RWANDA STANDARDS BOARD

NATIONAL CERTIFICATION DIVISION

TITLE: IDENTIFICATION No. AUTHOR:

PROCEDURE ON NCD/PRO/04 QUALITY MANAGEMENT SYSTEM
INTERNAL AUDITS OFFICER

AUTHORIZATION:

THIS PROCEDURE IS ISSUED UNDER THE AUTHORITY OF:

NAME: Antoinette Mbabazi, MSc.BAJENEZA Jean Pierre

TITLE/POSITION: Ag. NATIONAL CERTIFICATION DIVISION MANAGER

SIGNATURE:

APPROVAL DATE:

DOCUMENT CONTROL:

CONTROLLED WATER MARKED/STAMPED

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 2 of 16

TABLE OF CONTENTS

1. PURPOSE........................................................................................................................... 4

2. SCOPE................................................................................................................................ 4

3. RESPONSIBILITIES............................................................................................................4

3.1 Top Management............................................................................................................4

3.2 The QMSO....................................................................................................................... 4

3.3 Unit Directors.................................................................................................................4

3.4 The Audit Team Leader.................................................................................................5

3.5 Auditor............................................................................................................................ 5

3.6 Auditee............................................................................................................................ 5

4. PROCEDURE DETAILS......................................................................................................5

4.1 Managing the audit program.........................................................................................5

4.1.2 General........................................................................................................................ 5
4.1.3 Establishing the internal audit programme objectives...................................................6

4.2 Establishing the internal audit programme..................................................................6

4.2.1 Competence of the person managing the audit programme.........................................6
4.2.2 Establishing the extent of the internal audit programme...............................................7
4.2.3 Identifying and evaluating internal audit programme risks............................................7
4.2.4 Establishing the internal audit programme procedures.................................................7
4.2.5 Identifying internal audit programme resources............................................................7

4.3 Implementing the internal audit programme................................................................8

4.3.1 Defining the objectives, scope, criteria for an individual audit.......................................8
4.3.2 Selecting audit methods...............................................................................................8
4.3.3 Selection of audit team members.................................................................................8
4.3.4 Assigning the responsibility of an individual audit to the audit team leader..................8
4.3.5 Managing the audit programme outcome.....................................................................8
4.3.6 Managing and maintaining audit programme records...................................................9

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 3 of 16

4.4 Monitoring the audit programme..................................................................................9

4.5 Reviewing and improving the audit Programme.........................................................9

5 PERFORMING THE AUDIT.................................................................................................9

5.1 Initiating the audit..........................................................................................................9

5.1.1 Establishing the Initiating contact with the auditee.......................................................9
5.1.2 Determining the feasibility of the audit........................................................................10

5.2 Preparing audit activities.............................................................................................10

The audit team performs the audit as detailedguidedin by the work instructions for auditor
guide NCD/WISGID/024........................................................................................................10
5.2.1 Performing document review......................................................................................10
5.2.2 Preparing the audit plan.............................................................................................10
5.2.3 Audit plan scale and content......................................................................................11
5.2.4 Assigning work to the audit team................................................................................11
5.2.5 Preparing work documents.........................................................................................11
The audit team members:......................................................................................................11

5.3 Conducting audit activities.........................................................................................11

5.3.1 Opening meeting........................................................................................................11
5.3.2 Document review while conducting the audit..............................................................12
5.3.3 Communication during the audit.................................................................................12
5.3.4 Roles of guides and observers...................................................................................13
5.3.5 Collecting and verifying the information......................................................................13
5.3.6 Generating audit findings...........................................................................................13
5.3.7 Preparing audit conclusions.......................................................................................14
5.3.8 Conducting closing meeting.......................................................................................14

5.4 Preparation and distributing the audit report............................................................14

5.4.1 Preparing audit report.................................................................................................14
5.4.2 Distribution of report...................................................................................................15
5.4.3 Completing the audit..................................................................................................15

6. CONDUCTING AUDIT FOLLOW UP................................................................................15

7. COMPETENCE AND EVALUATION OF AUDITORS........................................................15

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 4 of 16

1. PURPOSE

To ensure that the NCD continually operates in accordance with the specified manuals, policies,
objectives, and procedures, and work instructions, the NCD conducts systematic internal audits
to monitor and determine compliance with the requirements of the ISO/IEC 17021-1:20151,
ISOTS 22003, applicable RvA Accreditation policy rules, regulations, conditions for
accreditation, applicable IAF mandatory documents and ISO/IEC 17065.

To ensure that improvements to the Management System are identified, implemented and
suitable to achieve set objectives and the goal.

This procedure establishes the method by which internal audits are conducted within the NCD

NCD performs internal audits twice per year on the Food Safety Schemes whereas internal
audits on other schemes are conducted at least once per year for each certification scheme.to
be gradually reduced to at least once a year as the system gets more stable.

2. SCOPE

This procedure applies to NCD activities that directly affect the quality of certification services.

Internal management system audits are performed on a predetermined schedule and as

otherwise directed by management in order to determine the level of management system
conformity with ISO/IEC 17021-1:2015, ISO/TS 22003, applicable AccreditationRvA policy
rules, regulations, conditions for accreditation, applicable IAF mandatory documents and 1 or
ISO/IEC 17065 as appropriate..

2.1 This procedure includes planning, execution, reporting and follow–up of internal audits.

3. RESPONSIBILITIES

3.1 Top ManagementNCD Manager

a) Ensures that the audit programme objectives are set.

b) Appoints in collaboration with Unit Directors and NCD QMSO one or more competent
persons to manage the audit programme.
c) Provision of audit programme resources for the conduct of audits.

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 5 of 16

3.2 The QMSO

a) The QMSO is responsible for ensuring that this procedure is implemented and that it
remains adequate for its intended purposes.
b) Establishes and manages the audit programme
c) Co-ordinates the audit schedule in collaboration with the Division Manager and Directors
of the Units as appropriate.
d) Appoints Proposes the audit team including the Lead Auditor
e) Reports the internal audit results to RSB NCDTop Management
f) Maintains the confidentiality of the audit results.
g) Identifies resources needed for the audit programme

3.3 Unit Directors

a) Is responsible for ensuring that the areas under their control cooperate with the internal
auditor and QMSO.
b) Ensures audit programme is implemented.
c) Ensures that corrective action is taken on findings within the agreed time limits and
follow-up actions are conducted as necessary.

3.4 The Audit Team Leader

a) Prepares an Audit Plan as a basis for planning the audit and for disseminating
information about the audit.

b) Leads the internal audit activities

c) Ensures the working documents are prepared and briefs the audit team.

d) Consolidates all audit findings and observations and prepares internal audit report.

e) Reports critical non-conformities to the auditee immediately.

f) Report to the auditee the audit results clearly and without delay.

g) Conducts the opening and closing meeting.

3.5 Auditor

a) Performs the audit using the consolidated audit checklist see (audit checklist format
NCD/FAT/02).
b) Reports the positives, non-conformities and areasrecommends suggestions offor
improvement.
c) Retains the confidentiality of audit findings.
d) Acts in an ethical manner at all times.

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 6 of 16

3.6 Auditee

a. Are responsible for suggesting proposals for corrective actions.

b. Are also responsible for implementation of suggested corrective actions.
c. Receives, considers and discusses the audit report.

4. PROCEDURE DETAILS

4.1 Managing the audit program

4.1.2 General

4.1.2.1 NCD Manager ensures that audit programme objectives are in line with the NCD policy.
The set audit programme objectives support and are consistent with the management system
policies and objectives.

4.1.2.2 NCD QMSO prepares internal audit programme indicating which audit will be performed
in a year’s schedule as detailed in SCUNCD/PME/01.

4.1.2.3 The program covers the full audit cycle and aims at evaluating the system against the
standard requirement and the function of the NCD management system in place.

4.1.2.4 This audit programme is authorised and signed by NCD Manager.

4.1.2.5 The approved programme is communicated to NCD staff and maintained on RSB server
for access.

4.1.2.6 More audits may be performed at certain areas or activities depending on the status of
nonconformity/complaints or whenever deemed to be critical to its integrity.

4.1.3 Establishing the internal audit programme objectives

4.1.3.1 The NCD Manager ensures that audit programme objectives are established to direct
the planning and conduct of audits.

4.1.3.2 The NCD Manager ensures effective communication of the audit programme objectives
to all NCD personnel.

4.1.3.3 The NCD Manager ensures effective implementation of the audit programme.

4.2 Establishing the internal audit programme

RSB Top management appointed the NCD QMSO to manages the audit programme among
other responsibilities. The QMSO:

a) establishes the audit programme, and the objectives, scope and criteria of the individual
audit,

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 7 of 16

b) determines the audit methods

c) Selects the audit team members

d) Ensures the Internal auditors are evaluated

e) Monitors and reviews the audit programme. Details of the roles and responsibilities for
the internal audit are detailed in the internal audit responsibilities matrix NCD/MAT/01.

4.2.1 Competence of the person managing the audit programme

4.2.1.1 RSB Top Management appointed the NCD QMSO with the necessary competence to
manage the internal audit programme and its associated risks as detailed in the NCD Generic
Competence criteria NCD/COC/ 01.

4.2.1.2 The QMSO engages in appropriate continual professional developmental activities to

maintain the necessary knowledge and skills to manage the audit programme as detailed in the
NCD Competence Management Procedure NCD/PRO/08.

4.2.2 Establishing the extent of the internal audit programme

The NCD QMSO establishes the extent of the audit programme as detailed in NCD/PME/01,
putting into consideration many factors including but not limited to:
a) the level of maturity evidenced by internal and external audit results,
b) review results from previous audit program review results, and
c) the objective, scope and duration of each audit and the number of audits to be
conducted, including audit follow up, if applicable;

d) factors influencing the effectiveness of the management system;

e) applicable audit criteria,

f) results and conclusions of previous internal or external audits;

g) the concerns of interested parties, such as Client complaints

results from internal and external audits.

4.2.3 Identifying and evaluating internal audit programme risks

4.2.3.1 The NCD QMSO identifies the risk that could potentially affect the audit programme right
at its inception.

4.2.3.2 The risks are evaluated and addressed in order to mitigate them so as to achieve the set
objectives.

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 8 of 16

4.2.4 Establishing the internal audit programme procedures

The QMSO establishes and ensures the implementation of procedure to manage and control
the management system internal audit programme

4.2.5 Identifying internal audit programme resources

4.2.5.1 When identifying resources needed for the audit programme, the NCD QMSO considers
financial, methodological and human requirements.

4.2.5.2 NCD QMSO ensures timely communication about the required resources to the Top
Management for better planning.

4.2.5.3 Top Management ensures that the required resources are reflected in the annual
planning activities./budget

4.3 Implementing the internal audit programme

4.3.1 Defining the objectives, scope, criteria for an individual audit

4.3.1.1 The NCD QMSO sets and documents the audit objectives that each individual audit
should achieve. These objectives are consistent with the overall audit programme objectives.
4.3.1.2 The QMSO also defines and documents the scope and criteria used to assess
conformity of each individual audit.

4.3.2 Selecting audit methods

The NCD QMSO selects and determines the methods to use in conducting audits depending on
the defined audit objective, scope and criteria as well as duration. The methods are detailed in
the work instruction for auditors guide NCD/WISGID/024. A combination of different audit
methods is used to optimize the efficiency and effectiveness of the audit process and its
outcome.

4.3.3 Selection of audit team members

4.3.3.1 Using the auditor selection guide NCD/GID/02 the NCD QMSO proposes appoints the
audit team members, including the team leader, having taken into account the competences
needed to achieve the objective of the individual audit with the defined scope.
4.3.3.2 Auditors in training may be part of the team but participate under the direction and
guidance of the Team Leader.
4.3.3.3 The independence of the audit team members from the activities being audited is
ensured. If conflict of interest issue arise in the course of the audit then the composition of the
team is adjusted after consultations of interested parties.

4.3.4 Assigning the responsibility of an individual audit to the audit team leader

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 9 of 16

4.3.4.1 The NCD QMSO assigns the responsibility for conducting the individual audit to the audit
team leader. The assignment is communicated in sufficient time before the scheduled date of
audit in order to ensure the effective planning of the audit.
4.3.4.2 The NCD QMSO gives necessary information to the team leader to ensure effective
conduct of the individual audit.

4.3.5 Managing the audit programme outcome

4.3.5.1 The NCD QMSO ensures that audit program outcomes are managed efficiently and
effectively; this includes ensuring that:
a) Audit findings are evaluated

b) Root cause analyses are reviewed

c) Remedial actions are reviewed

a. Audit reports are reviewed

4.3.5.2 The reports are distributed to NCD Manager, Directors and QMSO and other relevant
parties and the NCD QMSO determines the necessity of follow up audits.

4.3.6 Managing and maintaining audit programme records

In order to demonstrate that audit programme is implemented, the NCD QMSO ensures that:
a) Audit programme records are created and maintained.

b) A record of each individual audit is created and maintained.

Audit personnel records are established and maintained. 

4.4 Monitoring the audit programme

4.4.1 The NCD QMSO monitors the implementation of the audit programme through the
evaluation of:

a) Conformity with the audit programme, schedules, and objectives

b) Performance of audit team members

c) Ability of the teams

4.4.2 The audit programme is modified whenever evidence indicates that change is required.

4.5 Reviewing and improving the audit Programme

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 10 of 16

The NCD QMSO has the responsibility to:

a) Review the management system audit programme

b) Improve the management system audit programme. 

c) Summarize the results and report to top management

5 PERFORMING THE AUDIT

5.1 Initiating the audit

The NCD QMSO makes sure that the appointed audit team leader initiates the internal
management system audit. The responsibility for conducting the audit is with the team leader
until the audit is completed.

5.1.1 Establishing the Initiating contact with the auditee

The audit team leader makes the initial contact to:

a) Establish communications with the auditee.

b) Confirm the authority to conduct the audit.

c) Share information with the auditee on the audit objectives, scope, methods and audit
team composition

d) Gather information about the auditee.

e) Request access to documents and records.

f) Make arrangements to conduct the audit including scheduling the dates;

5.1.2 Determining the feasibility of the audit

The team leader determines audit feasibility so as to provide reasonable confidence that the
audit objectives can be achieved. The following factors are put into consideration:

a) availability of sufficient and appropriate information for planning and conducting the audit;

b) adequate cooperation from the auditee;

c) adequate time and resources for conducting the audit.

5.2 Preparing audit activities

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 11 of 16

The audit team performs the audit guidedaccording to by the work Instructions for auditors guide
NCD/WISGID/0204.

5.2.1 Performing document review

The audit team conducts a documentation review to:

a) Select management system documentation for review.

b) Review auditee’s management system documents.

c) Gather information to prepare for audit activities.

d) Establish an overview of system documentation to detect possible gaps. 

5.2.2 Preparing the audit plan

5.2.2.1 The audit team leader prepares the audit plan basing on the information in the audit
programme and the auditee’s documents submitted for review.

5.2.2.2 The plan facilitates the efficient scheduling using work instruction on audit time
determination guide NCD/WISGID/03 and coordination of the audit activities so as to achieve
the audit objectives efficiently.

5.2.3 Audit plan scale and content

5.2.3.1 The audit team leader prepares the management system audit plan in accordance with
the audit plan format NCD/FAT/01. The plan allows for changes as necessary as the audit
progresses.

5.2.3.2 The plan is submitted to NCD QMSO for review and approval

5.2.3.3 The team leader presents the audit plan to the auditee for agreement. 

5.2.4 Assigning work to the audit team

Considering the resources and their effective use, the audit team leader:

a) Consult with the audit team members before assigning roles and responsibilities. The
assignments take into account, the independence and competence of auditors.

b) Hold team meetings or briefings whenever work assignments need to be changed or

reallocated in order to achieve the audit objective. 

5.2.5 Preparing work documents

The audit team members:

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 12 of 16

a. Prepare appropriate audit work documents, which include a checklist using the format
NCD/FAT/02 and audit sampling plans.

b. The work documents are used to collect audit findings.

c. The work documents control the audit and records.

5.3 Conducting audit activities

5.3.1 Opening meeting

5.3.1.1 The audit team leader plans the opening meeting in accordance with, the opening
meeting agenda format NCD/FAT/03.
5.3.1.2 The meeting is held with the NCDauditee’s Management staff and is chaired by the audit
team leader. The following should be addressed:
a. Confirmation of the audit plan

b. Communication channels.

c. How the audit will be conducted.

d. How audit findings will be reported.

Availability of support services.

e. Conditions that could cause the premature termination of the audit.

feedback systems that the auditee could use to file a complaint

5.3.1.3 The names of all in attendance are filled in the attendance registration form
NCD/FOM/02.

5.3.2 Document review while conducting the audit

5.3.2.1 The audit team members:

a) Review relevant documents provided by the auditee

b) Decide whether or not documents are adequate

c) Use document review to gather relevant information

d) Consider reviewing documents throughout the audit

5.3.2.2 In the event that adequate documentation pertaining to implementation cannot be

provided within the time frame given in the audit plan, the audit team leader informs the NCD
QMSO and the auditee. Depending on the audit objectives and the scope, a decision is made

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 13 of 16

as to whether the audit should continue or be suspended until the documentation concerns are
resolved.

5.3.3 Communication during the audit

The audit team leader:

a) Considers establishing formal communication arrangements that can be used during the
audit;

b) Confers with audit team members to exchange information, assess audit progress and re
assign work as necessary;

c) Communicates with auditee and NCD QMSO on the audit progress;

d) Communicates with auditee and NCD QMSO any concern that may include an issue
outside the scope of audit or where available audit evidence indicates that the audit
objects are un attainable;

e) Communicates with auditee and NCD QMSO the reasons for the concerns to determine
the appropriate action. Such action may include reconfirmation or modification to the
audit plan, changes to the audit objectives or audit scope, or termination of the audit;

f) Communicates with NCD QMSO and the auditee to review and approve any changes to
the audit plan which may become apparent as the audit activities progress.

5.3.4 Roles of guides and auditor in trainingobservers

Guides or bservers may be part of the audit team but they do not influence or interfere with the
conduct f the audit.

The roles and responsibilities of guide include:

Assisting auditors in identifying individuals to participate in interviews and confirming timings,

Arranging access to specific locations of the auditee,

Witnessing the audit on behalf of the auditee,

Providing clarification.The auditor in training is part of the audit team for learning purpose.

5.3.5 Collecting and verifying the information

Audit team members:

a) Select methods for gathering information.

b) Collect relevant and verifiable information as audit evidence, using appropriate sampling.

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 14 of 16

c) Evaluate the evidence against the audit criteria to establish audit findings

d) Records the audit findings

e) Address any unusual evidence discovered during audit.

5.3.6 Generating audit findings

5.3.6.1 The audit team members establish audit findings by evaluating audit evidence and
comparing it the audit criteria. Individual audit finding includes conformity which is reported as
positive finding along with their supporting evidence, opportunities for improvement and any
recommendation.
5.3.6.2 The audit team meet as needed to review audit findings at appropriate stages during the
audit

5.3.6.3 Nonconformities and their supporting evidence are graded and recorded on Internal Non
conformityFCAR form NCD/FOM/2104.

5.3.6.4 Audit findings are reviewed with the auditee to obtain acknowledgement of accuracy.

5.3.6.5 Every attempt is made to reach consensus on any diverging opinions concerning audit
evidence or findings.

5.3.7 Preparing audit conclusions

The audit team convenes prior to the closing meeting in order to:

a) Review audit finding against audit objective.

b) Discuss and agree on audit conclusion.

c) Prepare recommendations

d) Consider audit follow-up

5.3.8 Conducting closing meeting

5.3.8.1 Participants to the closing meeting include the management ofaudit team, NCDthe
auditee, auditors, auditeesstaff and the NCD QMSO..

5.3.8.2 The meeting is facilitated by the audit team leader and the closing meeting agenda
NCD/FAT/04 aims at:

a) Explaining the audit methods

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 15 of 16

b) Presenting the audit findings

c) Describing the audit conclusions

d) Making recommendations

e) Discussing diverging opinions

f) Developing a post-audit action plan

5.3.8.3 Any diverging opinions regarding the audit findings or conclusions between the auditee
and the audit team which has not been resolved is recorded.

5.4 Preparation and distributing the audit report

5.4.1 Preparing audit report

The audit team leader provides an audit report to the QMSO which is a complete, accurate,
concise and clear record of the audit. The report:

a. Includes or refers to the audit objectives

b. Specifies or refers to the scope of the audit

c. Discusses or references the audit criteria

d. Presents or refers to the audit findings

e. Documents audit conclusions

f. Identifies any area within the audit scope that was not covered

g. Highlights any unresolved diverging opinions between the audit team and the auditee.

5.4.2 Distribution of report

The audit report is issued within fourtwo weeks the agreed time, if delayed the reason is
communicated to the auditee and the NCD QMSO. The audit report is reviewed by the NCD
QMSO and then distributed.

5.4.3 Completing the audit

5.4.3.1 The audit team leader verifies that the planned activities have been completed.

5.4.3.2 The audit team manages the documents created and related information gathered during
the audit as confidential and are protected in accordance to the procedure on record control
NCD/PRO/02.

Revision: 076542 Date of Approval: 05290508/06311204/202101986

 National Certification Division NCD/PRO/04

Title: Procedure on Internal Audits Page 16 of 16

5.4.3.3 The NCD QMSO records the lessons learned during the audit for the purpose of continual
improvement.
6. CONDUCTING AUDIT FOLLOW UP

6.1 When audit conclusion indicates the need for correction or corrective action or preventive
action or improvement action such actions are considered and are carried out by the auditee
within the agreed time frame.

6.2 The auditee keeps the NCD QMSO and the audit team informed of the status of these
actions.

6.3 The completion and effectiveness of these actions is verified as part of a subsequent
audit.

7. COMPETENCE AND EVALUATION OF AUDITORS

The Top Management of RSB places uttermost importance in employee competence as it is a

basis for building and maintaining client and stakeholder confidence. NCD has developed a
competence management procedure NCD/PRO/08. Auditors exercise due professional care
while conducting the internal audits. Auditor evaluations are carried to determine competences
and where gaps are identified training is carried out.

Revision: 076542 Date of Approval: 05290508/06311204/202101986