managing effective quality...

1

Planning and

Preparing

Effective

Quality Audits

2

Learning Objectives

• Understand the principles of management

system auditing

• Describe how to conduct an effective internal

quality audit to ISO 9001:2015

3

Principles of Management

System Auditing

1

4

What is an Audit?

• A quality audit is a systematic, independent and

documented process of examining any activity

of an organization based on objective evidence

to determine:

a. The extent to which quality activities and related

results comply with the planned arrangements

b. The extent to which these arrangements have been

implemented effectively, and

c. Whether these arrangements are suitable to achieve

the quality objectives.

Principles of Management System Auditing

5

What Are Audits Used For?

• Looking at the overall process

• Auditing conformity

• Auditing effectiveness

• Approving Suppliers / Subcontractors

• Assessing for Certification

• Investigating problems

• Way of improving


6

Likely Effects on QMS of a Weak IQA

System

• Inadequate review of the Quality Management

System versus the requirements

• Conclusions not reliable basis for Top

Management to evaluate the effectiveness of

QMS implementation

• Diminished people’s full support to the Quality

Management System


7

Important Terms and Definitions

• Audit - A systematic, independent and

documented process for obtaining audit

evidence and evaluating it objectively to

determine the extent to which audit criteria are

fulfilled


8


• Audit Criteria – Set of policies, procedures or

requirements used as a reference against which

audit evidence is compared

• Audit Evidence – Records, statements of fact

or other information, which are relevant to the

audit criteria and verifiable


9


• Audit findings – Results of the evaluation of the

collected audit evidence against audit criteria

• Audit conclusion – Outcome of an audit

provided by an audit team after consideration of

the audit objectives and all audit findings

• Auditor – Person with competence to conduct

an audit


10


• Audit Scope – extent and boundaries of an

audit; generally includes a description of the

physical locations, organizational units, activities

and processes, as well as the time period

covered

• Audit Program – set of one or more audits,

planned for a specific timeframe and directed

towards a specific purpose


11


• Audit Plan – description of the activities and

arrangements for an audit

• Auditee – organization being audited

• Audit client – organization or person requesting

an audit

• Competence – demonstrated personal

attributes and demonstrated ability to apply

knowledge and skills


12

Types of Quality Audits

• First party audit

Internal audit (by your

organization’s Quality

department)

• Second party audit

Your customer auditing your

organization

• Third party audit

A certification body auditing

your organization


13

7 Basic Steps for an Audit

1. Scheduling the audit

2. Planning the audit

3. Opening meeting

4. Conducting the audit

5. Reporting audit findings

6. Closing meeting

7. Post audit activities


14

Executing the Internal Audit

Maintain control of the audit

Control audit time

Speak and ascertain from right people

Be professional

Be objective – look at the facts

Observe everything

Avoid hear-say

Be nosey, but polite


15

Developing an Audit Checklist

• Familiarize with the Quality Manual, processes

and the associated documentation to be audited

• Make a list of possible questions

• List items to look for and observe

Important process stage

Records originated / maintained

Personnel involved

• Leave space to record observations

• Use only one sheet per process or project


16

Audit Interviews

• Establish rapport with

auditee

• Encourage free speaking

• Ask open-ended

questions

• Closed questions

For logical conclusions

Leading questions

• Avoid repetitive questions

• Observe body language

of the interviewee and

adapt question if needed

• Maintain eye contact

• Minimize note-taking

during interview

• Restate your

understanding of their

response


17

Recording Observations

• Persons interviewed

• Location or area

observed

• Documents examined

• Records verified

• ISO clauses involved

• Process stage involved

• Compliances/Non-

compliances

• Reference of non-

compliance

• Notes on non-

conformances should be:

Simple

Crisp

Neatly worded

• Record aspect to be

followed up in next

assessment


18

Non-conformances

• Issue Corrective Action Requests (CAR)

Ensure it is simple, crisp and neatly worded

Identify ownership

Identify the paragraph of the standard that has been

violated

State requirements of resolutions

Non-compliance should not be subjected to

INTERPRETATION


19

CAR Response

• Must have specific details of implementation

What specific action(s) will be taken

Who will be responsible

When will it be completed

• Use SMART criteria

Specific

Measurable

Achievable

Realistic

Timely


20

Report to Management

• Reports should be thorough and specific

• Must be reviewed by management to be

effective


21

Summary Report

• Audit team

• Dates of actual audits

• Department / Area / Activity

• Audit non-conformance reports

• Total number of non-conformances

System/process not defined

System/process not implemented

• Summary


22

Five Principles of Auditing

1. Ethical conduct

2. Fair presentation

3. Due professional care

4. Independence

5. Evidence-based approach


23


1. Ethical Conduct : the foundation of

professionalism

Trust

Integrity

Confidentiality

Discretion

----These are essential to auditing---


24


2. Fair presentation : the obligation to report

truthfully and accurately

Audit reports, audit conclusions must reflect accurately

the audit activities

Significant obstacles encountered during the audit and

unresolved diverging opinions between the audit team

and the auditee should be reported


25


3. Due professional care : the application of

diligence and judgment in auditing

Auditors exercise care in accordance with the

importance of the task they perform and the

confidence placed in them by the audit client and other

interested parties

Having the necessary competence/skill is an important

factor


26


4. Independence : the basis for impartiality of the

audit and objectivity of the audit conclusions

Auditors are independent of the activity being audited

and are free from bias and conflict of interest

Auditors maintain an objective state of mind

throughout the audit process to ensure that the audit

findings and conclusions will be based only on

objective evidence


27


5. Evidence-based approach : the rational

method for reaching reliable and reproducible

audit conclusions in a systematic audit process

The audit evidence is verifiable

The audit evidence is based on available information

during the audit

Appropriate use of sample related to the confidence

that can be placed to the audit conclusions


28

Effective Internal Auditing

to ISO 9001:2015

2

29

Contents

1. Managing the audit program

2. Planning the audit

3. Conducting the audit

4. Reporting the audit findings

5. Post-audit activities

30

1. Managing the Internal Audit Program

31

1. Authority for the Audit Program

• Granted by management

• Management Representative

Establish, implement, monitor, review and improve the

audit program

Identify the necessary resources and ensure they are

provided

Appointed by Top Management and is a member of

the organization’s management

Managing the Internal Audit

32

Tips on Gaining Management Support

to the Audit Program

• Communicate the cost of audit observations

• Explain the regulatory effects of nonconforming

processes

• Educate by stating or restating management’s

role in the audit program

• Distribute audit reports to management

• Have a member of management participate in

an audit


33

2. Establishing the Audit Program

• Define audit program objectives – to direct planning and

conduct of audits

• Define the extent of audit program – influenced by the

size, nature and complexity of the organization

• Define audit program responsibilities – assigned to one

or more auditors who has general understanding of audit

principles and has management skills as well as

technical and business understanding relevant to

activities to be audited

• Determine and provide audit program resources

• Establish audit procedure(s)


34

3. Implementing the Audit Program

• Schedule the audits

• Evaluating auditors

• Selecting audit teams

• Directing audit activities

• Maintaining records


35

4. Monitoring and Reviewing the

Audit Program

• Monitoring and reviewing the program

• Identifying needs for corrective / preventive

action

• Identifying opportunities for improvement


36

5. Improving the Audit Program

• Continual improvement of the internal audit

program to improve effectiveness and efficiency

based on outcomes and recommendations of

the audit review


37

2. Planning the Internal Audit

38

Planning and Preparation

1. Audit Planning

2. Communicating the Audit Plan

3. Selection of Auditors

4. Preparing for Audit

5. Pre-audit Information

Planning the Internal Audit

39

Audit Planning

• Audit Plan

The audit plan is a formal document, which covers

every area, process and department for the audit

activity

• It specifies :

The area, process or department to be audited

The frequency of the audit, preferably the month in

which the area, process or department will be audited


40

Audit Planning

• Full audit of the entire Quality System

How many auditors will be needed

How will the responsibilities be divided

Appoint a Lead Auditor to keep the audit focused

• Partial

Which department or processes

Which clause(s) of the standard


41

Audit Planning

• Schedule

The audit schedule is a document that gives details of

the area, process and department to be audited during

the scheduled audit.

It also specifies dates of audit, names of auditor and

corresponding auditee area, process or department.


42

Audit Planning

• Timing

The best time to audit is when people are at their

busiest and tempted to take short cuts or make

mistakes

However convenience of the auditee is essential and

their readiness and concurrence should be determined

before proceeding on an audit


43

Audit Planning

• Audit Frequency

Based on criticality of area / process to be audited

Based on quality history of the area to be audited

Can be influenced by upcoming regulatory events (e.g., audits,

complaints/recall, follow-up, compliance etc.)

Do not agree to frequent requests for postponements or

cancellations

Emergency audits might be added to your schedule at short

notice. Do not over schedule yourself, otherwise emergencies will

destroy your carefully crafted schedule.

Facility / area upgrade / shutdowns will impact your schedule –

preview upcoming maintenance plans and work around them


44

Auditing Techniques

• Upstream

Starting with the final process and working backwards

to the beginning

• Downstream

Starting with the first process and following the flow

• Horizontal

Across similar processes

• Mixed

Combination of Up/Down stream and horizontal


45

Auditing Techniques

• Horizontal Auditing

Follows a process from goods receipt through to

finished product release and distribution

A good way to get a “feel” of the site and its problems

• Vertical auditing

Good to help identify the severity of a specific issue

Can be time consuming

You need to know when to stop

Focuses deeper and deeper into a specific area,

product or problem


46

Communicate the Audit Plan

• Ensure that the schedule is communicated to all

site personnel, especially those whose areas will

be audited

• Clearly list the areas / systems / products to be

audited and list specific dates for each of the

audits

• Realistically establish and agree each audit’s

duration

• Adhere to the schedule – don’t risk losing

credibility by postponing audits


47

Selection of Auditors

• Based on educational qualification, industrial

experience, in-house / outside trainings and

technical knowledge of the individual

• People within the organization who have been

trained to conduct audits

• Important precaution to be taken is to ensure

that people do not audit their own area

• Auditors must treat audit as a fact finding

exercise and so should do a professional job


48

Selection of Auditors

• Brief the auditor on the objectives of the audit

• Define the limits of the area to be audited

• Apprise auditor of any special requirements, e.g.

follow-up of corrective action, priority areas for

verification, etc.


49

Preparing for Audit

• Prepare and send detailed agenda, objective and scope

of the audit

• Know your standards

• Ensure that the auditee is well aware of the standards

you will be using during the audit

• Prepare a detailed checklist

Checklists are methodical way of ensuring that all necessary

areas are audited and right questions asked

However, auditors should adopt a flexible approach and use their

own judgment to deviate, if necessary


50

Preparing the Checklist of Questions

• Check which elements of the Standard apply to the area

to be audited

• Check key requirements in the document

• Check for any problems which normally are known to

occur in the process to be audited

• If necessary, ask other people for advice

• Refer to other previous audit checklists/reports

• Sequence questions in a logical way and also to permit

Plan-Do-Check-Act approach to auditing


51

Internal Auditor Responsibilities

• Obtain and assess evidence in a fair manner

• Preserve his independence and integrity

• Be flexible to changing situations during the audit

• Interact with auditees in a positive way

• Add value to auditee’s process or activities

• Perform the audit process fully and adhere to the audit

plan

• Arrive at acceptable conclusions based on audit findings

and objective evidence

• To stand his ground despite possible pressure of

contrary views


52

Auditor Planning for Each Audit

• Auditor reads and understands the QMS documentation

and business process

• Communication with the auditee to confirm audit

schedule

• Preparation of the audit agenda and checklists (should

reflect Plan-Do-Check-Act approach) **

• Auditor checks that his audit kit is complete (with audit

plan, previous audit reports, forms and note pads,

references, pens)


53

Pre-audit Information

• Activities performed by auditee

• Site master file

• Quality Manual

• Review the layouts

• Understand the process flow

• Previous nonconformity reports for verification of

effectiveness of corrective actions


54

3. Conducting the Internal Audit

55

The Audit Agenda

• Opening Meeting

• Audit Proper

• Closing Meeting

Conducting the Internal Audit

56

The Opening Meeting

• This is your first point of face-to-face contact with auditee

• Be punctual or you risk losing your credibility

• Each side introduces the attendees

Each auditor introduces him/her self

• Try to remember names for use during the audit – People like to

have their names remembered

• Re-confirm the agenda. Modify or change if agreed by both the

sides

• Site / departmental presentation. Make notes of important

information.


57

The Opening Meeting

What to say during the opening meeting?

• Review / discuss the following Opening Meeting agenda

for the audit program, to include:

Objective and scope of audit and audit criteria

The schedule of events; other arrangements

Definition of nonconformities, major and minor

How you will report the audit results

Confidentiality of audit data

Resolve any questions and items for clarification from the

auditees


58

The Opening Meeting

• Who should attend the opening meeting?

Audit Team and Management Team to be audited

• Who should preside the opening meeting?

Chaired and managed by the Lead Auditor or Team

Leader


59

The Site / Area Tour

• A very critical part of audit

• Respect dress codes of the areas to be visited

• Do not be afraid to ask to visit controlled areas

• Allow one auditor to speak at a time

• Talk to workers during site tour

• Ensure that you understand the answers

If not ask the same question again

Ask for clarification if required


60

The Site / Area Tour

• Keep all senses open

Sight, smell, hearing, touch and taste

• Stay close to agreed plan of the tour

Try not to get distracted and lose time

Be willing to stop and focus on an area of non-

compliance

• Keep a record of documents requested during

tour

Request your host to make a copy of the documents to

support your findings and observations


61

Audit Proper

• Interview the staff responsible for each task

• Obtain audit evidence by:

Asking questions: inquire about task details

Observing actual task: watch the task being done

Checking records: confirm if task done is consistent

with the documented procedure; cross check with

what records reveal

Follow the audit trail: sequence of process steps


62

Examples of open questions

• When are suppliers review performed?

• How is the inspection status identified on this

item?

• Where does the document come from?

63

Examples of closed questions

• Do you have a work instruction for this

operation?

• Does this instrument require calibration?

• Is this die supplied by the customer?

--- interrogation

64

Examples of clarifying questions

• Tell me more about this operation?

• Please give me some examples?

• What do you mean by inspection line mismatch?

--- auditor is not listening, stupid or time

consuming

65

Audit Proper

• Compare and evaluate practice against the documented

QMS (Conforming? At variance?)

• Use checklists to guide you in completing the audit

• Define nonconformity where lapses of the practice

against QMS documentation might be found

• Record objective evidence(s) of the NC

• Confirm with the auditee the presence of NC

• Point out observation(s) and area(s) for improvement


66

Audit Using PDCA Approach

The IQA auditor may cover the following key

points:

1. What are the key objectives for the function/

process?

Are objectives, quantitative targets and programs defined?

Do they define desired outcomes of function?

Do they address customer requirements?

Do they relate to the organization’s Quality Policy?

Do they relate to legal requirements, if any?


67


2. Are resources available and managed, as planned,

to achieve objectives?

Is there a process for defining and allocating

resources?

Are resource needs identified, adequate, accounted

for?

Does this include financial, specialized skills,

equipment, technology and the like?


68


3. Are key activities and methods for achieving

objectives identified, documented and controlled?

Are plans, procedures, formula, etc. documented?

Are process and operating criteria defined?

Are responsibilities and authorities defined?


69


4. What measures are available to demonstrate

achievement of objectives, and what evidence is

available to demonstrate continual improvement for

the function/process?

• Review and assess, among others:

Process capability, equipment reliability

Waste rates, variance vs. budget and other metrics

Legal compliance (findings should be backed up by data and

company records)

Performance monitoring and monitoring results; analyses

Actions taken for un-met objectives, product nonconformities,

significant process deviations.


70

What Key Things to Look For and

Where?• Task - work methods defined, efficiency

• People - training, skills, competence and motivation

• Equipment; Work Environment

Identification, capability, condition, safety, sanitation

• Documents / Records

Identification, issue, content, correctness and distribution

Retention, preservation, legibility, accessibility


71

How to Handle Difficult Auditees

• Take a communication class on verbal and non-

verbal skills

• Get training on dealing with difficult people

• Understand cultural differences

• Explain to the auditee the benefit or requirement

to the company

• Ask open-ended questions from checklist

• Stop an audit during difficult situations with

auditees


Communication means different ways.ppt

72

The Daily Wrap-up (for multiple-day audits)

• Require / Request a daily wrap-up meeting

Include the audit escorts and day’s participants at a minimum

Do not categorize the issues (as major or minor) – more of the

same issues tomorrow may make the observation more severe

Discuss observations found during the day. Give the site a

chance to correct them or to provide more evidence to support

their defense.

Daily meetings promote understanding and prevent surprises at

the final wrap-up

Clarify any follow-ups for tomorrow and tomorrow’s agenda

The daily wrap-up provides clarity and keeps the auditee

engaged in the process


73

4. Reporting the Audit Findings

74

The Audit Reporting Cycle

• Discuss and agree on findings

• Record findings

• Hold closing meeting

• Issue audit report

• Update records

• Agree to undertake follow-up audit, if needed

• Carry out and record results of Follow-up Audit

Reporting Internal Audit Findings

75

Types of Audit Findings

• Positive findings

Good practice; conformities

• Negative findings

Nonconformities

• Observations

Opportunities for

improvements


76

2 Types of Nonconformities

• Absence of, or failure to implement

and maintain, one or more of the

sub-clauses of ISO 9001

• Available objective evidence,

raises doubt as to the ability of the

organization to provide conforming

products

• A number of minor nonconformities

against one sub-clause of ISO

9001

Major Findings (Category 1)


77

2 Types of Nonconformities

• Failure to meet one

requirement of a sub-clause

(e.g. 7.5.3.1)

• Single observed lapse in

implementing one requirement

of company QMS procedures

• No preventive or corrective

actions were taken

Minor Findings (Category 2)


81

The Closing Meeting

• Who should attend the opening meeting?

Audit Team and Management Team to be audited

• Who should preside the opening meeting?

Chaired and managed by the Lead Auditor or Team

Leader


82

The Closing Meeting

• Thank the auditees for their help and time

• Commend auditees for accomplishments

• List the positive findings that you saw or found during the

audit

• Report any nonconformity – invite the individual auditor to

report their respective findings

• Present the Major (Category 1) findings followed by Minor

(Category 2). Add the Observations if there are not too many

findings in total.

• Present findings based on facts, and back the findings up with

information contained in the standards, if questioned


83

The Closing Meeting

• Respond to questions openly at end of the audit

• Be prepared to change your wordings or even observations

based upon facts presented by auditee(s)

• Report the overall conclusions and recommendations

• Invite comments from auditees

• Resolve any inquiries or concerns

• Obtain consensus from auditees on nonconformity reports

• Establish date of submission to auditor of corrective action

• Reiterate confidentiality


84

5. Post Audit Activities

85

Reporting Audits

• Why do we write an audit report?

As a record of site/departmental deficiencies

To provide the Site Management Team with an

independent report of deficiencies identified

To create the formal environment necessary for an

active, periodic follow up

Post Audit Activities

86

Reporting Audits

• How do we write an audit report?

Include positive points as well as deficiencies

(negative findings and observations) identified

Management must have a balanced overview of

conditions within the plant; therefore, provide them

information on areas of strength (best practices) and

areas requiring improvement


87

Reporting Audits

• When do you write an Audit Report?

As soon as you possibly can after conclusion of the

audit

Before you begin your next audit

Before you forget where you were and what you

observed


88

Tips on Publishing Timely Audit Report

• Create a standardized audit report form that can be used by

all auditors. These audit reports can be “fill in the blank” so

that any observations or nonconformities observed can be

entered efficiently.

• As with audit preparation, schedule plenty of time to complete

the audit report. If the report is submitted more than a week

after the audit, the information is usually forgotten by the

auditee and doesn’t benefit the organization.


89

Interacting with Auditors – Do’s for

Auditees• Be honest and open

• Recognize they may be experts

• Realize they may not be subject

matter experts

• Understand the purpose of the

meeting and review related records

prior to interviews

• Turn mobile phones to silent mode

90

Interacting with Auditors – Do’s for

Auditees• Listen carefully and understand each

question before answering. Be sure

responses are complete and accurate

• Respond only to the question asked –

keep answer simple and direct

• Weigh answers carefully, being

certain you have the facts to back

them up

• Limit comments to areas where you

have "first-hand" knowledge

91

Interacting with Auditors – Don’ts

for Auditees• Assume auditors are familiar with

your organization’s quality or

financial control system

• Challenge auditors

• Show more competence in the

standard being audited

• Argue internally

• Express unfairness

• Ask for solution

• Fix non-conformities on the spot

92

Interacting with Auditors – Don’ts

for Auditees• Speculate or answer hypothetical

questions

• Agree or disagree with opinions

• “Ramble" or provide irrelevant

information (such as office gossip)

• Get offended by WHY questions

• Sign anything on behalf of the

company

93

Responding to the Audit Report

• Ask to review the draft report

• Provide a management response, which should include:

Whether you agree or disagree with the finding

Corrective action plan

Target date for implementation

• Understand the audit follow-up process

• Consult with the Quality department or Controller’s office

prior to finalizing a response