internal iso auditor training

7/27/2019 Internal ISO Auditor Training

1/46

Internal ISO

Auditor Training


2/46

Auditing Fundamentals(Definitions)

Auditing a systematic, independent, anddocumented process for obtainingobjective evidence and evaluating it to

determine the extent to which it effectivelymeets the audit criteria

Quality simply put, conformance torequirements

Nonconformity an instance of notmeeting requirements


3/46

Purpose of Auditing

To determine conformity To determine effectiveness To provide opportunity to improve To meet regulatory requirements For certification


4/46


5/46

Classification of Audits(Internal vs. External)

Internal audit performed within anorganization to measure the organizationsown performance

External audit audits held by anorganization on an outside source (suchas a vendor). Also when an outside party,such as NUPIC or ISO Registrar performsan audit of an organization


6/46

Classifications of Audits(Based on Party)

First Party audit performed by acompany on itself (internal audit)

Second Party audit performed by a

company on an outside source (externalaudit)

Third Party audit performed by anindependent organization for or on thecompany, such as an ISO Registrationaudit (external audit)


7/46

Process Audits

Focus on specific process elements Used to:

- Determine whether a process iseffectively implemented and maintained

- Determine if a process conforms to a standardsuch as ISO 9001:2008

- Identify continual improvement opportunities

- Verify that corrective actions have beenimplemented and are effective


8/46

Audit Independence andObjectivity

Independence auditors are independentwhen they render impartial and unbiased

judgment in the conduct of their

engagement Objectivity auditors should have no

direct responsibility for the area beingaudited; and should maintain an unbiasedand impartial mindset in regard to allengagements


9/46

Audit Preparation and Planning(Authority)

Who has authorized the audit? - Organizational Authority: QA Manager - Policy Authority: supplier audits required

by Quality Manual/Procedures- Contracts: may require audits- Regulatory: NUPIC to verify 10CFR50 Appendix B


10/46

Audit Planning and Preparation(Audit Scope)

Scope includes:- Type of audit

First, second, or third party- Depth of Audit

Activities, facilities, locations to beaudited


11/46

Audit Planning and Preparation(Selecting Auditors)

Auditors should be selected based on thefollowing:

Attributes: fair, unbiased, etc.

Independence: no responsibility for areasbeing auditedQualifications: see next slide

Availability


12/46

Audit Planning and Preparation(Auditor Qualifications)

Possess good verbal and written skills Possess interviewing skills and good

listening skills

Be trained and qualified- Receive this training (initial requirement),

including successfully passing test- Per QAP-18, Audits, perform 2 internal

audits under a qualified Lead Auditor (on-the-job requirements)


13/46

Audit Planning and Preparation(Audit Checklist)

Based on audits purpose and scope Needs space for auditee response Needs space for auditor observations

Advantages

Promotes planning for audit

Ensures consistent audit approach

Serves as a memory aid

Provides objective evidence that audit was performed

Provides information base for future audits


14/46


15/46

Audit Planning and Preparation(Process Audit Planning)


16/46

Audit Planning and Preparation(Completed Turtle Diagram Example)


17/46

Audit Planning and Preparation(Audit Strategy)

Random Selection of Samples- Flowcharts used to understand process- Auditor looks at information for items that

are:completedin progress

ready to start (if applicable)


18/46

Audit Planning and Preparation(Audit Schedule)

Documents all routine audits Shows audits planned by month Written to cover a year Allows some flexibility Approved by QA Manager


19/46


20/46

Audit Planning and Preparation(Audit Notification and Agenda)

Gives advanced notice to auditee Includes purpose, scope, dates and

auditors name

Provides times for opening and closingmeetings

Provides time frame for daily auditor

meetings/conferences (as required)


21/46

Sample Audit Plan


22/46

Audit Performance(Opening Meeting)

Lead Auditor provides:- introduction of team members- the audit purpose, scope, and objective- the anticipated duration of the audit- may discuss classifications of findings- tentative time and date of closing

meeting


23/46

Audit Performance(Methods)

Auditors should approach the audit usingthe 5W/1H method for interviews anddocumentation of objective evidence.

Who does it?What is the process?When is it done?Where is it done/documented?Why is it done like this?How is it done?


24/46


25/46

Audit Performance(Open vs. Closed Ended Questions)

Open-ended Closed-ended

What do you do first? Is this what you do?

How do you record thatresult?

Do you document thatresults?

Where do you record thatresult?

Is this where you recordthat result?

Please show me theshop instruction?

Is there a procedure for this?


26/46

Audit Performance(The art of listening)

Eliminate any distractions Listen for content Suspend all judgment Listen for themes in answers Seek clarification of answers


27/46

Audit Performance(Verifying Records/Documents)

Sampling selection:- Necessary due to time limits- Auditor should select samples- Examine samples in detail- No set amount of samples- Cover relevant time period

- Look at control of records/documents- Record all samples examined as

objective evidence


28/46


29/46

Audit Performance(Audit Findings)

May be used to identify any and/or all of the following:- Positive findings/strengths

- Opportunities for improvement or observations

- Nonconformities (major or minor)


30/46

Audit Performance(Nonconformities)

A well documented nonconformity willhave three parts:- a description of the problem

- explanation of the requirement- reference the objective evidence related

to the nonconformity


31/46

Audit Performance(Nonconformity Classification)

Major the absence or total breakdown of a process- A number of minor nonconformities against one

clause/section of a process can represent a totalbreakdown of a process and thus be consideredmajor

Minor failure to meet on requirement of a clause of the standard or a singleobserved lapse in following one item of aprocedure


32/46


33/46

Audit Performance(Documentation)


34/46


35/46

Audit Performance(Exit Meeting)

Meeting to present audit observations andfindings

Lead Auditor presents team findings, with

clarification as necessary from auditors Discuss need (if any) for follow-up audit Opportunity to thank auditee for support


36/46

Audit Reporting(Timely Reporting)

Checklists and associated notes should becompleted and turned into Lead Auditor assoon as possible after the audit

Report should be completed by Lead Auditor as soon as possible after audit

Any associated CPARs should bewritten/issued at the same time

Timely reports add value


37/46

Audit Reporting(Report Contents)

Audit scope, objectives, criteria Identification of auditors and auditees Audit findings, including nonconformities Any recommendations, opportunities for

improvement Assessment of process effectiveness Summary of audit process

Distribution listNOTE: Audit reports should be traceable from thereport and any CPARs generated


38/46

Audit Reporting(Items NOT included in report)

Confidential or proprietary information Subjective Opinions Minor deficiencies corrected during the

audit Specific names of employees associated

with findings

Anything not discussed during the exitmeeting


39/46

Audit Reporting(Report Retention)

Purpose- meet quality requirements- allow for review of audit work- follow up on corrective actions- future audit planning- reference for developing future audit

checklists


40/46

Audit Follow-up and Closure(General)

Follow-up:- a process by which internal auditors

determine the adequacy, effectiveness,and timeliness of action taken bymanagement/process owners onreported audit findings

- The largest cause of failure in internal

audits is the lack of effective correctiveaction taken on the nonconformitiesidentified


41/46

Audit Follow-up and Closure(Action)

Action should be taken by agreed upontime

Review documented evidence

Should be performed on-site Is only a review of corrective actions

NOT another audit


42/46

Audit Follow-up and Closure(Documented Evidence)

Evidence may be in the form of:- Records of action taken- Training certificates- Amended Procedures- New equipment


43/46

Audit Follow-up and Closure(Process)

1. Auditor:- identifies problem and issues CPAR

2. Auditee:- evaluates the corrective action- performs root cause analysis- develops an action plan

- implements the corrective action- standardizes the action


44/46


45/46

Audit Planning Practical


46/46