![Page 1: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/1.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
INTERNAL AUDITING
OF
MANAGEMENT SYSTEMS
This Training material is ‘COPYRIGHT PROTECTED DOCUMENT’ with TUV SUD ME and unless otherwise specified, no part of the
material may be copied, reproduced or transferred to other parties’, without permission in writing from TUV SUD ME MS Division
![Page 2: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/2.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Audits – definition and principles
The definition of audits
ISO 19011
OHSAS 18001, clause 4.5.5
The principles of auditing
Auditor roles and responsibilities
![Page 3: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/3.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
AUDITSystematic, independent and
documented process for obtaining
audit evidence and evaluating it
objectively to determine the extent
to which audit criteria are fulfilled
ISO9000
![Page 4: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/4.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Auditing Management Systems
ISO 19011
provides guidance on:
principles of auditing
managing audit programmes
audit activities
competence of auditors
![Page 5: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/5.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
5/11/2015 11:33
AM
Internal Auditing(First Party)
Performed by a Company on itself.
External
Supplier Auditing (Second Party)
Performed by a Company on its Suppliers –Second Party
Third party Auditing
Performed by an Individual, independent Organization
For legal regulatory and similar purpose
Audit can be > System Audit > Process Audit > Product Audit
Types of Audit
![Page 6: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/6.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Internal Audit
Definition:
an audit by the organisation of its own systems
and procedures
Objective:
to assure maintenance, development and improvement of the system
Requirement:
OHSAS 18001, clause 4.5.5
![Page 7: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/7.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Internal Audit
Audit programme and procedures to be established and maintained to:
determination that the management systems: conforms to planned arrangements conforms to specifications / standards is properly implemented and maintained is effectively meeting policy and objectives
review the audit results provide information to management
![Page 8: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/8.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Internal Audit
Audit programme to be based on: the OHS- status & importance of activities previous audit results
Procedures to cover: scope frequency methodologies competencies responsibilities requirements for conducting audits reporting results
Audits to be conducted by personnel independent of activity being examined
![Page 9: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/9.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Reporting of results
• nonconformance identified
• audit report
• input to management review
Mgmt. Systems properly implemented / maintained / effective?Planned arrangements followed? Requirements of Standards met?
Auditor competence• OHS risks
• legal requirements
• standards
• process / sector
• audit skills
Audit programme
• based on the OHSAS
importance of activities
• changes to organisation
• previous audit results
Audit procedures• scope
• frequency
• methodology
Responsibilities• audit management
• auditor
Internal audit process
Audit
![Page 10: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/10.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
ethical conduct
fair presentation
due professional care
independence
evidence
Principles of auditing
![Page 11: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/11.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Principles of auditing
The planning and preparation of audits
The audit process
Planning the audit
Preparing for the on-site audit
Pre-audit contact with the auditee
Document review
Audit checklist
![Page 12: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/12.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
comprise:
planning an audit
conducting a document review
preparing the on-site audit activities
conducting the on-site audit activities
reporting the audit
completing the audit
conducting audit follow-up
The audit process
![Page 13: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/13.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Include:
determining the extent of conformity to audit
criteria
evaluating compliance with legal and
contractual requirements
evaluating the effectiveness in meeting
objectives
identifying areas of potential improvement
providing added-value to the business
objectives of the organisation
Audit objectives
![Page 14: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/14.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Describes extent and boundaries of
audit including:
physical locations
organisational units
activities
processes
duration
Audit scope
![Page 15: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/15.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Includes
applicable standards
policies
procedures
regulations
legislation
management system requirements
contractual requirements
industry/business sector codes of conduct
Audit criteria
![Page 16: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/16.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
should include:
objectives
audit criteria and reference documents
audit scope
dates and places where audit will be conducted
identification of processes, units, sites, activities
estimated duration of audit activities
Audit plan
![Page 17: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/17.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
To
establish communication channels
notify proposed timings
request documentation and records
make appropriate arrangements
Pre-audit contact with auditee
![Page 18: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/18.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Documents:
relevant documentation and records
previous audit reports
Purpose:
to acquaint auditors with the processes to be audited
Document review
![Page 19: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/19.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Visualised by:
mapping the processes
developing flow-charts
develop personal checklists from procedures or other documentation
Process review
![Page 20: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/20.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Mapping a process
Level 1
Level 2
Level 3
![Page 21: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/21.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Controls
- how?
Analysing the process - key issues to consider
Inputs ? Process Outputs?
Resources
-with what?
Analysis
– what results?
![Page 22: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/22.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Preparing for the audit - constructing a “Turtle Diagram”
ProcessObjective(s) of the process
Activity steps
Process flow diagram
Inputs?
• Business requirements
• customer requirements
• legal/ regulatory requirements
• materials or services from suppliers
• process interface
(0utputs from other processes)
Outputs?
• Deliverables to customer
• specified product, service
• knowledge
• waste materials
• process interface
(inputs to other processes)
Analysis - what results?
Performance indicators
• targets achieved?
• satisfied customer?
• delivered on time?
• delivered to budget?
Controls - how?
Support processes & procedures
• procedures, work instructions
• control plan, KPIs
• test methods, calibration methods
• statistical process control
• action plans
Resources – with what?
• materials
• equipment
• tooling
• maintenance
• measuring instruments
• calibration
• work environment
Resources - with who?
Competence, skills, training
• Process manager
• Team leaders, operators
• roles & responsibilities
• job descriptions
• competence & skills matrix
• on-the-job training & records
• training courses & records
• performance appraisals
• Communications
Typical considerations
![Page 23: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/23.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Purpose
To:
ensure audit objectives and scope are met
every part of the audit is completed
provide guidelines for auditor
Audit checklist
![Page 24: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/24.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Advantages
aid to preparation
indication of duration of audit
aid to control depth and pace of audit
aid to ensure that all planned arrangements are covered
means of recording responses by auditee
Audit checklist
![Page 25: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/25.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Disadvantages
may stifle initiative and analysis
significant areas may be omitted
Audit checklist
![Page 26: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/26.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Consider
the processes taking places
relevant procedures
documents in use
records
requirements of Standards
requirements of the quality management
system
Preparing a checklist
![Page 27: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/27.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Adequacy Checklist: Example OHSAS
# Clause No. Audit Elements Observation Remarks
4.5.2.1 Consistent with its commitment to compliance (see
4.2c), the organization shall establish, implement and
maintain procedure for periodically evaluating
compliance with legal requirements.
The organization shall keep records of the periodical
evaluation
-Procedure
- legal Register
-Frequency of evaluation
-Legal compliance
documents
4.4.7 The organization shall establish, implement and
Maintain a procedure (s):
-To identify potential situation
-Response to emergency situation
The Organization shall respond to actual emergency
situations and prevent or mitigate associated adverse OH
& S Consequence
-Procedure
-Identification of
emergency situation (thru
risk assessment)
- response mechanism to
identified situation
-Mitigation action
![Page 28: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/28.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Compliance Checklist: Example OHSAS
# Activit
y
Look At Look For Sampl
e
Time
1
Management
Review
Minutes of Meeting • Meeting Agenda
• Points discussed
• Action Plan, Responsibility. Target
• Follow-up comments
• Records
2 Samples 30 mts
2 Operation Risk Assessment
Register
• Hazards & Significant Risk
• Objective & Programs
• Operation Control
• Monitoring
• Calibration
• Maintenance
• Training (Workers & Sub contractors)
• Emergency Situation
• Legal Compliance
• Communication, Consultation & Participation
• Incident Investigation
• NC, CA & PA
• Roles & Responsibilities
7 Samples 4 Hrs
![Page 29: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/29.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Workshop
(Audit Plan & Checklist)
![Page 30: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/30.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
On-site audit activities
Information gathering
The opening meeting
Conducting the audit
Questioning techniques
Controlling the audit
![Page 31: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/31.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
People
Processes
Equipment / tools/ materials
Documentation
Information relevant to the audit is
obtained from
![Page 32: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/32.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
May be obtained from:
interviews
observation of activities
documents
records
data summaries
measurement processes and programmes
reports from other sources: customer feedback, vendor supplier ratings
interaction between functions, activities, processes
Information
![Page 33: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/33.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Audit evidence
Records, statements of fact or other information
relevant to the audit criteria and verifiable
ISO 9000:2000
![Page 34: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/34.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
The audit evidence will be:
identified
documented
recorded
evaluated against audit criteria to determine audit findings
Audit findings
![Page 35: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/35.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
To
enable auditors to introduce themselves
confirm audit purpose, scope and method
establish communication,
encourage co-operation, honesty, openness
confirm reporting arrangements
Opening meeting
![Page 36: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/36.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
meet the area representative first
always talk to those performing the task
explain the purpose of the visit
be calm, polite, reassuring
never “talk down” to people
speak clearly and carefully
The auditor’s approach
![Page 37: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/37.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Considerations
people from different levels and functions
normal working hours and place
put interviewee at ease
explain purpose and reason for note taking
summarise results
compliment where appropriate
thank auditee
Interviews
![Page 38: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/38.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
examine audit evidence
ask open-ended, close-ended & clarifying questions (depending on the situations).
refer to checklists
take notes
Ask - Look - Listen
Conducting the audit
![Page 39: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/39.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Six Important Words
How
What
Where
When
Who
Why
Questioning techniques
![Page 40: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/40.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
DO NOT
Do not be side-tracked
Do not be led or misled
Do not get “bogged down”
Do not let auditee dictate the pace of the audit
Do not make assumptions or presumptions
Control the audit
![Page 41: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/41.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
DO
be prepared
be punctual
insist on person questioned answers for themselves
as little talking as necessary
avoid misunderstandings
keep questions clear and concise
be polite and calm
give compliments
Control the audit
![Page 42: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/42.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
aggressive auditees
timid auditees
missing people
missing documents
pre-prepared samples (choose your own)
special cases
local issues and cultural customs
emotional blackmail
Be aware of:
![Page 43: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/43.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Auditor’s review
Audit findings
Corrective Action Requests (CARs)
Observations
The audit report
Presenting the findings
Follow-up and close-out
Audit reporting and follow-up
![Page 44: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/44.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
study or compare notes
review checklists
list findings
decide on nonconformities and observations
write Corrective Action Requests (non-conformities)
compile audit report
Audit review
![Page 45: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/45.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
An audit finding may be:
nonconformity
observation
Audit finding
![Page 46: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/46.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
The non-fulfilment of a requirement
ISO 9000
Nonconformity
![Page 47: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/47.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
May be a failure to:
comply with the Standard
implement a process or other documented requirement
implement a legal or contractual requirement
No requirement = no nonconformity
A nonconformity
![Page 48: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/48.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Best practice:
overview facts verbally
agree nature of nonconformity
make notes
prepare draft
When to write a finding statement
![Page 49: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/49.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Includes
description of nonconformity
example of audit evidence
summary of requirement
A finding statement
![Page 50: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/50.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Example of a finding statement
02 No’s Fire Extinguisher is not found tested in
warehouse no 03, Jebel Ali Free Zone, Dubai-UAE
since last one year.
For example: Fire Extinguishers no’s FE-WH-01 and
FE-WH-02.
Requirements-All fire extinguishers must be tested
every six months(JAFZA legal requirement)
![Page 51: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/51.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Case Studies
(Non – Conformances)
![Page 52: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/52.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
A Form used to:
report nonconformities
classify nonconformities
record acceptance of nonconformities
record actions to correct nonconformities
record auditor acceptance of corrective actions
taken
Corrective Action Request (CAR)
![Page 53: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/53.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
the applicable function, process or procedure
Standard and clause number
auditor’s name
finding statement
acceptance by auditee
CARs contain
![Page 54: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/54.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Should include
agreed audit objectives and scope
audit criteria
date and location of audit
duration
summary of audit findings
positive as well as negative findings
Audit report
![Page 55: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/55.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Internal audit
informal
constructive
system improvement
Closing meeting (1)
![Page 56: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/56.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
present all findings and evidence carefully, and
precisely
be prepared to support and justify findings
do not be drawn into arguments
if an error transpires, apologise;
alter or withdraw if necessary
do not accept a "quick fix" to CARs
Closing meeting (2)
![Page 57: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/57.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
The audit is completed when:
all activities in the audit plan have been
concluded, including distribution of audit
report
Audit completion
![Page 58: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/58.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Management should:
take immediate action to correct nonconformity
identify root cause of problem
develop corrective action to prevent recurrence
implement and monitor corrective action
To resolve the nonconformity
![Page 59: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/59.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Audit Management:
approve proposed corrective actions
monitor progress
arrange follow-up internal audit
Auditor:
review new or revised documentation
evaluate effectiveness of proposed corrective actions
Processing CARs
![Page 60: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/60.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Follow-up:
determination of implementation of corrective action
Close out:
verification and acceptance of corrective action
Follow-up and “close out”
![Page 61: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/61.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Shows status of:
CARs (from first-, second-, third-party audits)
follow-up action
‘close-out’
CAR status log
![Page 62: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/62.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
review documentation
visit audited area
audit evidence of implementation
verify effectiveness of corrective action
record details
sign-off CAR
Method of follow-up and close out
![Page 63: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/63.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Management review should consider:
corrective actions in respect of CARs
preventive actions
the analysis of data from audits, customer
feedback, process performance, product
conformity
recommendations for improvement
Continual improvement
![Page 64: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/64.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Auditor competence and certification
Personnel characteristics of auditors
Auditor competence
![Page 65: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/65.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
An auditor must be:
open minded diplomatic
observant perceptive
tenacious decisive
self-reliant fair
honest discreet
Auditor personal attributes
![Page 66: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/66.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
•In audit techniques including:
OHSAS terminology
OHSAS management principles
auditing tools
Observing organisational situations
Interpreting legislative, contractual and other relevant requirements
product, services and operational processes
details set out in ISO 19011
An auditor must be competent
![Page 67: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/67.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
review all relevant information
prepare work documents
comply with and communicate audit requirements
stay within audit scope
collate audit evidence
document nonconformities
report audit findings
verify corrective actions taken in response to nonconformities
retain and safeguard all audit documents
Auditor’s responsibilities
![Page 68: INTERNAL AUDITING - m.mu.edu.sa AUDITING.pdf · principles of auditing managing audit programmes audit activities competence of auditors. IMS-IA TRG_UAE_2013 ... Internal audit process](https://reader030.vdocuments.us/reader030/viewer/2022021800/5cef131c88c9937c458cab1c/html5/thumbnails/68.jpg)
IMS-IA TRG_UAE_2013
TÜV SÜD Middle East L.L.C ©
Thank You