferenceAudit Objectives:1. Verify conformity with requirements2. Judge effectiveness of quality system 3. Identify opportunities for improvement

Three Dimensional Audit:1. Front: Intent (plan for process) 2. Side: Practice (implementation of intent) 3. Top: Result (effectiveness of practice)

(Audit Reporting) – ISO 19011:2002, 6.6 1. Prepare audit report per audit procedure 3. Ensure it is complete, correct, clear, concise 2. Include in any nonconformity statements: 4. Approve audit report per audit procedure - requirement (with source) 5. Issue audit report in agreed timeframe - problem (with evidence) 6. Distribute to client-designated recipients

(Audit Completion) – ISO 19011:2002, 6.7 1. Ensure all activities in plan are carried out 3. Keep or destroy documents per agreements 2. Ensure the audit report has been distributed 4. Remember audit not “closed” until F/U audit

(Follow-Up Audit) – ISO 19011:2002, 6.8 1. Notify auditee if need for corrective action 4. Ask auditee to notify you of completed action 2. Agree with the proposed corrective action 5. Verify action was effective to avoid problem 3. Ensure action is taken in agreed timeframe 6. Close out the nonconformity based on action

Audit Principles (Reference: ISO 19011:2002, 4) 1. Carry out the audit in an ethical manner 4. Conduct an impartial and objective audit 2. Present truthful, fair, and accurate results 5. Base conclusions on verifiable evidence 3. Perform audit with due professional care

Audit Questions 1. What is the primary purpose of this process? 9. How is the process monitored and controlled? 2. Who is the manager (owner) of the process? 10. What are its outputs and who receives them? 3. What are its inputs and who supplies them? 11. Do these outputs meet the requirements? 4. How do you know if these inputs are good? 12. What do you do if the outputs are not right? 5. What are your responsibilities in the process? 13. What are the process quality objectives? 6. How do you know what to do? 14. How is the process performance measured? 7. What training and skills are needed? 15. Please show me the records you maintain. 8. Please show me how you do it. 16. How could this process be improved?

Audit Definitions (Reference: ISO 19011:2002, 3 and ISO 9000:2000) Audit: systematic, independent, and documented process for obtaining audit evidence and evaluating

it objectively to determine the extent to which the audit criteria are fulfilled. Criteria: set of policies, procedures, or requirements against which audit evidence is compared. Evidence: verifiable records, statements of fact, or other information relevant to audit criteria. Findings: results of the evaluation of collected audit evidence against audit criteria. Program: set of one or more audits planned for a specific timeframe and directed to specific purpose. Plan: description of the activities and arrangements for an audit. Scope: extent and boundaries of an audit. Nonconformity: non-fulfillment of a requirement.

Corrective Action (Reference: ISO 9001:2000, 8.5.2) 1. Determine if similar deficiencies exist 6. Implement planned corrective action 2. Implement immediate fix (correction) 7. Reflect changed process in documentation 3. Identify root cause of nonconformity 8. Verify the action was an effective solution 4. Develop action to prevent recurrence 9. Record the results of the investigation 5. Assign responsibilities and due dates 10. Inform audit function of completed action


2. Assess practices

3. Examine results

1. Check intent

Audit Quick ReferenceAudit Program (Reference: ISO 19011:2002, 5) 1. Assign responsibility for the audit program 5. Communicate audit program to organization 2. Establish objectives for the audit program 6. Provide resources to carry out these audits - meet requirements for system certification 7. Conduct audits within specified timeframes - verify conformity to contract requirements 8. Keep records as evidence of audit program - assess compliance to legal requirements 9. Monitor audit program against objectives - contribute to improvement of system 10. Evaluate and develop auditor performance - evaluate the capability of suppliers 11. Initiate corrective and preventive actions 3. Establish procedures to conduct the audits 12. Identify improvements for audit program 4. Prepare annual schedule of planned audits

Audit StatusConducted = Audit carried out according to plan Completed = Audit report and other records filedReported = Approved audit report distributed Closed = Corrective actions verified as effective

Audit Strategy Vertical: Assess processes within department Horizontal: Assess process across departmentsClause: Assess a clause across departments Trace: Follow a transaction through the system

Audit Checklist (Reference: ISO 19011:2002, 6.4.3)Benefits 1. Establishes the audit sampling plan 7. Prepares audit team to conduct the audit 2. Provides balanced audit coverage 8. Allows lead auditor to evaluate planning 3. Helps acquire objective evidence 9. Controls the audit pace (time manager) 4. Encapsulates the audit methodology 10. Keeps focus on audit objective and scope 5. Guides auditor on timing and content 11. Serves as memory aid (confidence builder) 6. Serves as repository for audit notes 12. Become the record of investigated areasFormat Reference: Specific source of requirement - clause or section number Requirement: Applicable requirements to look at – standard, company, customer, and legal Evidence: Expected evidence to look for – statements, observations, documents, and records

Checklist Example Reference (Source of Requirement): “Look for” Expected Evidence:ISO 9001:2000, 4.2.3.a 1. Statements – Understanding of process

2. Observation – Demonstration of process“Look at” Requirement: 3. Documents – Covered in required procedure Approve documents for adequacy before issue 4. Records – Document approvals

Plus information from “turtle” diagram à Inputs, Outputs, Resources, Methods, Measures

Audit Notes (Reference: ISO 19011:2002, 6.5.4) 1. Explain why you are taking the notes 4. Use statements as requirement or evidence 2. Note what was heard, seen, and read 5. Spot different answers for audit follow-up 3. Jot down specific facts and references 6. Determine activities for further investigation


Horizontal

Vertical

D=Departments

D D D DD

Audit Quick ReferenceOpening Meeting (Reference: ISO 19011:2002, 6.5.1)Purpose 1. Confirm audit plan and arrangements 4. Create sense of trust and cooperation 2. Describe audit process and methods 5. Give insight on management support 3. Explain roles of guides and observers 6. Provide time for auditee questionsTopics 1. Introductions (auditors, auditee, and guides) 8. Communications (auditee kept informed) 2. Attendance (sign-in sheet, if used) 9. Reporting (plan and classification scheme) 3. Objective (reason for audit) 10. Confidentiality (non-disclosure of information) 4. Scope (coverage of audited areas) 11. Logistics (work space and needed resources) 5. Criteria (applicable requirements) 12. Meetings (briefings and closing meeting) 6. Agenda (auditor assignments and times) 13. Safety and Security (site requirements) 7. Methods (audit process and sampling) 14. Questions (audit clarifications)

Interview Techniques (Reference: ISO 19011:2002, 6.5.4) 1. Talk to people performing work within scope 5. Avoid leading questions and biased results 2. Conduct interviews in normal working hours 6. Share interview results with audited person 3. Explain reasons for the audit and note-taking 7. Thank for participation and cooperation 4. Start by asking persons to describe their work 8. (See other techniques under Audit Execution)

Audit Sampling (Reference: ISO 19011:2002, 6.5.4) 1. Ensure random, yet representative sample 5. Select own sample of people; documentation 2. Select small, balanced view of process 6. Use sufficient sample to reach judgment 3. Base size on volume, time, and past issues 7. Remember evidence is based on samples 4. Consider risk and complexity of the process 8. Explain uncertainty introduced by sampling

Closing Meeting (Reference: ISO 19011:2002, 6.5.7)Purpose 1. Present balanced summary and conclusions 4. Resolve any misunderstandings or errors 2. Report any nonconformities or concerns 5. Ensure clear understanding of audit results 3. Identify possible areas for improvement 6. Seek agreement on report and findingsTopics 1. Introductions (for any new attendees) 8. Summary (findings by area and clause) 2. Attendance (sign-in sheet, if used) 9. Nonconformities (requirements and evidence) 3. Thanks (for time and cooperation) 10. Acknowledgments (signed forms and report) 4. Scope (reminder if audit coverage) 11. Agreements (on corrective action schedule) 5. Disclaimer (limited sample in brief time) 12. Report (expected date, if not provided) 6. Criteria (applicable requirements) 13. Follow-up (next steps, e.g., surveillance visit) 7. Positives (strengths and conforming areas) 14. Thanks (courtesy and hospitality)

Auditor Traits (Reference: ISO 19011:2002, 7.2 and QE19011S:2004) 1. Ethical (truthful, fair, and honest) 6. Versatile (adjusts to situations) 2. Open Minded (considers other viewpoints) 7. Tenacious (persistent and focused) 3. Diplomatic (tactful with people) 8. Decisive (reaches timely conclusions) 4. Observant (actively aware of surroundings) 9. Self-reliant (acts independently) 5. Perceptive (understands situations) 10. Willing (interested in being an auditor)

Audit Benefits 1. Verifies conformity to requirements 5. Increases quality awareness of organization 2. Initiates needed corrective actions 6. Reduces risk of product or service failures 3. Evaluates effectiveness of system 7. Provides information for management review 4. Identifies opportunities for improvement 8. Satisfies requirement of Standard for audits

This Audit Quick Reference may not be reproduced, stored electronically, or transmitted in any form without the prior written permission of the author, <[email protected]>.
