managing effective quality...
TRANSCRIPT
1
Planning and
Preparing
Effective
Quality Audits
2
Learning Objectives
• Understand the principles of management
system auditing
• Describe how to conduct an effective internal
quality audit to ISO 9001:2015
3
Principles of Management
System Auditing
1
4
What is an Audit?
• A quality audit is a systematic, independent and
documented process of examining any activity
of an organization based on objective evidence
to determine:
a. The extent to which quality activities and related
results comply with the planned arrangements
b. The extent to which these arrangements have been
implemented effectively, and
c. Whether these arrangements are suitable to achieve
the quality objectives.
Principles of Management System Auditing
5
What Are Audits Used For?
• Looking at the overall process
• Auditing conformity
• Auditing effectiveness
• Approving Suppliers / Subcontractors
• Assessing for Certification
• Investigating problems
• Way of improving
Principles of Management System Auditing
6
Likely Effects on QMS of a Weak IQA
System
• Inadequate review of the Quality Management
System versus the requirements
• Conclusions not reliable basis for Top
Management to evaluate the effectiveness of
QMS implementation
• Diminished people’s full support to the Quality
Management System
Principles of Management System Auditing
7
Important Terms and Definitions
• Audit - A systematic, independent and
documented process for obtaining audit
evidence and evaluating it objectively to
determine the extent to which audit criteria are
fulfilled
Principles of Management System Auditing
8
Important Terms and Definitions
• Audit Criteria – Set of policies, procedures or
requirements used as a reference against which
audit evidence is compared
• Audit Evidence – Records, statements of fact
or other information, which are relevant to the
audit criteria and verifiable
Principles of Management System Auditing
9
Important Terms and Definitions
• Audit findings – Results of the evaluation of the
collected audit evidence against audit criteria
• Audit conclusion – Outcome of an audit
provided by an audit team after consideration of
the audit objectives and all audit findings
• Auditor – Person with competence to conduct
an audit
Principles of Management System Auditing
10
Important Terms and Definitions
• Audit Scope – extent and boundaries of an
audit; generally includes a description of the
physical locations, organizational units, activities
and processes, as well as the time period
covered
• Audit Program – set of one or more audits,
planned for a specific timeframe and directed
towards a specific purpose
Principles of Management System Auditing
11
Important Terms and Definitions
• Audit Plan – description of the activities and
arrangements for an audit
• Auditee – organization being audited
• Audit client – organization or person requesting
an audit
• Competence – demonstrated personal
attributes and demonstrated ability to apply
knowledge and skills
Principles of Management System Auditing
12
Types of Quality Audits
• First party audit
Internal audit (by your
organization’s Quality
department)
• Second party audit
Your customer auditing your
organization
• Third party audit
A certification body auditing
your organization
Principles of Management System Auditing
13
7 Basic Steps for an Audit
1. Scheduling the audit
2. Planning the audit
3. Opening meeting
4. Conducting the audit
5. Reporting audit findings
6. Closing meeting
7. Post audit activities
Principles of Management System Auditing
14
Executing the Internal Audit
Maintain control of the audit
Control audit time
Speak and ascertain from right people
Be professional
Be objective – look at the facts
Observe everything
Avoid hear-say
Be nosey, but polite
Principles of Management System Auditing
15
Developing an Audit Checklist
• Familiarize with the Quality Manual, processes
and the associated documentation to be audited
• Make a list of possible questions
• List items to look for and observe
Important process stage
Records originated / maintained
Personnel involved
• Leave space to record observations
• Use only one sheet per process or project
Principles of Management System Auditing
16
Audit Interviews
• Establish rapport with
auditee
• Encourage free speaking
• Ask open-ended
questions
• Closed questions
For logical conclusions
Leading questions
• Avoid repetitive questions
• Observe body language
of the interviewee and
adapt question if needed
• Maintain eye contact
• Minimize note-taking
during interview
• Restate your
understanding of their
response
Principles of Management System Auditing
17
Recording Observations
• Persons interviewed
• Location or area
observed
• Documents examined
• Records verified
• ISO clauses involved
• Process stage involved
• Compliances/Non-
compliances
• Reference of non-
compliance
• Notes on non-
conformances should be:
Simple
Crisp
Neatly worded
• Record aspect to be
followed up in next
assessment
Principles of Management System Auditing
18
Non-conformances
• Issue Corrective Action Requests (CAR)
Ensure it is simple, crisp and neatly worded
Identify ownership
Identify the paragraph of the standard that has been
violated
State requirements of resolutions
Non-compliance should not be subjected to
INTERPRETATION
Principles of Management System Auditing
19
CAR Response
• Must have specific details of implementation
What specific action(s) will be taken
Who will be responsible
When will it be completed
• Use SMART criteria
Specific
Measurable
Achievable
Realistic
Timely
Principles of Management System Auditing
20
Report to Management
• Reports should be thorough and specific
• Must be reviewed by management to be
effective
Principles of Management System Auditing
21
Summary Report
• Audit team
• Dates of actual audits
• Department / Area / Activity
• Audit non-conformance reports
• Total number of non-conformances
System/process not defined
System/process not implemented
• Summary
Principles of Management System Auditing
22
Five Principles of Auditing
1. Ethical conduct
2. Fair presentation
3. Due professional care
4. Independence
5. Evidence-based approach
Principles of Management System Auditing
23
Five Principles of Auditing
1. Ethical Conduct : the foundation of
professionalism
Trust
Integrity
Confidentiality
Discretion
----These are essential to auditing---
Principles of Management System Auditing
24
Five Principles of Auditing
2. Fair presentation : the obligation to report
truthfully and accurately
Audit reports, audit conclusions must reflect accurately
the audit activities
Significant obstacles encountered during the audit and
unresolved diverging opinions between the audit team
and the auditee should be reported
Principles of Management System Auditing
25
Five Principles of Auditing
3. Due professional care : the application of
diligence and judgment in auditing
Auditors exercise care in accordance with the
importance of the task they perform and the
confidence placed in them by the audit client and other
interested parties
Having the necessary competence/skill is an important
factor
Principles of Management System Auditing
26
Five Principles of Auditing
4. Independence : the basis for impartiality of the
audit and objectivity of the audit conclusions
Auditors are independent of the activity being audited
and are free from bias and conflict of interest
Auditors maintain an objective state of mind
throughout the audit process to ensure that the audit
findings and conclusions will be based only on
objective evidence
Principles of Management System Auditing
27
Five Principles of Auditing
5. Evidence-based approach : the rational
method for reaching reliable and reproducible
audit conclusions in a systematic audit process
The audit evidence is verifiable
The audit evidence is based on available information
during the audit
Appropriate use of sample related to the confidence
that can be placed to the audit conclusions
Principles of Management System Auditing
28
Effective Internal Auditing
to ISO 9001:2015
2
29
Contents
1. Managing the audit program
2. Planning the audit
3. Conducting the audit
4. Reporting the audit findings
5. Post-audit activities
30
1. Managing the Internal Audit Program
31
1. Authority for the Audit Program
• Granted by management
• Management Representative
Establish, implement, monitor, review and improve the
audit program
Identify the necessary resources and ensure they are
provided
Appointed by Top Management and is a member of
the organization’s management
Managing the Internal Audit
32
Tips on Gaining Management Support
to the Audit Program
• Communicate the cost of audit observations
• Explain the regulatory effects of nonconforming
processes
• Educate by stating or restating management’s
role in the audit program
• Distribute audit reports to management
• Have a member of management participate in
an audit
Managing the Internal Audit
33
2. Establishing the Audit Program
• Define audit program objectives – to direct planning and
conduct of audits
• Define the extent of audit program – influenced by the
size, nature and complexity of the organization
• Define audit program responsibilities – assigned to one
or more auditors who has general understanding of audit
principles and has management skills as well as
technical and business understanding relevant to
activities to be audited
• Determine and provide audit program resources
• Establish audit procedure(s)
Managing the Internal Audit
34
3. Implementing the Audit Program
• Schedule the audits
• Evaluating auditors
• Selecting audit teams
• Directing audit activities
• Maintaining records
Managing the Internal Audit
35
4. Monitoring and Reviewing the
Audit Program
• Monitoring and reviewing the program
• Identifying needs for corrective / preventive
action
• Identifying opportunities for improvement
Managing the Internal Audit
36
5. Improving the Audit Program
• Continual improvement of the internal audit
program to improve effectiveness and efficiency
based on outcomes and recommendations of
the audit review
Managing the Internal Audit
37
2. Planning the Internal Audit
38
Planning and Preparation
1. Audit Planning
2. Communicating the Audit Plan
3. Selection of Auditors
4. Preparing for Audit
5. Pre-audit Information
Planning the Internal Audit
39
Audit Planning
• Audit Plan
The audit plan is a formal document, which covers
every area, process and department for the audit
activity
• It specifies :
The area, process or department to be audited
The frequency of the audit, preferably the month in
which the area, process or department will be audited
Planning the Internal Audit
40
Audit Planning
• Full audit of the entire Quality System
How many auditors will be needed
How will the responsibilities be divided
Appoint a Lead Auditor to keep the audit focused
• Partial
Which department or processes
Which clause(s) of the standard
Planning the Internal Audit
41
Audit Planning
• Schedule
The audit schedule is a document that gives details of
the area, process and department to be audited during
the scheduled audit.
It also specifies dates of audit, names of auditor and
corresponding auditee area, process or department.
Planning the Internal Audit
42
Audit Planning
• Timing
The best time to audit is when people are at their
busiest and tempted to take short cuts or make
mistakes
However convenience of the auditee is essential and
their readiness and concurrence should be determined
before proceeding on an audit
Planning the Internal Audit
43
Audit Planning
• Audit Frequency
Based on criticality of area / process to be audited
Based on quality history of the area to be audited
Can be influenced by upcoming regulatory events (e.g., audits,
complaints/recall, follow-up, compliance etc.)
Do not agree to frequent requests for postponements or
cancellations
Emergency audits might be added to your schedule at short
notice. Do not over schedule yourself, otherwise emergencies will
destroy your carefully crafted schedule.
Facility / area upgrade / shutdowns will impact your schedule –
preview upcoming maintenance plans and work around them
Planning the Internal Audit
44
Auditing Techniques
• Upstream
Starting with the final process and working backwards
to the beginning
• Downstream
Starting with the first process and following the flow
• Horizontal
Across similar processes
• Mixed
Combination of Up/Down stream and horizontal
Planning the Internal Audit
45
Auditing Techniques
• Horizontal Auditing
Follows a process from goods receipt through to
finished product release and distribution
A good way to get a “feel” of the site and its problems
• Vertical auditing
Good to help identify the severity of a specific issue
Can be time consuming
You need to know when to stop
Focuses deeper and deeper into a specific area,
product or problem
Planning the Internal Audit
46
Communicate the Audit Plan
• Ensure that the schedule is communicated to all
site personnel, especially those whose areas will
be audited
• Clearly list the areas / systems / products to be
audited and list specific dates for each of the
audits
• Realistically establish and agree each audit’s
duration
• Adhere to the schedule – don’t risk losing
credibility by postponing audits
Planning the Internal Audit
47
Selection of Auditors
• Based on educational qualification, industrial
experience, in-house / outside trainings and
technical knowledge of the individual
• People within the organization who have been
trained to conduct audits
• Important precaution to be taken is to ensure
that people do not audit their own area
• Auditors must treat audit as a fact finding
exercise and so should do a professional job
Planning the Internal Audit
48
Selection of Auditors
• Brief the auditor on the objectives of the audit
• Define the limits of the area to be audited
• Apprise auditor of any special requirements, e.g.
follow-up of corrective action, priority areas for
verification, etc.
Planning the Internal Audit
49
Preparing for Audit
• Prepare and send detailed agenda, objective and scope
of the audit
• Know your standards
• Ensure that the auditee is well aware of the standards
you will be using during the audit
• Prepare a detailed checklist
Checklists are methodical way of ensuring that all necessary
areas are audited and right questions asked
However, auditors should adopt a flexible approach and use their
own judgment to deviate, if necessary
Planning the Internal Audit
50
Preparing the Checklist of Questions
• Check which elements of the Standard apply to the area
to be audited
• Check key requirements in the document
• Check for any problems which normally are known to
occur in the process to be audited
• If necessary, ask other people for advice
• Refer to other previous audit checklists/reports
• Sequence questions in a logical way and also to permit
Plan-Do-Check-Act approach to auditing
Planning the Internal Audit
51
Internal Auditor Responsibilities
• Obtain and assess evidence in a fair manner
• Preserve his independence and integrity
• Be flexible to changing situations during the audit
• Interact with auditees in a positive way
• Add value to auditee’s process or activities
• Perform the audit process fully and adhere to the audit
plan
• Arrive at acceptable conclusions based on audit findings
and objective evidence
• To stand his ground despite possible pressure of
contrary views
Planning the Internal Audit
52
Auditor Planning for Each Audit
• Auditor reads and understands the QMS documentation
and business process
• Communication with the auditee to confirm audit
schedule
• Preparation of the audit agenda and checklists (should
reflect Plan-Do-Check-Act approach) **
• Auditor checks that his audit kit is complete (with audit
plan, previous audit reports, forms and note pads,
references, pens)
Planning the Internal Audit
53
Pre-audit Information
• Activities performed by auditee
• Site master file
• Quality Manual
• Review the layouts
• Understand the process flow
• Previous nonconformity reports for verification of
effectiveness of corrective actions
Planning the Internal Audit
54
3. Conducting the Internal Audit
55
The Audit Agenda
• Opening Meeting
• Audit Proper
• Closing Meeting
Conducting the Internal Audit
56
The Opening Meeting
• This is your first point of face-to-face contact with auditee
• Be punctual or you risk losing your credibility
• Each side introduces the attendees
Each auditor introduces him/her self
• Try to remember names for use during the audit – People like to
have their names remembered
• Re-confirm the agenda. Modify or change if agreed by both the
sides
• Site / departmental presentation. Make notes of important
information.
Conducting the Internal Audit
57
The Opening Meeting
What to say during the opening meeting?
• Review / discuss the following Opening Meeting agenda
for the audit program, to include:
Objective and scope of audit and audit criteria
The schedule of events; other arrangements
Definition of nonconformities, major and minor
How you will report the audit results
Confidentiality of audit data
Resolve any questions and items for clarification from the
auditees
Conducting the Internal Audit
58
The Opening Meeting
• Who should attend the opening meeting?
Audit Team and Management Team to be audited
• Who should preside the opening meeting?
Chaired and managed by the Lead Auditor or Team
Leader
Conducting the Internal Audit
59
The Site / Area Tour
• A very critical part of audit
• Respect dress codes of the areas to be visited
• Do not be afraid to ask to visit controlled areas
• Allow one auditor to speak at a time
• Talk to workers during site tour
• Ensure that you understand the answers
If not ask the same question again
Ask for clarification if required
Conducting the Internal Audit
60
The Site / Area Tour
• Keep all senses open
Sight, smell, hearing, touch and taste
• Stay close to agreed plan of the tour
Try not to get distracted and lose time
Be willing to stop and focus on an area of non-
compliance
• Keep a record of documents requested during
tour
Request your host to make a copy of the documents to
support your findings and observations
Conducting the Internal Audit
61
Audit Proper
• Interview the staff responsible for each task
• Obtain audit evidence by:
Asking questions: inquire about task details
Observing actual task: watch the task being done
Checking records: confirm if task done is consistent
with the documented procedure; cross check with
what records reveal
Follow the audit trail: sequence of process steps
Conducting the Internal Audit
62
Examples of open questions
• When are suppliers review performed?
• How is the inspection status identified on this
item?
• Where does the document come from?
63
Examples of closed questions
• Do you have a work instruction for this
operation?
• Does this instrument require calibration?
• Is this die supplied by the customer?
--- interrogation
64
Examples of clarifying questions
• Tell me more about this operation?
• Please give me some examples?
• What do you mean by inspection line mismatch?
--- auditor is not listening, stupid or time
consuming
65
Audit Proper
• Compare and evaluate practice against the documented
QMS (Conforming? At variance?)
• Use checklists to guide you in completing the audit
• Define nonconformity where lapses of the practice
against QMS documentation might be found
• Record objective evidence(s) of the NC
• Confirm with the auditee the presence of NC
• Point out observation(s) and area(s) for improvement
Conducting the Internal Audit
66
Audit Using PDCA Approach
The IQA auditor may cover the following key
points:
1. What are the key objectives for the function/
process?
Are objectives, quantitative targets and programs defined?
Do they define desired outcomes of function?
Do they address customer requirements?
Do they relate to the organization’s Quality Policy?
Do they relate to legal requirements, if any?
Conducting the Internal Audit
67
Audit Using PDCA Approach
2. Are resources available and managed, as planned,
to achieve objectives?
Is there a process for defining and allocating
resources?
Are resource needs identified, adequate, accounted
for?
Does this include financial, specialized skills,
equipment, technology and the like?
Conducting the Internal Audit
68
Audit Using PDCA Approach
3. Are key activities and methods for achieving
objectives identified, documented and controlled?
Are plans, procedures, formula, etc. documented?
Are process and operating criteria defined?
Are responsibilities and authorities defined?
Conducting the Internal Audit
69
Audit Using PDCA Approach
4. What measures are available to demonstrate
achievement of objectives, and what evidence is
available to demonstrate continual improvement for
the function/process?
• Review and assess, among others:
Process capability, equipment reliability
Waste rates, variance vs. budget and other metrics
Legal compliance (findings should be backed up by data and
company records)
Performance monitoring and monitoring results; analyses
Actions taken for un-met objectives, product nonconformities,
significant process deviations.
Conducting the Internal Audit
70
What Key Things to Look For and
Where?• Task - work methods defined, efficiency
• People - training, skills, competence and motivation
• Equipment; Work Environment
Identification, capability, condition, safety, sanitation
• Documents / Records
Identification, issue, content, correctness and distribution
Retention, preservation, legibility, accessibility
Conducting the Internal Audit
71
How to Handle Difficult Auditees
• Take a communication class on verbal and non-
verbal skills
• Get training on dealing with difficult people
• Understand cultural differences
• Explain to the auditee the benefit or requirement
to the company
• Ask open-ended questions from checklist
• Stop an audit during difficult situations with
auditees
Conducting the Internal Audit
72
The Daily Wrap-up (for multiple-day audits)
• Require / Request a daily wrap-up meeting
Include the audit escorts and day’s participants at a minimum
Do not categorize the issues (as major or minor) – more of the
same issues tomorrow may make the observation more severe
Discuss observations found during the day. Give the site a
chance to correct them or to provide more evidence to support
their defense.
Daily meetings promote understanding and prevent surprises at
the final wrap-up
Clarify any follow-ups for tomorrow and tomorrow’s agenda
The daily wrap-up provides clarity and keeps the auditee
engaged in the process
Conducting the Internal Audit
73
4. Reporting the Audit Findings
74
The Audit Reporting Cycle
• Discuss and agree on findings
• Record findings
• Hold closing meeting
• Issue audit report
• Update records
• Agree to undertake follow-up audit, if needed
• Carry out and record results of Follow-up Audit
Reporting Internal Audit Findings
75
Types of Audit Findings
• Positive findings
Good practice; conformities
• Negative findings
Nonconformities
• Observations
Opportunities for
improvements
Reporting Internal Audit Findings
76
2 Types of Nonconformities
• Absence of, or failure to implement
and maintain, one or more of the
sub-clauses of ISO 9001
• Available objective evidence,
raises doubt as to the ability of the
organization to provide conforming
products
• A number of minor nonconformities
against one sub-clause of ISO
9001
Major Findings (Category 1)
Reporting Internal Audit Findings
77
2 Types of Nonconformities
• Failure to meet one
requirement of a sub-clause
(e.g. 7.5.3.1)
• Single observed lapse in
implementing one requirement
of company QMS procedures
• No preventive or corrective
actions were taken
Minor Findings (Category 2)
Reporting Internal Audit Findings
78
79
80
81
The Closing Meeting
• Who should attend the opening meeting?
Audit Team and Management Team to be audited
• Who should preside the opening meeting?
Chaired and managed by the Lead Auditor or Team
Leader
Reporting Internal Audit Findings
82
The Closing Meeting
• Thank the auditees for their help and time
• Commend auditees for accomplishments
• List the positive findings that you saw or found during the
audit
• Report any nonconformity – invite the individual auditor to
report their respective findings
• Present the Major (Category 1) findings followed by Minor
(Category 2). Add the Observations if there are not too many
findings in total.
• Present findings based on facts, and back the findings up with
information contained in the standards, if questioned
Reporting Internal Audit Findings
83
The Closing Meeting
• Respond to questions openly at end of the audit
• Be prepared to change your wordings or even observations
based upon facts presented by auditee(s)
• Report the overall conclusions and recommendations
• Invite comments from auditees
• Resolve any inquiries or concerns
• Obtain consensus from auditees on nonconformity reports
• Establish date of submission to auditor of corrective action
• Reiterate confidentiality
Reporting Internal Audit Findings
84
5. Post Audit Activities
85
Reporting Audits
• Why do we write an audit report?
As a record of site/departmental deficiencies
To provide the Site Management Team with an
independent report of deficiencies identified
To create the formal environment necessary for an
active, periodic follow up
Post Audit Activities
86
Reporting Audits
• How do we write an audit report?
Include positive points as well as deficiencies
(negative findings and observations) identified
Management must have a balanced overview of
conditions within the plant; therefore, provide them
information on areas of strength (best practices) and
areas requiring improvement
Post Audit Activities
87
Reporting Audits
• When do you write an Audit Report?
As soon as you possibly can after conclusion of the
audit
Before you begin your next audit
Before you forget where you were and what you
observed
Post Audit Activities
88
Tips on Publishing Timely Audit Report
• Create a standardized audit report form that can be used by
all auditors. These audit reports can be “fill in the blank” so
that any observations or nonconformities observed can be
entered efficiently.
• As with audit preparation, schedule plenty of time to complete
the audit report. If the report is submitted more than a week
after the audit, the information is usually forgotten by the
auditee and doesn’t benefit the organization.
Post Audit Activities
89
Interacting with Auditors – Do’s for
Auditees• Be honest and open
• Recognize they may be experts
• Realize they may not be subject
matter experts
• Understand the purpose of the
meeting and review related records
prior to interviews
• Turn mobile phones to silent mode
90
Interacting with Auditors – Do’s for
Auditees• Listen carefully and understand each
question before answering. Be sure
responses are complete and accurate
• Respond only to the question asked –
keep answer simple and direct
• Weigh answers carefully, being
certain you have the facts to back
them up
• Limit comments to areas where you
have "first-hand" knowledge
91
Interacting with Auditors – Don’ts
for Auditees• Assume auditors are familiar with
your organization’s quality or
financial control system
• Challenge auditors
• Show more competence in the
standard being audited
• Argue internally
• Express unfairness
• Ask for solution
• Fix non-conformities on the spot
92
Interacting with Auditors – Don’ts
for Auditees• Speculate or answer hypothetical
questions
• Agree or disagree with opinions
• “Ramble" or provide irrelevant
information (such as office gossip)
• Get offended by WHY questions
• Sign anything on behalf of the
company
93
Responding to the Audit Report
• Ask to review the draft report
• Provide a management response, which should include:
Whether you agree or disagree with the finding
Corrective action plan
Target date for implementation
• Understand the audit follow-up process
• Consult with the Quality department or Controller’s office
prior to finalizing a response
94