audit quick reference

7/31/2019 Audit Quick Reference

1/4

Audit Quick Reference

2005-2006 V1.R2Page 1 of 4

Audit Requirements(Reference: ISO 9001:2000, 8.2.2)1. Conduct audits at planned intervals 6. Select impartial and objective auditors

2. Assess for conformity and effectiveness 7. Document an audit procedure covering3. Plan the audit program to consider: responsibilities and requirements for:

- status and importance of audited areas - audit planning and execution- previous audit results - audit reporting and recordkeeping

4. Determine the audit criteria and scope 8. Ensure timely corrective action by auditee

5. Define the audit frequency and methods 9. Verify corrective actions and report results

Audit Activities(Reference: ISO 19011:2002, 6.2-6.8)(Audit Initiation) ISO 19011:2002, 6.21. Clarify the reason for the requested audit 4. Determine the feasibility of the audit2. Appoint the audit team leader 5. Select the audit team members

3. Define objectives, scope, and criteria 6. Establish initial contact with the auditee

(Document Review) ISO 19011:2002, 6.31. Review documents before onsite audit 5. Defer until onsite audit if not detrimental

2. Take into account audit objective and scope 6. Determine conformity with audit criteria3. Consider organization size and complexity 7. Report any documentation concerns

4. Include relevant documents and records 8. Decide to continue audit or postpone it(Audit Preparation) ISO 19011:2002, 6.41. Prepare audit plan as basis for agreement 4. Assign work to the audit team members2. Use plan to schedule and control the audit 5. Prepare process diagram and audit checklist

3. Keep flexible to permit changes during audit 6. Confirm audit arrangements and logistics

Process Diagram

(Audit Execution) ISO 19011:2002, 6.51. Hold opening meeting and explain objective 12. Follow trails to other areas based on scope2. Define the role of guides and observers 13. Check the facts (use other sources)

3. Interview people at their workplace 14. Record the evidence (checklist notes)4. Put the person at ease (lower anxiety) 15. Make tentative conclusions (no secrets)5. Explain your purpose (what you want) 16. Give opportunity to discuss other subjects

6. Ask about job and applicable documents 17. Avoid consulting on cause and solution7. Use open-ended questions (5 Ws and H) 18. Thank for time and cooperation

8. Verify responses (confirm understanding) 19. Review progress periodically with audit team9. Remember to ask for proof (show me) 20. Compare audit evidence to audit criteria

10. Observe activities and examine records 21. Generate findings and prepare conclusions11. Take random, yet representative samples 22. Conduct closing meeting and report results

Requirement Sources: Evidence Sources:1. Standard (e.g., ISO 9001:2000) 1. Interviews (personnel statements)

2. Company (policies and procedures) 2. Observations (demonstrated practices)3. Customer (contracts and orders) 3. Documents (plans, procedures, specs)4. Legal (statutes and regulations) 4. Records (tests, minutes, completed forms)

PROCESS OUTPUTSINPUTS

WHAT

METHODS MEASURES

WHOWhat (Resources)equipment; tools;software.

Inputswhat received;when; from who.

Methodsprocedures; forms;instructions; controls.

Who (Resources)people; skills;experience.

Outputswhat delivered;when; to who.

Measuresquality objectives;erformance results.


2/4


2005-2006 V1.R2Page 2 of 4

Audit Objectives:1. Verify conformity with requirements2. Judge effectiveness of quality system3. Identify opportunities for improvement

Three Dimensional Audit:

1. Front: Intent(plan for process)2. Side: Practice(implementation of intent)3. Top: Result(effectiveness of practice)

(Audit Reporting) ISO 19011:2002, 6.61. Prepare audit report per audit procedure 3. Ensure it is complete, correct, clear, concise2. Include in any nonconformity statements: 4. Approve audit report per audit procedure

- requirement (with source) 5. Issue audit report in agreed timeframe

- problem (with evidence) 6. Distribute to client-designated recipients

(Audit Completion) ISO 19011:2002, 6.71. Ensure all activities in plan are carried out 3. Keep or destroy documents per agreements

2. Ensure the audit report has been distributed 4. Remember audit not closed until F/U audit

(Follow-Up Audit) ISO 19011:2002, 6.81. Notify auditee if need for corrective action 4. Ask auditee to notify you of completed action2. Agree with the proposed corrective action 5. Verify action was effective to avoid problem

3. Ensure action is taken in agreed timeframe 6. Close out the nonconformity based on action

Audit Principles(Reference: ISO 19011:2002, 4)1. Carry out the audit in an ethical manner 4. Conduct an impartial and objective audit

2. Present truthful, fair, and accurate results 5. Base conclusions on verifiable evidence3. Perform audit with due professional care

Audit Questions1. What is the primary purpose of this process? 9. How is the process monitored and controlled?

2. Who is the manager (owner) of the process? 10. What are its outputs and who receives them?3. What are its inputs and who supplies them? 11. Do these outputs meet the requirements?4. How do you know if these inputs are good? 12. What do you do if the outputs are not right?

5. What are your responsibilities in the process? 13. What are the process quality objectives?6. How do you know what to do? 14. How is the process performance measured?

7. What training and skills are needed? 15. Please show me the records you maintain.8. Please show me how you do it. 16. How could this process be improved?

Audit Definitions(Reference: ISO 19011:2002, 3 and ISO 9000:2000)Audit:systematic, independent, and documented process for obtaining audit evidence and evaluating

it objectively to determine the extent to which the audit criteria are fulfilled.

Criteria:set of policies, procedures, or requirements against which audit evidence is compared.Evidence:verifiable records, statements of fact, or other information relevant to audit criteria.Findings:results of the evaluation of collected audit evidence against audit criteria.

Program:set of one or more audits planned for a specific timeframe and directed to specific purpose.Plan:description of the activities and arrangements for an audit.

Scope:extent and boundaries of an audit.Nonconformity:non-fulfillment of a requirement.

Corrective Action(Reference: ISO 9001:2000, 8.5.2)1. Determine if similar deficiencies exist 6. Implement planned corrective action

2. Implement immediate fix (correction) 7. Reflect changed process in documentation3. Identify root cause of nonconformity 8. Verify the action was an effective solution

4. Develop action to prevent recurrence 9. Record the results of the investigation5. Assign responsibilities and due dates 10. Inform audit function of completed action

2. Assesspractices

3. Examineresults

1. Checkintent


3/4


2005-2006 V1.R2Page 3 of 4

Audit Program(Reference: ISO 19011:2002, 5)1. Assign responsibility for the audit program 5. Communicate audit program to organization

2. Establish objectives for the audit program 6. Provide resources to carry out these audits- meet requirements for system certification 7. Conduct audits within specified timeframes

- verify conformity to contract requirements 8. Keep records as evidence of audit program- assess compliance to legal requirements 9. Monitor audit program against objectives- contribute to improvement of system 10. Evaluate and develop auditor performance

- evaluate the capability of suppliers 11. Initiate corrective and preventive actions3. Establish procedures to conduct the audits 12. Identify improvements for audit program

4. Prepare annual schedule of planned audits

Audit StatusConducted= Audit carried out according to plan Completed= Audit report and other records filed

Reported= Approved audit report distributed Closed= Corrective actions verified as effective

Audit StrategyVertical: Assess processes within department Horizontal: Assess process across departmentsClause: Assess a clause across departments Trace: Follow a transaction through the system

Audit Checklist(Reference: ISO 19011:2002, 6.4.3)Benefits1. Establishes the audit sampling plan 7. Prepares audit team to conduct the audit2. Provides balanced audit coverage 8. Allows lead auditor to evaluate planning

3. Helps acquire objective evidence 9. Controls the audit pace (time manager)4. Encapsulates the audit methodology 10. Keeps focus on audit objective and scope5. Guides auditor on timing and content 11. Serves as memory aid (confidence builder)

6. Serves as repository for audit notes 12. Become the record of investigated areas

FormatReference: Specific source of requirement - clause or section numberRequirement: Applicable requirements to look at standard, company, customer, and legal

Evidence: Expected evidence to look for statements, observations, documents, and records

Checklist ExampleReference (Source of Requirement): Look for Expected Evidence:ISO 9001:2000, 4.2.3.a 1. Statements Understanding of process

2. Observation Demonstration of process

Look at Requirement:3. Documents Covered in required procedure

Approve documents for adequacy before issue 4. Records Document approvals

Plus information from turtle diagram Inputs, Outputs, Resources, Methods, Measures

Audit Notes(Reference: ISO 19011:2002, 6.5.4)1. Explain why you are taking the notes 4. Use statements as requirement or evidence2. Note what was heard, seen, and read 5. Spot different answers for audit follow-up

3. Jot down specific facts and references 6. Determine activities for further investigation

Horizontal

Vertical

D=Departments

D D D DD


4/4


2005-2006 V1.R2Page 4 of 4

Opening Meeting(Reference: ISO 19011:2002, 6.5.1)Purpose1. Confirm audit plan and arrangements 4. Create sense of trust and cooperation2. Describe audit process and methods 5. Give insight on management support

3. Explain roles of guides and observers 6. Provide time for auditee questions

Topics1. Introductions (auditors, auditee, and guides) 8. Communications (auditee kept informed)

2. Attendance (sign-in sheet, if used) 9. Reporting (plan and classification scheme)3. Objective (reason for audit) 10. Confidentiality (non-disclosure of information)

4. Scope (coverage of audited areas) 11. Logistics (work space and needed resources)5. Criteria (applicable requirements) 12. Meetings (briefings and closing meeting)

6. Agenda (auditor assignments and times) 13. Safety and Security (site requirements)7. Methods (audit process and sampling) 14. Questions (audit clarifications)

Interview Techniques(Reference: ISO 19011:2002, 6.5.4)1. Talk to people performing work within scope 5. Avoid leading questions and biased results2. Conduct interviews in normal working hours 6. Share interview results with audited person3. Explain reasons for the audit and note-taking 7. Thank for participation and cooperation

4. Start by asking persons to describe their work 8. (See other techniques under Audit Execution)

Audit Sampling(Reference: ISO 19011:2002, 6.5.4)1. Ensure random, yet representative sample 5. Select own sample of people; documentation2. Select small, balanced view of process 6. Use sufficient sample to reach judgment

3. Base size on volume, time, and past issues 7. Remember evidence is based on samples4. Consider risk and complexity of the process 8. Explain uncertainty introduced by sampling

Closing Meeting(Reference: ISO 19011:2002, 6.5.7)Purpose1. Present balanced summary and conclusions 4. Resolve any misunderstandings or errors2. Report any nonconformities or concerns 5. Ensure clear understanding of audit results

3. Identify possible areas for improvement 6. Seek agreement on report and findings

Topics1. Introductions (for any new attendees) 8. Summary (findings by area and clause)

2. Attendance (sign-in sheet, if used) 9. Nonconformities (requirements and evidence)3. Thanks (for time and cooperation) 10. Acknowledgments (signed forms and report)

4. Scope (reminder if audit coverage) 11. Agreements (on corrective action schedule)5. Disclaimer (limited sample in brief time) 12. Report (expected date, if not provided)

6. Criteria (applicable requirements) 13. Follow-up (next steps, e.g., surveillance visit)7. Positives (strengths and conforming areas) 14. Thanks (courtesy and hospitality)

Auditor Traits(Reference: ISO 19011:2002, 7.2 and QE19011S:2004)1. Ethical (truthful, fair, and honest) 6. Versatile (adjusts to situations)2. Open Minded (considers other viewpoints) 7. Tenacious (persistent and focused)3. Diplomatic (tactful with people) 8. Decisive (reaches timely conclusions)

4. Observant (actively aware of surroundings) 9. Self-reliant (acts independently)5. Perceptive (understands situations) 10. Willing (interested in being an auditor)

Audit Benefits1. Verifies conformity to requirements 5. Increases quality awareness of organization2. Initiates needed corrective actions 6. Reduces risk of product or service failures3. Evaluates effectiveness of system 7. Provides information for management review

4. Identifies opportunities for improvement 8. Satisfies requirement of Standard for audits

This Audit Quick Reference may not be reproduced, stored electronically, or transmitted in any formwithout the prior written permission of the author, .