internal auditing slides
TRANSCRIPT
-
7/27/2019 Internal Auditing Slides
1/101
Muhammad Afzal Meo
[email protected] , [email protected]
ADVANCED INTERNALAUDITING WORKSHOP
mailto:[email protected]:[email protected] -
7/27/2019 Internal Auditing Slides
2/101
COURSE OBJECTIVE
Purpose of Audit
Define Audit Terms
Auditor IndependenceAudit Preparation
Conducting An audit
Reporting Follow up
-
7/27/2019 Internal Auditing Slides
3/101
Why Audit
Formal requirement of ISO 9001:2000
Standard
To encourage continuous improvement
To give managers feedback on their
systems
To help employees understand corporategoals and procedures
To monitor progress on targets and
objectives
-
7/27/2019 Internal Auditing Slides
4/101
What to Audit ?
Understanding of corporate policies and
objectives
Compliance to procedure and standards
Effective control on documentation & standards
Record preparation & filing
Competence and training of staff to perform job
effectively Commitment of managers and workers towards
continuous improvement
-
7/27/2019 Internal Auditing Slides
5/101
How Often ?
All departments at least once a year
More regular audits in areas where there are
problems, new personnel or regular customer visits
In response to customer complaints Include off-site locations like stores and marketing
offices
Right after an emergency or management change
Before certification audits and/or customer visits
-
7/27/2019 Internal Auditing Slides
6/101
Who Audits ?
Auditors should be selected from alldepartments in the organisation
Auditor selected for an audit should be
independent from the function being audited
Auditors should include personnel from both the
top and middle management
Auditors must be allocated time needed to study
documents, perform the audit and report onfindings
Presentation skills are also important
-
7/27/2019 Internal Auditing Slides
7/101
Auditor Competence
Quality
Quality Specific
knowledge and skills
(7.3.3)
Environmental /
Food Safety
Environmental /Food safety
Specific knowledge and skills(7.3.4)
Generic
knowledge and
skills (7.3.1
and 7.3.2)
-
7/27/2019 Internal Auditing Slides
8/101
Types of Audits
Systems Audits - ISO 9000
Financial Audits
Safety Audits
Customer Audits Regulatory Audits - Factory Law, Labour Law &
Environmental Law
In general there are three types of audits - First Party
Second Party
Third Party Audits
-
7/27/2019 Internal Auditing Slides
9/101
First Party - Internal
Audits conducted against corporate policies,procedures and standards
Schedule and frequency against auditprogrammes and/or special circumstances
Auditors chosen from a cross section of
departments
-
7/27/2019 Internal Auditing Slides
10/101
First Party - Internal
These audits typically look at enforcing
compliance to corporate policies
effective record keeping
employee awareness
improvement in all processes
-
7/27/2019 Internal Auditing Slides
11/101
2nd Party - Supplier Audits
Audits against standards imposed by businessesonto their suppliers
Supplier audits are very common in automotive,
textile & food industry prompt delivery of zero
defect product is vital
-
7/27/2019 Internal Auditing Slides
12/101
2nd Party - Supplier Audits
These audits typically look at enforcing -
fewer defects for products & services
better response on customer service
documentation on inspection & testing
better storage & handling of product
equipment maintenance & calibration
-
7/27/2019 Internal Auditing Slides
13/101
3rd Party Audit
Performed by independent authorities
These include certification bodies, inspection
agencies and surveyors
These audits are regulated by accreditationauthorities and other associations like
United Kingdom Accreditation Services
American Petroleum Institute
American Society of Mechanical Engineers
-
7/27/2019 Internal Auditing Slides
14/101
Phases of an
Internal Audit
-
7/27/2019 Internal Auditing Slides
15/101
AUDIT INITIATION
-
7/27/2019 Internal Auditing Slides
16/101
Phase I Initiation
Audit Plan Quarterly or six month or annual
plan
department wise frequency
circulated to all staff will change based on results of audit and
performance of departments
Audit basis ISO 9001, Company policy, etc..
Audit scope Extent and boundaries of audit
Audit Objectives Compliance against ISO 9001,
improvement of current system,
closing out previous NCs
-
7/27/2019 Internal Auditing Slides
17/101
What is an Audit Plan?
Description of the activities and
arrangements for an audit
ISO19011:2002
-
7/27/2019 Internal Auditing Slides
18/101
Phase I Audit plan
The audit plan can be issues annually or Quarterly,the plan should be based on : The status and importance of the activity
The results of the previous audits (internal & external)
Corrective Actions Changes to systems elements
Introduction to new methods and technology
Organizational and personnel changes
The risk to quality if audit frequency is reduced Availability of audit personnel
-
7/27/2019 Internal Auditing Slides
19/101
-
7/27/2019 Internal Auditing Slides
20/101
AUDIT PLANNING
-
7/27/2019 Internal Auditing Slides
21/101
Phase II Planning & Preparation
Inform auditor, auditee
Make arrangements - guide, safety
Examine documents Prepare checklists
-
7/27/2019 Internal Auditing Slides
22/101
What is a Checklist?
A structured list of points to evaluate
Identifies and communicates the scope of
an auditAn auditors tool to gather evidence and
provide an audit trail
Guides the course and controls the paceof an audit
-
7/27/2019 Internal Auditing Slides
23/101
Phase III Checklists
Keeps audit relevant to objective
Provides evidence of planning
MemoirAssists note taking
Reduces risk to bias
Manages timeAssists in the preparation of audit report
-
7/27/2019 Internal Auditing Slides
24/101
Types of Checklists
Standard
Ready formatted
Facilitates consistencyacross different area's)
Uniform questions
Can be inflexible
Not suited to all types ofaudit
Customised
Constructed as and when
needed
Usually specific to a
particular audit
Assists preparation by
client organisation Demonstrates
professional approach by
Audit team
-
7/27/2019 Internal Auditing Slides
25/101
-
7/27/2019 Internal Auditing Slides
26/101
EXECUTION
-
7/27/2019 Internal Auditing Slides
27/101
Phase III Audit Execution
Opening meeting
Introduce auditors
Confirm programme
Confirm arrangements
Interview personnel
Examine documents Observe processes
Examine materials and equipment
-
7/27/2019 Internal Auditing Slides
28/101
A Typical Opening Meeting Agenda
Introductions, if applicable
Confirmation of the objectives, scope and criteria of the audit
Confirmation of audit timetable
Outline the audit process and approach
Explain the reporting method
Confidentiality Statement
Confirmation of availability and roles of guides
Provide any clarifications which may be required
-
7/27/2019 Internal Auditing Slides
29/101
How to Manage the Opening Meeting
Be prepared
Control the meeting
Keep it short and stick to the point
Be professional
Keep a record of people who attend
-
7/27/2019 Internal Auditing Slides
30/101
Phase III Key Points
Ensure who you are auditing and theirorganizational responsibilities
Explain the importance of the audit
Ask for the auditees help in achieving theobjectives of the audit
Ask permission before disturbing work inprogress
Obtain auditees acknowledgement on any NCsyou are recording
Ask the auditee if they have any points about theaudit or their QMS that they wish to discuss
Thank the auditee for their co-operation
-
7/27/2019 Internal Auditing Slides
31/101
What is Evidence?
Qualitative or quantitative information, records,or
statements of fact pertaining to:
the quality of the product or service
to the existence and implementation of a
quality management system requirement
which is based on observation, measurementor test and which can be independently verified
-
7/27/2019 Internal Auditing Slides
32/101
-
7/27/2019 Internal Auditing Slides
33/101
-
7/27/2019 Internal Auditing Slides
34/101
-
7/27/2019 Internal Auditing Slides
35/101
-
7/27/2019 Internal Auditing Slides
36/101
-
7/27/2019 Internal Auditing Slides
37/101
-
7/27/2019 Internal Auditing Slides
38/101
-
7/27/2019 Internal Auditing Slides
39/101
Types of Questions
Open
Closed
Hypothetical
Obvious
Answered
-
7/27/2019 Internal Auditing Slides
40/101
General Points on Questioning
Techniques
Use appropriate types of question
Adopt a logical approach
Follow a natural sequence
Actively listen to what is being said
Use silence appropriately
Seek clarification, where necessary
Verify responses, where necessary
-
7/27/2019 Internal Auditing Slides
41/101
-
7/27/2019 Internal Auditing Slides
42/101
-
7/27/2019 Internal Auditing Slides
43/101
-
7/27/2019 Internal Auditing Slides
44/101
-
7/27/2019 Internal Auditing Slides
45/101
-
7/27/2019 Internal Auditing Slides
46/101
-
7/27/2019 Internal Auditing Slides
47/101
-
7/27/2019 Internal Auditing Slides
48/101
-
7/27/2019 Internal Auditing Slides
49/101
-
7/27/2019 Internal Auditing Slides
50/101
-
7/27/2019 Internal Auditing Slides
51/101
-
7/27/2019 Internal Auditing Slides
52/101
-
7/27/2019 Internal Auditing Slides
53/101
-
7/27/2019 Internal Auditing Slides
54/101
-
7/27/2019 Internal Auditing Slides
55/101
-
7/27/2019 Internal Auditing Slides
56/101
-
7/27/2019 Internal Auditing Slides
57/101
-
7/27/2019 Internal Auditing Slides
58/101
-
7/27/2019 Internal Auditing Slides
59/101
-
7/27/2019 Internal Auditing Slides
60/101
-
7/27/2019 Internal Auditing Slides
61/101
-
7/27/2019 Internal Auditing Slides
62/101
ISO 9001 action plan
Gain management commitment Choose an implementation team
Prepare a budget and schedule
Assign responsibilities to cross functional teams
Involve all employees Conduct preliminary reviews to identify gaps
Modify plan (if required)
Prepare procedures
Plan for change Train employees
Assess performance through audits
Address gaps
-
7/27/2019 Internal Auditing Slides
63/101
-
7/27/2019 Internal Auditing Slides
64/101
-
7/27/2019 Internal Auditing Slides
65/101
-
7/27/2019 Internal Auditing Slides
66/101
-
7/27/2019 Internal Auditing Slides
67/101
-
7/27/2019 Internal Auditing Slides
68/101
-
7/27/2019 Internal Auditing Slides
69/101
Structure of the ISO 9001:2000
-
7/27/2019 Internal Auditing Slides
70/101
Structure of the ISO 9001:2000
Standard
Scope
Application
Normative Reference
Terms and Definitions Requirements
Annex(s)
8 Quality Management Principles
ISO 9001:2000
Clause 1 2 Application
-
7/27/2019 Internal Auditing Slides
71/101
Clause 1.2_Application
All requirements of this International Standard aregeneric and are intended to be applicable to allorganisations, regardless of type, size andproduct provided
Where any requirement(s) of this InternationalStandard cannot be applied due to the nature ofan organisation and its product, this can beconsidered for exclusion
8 Quality Management Principles
ISO 9001:2000
-
7/27/2019 Internal Auditing Slides
72/101
Justification of Exclusions
-
7/27/2019 Internal Auditing Slides
73/101
Justification of Exclusions
Defined and justified in the organisation's Quality
Manual
Other publicly available documents, such as:
certification/registration documents
marketing materials
To avoid confusing or misleading customers
and end users
8 Quality Management Principles
ISO 9001:2000
Examples of most likely
-
7/27/2019 Internal Auditing Slides
74/101
p y
exclusions
7.3 (Design and development) -where theorganisation has no responsibility for the designand development of the products it provides
7.5.3 (Identification and traceability)-this clausewould only be partially applicable where there is nospecific traceability requirement for theorganisations products
7.5.4 (Customer property) -where the
organisation uses no customer property in itsproduct or product realisation processes.
8 Quality Management Principles
ISO 9001:2000
-
7/27/2019 Internal Auditing Slides
75/101
Quality Management System (QMS)
-
7/27/2019 Internal Auditing Slides
76/101
y g y ( )General Requirements
The organisation shall establish, document, implement,maintain and continually improve the QMS.
To implement the QMS, the organisation shall:a)identify the processes needed for the quality management systemb) determine the sequence and interaction of these process
c) determine criteria and methods required to ensure the effective operation
and control of these processes
d) ensure the availability of information necessary to support the operation
and monitoring of these processes
e) measure, monitor and analyse the processes, and implement action
necessary to achieve planned results and continual improvements.
8 Quality Management Principles
ISO 9001:2000
Quality Management System
-
7/27/2019 Internal Auditing Slides
77/101
Quality Management System
Documentation Requirements
The QMS documentation shall include:
a) documented quality policy and objectives
b) quality manual
c) documented procedures required by this International standard
d) documents required by the organisation to ensure the effective
operation and control of its processese) quality records
A Quality Manual shall be established and maintained,that includes the following:
- the scope of the quality management system and Exclusions (if any)
- documented procedures reference
- a description of the sequence and interaction of the processes included
in the QMS
Control of documents and records
8 Quality Management Principles
ISO 9001:2000
-
7/27/2019 Internal Auditing Slides
78/101
Customer Focus
-
7/27/2019 Internal Auditing Slides
79/101
Customer Focus
Top management shallensure that customerneeds and
expectations aredetermined, convertedinto requirements andfulfilled with the aim ofachieving customersatisfaction
ResourceManagement
Measurement,
Analysis and
Improvement
Product
Realisation
Management
Responsibility
Quality Policy
-
7/27/2019 Internal Auditing Slides
80/101
Quality Policy
Top management shall ensure
that the quality policy:
a)is appropriate to the purposeof the organisation
b)includes a commitment tomeeting requirements and to
continual improvementc) provides a framework forestablishing and reviewingobjectives
d) is communicated andunderstood at appropriate
levels in the organisatione) is reviewed for continuingsuitability
ResourceManagement
Measurement,
Analysis and
Improvement
Product
Realisation
Management
Responsibility
-
7/27/2019 Internal Auditing Slides
81/101
Obj ti d T t
-
7/27/2019 Internal Auditing Slides
82/101
Objectives and Targets
Objective
overall quality goal arising from the
quality policy
Target
detailed quantified performance
target
-
7/27/2019 Internal Auditing Slides
83/101
-
7/27/2019 Internal Auditing Slides
84/101
Management Review
-
7/27/2019 Internal Auditing Slides
85/101
Management Review
Top management shallreview the QMS, atplanned intervals, toensure its continuingsuitability, adequacy andeffectiveness. The reviewshall evaluate the need
for changes to theorganisations QMS,includingquality policyand businessobjectives
Review Input andOutput clearly defined
ResourceManagement
Measurement,
Analysis and
Improvement
Product
Realisation
Management
Responsibility
Provision of Resources
-
7/27/2019 Internal Auditing Slides
86/101
The organisation shalldetermine and provide, intimely manner, the resourcesneeded:
a) To implement, maintain andimprove the processes of theQMS
b) To enhance customersatisfaction
Measurement,Analysis and
Improvement
Product
Realisation
Management
Responsibility
ResourceManagement
Human Resources
-
7/27/2019 Internal Auditing Slides
87/101
Human Resources
Personnel who areassigned responsibilitiesdefined in the QMS shallbe competent on thebasis of applicableeducation, training, skillsand experience
Provide training or takeother actions
Determine thenecessary competence
Evaluate theeffectiveness of actions
taken Maintain records
Measurement,
Analysis andImprovement
Product
Realisation
Management
Responsibility
Measurement,
Analysis andImprovement
Product
Realisation
Management
Responsibility
Resource
Management
-
7/27/2019 Internal Auditing Slides
88/101
Work Environment
-
7/27/2019 Internal Auditing Slides
89/101
Work Environment
The organisation shallidentify and manage thehuman and physical factorsof the work environmentneeded to achieveconformity of product
Examples includeorganisation culture, healthand safety etc.
NCRs cannot be raised onhealth and safety and/orenvironmental issues
Measurement,Analysis and
Improvement
Product
Realisation
Management
Responsibility
Measurement,Analysis and
Improvement
Product
Realisation
Management
Responsibility
Resource
Management
Planning of Product Realisation
-
7/27/2019 Internal Auditing Slides
90/101
The organisation shall plan anddevelop the processes necessary
for product realisation In planning the processes for
realisation of a product theorganisation shall determine thefollowing, as appropriate:
a) business objectives for theproduct, project or contract
b) the need to establish processesand documentation, and provideresources and facilities specific tothe product
c) verification and validationactivities, and criteria foracceptability
d) the records that are necessary to
provide confidence of conformity ofthe processes and resulting product.
Measurement,Analysis and
Improvement
Management
Responsibility
ResourceManagement
Product
Realisation
-
7/27/2019 Internal Auditing Slides
91/101
-
7/27/2019 Internal Auditing Slides
92/101
Purchasing
-
7/27/2019 Internal Auditing Slides
93/101
Purchasing
Purchasing process The organisation shall
control its purchasingprocesses to ensurepurchased productconforms to requirements
Purchasing information
Purchasing documentsshall contain informationdescribing the product tobe purchased
Verification of purchasedproduct
Source inspection Customer verification
Measurement,
Analysis and
Improvement
Management
Responsibility
ResourceManagement
Product
Realisation
Production and Service Provision
-
7/27/2019 Internal Auditing Slides
94/101
The organisation shall control
production and serviceoperations including theprocesses forrelease,delivery and post deliveryactivities
Identification and traceability
Customer property including
intellectual property Preservation of product
including identification,handling,packaging,storage andprotection
Measurement,
Analysis and
Improvement
Management
Responsibility
ResourceManagement
Product
Realisation
Control of Monitoring and Measuring
Devices
-
7/27/2019 Internal Auditing Slides
95/101
Devices
The organisation shall
determine the monitoringand measurement to beundertaken and themonitoring and measuringdevices needed to provideevidence of conformityof product to determinedrequirements, (see 7.2.1)
Calibration
Identification
Safeguarded fromadjustment
Protection from damage Validity of previous results
Records maintained.
Computer software
Measurement,
Analysis and
Improvement
Management
Responsibility
ResourceManagement
Product
Realisation
-
7/27/2019 Internal Auditing Slides
96/101
Monitoring and Measurement
-
7/27/2019 Internal Auditing Slides
97/101
Measurement of
customer satisfaction
Internal Audit
timing of actions
including the
elimination of
detected NCRs andtheir causes
Monitoring and
measurement of QMS
processes
Monitoring andmeasurement of product
Management
Responsibility
Resource
Management
Product
Realisation
Measurement,Analysis and
Improvement
Control of Nonconforming Product
-
7/27/2019 Internal Auditing Slides
98/101
The organisation shall ensurethat product that does not
conform to productrequirements is identified and controlled
prevented from unintendeduse
Documented procedure
Identification and traceability
Disposition Records shall be maintained
When detected after delivery oruse has started theorganisation shall take actionappropriate to the effects, or
potential effects
Management
Responsibility
Resource
Management
Product
Realisation
Measurement,Analysis and
Improvement
Analysis of Data
-
7/27/2019 Internal Auditing Slides
99/101
The organisation shalldetermine, collect and
analyse appropriate data todemonstrate the suitabilityand effectiveness of theQMS and to evaluate wherecontinual improvement ofthe effectivess of the QMScan be made.
The analysis of data shallprovide information relating to
Customer satisfaction
Conformity to productrequirements
Characteristics and trends ofprocesses and products
Suppliers
Management
Responsibility
Resource
Management
Product
Realisation
Measurement,Analysis and
Improvement
Continual Improvement
-
7/27/2019 Internal Auditing Slides
100/101
The organisation shall
continually improvethe effectiveness of theQMS through the use ofthe
Quality policy
Business objectives Audit results
Analysis of data
Corrective andpreventive actions
Management review
Corrective Action
Preventive Action
Management
Responsibility
Resource
Management
Product
Realisation
Measurement,Analysis and
Improvement
Introduction and Scope of ISO19011:2002
-
7/27/2019 Internal Auditing Slides
101/101
19011:2002
Both the ISO 9000 and ISO 14000 series of standardsemphasise the importance of audits as a management toolfor monitoring and verifying the effectiveimplementation of an organisations policy for qualityand/or environmental management
This International Standard provides guidance on
conducting internal or external QMS and/or EMS audits,as well as on the management of audit programmes
It is discretionary whether or not QMS and/or EMS auditsare conducted separately or together
This International Standard can be applied to othermanagement system standards