manage internal audit qhse [quality-health-safety-environment]
Post on 26-Dec-2015
128 Views
Preview:
DESCRIPTION
TRANSCRIPT
2
Pelatihan ini bersifat non jenjang (non gelar) dan non sertifikasi kompetensi,
namun bersifat semi struktur yang dirancang sedemikian rupa agar dengan
terstruktur materi, durasi waktu , dan tujuan pelatihan sebagai bekal bagi calon
auditor baru, atau auditor untuk meningkatkan skill audit.
Apabila anda tertarik untuk mendalami pelatihan ini, dapat menghubungi kami:
Email : variaconsultant@gmail.com
Facebook: farrel_vconsulting@yahoo.com
Phone: +(62)821- 3466-0998
Address: Perum Dinar Mas, Blok N3, No 2, Tembalang, Semarang
This training is non grade, nor competency certification, but this training is semi structured which
designed with such structured material, time duration, and their objectives as provision competency for
new auditor, or as additional competency to improve auditor skill.
If you are insterested to get involving in this training, please don’t hesitate to contact me:
Email : variaconsultant@gmail.com
Facebook: farrel_vconsulting@yahoo.com
Phone: +(62)821- 3466-0998
3
Audit ISO 9001, ISO 14001, OHSAS 18001 (ISO 45001) bukan lagi masalah
yang sulit dipelajari, dan dijalankan.
Yang penting adalah ada kemauan, komitmen yang kuat.
Dengan contoh materi yang kami berikan semoga bermanfaat. Namun apabila
anda menemui kendala dan ingin memperoleh benefit pemahaman yang lebih
besar, anda dapat menghubungi kami.
4
• Harga pelatihan, atau pendampingan yang kompetitif.
• Harga dapat dikomparasi dengan penyedia yang lain.
Harga
• Kami tidak mempertaruhkan Kualitas hanya demi harga. Kepuasan, dan kepercayaan adalah modal & kepuasan kami.
• Pengalaman kami yang banyak terlibat secara langsung dalam proses sertifikasi, maupun konsultasi.
Kualitas
• Bermacam jenis pelatihan sistem manajemen serta template yang kami sediakan akan menghemat pengeluaran, waktu, & tenaga.
Variasi
Sebagai pengguna, calon pembeli, sebaiknya mempertimbangkan
masak-masak sebelum anda kecewa.
Berikut indikator yang harus anda pertimbangkan,
dan kami memiliki keunggulan yang menjadi pertimbangan anda:
[ Qu ali ty man agement s ystems fo r au tomotive
p roduction an d re levant s ervice p ar t o rganizat ions ]
Persyaratan TS 16949
Dokumentasi
Implementasi, special characteristic, dan lain lain
Core Tools
SPC
FMEA
MSA
Rules 4 TS 16949
Internal Audit
Preparation certification
Kami memberikan solusi perusahaan anda dalam pelatihan, persiapan audit dan
sertifikasi ISO/TS 16949
6
0 Menggantikan ISO 10011-1:1990, ISO 10011-2: 1991, ISO 10011- 3:1991, ISO 14010:1996, ISO 14011:1996 & ISO 14012:1996.
ISO 19011:2011 as 2nd edition
• Efektif per 15/11/2011
ISO 19011:2002 as 1st edition
• Efektif per 01/10/2002
Evolusi ISO 19011:2011
1
2
7
• Audit: systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled
(audit: proses yang sistematis, independen, dan terdokumentasi untuk
memperoleh bukti audit dan mengevaluasi bukti tersebut secara obyektif
untuk menentukan tingkat kesesuaiannya dengan kriteria audit)
Introduction to IA
8
• Audit criteria: set of policies, procedures or requirements used as a reference (kriteria audit: suatu set kebijakan, prosedur atau persyaratan yang
digunakan sebagai referensi dalam kegiatan audit)
• Audit evidence: records, statement of fact or
other information which are relevant to the audit criteria and verifiable (bukti audit: catatan / pernyataan dari suatu fakta / informasi lain yang dapat
diverifikasi & relevan dengan kriteria audit, dan dapat diverifikasi
Introduction to IA
9
1. Compliance Sides 1. Input for Management Review
2. CSR (customer specific requirement)
2. Beneficial Sides 1. Research from Industry & University, e.g.:
Title Author Variable & Indicator
Contribution
of the ISO
9001
internal
audit to
business
Performance
[January 2010]
Milena Alic [Mercator, d.d.,
Ljubljana,
Slovenia]
Borut Rusjan [Faculty of
Economics,
University of
Ljubljana,
Ljubljana,
Slovenia]
Internal audits contribute to the achievement of a company’s business goals and thus to business efficiency
1. Assessment of how the IA is affecting work with customers - Communication with customers - Products and services mix - Quality of goods and services - Meeting regulation‟s requirements
2. Assessment of how the IA is affecting the implementation of processes - Visibility of procedures - Organisation of work - Containing work disruptions - Worker productivity
3. Assessment of how the IA is affecting learning & development - Skills of workers and sharing of good practices - Communication and relations among employees - Stimulus for improvements
4. Assessment of how the IA t is affecting performance from the financial view - Decrease in actual and potential business damage resulting from inappropriately implemented activities that were discovered in the IA - Savings resulting from proposed improvements
Internal audits have more positive than negative effects on business performance.
Partial indirect assessments of how positive effects from the IA contribute to the achievement of business goals
10
Title Author Variable & Indicator
Managerial
relevance of
internal
Audit
Business
benefits of
using ISO 9000
internal
audit as a
managerial
tool
[November
2009]
Milena Alic [Mercator, d.d.,
Ljubljana,
Slovenia]
Borut Rusjan [Faculty of
Economics,
University of
Ljubljana,
Ljubljana,
Slovenia]
Internal audits stimulate workers to work better (following the procedures and rules, more effective and more efficient work)
Communication with customers Products and services mix Quality of goods and services Meeting regulation‟s requirements
Internal audits represent a means to exchange knowledge and spread good practices.
Visibility and clearness of work procedures Work organisation and work conditions Decrease in work interruptions and deficiencies and their
improved management Worker productivity
Internal audits represent a means to stimulate business improvements.
Skills of workers and sharing of good practices Communication and relations among employees Stimulus for improvements
Internal audits help managers attain the business objectives of the company
Decrease in actual and potential business damage resulting from inappropriately implemented activities that were discovered in the IA
Savings resulting from proposed improvements
2. Beneficial Sides 1. Research from Industry & University, e.g.:
11
Title Author Variable & Indicator
THE RELATION OF
RISK MANAGEMENT
AND INTERNAL
AUDIT FUNCTION –
THE CASE OF
CROATIA
[November 2009]
Ivana POKROVAC, B. Sc. [Teaching and Research Assistant]
Boris TUŠEK, Ph. D. [Full Professor]
Ana OLUIĆ, B. Sc. [Assistant]
University of Zagreb,
Faculty of Economics and
Business
J. F. Kennedy 6, 10 000
Zagreb, Croatia
Participation of internal audit in the process of risk management
contributes to improvement of the overall process of risk management;
Efficiency and effectiveness of the internal audit professional
engagement in a company increases through its involvement in the
risk management process
2. Beneficial Sides 1. Research from Industry & University, e.g.:
12
Accreditation Body
1st party audit
3rd party audit
Accreditation audit
2nd party audit
ISO 19011
Old - ISO 19011:2002 [1st edition]
New - ISO/IEC 17021:2011
13
INTERNAL AUDIT
• The 6 Principles of Audit
Audit
Principle
14
• Perform their work with honesty, diligence & responsibilities.
• Observe & comply with applicale legal requirement
• Demonstrate their competence in audit
• Performing work in impartial manner
• Sensitive to any influence that may excerted on their judgement while carying audit
1. Integrity: the foundation of Profesionalism
• Audit findings, audit conclusions and audit reports should reflect truthfully and accurately the audit activities. Significant obstacles encountered during the audit and unresolved diverging opinions between the audit team and the auditee should be reported. The communication should be truthful, accurate, objective, timely, clear and complete
2. Fair presentation: the obligation to report truthfully and accurately
3
6
1-2 of 6
Audit
Principle
15
• Exercise due care in accordance with the Importance of the task they perform and the confidence placed in them by the audit client and other interested parties. An important factor in carrying out their work with due professional care is having the ability to make reasoned judgements in all audit situations.
3. Due professional care: the application of diligence and judgement in auditing
• exercise discretion in the use and protection of information acquired in the course of their duties. Audit information should not be used inappropriately for personal gain by the auditor or the audit client, or in a manner detrimental to the legitimate Interests of the auditee. This concept Includes the proper handling of sensitive or confidential information
4. Confldentiality: security of information
6
3-4 of 6
6
Audit
Principle
16
• should be independent of the activity being audited wherever practicable, and should in all cases act in a manner that is free from bias and conflict of interest. For internal audits, auditors should be independent from the operating managers of the function being audited. Auditors should maintain objectivity throughout the audit process to ensure that the audit findings and conclusions are based only on the audit evidence..
5. Independence: the basis for the impartiality of the audit and objectivity of the audit conclusions
• Audit evidence should be verifiable. It will in general be based on samples of the information available, since an audit is conducted during a finite period of time and with finite resour, es. An appropriate use of sampling should be applied, since this is closely related to the confidence a can be placed in the audit conclusions.
6. Evidence-based approach: the rational method for reaching reliable and reproducible audit conclusions in a systematic audit process
6
5-6 of 6
Audit
Principle
17
INTERNAL AUDIT
(5.1 – 5.6) Basic activity :
– Objective & Extent [Tujuan & Cakupan Program Audit]
– Responsibilities, Resources, & Procedures [Tanggungjawab,
Sumberdaya, & Prosedur]
– Implementation [Penerapan Program Audit]
– Monitoring & Reviewing [Pemantauan & Peninjauan Program Audit]
• Audit Program [ISO 9000:2005, part 3.9.2]: “set of one or more audits planned for a specific time frame and directed towards a specific purpose”
[Satu kesatuan dari satu atau lebih audit yang direncanakan untuk jangka waktu tertentu dan ditujukan untuk tujuan tertentu]
Audit
Program
18
ISO 9001-2008
An audit programme shall
be planned, taking into
consideration :
- the status and importance
of the processes and areas to
be audited,
- as well as the results of
previous audits.
existing
ISO 9001-2015 DIS
Plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration:
- The quality objectives, the importance of the processes concerned,
- customer feedback,
- changes impacting on the organisation,
- and the results of previous audits
predict
Audit
Program
19
ISO 14001-2014
Audit program shall be planned, established, implemented & maintained by the organization, taking into consideration :
- the environmental importance of the operation (s) concerned
- and the results of previous audits.
existing
ISO 14001-
2015 DIS
Plan, establish, implement and maintain an audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting, which shall take into consideration
- the environmental importance of the processes concerned,
- risk associated with threats and opportunities
- and the results of previous audits;
Predict
Audit
Program
20
Audit programme(s) shall be planned,
established, implemented and maintained by
the organization, based on:
- the results of risk assessments of the
organization‟s activities,
- and the results of previous audits.
Audit
Program
21
Audit Program Objectives can be based on consideration :
a) management priorities;
b) commercial and other business intentions;
c) characteristics of processes, products and projects, and any changes to them;
d) management system requirements;
e) legal and, contractual requirements and other requirements to which the organization
is committed
f) need for supplier evaluation
g) needs and expectations of interested parties, including customers
h) auditee's level of performance as reflected in the occurrence of failure or incidents or
customer complaints
i) risks to the auditee
j) results of previous audits
k) level of maturity of the management being audited.
Audit
Program
22
ensure that the audit programme objectives are established to direct the planning and
conduct of audits,
should ensure the audit programme is implemented effectively
assign one or more competent persons to manage audit programme
s
Audit
Program
3
establish the extent of the audit programme;
identify and evaluate the risks for the audit programme;
establish audit responsibilities;
establish procedures for audit programmes;
determine necessary resources;
ensure the implementation of the audit programme, including the establishment of audit
objectives, scope and criteria of the individual audits, determining audit methods & selecting
the audit team & evaluating auditors;
ensure that appropriate audit programme records are managed and maintained.
monitor, review and improve the audit programme.
inform the top management of the contents of the audit programme, (where necessary)
request its approval
23
Audit
Program
Example :
to contribute to the improvement of a management system & its
performance
To fullfil external requirement, e.g.: certification 3rd party, code of
conduct/customer audit, etc.
To verify conformity with contractual requirement
To obtain & maintain confidence in the capability of supplier.
To determine the effectiveness of management system
to evaluate the compatibility and alignment of the management system
objectives with the management system policy and the overall
organizational objectives.
24
Audit
Program
25
The different risks associated with establishing, implementing, monitoring, reviewing and
improving an audit programme that may affect the achievement of its objectives, such as:
planning, e.g. failure to set relevant audit objectives and determine the extent of the audit
programme;
resources, e.g. allowing insufficient time for developing the audit programme or Conducting
an audit;
selection of the audit team, e.g. the team does not have the collective competence to conduct
audits effectively;
implementation, e.g. Ineffective communication of the audit program
records and their controls. e.g. failure to adequately protect audit records to demonstrate
audit program effectiveness.
monitoring, reviewing and improving the audit program, e.g. Ineffective monitoring of audit
programme outcomes.
Audit
Program
26
Planning
• Sample of Internal Audit Program
• Audit Plan Exercise (form)
1 2 3 4 5 6 7 8 9 10 11 12
Human Resource HR High
Training & Competence Technical Development Low
All Inspection Areas High
Production Planning Low
Production Area High
Non-conformance Incoming Inspection High
Procedure Material Warehouse Low
Production Areas High
Finished Product Store Low
Process A, B, C, …
Issue 01
Approved by QMR
Y 2005Process / Activity Department & Critically
Audit
Program
27
INTERNAL AUDIT
6.3.1 • Performing document review in preparation of audit
6.3.2 • Preparing the audit plan
6.3.3 • Assigning work to the audit team
6.3.4 • Preparing work document
28
Performing
Audit
6.3.2 Preparing the audit plan
To prepare an audit plan based on the information contained in the audit
programme and in the documentation provided by the auditee.
Audit Plan consider the effect of the audit activities on the auditee's processes &
provide the basis for the agreement among the audit client, audit team and the
auditee regarding the conduct of the audit.
The plan should facilitate the efficient scheduling and coordination of the audit
activities in order to achieve the objectives effectively.
The amount of detail provided in the audit plan should reflect the scope & complexity of
the audit, as well as the effect of uncertainty on achieving the audit objectives.
In preparation of audit plan :
the appropriate sampling techniques
the composition of the audit team and its collective competence
the risks to the organization created by the audit
2
Performing
Audit IA – Persiapan Audit Audit Preparation
– The auditors need to understand the roles & responsibilities allocated to each individual (setiap auditor mempunyai tugas dan
tanggung jawab dalam proses audit)
– The auditee needs to be advised of the plan to ensure that relevant staff of the activities of the organization required for audit interview / discussion will be available (auditee memastikan
keberadaan staf and manajemen dari fungsi yang diaudit)
• Coverage – Date & duration (tanggal & durasi waktu)
– Scope (ruang lingkup)
– Area / activity / QMS/EMS/OH&S elements (area / aktivitas /
elemen SMM/SML/K3)
– Name of auditor(s) & roles (nama auditor & tugasnya)
30
Model – Business Process
[1] GAVRIEL SALVENDY, “HANDBOOK OF INDUSTRIAL ENGINEERING Technology and Operations Management”, Third Edition, Third Edition, Canada, PP. 286 - 290
ISO 9001 part 4.1 General requirements:
The organization shall:
determine the processes needed for the quality management system and
their application throughout the organization (see 1.2),
determine the sequence and interaction of these processes,
[1] Corporate mission statements entail the production and utilization of material output
and services by combining production factors. Multiple entities and devices are
responsible for fulfilling these tasks. In accordance with corporate objectives,
their close collaboration must be ensured.
Performing
Audit IA – Persiapan Audit Audit Preparation
31
Performing
Audit IA – Persiapan Audit Audit Preparation
Proses : Penanganan Order Baru [New Order] Penjualan Manager Direktur
Menerima
order
Mengelola
feasibility
study
Kajian final
order &
persetujuan
32
Perencanaan Audit
1. Product Audit
2. Process Production Audit
Layout inspection & function testing [uji kualitas produk – dimensi & atribut yg dipersyaratkan].
Defect rate, handling, dll Status keberterimaan produk jadi atau process. MSA, SPC
Kemampuan proses, konsistensi proses Deteksi permasalahan yg terjadi Deteksi parameter proses berdasarkan PPAP atau
quality plan. Variansi proses selama pergantian shift
Pertimbangkan pergantian SHIFT
Alokasikan waktu lebih panjang untuk special proses, atau proses yang vital.
Internal Audit [System]
IA – Persiapan Audit Audit Preparation Performing
Audit
Performing
Audit IA – Persiapan Audit Audit Preparation
DAY 1
DAY 1
Process Start Time Auditor
Process Start Time Auditor
Review of change to Client QMS,
Customer Complaint, any new or
discontinued customer, etc
09.00 Basuki
Review of change to Client QMS,
Customer Complaint, any new or
discontinued customer, etc
09.00 TBA
On site review of corrective
action arising from previous
audit.
10.00 On site review of corrective action
arising from previous audit. 10.00
Lunch Break 12.00 Lunch Break 12.00
Opening meeting 13.00 Opening meeting 13.00
Top Management (incl.
management responsibility &
commitment)
13.30
Marketing & Sales (incl. order
handling, handling of complaint,
monitoring customer perception)
13.30
QMR (Management review &
Internal Audit) 13.30
Production 1 & 2 (incl. production
planning, process, NC product,
monitoring process-product, etc)
16.00
18.00
- Data analysis & improvement
- Document & record control
Production – 3 and Final
Inspection (incl. production
planning, process, NC product,
monitoring process-product, etc)
16.00
18.00
2nd Shift Audit 19:00
22:00 2nd Shift Audit
19:00
22:00
(Production – 3, QC,
Maintenance)
(Production – 1 & 2, QC,
Maintenance)
Closing (wash-up/final) meeting
Closing (wash-up/final) meeting
34
• Sampling – An audit cannot look at 100% of the objective Evidence available
[audit tidak dapat memeriksa 100% bukti audit yang ada]
– There are no Sampling Plans for audits [OLD], in 2nd edition there are 2 methods:
[tidak ada standard sampling untuk audit untuk versi 1st, untuk versi 2 terdapat 2 metode pendekatan sampel]
– The depth of sampling is dependent upon the auditor’s skills and experience
[sampling tergantung keahlian dan pengalaman auditor]
– The Depth and Amount of sampling should be Proportionate to the Criticality of the activity
[kedalaman dan jumlah sampling harus sesuai / proporsional dengan tingkat kritis sebuah aktivitas – semakin kritis sebuah aktifitas, harus lebih sering dan lebih dalam untuk diaudit]
Prinsip Audit: Pendekatan Berdasar Bukti
IA – Persiapan Audit Audit Preparation Performing
Audit
35
• Sampling – Once the auditor believe that the audit sampling has established a level of understanding of the
extent of Conformance then the audit is completed and it is time to move on
[bila auditor telah yakin bahwa sampling telah memadai untuk menunjukkan bahwa tingkat kesesuaian telah diketahui, lanjutkan ke proses audit selanjutnya]
– Level of sampling is reflected in Checklist [Tingkat kedalaman sampling terlihat di Checklist] - New 2008; Records of audits
• Auditor mencari bukti untuk mengkaji: [Auditor is looking for
evidence to evaluate the]
– “Effectiveness” – extent to which planned activities are realized and planned results achieved
[efektifitas – sejauh mana aktifitas yang direncanakan telah terealisasi dan hasil yang diharapkan telah diperoleh] [ISO 9000 part
3.2.14]
– “Efficiency” – relationship between the result achieved and the resources used
[efisiensi – hubungan antara hasil yang dicapai dengan sumber daya yang digunakan] [ISO 9000 part 3.2.15]
IA – Persiapan Audit Audit Preparation Performing
Audit
36
Sampling
Statistical Sampling
Judgment-based sampling
1
2
IA – Persiapan Audit Audit Preparation Performing
Audit
37
• Termasuk dalam dokumen kerja audit [Working documents include]:
rencana / metode sampling [Sampling plans]
formulir [Forms]
ringkasan peraturan / perundangan [Summary of legislation]
daftar periksa [Checklists, etc]
daftar periksa merupakan sebuah dokumen kerja yang digunakan dalam setiap jenis audit [The checklist is a working document that is applicable to all internal audits]
IA – Persiapan Audit Audit Preparation Performing
Audit
38
• Why do auditors need Checklists? – Ensure all areas are audited
– Guide auditor to the evidence
– Prompt the auditor to ask appropriate questions
– Direct the auditor to interrelated activities (Process Approach)
– Checklist becomes a record of what was viewed & level of conformance (New 2008; Records of audits & their result)
– Aids factual reporting
– Important record of Audit Process
• Always remember: Auditor worksheet & audit evidence!
IA – Persiapan Audit Audit Preparation Performing
Audit
39
Proses penyiapan daftar periksa : [The following is the key information utilized when preparing checklists]
– Evaluasi prosedur, standard, persyaratan, dsb [Review the procedures, standard, requirements, etc]
– identifikasi input, proses, & output yang dijelaskan di prosedur dsb di area audit tertentu [Identify auditable areas / activities within the procedures etc regarding Inputs, Actions and Outputs]
– input & output membantu menentukan efektifitas dari interaksi dan interrelasi proses [Inputs and Outputs helping to determine the effectiveness of the interaction and interrelationships]
– Sarikan pokok-pokok audit tersebut di sebuah daftar periksa [Extract these auditable items and put them on a checklist]
IA – Persiapan Audit Audit Preparation Performing
Audit
40
• Salah satu keahlian / skill yang harus dimiliki oleh auditor
adalah penyiapan daftar periksa yang „useful‟ & „usable‟ [The preparation of useful and usable checklists is a skill that auditors have to master]
• Auditor harus mempertimbangkan hal berikut ini dalam membuatan sebuah daftar periksa yang efektif dan efisien
[The auditor shall consider the following to assist in assembling an effective and efficient
checklist]
– Valid
– Traceable
– Complete
IA – Persiapan Audit Audit Preparation Performing
Audit
41
Model Cakupan Checklist
Implementasi
Rekaman
Dokumen
• Proses produksi yg dijalankan (product audit)
• QC onsite
• Rekaman hasil proses yang sudah dijalankan atau sedang berjalan
• Prosedur atau W/I
• Eksternal dokumen
• Informasi terbatas Ya atau tidak
• Informasi lebih luas tapi tak bisa akses kondisi proses
• Informasi lebih luas & akses kondisi proses, termasuk alat & faktor lain.
Pendekatan checklist
Proses yang dicheck
Akses Informasi
Ba
ck
off
ice
/k
an
tor
La
pa
ng
an
/ f
ield
acti
vit
y
IA – Persiapan Audit Audit Preparation Performing
Audit
42
INTERNAL AUDIT
(6.5) Tahapan Kegiatan Dasar [Basic activity steps]
– rapat pembukaan [Opening meeting]
– Proses audit yang dilaksanakan Auditor [Auditor Observation]
– Rapat Tim Auditor/Persiapan Pelaporan [Auditor team meeting]
– Rapat Penutupan [closing meeting]
43
• Topik Bahasan [Agenda of topics to cover]:
– Metode audit [explain audit method]
– Sasaran & kriteria audit [Explain objective & criteria]
– Jadwal & tempat audit [Explain the itinerary & area to be visited]
– Pelaporan temuan [Explain Reporting non conformance]
– Mendiskusikan hal umum [General Discussions]
• pendamping audit, aspek keselamatan, kerahasiaan
[Escort, safety issues, confidentiality]
• ruang untuk auditor [Arrangements for a private team conference room]
• jam kerja, makan siang, dsb [Normal working hours, lunch
arrangements, etc]
44
• Komunikasi antara tim auditor dengan Auditee [Communication between audit team with Auditee]
– bertukar informasi, mengkaji kemajuan, & menetapkan kembali tugas tim. [Periodically exchange information, communicate the progress,
reassign with team].
– bukti yang mendesak & beresiko dilaporkan segera [Immediate & significant risk of evidence reported without delay to the auditee.].
– Jika tujuan audit tidak tercapai, pimpinan melaporkan alasanya kepada auditee untuk menentukan tindakan [When audit objective unattainable, leader should report the reason to auditee to determine action.].
tindakan dapat berupa konfirmasi ulang, perubahan tujuan & scope
audit, bahkan penghentian audit. [may include reconfirmation, modification of
audit plan, change to audit scope/objective, or termination of audit].
IA – Pelaksanaan Audit Audit Performing
45
• Performing the audit – Psychology
– Internal Auditor must remember to
• Demonstrate professional & friendly approach
• Demonstrate helpful attitude
• Be positive
• Encourage suggestions
If auditor knows what is “wrong”, logically he must
also know what is “right”
Not policeman style („Right‟ / „Wrong‟ vs.
„Improvement‟)
IA – Pelaksanaan Audit Audit Performing
46
• Auditing objective evidence – Paper [catatan]
• Records, Data, Files, Reports – APPARENT PAST [menunjukkan bukti masa lalu]
– Practice [proses pelaksanaan pekerjaan]
• Physical activities – APPARENT PRESENT [menunjukkan bukti saat ini]
– People [karyawan]
• Knowledge & Understanding – APPARENT FUTURE [menunjukkan bukti masa datang]
– Everything must be matched & cross checked against other information [ketiganya harus sesuai, harus diperiksa silang antar informasi]
IA – Pelaksanaan Audit Audit Performing
47
• Auditor team meeting – Cross Checking & Verification can be performed efficiently in
an audit by the use of Auditor Progress Meetings
[cross check dan verifikasi dapat dilakukan lebih
efisien]
– Issues seen by one auditor in a particular area can be communicated to other auditors for verification in their audit activities
[kejadian yang ditemukan oleh seorang auditor di area
tertentu dapat dikomunikasikan kepada auditor lainnya dan dapat digunakan untuk memverifikasi aktifitas audit yang dilakukannya]
IA – Pelaksanaan Audit Audit Performing
48
• Auditor team meeting
– The Lead Auditor :
Monitor the overall progress against the itinerary
[memantau keseluruhan progres audit dibandingakan jadwal audit]
Identify any areas of difficulty that are causing delays
[identifikasi kesulitan yang dapat menyebabkan tertundanya audit]
Monitor the performance of the audit team members and allow re-direction of these auditors
[memantau kinerja anggota tim audit dan mengarahkan kembali auditor tersebut]
– Already be scheduled on the itinerary, usually occur at lunch times and always before leaving the site
[umumnya telah terjadwal di itinerary, dapat dilakukan saat
makan siang, dan selalu dilakukan sebelum meninggalkan lokasi audit]
IA – Pelaksanaan Audit Audit Performing
49
• Jenis Observasi Data Terdapat 2 jenis pendekatan observasi data [1] yang dilakukan selama proses audit:
1. Audit Vertical • Audit menelusur data secara vertikal dalam fungsi atau unit kerja yang
bersangkutan. Kriteria yang digunakan menggunakan prosedur yang relevan dalam 1 unit kerja tersebut.
• Biasanya dilakukan dalam AUDIT INTERNAL (1st Party Audit)
2. Audit Horisontal
• Audit menelusur data secara horisontal dari awal proses hingga akhir. Audit menggunakan Multi Prosedur sebagai kriteria dengan mengklarifikasi BENANG MERAH antara departemen dalam organisasi.
• Biasanya dilakukan dalam AUDIT EKSTERNAL (3rd Party Audit)
Reference: [1] __, “Internal Quality Audits: What They Are & How to Do”, Manchester, 1996, The National
Computing Centre Limited, p.5
50
1. Audit Vertical Production Dept
Logistic
Sub cutting Sub Buffing Sub Welding Sub Painting
Purchasing
Local Purchaser
Import Purchaser
Custom Purchaser
2. Audit Horisontal
Sub Activities Sub Activities
Logistic
Auditor
Unit kerja lain Production
51
Pemahaman dasar terhadap PROSES yang di audit dengan Pemetaan Model Proses.
Klausal 4.1 ISO 9001 menjelaskan identifikasi proses serta korelasi diantaranya.
Flow Diagram Proses diperlukan untuk menjelaskan kunci utama alur produk/jasa & informasi.
Turtle Diagram
52 Turtle Diagram
INPUT PROSES OUTPUT
Material, Alat SDM, Pelatihan, Kompetensi
Metode, prosedur teknis
Monitoring, KPI, tolok ukur
Pengendalian Sekunder
What Result?
Why target?
How (target, monitor)?
With Who?
Where (their placement,
record personel)
How?
With What?
53 Turtle Diagram
INPUT PROSES OUTPUT
Contoh : Pabrik pembuatan pagar dan teralis besi Ruang lingkup perusahaan : pembuatan pagar & teralis besi type ABC
• Order permintaan produk dari Marketing
• Material / bahan mentah / produk ½ jadi
• Produk teralis atau pagar sesuai pemesanan
• Kepuasan pelanggan
Proses yang terlibat: • Pemotongan besi,
pengelasan, penyetelan, pengecatan
54 Turtle Diagram
INPUT PROSES OUTPUT
Material, Alat SDM, Pelatihan, Kompetensi
Metode, prosedur teknis
Monitoring, KPI, tolok ukur
Pengendalian Sekunder
• Mesin potong, mesin las, dll • SDM yang terampil ramah & kompeten di bidangnya.
• Verifikasi kualitas produk. • Checklist pemeriksaan • Sasaran mutu, sample plan
• IK atau prosedur produksi. • Metode pengelasan
• Pemeliharaan lingkungan ruang cat
• Pemeliharaan rekaman.
• Order permintaan produk dari Marketing
• Material / bahan mentah / produk ½ jadi
• Produk teralis atau pagar sesuai pemesanan
• Kepuasan pelanggan
55
Proses :pembuatan pagar & teralis besi type ABC
Pemilik Proses : Bagian Produksi, QC, PPIC, Purchasing
Pelanggan Input Proses Inti Output
• PT kepingin • PT Mau • Pemesanan pribadi (jumlah kecil)
• Order permintaan produk dari Marketing
• Material / bahan mentah / produk ½ jadi
Proses: • Pemotongan besi,
pengelasan, penyetelan, pengecatan
Kriteria: • Approval produk • Customer spek • SNI • QC attribute.
• Produk teralis atau pagar sesuai pemesanan
• Kepuasan pelanggan.
Material, Alat Metode Monitoring SDM
Mesin potong, mesin las, dll
• IK atau prosedur produksi.
• Metode pengelasan
• Verifikasi kualitas produk. • Checklist pemeriksaan • Sasaran mutu, sample plan
SDM yang terampil ramah & kompeten di bidangnya
Matriks IPO Pemilik Proses [Process Card / Kartu Proses
56
INPUT PROSES OUTPUT
Material, Alat SDM, Pelatihan, Kompetensi
Metode, prosedur teknis
Monitoring, KPI, tolok ukur
Pengendalian Sekunder
• SDM yang terampil ramah & kompeten di bidangnya.
C, A
P,Do
P,Do P,Do
P,Do • Mesin potong, mesin las, dll
• Order permintaan produk dari Marketing
• Material / bahan mentah / produk ½ jadi
• IK atau prosedur produksi. • Metode pengelasan
• Pemeliharaan lingkungan ruang cat • Pemeliharaan rekaman.
• Verifikasi kualitas produk. • Checklist pemeriksaan • Sasaran mutu, sample plan
• Produk teralis atau pagar sesuai pemesanan
• Kepuasan pelanggan
57
– Informasi & bukti baik temuan positif maupun negatif harus dicatat. Media biasanya menggunakan lembar audit dalam checklist.
– Checklist membantu anda mengarahkan point penting dalam pertanyaan.
– Misal: KPI atau Sasaran Mutu
Apakah KPI sudah ditetapkan? Pastikan kontex sasaran sesuai dengan kebijakan mutu serta dalam koridor peta bisnis.
Bagaimana anda menset target pencapaian? Check kemungkinan set target dari otoritas lebih tinggi atau stakeholder.
Mekanisme pelaporan: siapa yang memantau, kapan dilaporkan, apa perumusan dari sumber data.
Bagaimana strategi anda mencapai sasaran tersebut? Dll…..
IA – Pelaksanaan Audit Audit Performing
58
Aktifitas akhir dari proses audit
[The final activity in performing the audit]
Mendiskusikan tindakan perbaikan yang harus dilakukan terhadap ketidaksesuaian – pastikan perbaikan tidak dilakukan secara „cepat / tidak efektif‟, karena akan berpengaruh terhadap area lainnya
[It is also acceptable at these closing meetings that discussions take place regarding action to be taken as a result of any non-conformances – the auditor must be careful not to encourage a “Quick Fix”- remembering the action taken in one area may impact on another area]
IA – Pelaksanaan Audit Audit Performing
59
• Agenda Rapat Penutupan [Closing meeting – agenda]
– area dimana terdapat kinerja yang sangat baik (Area‟s where exceptional performance was noted)
– tingkat kesesuaian (Levels of conformance observed)
– Ketidaksesuaian (Non Conformance)
– saran perbaikan / peningkatan (Suggestions for improvement)
– catatan lain yang perlu didiskusikan (Other issues of concern)
– tanggal selesainya perbaikan (Agreed dates for follow-up activities)
– jelaskan proses pelaporan tertulis (Explain reporting)
– THANK YOU
IA – Pelaksanaan Audit Audit Performing
60
INTERNAL AUDIT
(6.6 – 6.8) Tahapan kegiatan dasar [Basic activity steps] • Determining Non-conformance /Opportunity for Improvement
& Report Development
Audit
Reporting
61
• Evaluating conformance [Evaluasi Kesesuaian]:
– The auditor is evaluating audit evidence to verify conformance with the audit criteria
[auditor mengevaluasi bukti obyektif untuk mengetahui kesesuaiannya dibandingkan dengan kriteria audit]
– If (evidence = criteria) = Non Conformance
– If there is insufficient evidence then it is possible a non conformance exists but this must be systematically checked
[bila buktinya tidak memadai, masih memungkinkan bahwa NC tetap diterbitkan, tapi auditor harus melakukan pemeriksaan lebih lanjut]
• Documenting nonconformance [Dokumentasian Ketidaksesuaian]
– Once a non-conformance has been confirmed by the Auditor, then it must be formally reported to the organization‟ management
[bila auditor telah memastikan adanya ketidaksesuaian, maka ketidaksesuaian tersebut harus dilaporkan secara formal kepada manajemen perusahaan]
Audit
Reporting
62
• Detail to be reported [hal-hal yang perlu dilaporkan]
– The basic specified requirement against which the non-conformance is raised is identified or
referenced – Procedures / Documents number [Persyaratan tertentu yang mendasarkan penerbitan ketidaksesuaian, misal prosedur / dokumen]
– The exact evidence that clearly demonstrates that the requirement has not been fulfilled [bukti obyektif yang secara tepat menjelaskan bahwa terdapat persyaratan yang tidak dipenuhi]
– The location/area where the non-conformance was identified [Lokasi / area dimana ketidaksesuaian tersebut teridentifikasi]
– Other necessary “professional discipline” information, e.g. date of issue, name of auditor
[informasi tertentu yang telah ditetapkan, misal tanggal, nama auditor, dsb]
• When writing a nonconformity report it must be: [Saat menuliskan laporan ketidaksesuaian, laporan tersebut seharusnya:]
It Should not be:
Factual [Faktual/berdasar Fakta] Trivial [hal-hal kecil / sepele]
Value Adding [mempunyai nilai tambah] Of no benefit [tidak memberikan manfaat]
Audit
Reporting
63
• Absence of mandatory documentation [tidak adanya dokumentasi wajib]
• Specified standard requirement not implemented [persyaratan standard tertentu yang tidak diterapkan].
• Product not meeting legal requirements (i.e. Class associate registered, SNI, etc) [ketidaksesuaian produk terhadap persyaratan legal yang sesuai]
• High number of minor NC against one clause [adanya katergori NC terhadap klausul tertentu dalam jumlah yang banyak]
Major non-conformity
• A single lapse against the requirements of the standard or the company‟s documented quality system [satu kesalahan / kekeliruan terhadap persyaratan standard atau SMM perusahaan]
Minor non-conformity
• Simplification of existing methods [simplifikasi metode yang digunakan saat ini]
• Strengthening and improving existing methods with the potential for future failures [memperkuat dan meningkatkan metode yang ada dari kemungkinan adanya kesalahan dimasa mendatang]
• Evidence to be verified during next visit audit [akan dilakukan verifikasi di kunjungan audit berikutnya]
• NOT mandatory for action [tidak wajib ditindaklanjuti]
Opportunity for improvement & observation
64
• Statemen yang dilaporkan:
Bentuk ketidaksesuaian
Tidak efektif
Tidak konsisten
Kriteria yang dipergunakan
Persyaratan ISO 9001, OHSAS, ISO 14001, CSR
Prosedur, IK, atau peraturan /legal terkait
Sampel atau bukti obyek pelanggaran.
Obyek kejadian, detail sampel yang tidak sesuai
Audit
Reporting
Audit
Reporting
65
• Contoh Penulisan:
Proses pembelian
Proses seleksi & evaluasi supplier tidak dijalankan secara konsisten
ISO 9001 pasal 7.4, prosedur ABCD 7.4
Seleksi & evaluasi pengadaan komputer tidak dijalankan.
Proses identifikasi data pemohon KTP
Pendataan identitas pemohon tidak efektif.
ISO 9001 pasal 7.5.3, Prosedur ABCD 888, IK ABDC 999
Terdapat beberapa identitas pemohon yang tidak cocok antara lembar aplikasi dengan database. Tidakada konfirmasi pembenaran petugas di form tersebut, misal: tanggal lahir pemohon # 6789
66
TINDAKAN KURATIF DAN PENCEGAHAN
Instansi ABCD
Nomor laporan :
Tanggal :
Unit kerja :
Verifikator :
Jenis Ketidaksesuaian □ Audit Internal, Sasaran Mutu
Ketidaksesuaian hasil audit internal, untuk kategori Major & Minor.
Ketidaktercapaian sasaran mutu,.
□ Proses Pelayanan
Ketidaksesuaian Pelayanan, termasuk perencanaan, isi, proses, laporan, & hasil.
Keluhan pelanggan
□ Indikasi keluhan pelanggan
Munculnya keluhan atau ketidakpuasan pelangan
□ ..........................................................
Uraian masalah : diisi oleh auditor terhadap informasi ketidaksesuaian
Tindakan koreksi : (tindakan sementara untuk memperbaiki ketidaksesuaian)
Pelapor :
………………………..
Verifikator
………………………
Tanggal
………………………
Penyebab masalah : (5 M - Manusia, Mesin, Metode, Material, Money), kenapa terjadi
ketidaksesuaian
Pelapor :
………………………..
Verifikator
………………………
Tanggal
………………………..
tindakan kuratif : untuk menghilangkan akar penyebab masalah & menghindari terulangnya
ketidaksesuaian
Pelapor
……………………………
Verifikator
………………………………
Tanggal
…………………………..
Diisi auditor
Dilengkapi auditee
Audit
Reporting
Audit
Reporting
67
• Isi Laporan – Tanggal & area audit
– Kriteria & sasaran audit
– Ringkasan hasil audit, fokus terhadap informasi positif
– Area yang tidak teraudit, termasuk alasannya
– Detail hasil audit – OFI / OBS, NC
– Masukan terhadap program audit
– Distribusi laporan audit
• Laporan Kesimpulan Audit – Laporan tertulis, sebagai informasi untuk tinjauan manajemen
– Merefleksikan kesimpulan audit secara tepat
– Merefleksikan secara akurat laporan verbal yang disampaikan saat „rapat penutupan
68
• Tindak Lanjut & Penuntasan [Follow up & close out]
– Tindak Lanjut [Follow up] – tindakan untuk memperbaiki ketidaksesuaian, memastikan bahwa tindakan tersebut efektif dan tidak berulang
[Action taken to establish action required to rectify a non-conformance and to verify that the action implemented has been effective and will prevent recurrence]
– Tuntas [Close out] – bukti yang menunjukkan bahwa tindakan perbaikan telah efektif dan tidak memerlukan tindakan lain (Evidence shows that the action implemented as a result of follow up has been effective and no further action is required)
Audit
Reporting
69
• Tindak Lanjut & Penuntasan [Follow up & close out]
(New 2008)
– Follow up – Pihak Management yang bertanggungjawab atas area yang sedang diaudit harus memastikan bahwa Tindakan Koreksi dan Korektif yang dibutuhkan.. (The Management responsible for the area being audited shall ensure that necessary corrections and corrective actions are taken…)
– Pertimbangkan untuk mencatat Koreksi dan Tindakan Koreksi di Form yang tersedia (Consider to log in the Form either Correction and Corrective Actions)
Audit
Reporting
70
The management responsible for the area being
audited shall ensure that any necessary
corrections and corrective actions are taken
without undue delay to eliminate detected
nonconformities and their causes.
Audit
Reporting
Follow-up activities shall include the verification
of the actions taken and the reporting of
verification results (see 8.5.2).
top related