asqinternal audit training guidance

QAD 2006 © 2005 Whittington & Associates, LLC Slide 1

Requirements and Guidance for

Internal AuditsLearning from Industry Sources

Whittington & Associates, LLC636 Gunby Road, Marietta, GA 30067

www.WhittingtonAssociates.com

800-404-7585 or 770-955-7585


Audit References

REQUIREMENTS (No additional audit requirements in TL 9000:2001 or ISO 13485:2003)

ISO 9001:2000 Quality Management Systems (QMS) - Requirements

AS9100B:2004 Quality Systems - Aerospace - Requirements

ISO/TS 16949: 2002 QMS - Automotive Suppliers - Requirements for the Application of ISO 9001:2000

ISO 14001: 2004 Environmental Management Systems (EMS) - Requirements with Guidance for Use

GUIDANCE (No additional audit guidance in AS9106:2003)

ISO 9004:2000 Quality Management Systems - Guidelines for Performance Improvement

ISO/TS 16949:2002 Implementation Guide

ISO 14004: 2004 EMS - General Guidelines on Principles, Systems, and Supporting Techniques

ISO 90003:2004 Guidelines for the Application of ISO 9001:2000 to Computer Software

ISO 19011: 2002 Guidelines for Quality and/or Environmental Management Systems Auditing

QE19011S: 2004 Guidelines for QMS and/or EMS Auditing: US Version with Supplemental Guidance

WWW.ISO.ORG ISO 9001:2000 Interpretations Service

WWW.ISO.ORG ISO 9001:2000 Auditing Kit

Speaker Handout Audit Worksheet (Turtle Diagram) from Whittington & Associates

Speaker Handout Audit Quick Reference from Whittington & Associates, LLC


Audit Definition

Systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled.

ISO 9000:2000 - Clause 3.9.1Fundamentals and Vocabulary


Requirements - ISO 9001:2000

Clause 8.2.2 Documented procedure for internal audits Verification of conformity and effectiveness Planned on status; importance; prior audits Auditors selected for impartiality; objectivity Results reported and records maintained Corrective action taken without undue delay Follow-up audit to verify corrective action


Audit Guidance - ISO 9004:2000

Clause 8.2.1.3: Establish effective and efficient internal audits Assess strengths and weaknesses of the QMS Use as management tool for independent view Obtain objective evidence that requirements met Judge effectiveness and efficiency of

organization



Clause 8.2.1.3: Ensure improvement actions are taken on results Establish flexible audit plans for internal audits Permit changes in emphasis based on evidence Develop plans with input from areas to be audited Consider planning input from interested parties


Audit Subjects - ISO 9004:2000

Clause 8.2.1.3: Effective and efficient process implementation Opportunities for continual improvement Capability of processes Effective and efficient use of statistical

techniques Use of information technology Analysis of quality cost data Effective and efficient use of resources Process and product performance results


Audit Subjects - ISO 9004:2000

Clause 8.2.1.3: Performance measurements:

– Adequacy – Accuracy

Improvement activities Relationships with interested parties

Internal Audit Reporting: Share evidence of excellent performance Provide opportunities for recognition Motivate people


Requirements - AS9100B:2004

Develop detailed audit tools and techniques, e.g., Checksheets, Process flowcharts, or Similar methods

to support audits of the QMS requirements.

Measure acceptability of audit tools against: Effectiveness of internal audit process Performance of overall organization

Assess contract and/or regulatory requirements.


Requirements - ISO/TS 16949

8.2.2.1 Quality Management System Audit Audit the QMS to verify compliance with ISO/TS 16949 and

any additional quality management system requirements.

8.2.2.2 Manufacturing Process Audit Audit the effectiveness of each manufacturing process.

8.2.2.3 Product Audit Audit products at appropriate stages of production and

delivery to verify conformance to all specified requirements, such as product dimensions, functionality, packaging, and labeling at a defined frequency.


Requirements - ISO/TS 16949

8.2.2.4 Internal Audit Plans Cover all quality management related processes,

activities, and shifts Schedule according to an annual plan. Increase audit frequency when internal or external

nonconformities or customer complaints occur

(Note: Specific checklists should be used for each audit)

8.2.2.5 Internal Auditor Qualification Use internal auditors who are qualified to audit the

requirements of ISO/TS 16949


Guidance - ISO/TS 16949:2002

(ISO/TS 16949 Implementation Guide)

Quality Management System Audit• Use the process approach to monitor natural work flow

Manufacturing Process Audit• Focus on a process within quality management system

Product Audit• Focus on the product characteristics• Verify product requirements are met

Use Turtle Diagram to analyze an audited process.

(See Handout: “Audit Worksheet”)


Turtle Diagram - ISO/TS 16949

PROCESS

REQUIREMENTS

REQUIREMENTS

ResourcesWho?

ResourcesWhat?

MethodsHow Done?

MeasuresWhat Results?

OUTPUTDeliver what?

INPUTReceive What?



Clause 4.5.5 is similar to ISO 9001:2000, except:

ISO 9001:2000Organization must conduct internal audits.

ISO 14001:2004Organization must ensure they are conducted.

ISO 9001:2000Determine if QMS has been effectively implemented.

ISO 14001:2004Determine if EMS has been properly implemented.



Missing direct coverage of these ISO 9001:2000 requirements:

ISO 9001:2000 - Management responsible for area being audited must ensure actions are taken without undue delay to eliminate detected nonconformities and their causes.

ISO 14001:2004 - Not included.

ISO 9001:2000 - Follow-up activities must include verification of actions taken and the reporting of verification results.

ISO 14001:2004 - Not included.

Addressed indirectly by ISO 14001:2004, clause 4.5.3, on Nonconformity, Corrective Action, and Preventive Action.



Guidance on Use from Annex A.5.5 Perform internal audits by personnel from within

the organization or by external persons selected by the organization, working on its behalf

Ensure persons conducting audit are competent and in position to do so impartially and objectively

Demonstrate auditor independence in smaller organizations by the auditor being free from responsibility for the activity being audited



Perform internal audits to identify opportunities for improvement in environmental system

Establish an audit program to direct the planning and conduct of audits and identify the audits needed to meet the program's objectives

Base program on the nature of operations, in terms of its environmental aspects and potential impacts, the results of past audits, and other relevant factors



Each internal audit need not cover entire system, so long as audit program ensures all organizational units and functions, system elements, and full scope of the EMS are audited periodically

Plan and conduct audits by objective and impartial auditors, aided by technical experts, as appropriate, selected from within organization or from external sources



Collective competence of auditors should be sufficient to meet objectives and scope of the particular audit and provide confidence as to the degree of reliability that can be placed on results

Results of an internal EMS audit can be provided in the form of a report and used to:

– Correct or prevent specific nonconformities

– Fulfill one or more objectives of the audit program

– Provide input to the management review



When software organizations separate their work into projects, internal audit planning should:

Define a selection of projects Cover all stages and all processes Assess compliance of project quality plan to QMS Assess project compliance to project quality plan



Audit various projects at different stages of product development life cycle, or

Audit a single project as it progresses through various stages.

If intended project changes its timescale, review internal audit schedule to:

1. Change timing of the audit, or

2. Consider a different project.



Guidelines for QMS and EMS Auditing

• Understanding principles of auditing

• Identifying needed auditor competence

• Selecting audit teams

• Conducting internal and external audits

• Managing audit programs

• Evaluating auditor performance


Audit Activities - ISO 19011:2002

1. Initiation Define audit objectives.

2. Review Examine the documents.

3. Preparation Plan for onsite activities.

4. Execution Audit the quality system.

5. Reporting Report the audit results.

6. Completion Complete the audit plan.

7. Follow-Up Conduct follow-up audit.

(See Handout: “Audit Quick Reference”)


Audit Guidance - QE19011S:2004

ISO 19011 provides guidance and examples US decided additional guidance was neededPublished ANSI/ISO/ASQ QE19011S:2004 QE19011S includes ISO 19011 guidanceQE19011S adds guidance and examples for:

– First-party (internal) audits – Second-party (external) audits– Small organizations


Audit Guidance - QE19011S:2004

6.5.7 Conducting a Closing Meeting(Verbatim ISO 19011:2002 Text)

S6.5.7.1 First Party AuditsMay need only auditor and managers of audited areas.

S6.5.7.2 Second Party AuditsShould include supplier’s management team and personnel that will address the audit findings.

S6.5.7.3 Use by Small OrganizationsAuditor may be most qualified to provide recommendations for correcting nonconformities.


ISO 9001:2000 Interpretations

Go to: http://www.tc176.org/interpre.asp

Request: (RFI-036 for Clause 8.2.2) Clause 8.2.2: “An audit program shall be planned, taking into consideration the status and importance of the processes and areas to be audited, ...”.

Is it a requirement of this clause that the criteria to determine the status and the importance of the processes and areas to be audited have to be documented?

Background: There is divergence with the auditor regarding a requirement for documentation of “status and importance criteria” despite the fact that evidence was provided that the planning of the audit program has taken the status and importance of the processes and areas to be audited into consideration.

Interpretation: No.


ISO 9001:2000 Auditing Kit

http://www.iso.org/tc176/ISO9001AuditingPracticesGroup The need for a 2-stage approach to auditing Measuring QMS effectiveness and improvements Identification of processes Understanding the process approach Determination of the “where appropriate” processes Auditing the “where appropriate” requirements Demonstrating conformity to the standard Linking audit of a task, activity or process to overall system Auditing continual improvement Auditing a QMS which has minimum documentation



How to audit top management processes The role and value of the audit checklist Scope of ISO 9001, QMS, and certification How to add value during the audit process Auditing competence and effectiveness of actions taken Auditing statutory and regulatory requirements Auditing the quality policy and quality objectives Auditing 7.6 Control of monitoring and measuring devices Making effective use of ISO 19011 Auditing customer feedback processes



Documenting a nonconformity Guidance for reviewing and closing nonconformities Auditing internal communications Auditing preventive action Auditing service organizations Third party auditor impartiality and conflict of interest Auditing the effectiveness of the internal audit Auditing electronic-based management systems Auditing the management of resources Auditing customer communications


Remaining Questions?

Audit Requirements? Audit Guidance?ISO 9001:2000 ISO 9004:2000

AS9100B:2004 ISO/TS 16949 Guide

ISO/TS 16949:2002 ISO 14004:2004

ISO 14001:2004 ISO 90003:2004

Handouts? ISO 19011:2002

Audit Worksheet QE19011S:2004

Audit Quick Reference www.iso.org

asqinternal audit training guidance

Documents