STANDARDS ORGANISATION

OF NIGERIA
welcomes you to this
ISO 9001: 2015 QUALITY MANAGEMENT
SYSTEM (QMS) INTERNAL AUDITOR
COURSE
 CONGRATULATIONS

Being an internal auditor is a big job! Congratulations are in

order because someone has recognized that you have some
of the most desirable characteristic needed to be an
auditor . Examples of these desirable characteristics
include:
– Learn new concepts
– Posses knowledge and communication skills
– Reflect fairness in judgment
– Communicate and deal effectively with others
You should be proud of your role in your company’s ISO
Management System program
PLEASE PUT YOUR
CELLPHONE ON
VIBRATION
 COURSE ADMINISTRATION
• Day Lecture starts 8.30am each day
• There will be evening assignments from 5 pm
of the first day
• There will be lunch break and Lunch will be
served between 1.00pm and 2.00pm
• There will be short breaks of 15 minutes each
day between 10.30am to 10.45am and 3.45 to
4.00pm each day
• There will be test of understanding with
minimum pass mark of 60% overall
 • Basic concepts of quality management system
1
• Summary of the requirements of quality
2 management system
• Auditing in accordance with ISO 19011
3
Course Contents • Audit preparation
4

5 • Audit Execution

6 • Audit Evaluation

7 • Audit Reporting
 Course Objectives
At the end of this training, all participants are expected
to:
Understand the Quality Management Principles and the
requirements of the Quality Management System standard and
their application to QMS auditing
Learn the basic audit elements and how to identify them during
the QMS.

Learn how to prepare and use the audit checklist

Learn how to plan and carry out an audit, trail an investigation

and report the findings in an accurate and impartial manner

Learn how to conduct an opening and closing meeting

Know the roles and responsibilities of Auditor, Lead Auditor

and the Auditee
 MODULE 1

BASIC CONCEPTS OF QUALITY MANAGEMENT SYSTEM

Process Approach – Elements of
Process
Process Approach Model ISO
9001:2015
 Risk Based Thinking

Organisations are
required to understand There is no
its context (Clause 4.1) separate clause
and determine the risks or sub-clause
and opportunities that titled
need to be addressed “preventive
(Clause 6.1) action”

One of the The concept of

key purposes preventive action
of a QMS is is expressed
to act as a through a risk-
preventive based approach
tool to formulating
QMS
requirements.
7 Quality Management Principles

11
 CUSTOMER FOCUS
• The primary focus of quality
management is to meet customer
requirements and strive to exceed
customer expectations.
• Organizations need customers to exist
• Understanding their needs.
• Satisfying customers needs.
12
 LEADERSHIP
• Leaders at all levels establish unity of purpose
and direction and create conditions in which
people are engaged in achieving the quality
objectives of organization

• Good leadership creates enabling environment.

• Helps maintain trust and eliminate fear

13
 ENGAGEMENT OF PEOPLE
• It is essential for the organization that all
people are competent, empowered and
engaged in delivering value. Competent,
empowered and engaged people
throughout the organization enhance its
capability to create value.

• Involve people at all levels

14
 PROCESS APPROACH
• Consistent and predictable results are
achieved more effectively and
efficiently when activities are
understood and managed as
interrelated processes that function
as a coherent system.
• Interrelated activities necessary to get
desired results
15
 IMPROVEMENT
•Successful organizations have an
ongoing focus on improvement
•Organizational efficiency and
effectiveness
•Provide people with training and
establish goals
16
 EVIDENCED-BASED DECISION
MAKING
• Decisions based on the analysis and
evaluation of data and information are
more likely to produce desired results.
• Evidence is information that shows
that something exists or is true
• Make decisions based on evidence

17
 RELATIONSHIP MANAGEMENT

• For sustained success, organizations manage

their relationships with interested parties,
such as suppliers.
• An interested party is a person or group that
has a part to play in the success of the
organization.

18
 MODULE 2

SUMMARY OF THE REQUIREMENTS OF THE QUALITY MANAGEMENT SYSTEM

ANNEX SL HIGH LEVEL STRUCTURE

The new High Level Structure -

identical core text and
standard common terms and
adopts the core definitions for use
in all Management
high-level System Standards:
structure and • purpose - enhance the
consistency and alignment of
terminology of different management system
standards
Annex SL • organisations that integrate
multiple standards (eg QMS,
(used for the EMS, OHS) will see the most
benefit
development • uses simplified language and
writing styles to aid
of all new ISO understanding and consistent
interpretations of
standards) requirements.
 Annex SL High Level Structure

1. Scope
2. Normative References
3. Terms and Definitions
Common
Structure
4. Context of the Organization
Common Common 5. Leadership
Terminology Definitions
6. Planning
Annex
7. Support
SL
8. Operation

9. Performance Evaluation
10 Improvement
 ANNEX SL CLAUSE STRUCTURE
. Context of the organization
4

Understanding the organization and its context 7. Support

Resources
Understanding the needs and expectations of
Competence
interested parties Awareness
Determining the scope of the XXX Communication
management system Documented information
XXX management system
8. Operation
Operational planning and control
5. Leadership
Leadership and commitment 9. Performance evaluation
Policy Monitoring, measurement, analysis and
evaluation
Organizational roles, responsibilities and Internal audit
authorities Management review
10. Improvement
6. Planning Nonconformity and corrective action
Continual improvement.
Actions to address risks and opportunities
Objectives and plans to achieve them.
 MODULE 3

AUDITING IN ACCORDANCE
WITH ISO 19011
 AUDIT
• SYSTEMATIC, INDEPENDENT AND
DOCUMENTED PROCESS FOR OBTAINING
AUDIT EVIDENCE AND EVALUATING IT
OBJECTIVELY TO DETERMINE THE EXTENT
TO WHICH AUDIT CRITERIA ARE FULFILLED.
THE SYSTEMATIC AUDIT APPROACH
• Anticipating all needs
• Planning
• Providing for all
• Organisation resources

• Performance • Conducting all activities

• Measuring the fulfillment

• Evaluation of plan
 INDEPENDENT
• Mind • Not affected/influenced to
compromise professional judgment.

• To act with integrity and exercise

objectivity.

• Appearance • The avoidance of circumstances

that would cause a reasonable
conclusion that the integrity or
objectivity of the audit is
compromised.
 TERMS AND DEFINITIONS
Audit evidence
• Records, statements of facts or other information,
which are relevant to the audit criteria and verifiable.

Audit criteria
• Set of policies, procedures or requirements.
 TERMS AND DEFINITIONS

Policy
Audit
Evidence Procedures
Judged Standards
Against
Practices/Instructions

Requirements
28
 TERMS AND DEFINITIONS
AUDIT FINDINGS
Results of the evaluation of the collected audit
evidence against audit criteria.

AUDIT CONCLUSION
Outcome of an audit, provided by the audit
team after consideration of the audit
objectives and all audit findings.
TERMS AND DEFINITIONS
AUDIT CLIENT
ORGANISATION OR PERSON REQUESTING
AN AUDIT

AUDITEE
ORGANISATION BEING AUDITED

AUDITOR
PERSON WITH THE COMPETENCE &
AUTHORITY TO CONDUCT AN AUDIT
 IDENTIFY AUDIT EVIDENCE & CRITERIA
Auditors were assessing identification of
training needs. The appraisals of Hillary, Isioma
& James were not seen in the Training file. The
Admin Director was not certain if the last staff
performance appraisal had been done. She could
not locate the record used in distributing the
forms. A typical form was presented to Auditors
to see the criteria of appraisal. She drew the
attention of Auditors to Procedure
MNA/PR/HM/007 that covered this matter and
said it didn’t limit her since she was a Director.
 PRINCIPLES GUIDING THE AUDITOR

1. ETHICAL CONDUCT
2. FAIR PRESENTATION OF FACTS
3. DUE PROFESSIONAL CARE
4. INDEPENDENCE FROM THE AREA
5. EVIDENCE BASED APPROACH

32
 ETHICAL IN CONDUCT

Professionalism based on
– Trust
– Integrity
– Discretion
– Confidentiality

33
FAIRNESS IN PRESENTATION

• Truthful and
accurate reporting
• Make sure the facts
are apparent

34
 DUE PROFESSIONAL CARE

• COMPETENCE by being systematic

(Planning, Organising, Performing
& Evaluating)

• DILIGENCE by ensuring only

relevant information in the area is
considered.

35
MAINTAINING INDEPENDENCE
FROM THE AREA
• Throughout the
audit remain
impartial and
maintain objectivity.

• Start formally but

end friendly.
36
 EVIDENCE BASED
APPROACH
 All findings must be
based on verifiable
evidence.
 Report evidence that
were obtained from
authoritative
statement & factual
observation that exist.

37
 HUMAN ASPECTS………

 GOOD AUDITOR QUALITIES

 GOOD PRACTICES
 BAD PRACTICES
 AUDITEE
 PRE-EMPTING CHALLENGING
SITUATIONS
 Good Auditor Qualities
 Friendly manner
 Patience
 Perseverance
 Calmness under provocation
 Calmness under pressure
Good Auditor Qualities contd.

 Objectiveness
 Fairness
 Thoroughness
 Decisive
 Communication at all levels
 GOOD PRACTICES
 Smile and be relaxed
 Speak clearly and simply
 Be unemotional and impartial
 Maintain eye contact with the auditee
 Rephrase the question if necessary
 Good Practices

 Do not project superiority

 Ask the right person
 Apologise for interrupting
 Do not look for trouble
 Give praise when deserved
 Bad Practices
 Relying on your own memory
 Subjective opinions
 Criticizing individuals
 Getting into an argument
 Taking sides
 Bad Practices

 Asking too many questions at once

 Answering your own questions
 Not giving enough time to answer
 Saying you understand when you don’t
 Auditee
 Argumentative/Undisciplined
 Dishonest/Opinionated
 Impatient/Inarticulate
 Lazy/Apathetic
 Domineering/Rude
 Pre-empting challenging
situations

• Give advance notification

• Ensure importance is known
• Be empathetic
• Keep information flowing
 REASONS FOR AUDITING
• Compliance with quality management
system
• Compliance with contractual
requirements
• Provide information for system review
• Increase quality awareness
• Improve customer satisfaction
Audit Benefits to the Organization
• To obtain factual information for management
decisions
• To obtain unbiased management information
• To improve communication and motivation
• To assist with training
• To identify areas of risk
• To identify areas of opportunity
• To assess performance
• To assess equipment status
 TYPES OF AUDIT
System audits are distinguished on the basis
of the party requesting (e.g. a person,
section, department, division or plant in an
organisation).

• INTERNAL AUDITS (often referred to as first – party audits)

• EXTERNAL AUDITS (often referred to as second – party
audits)
• External certification audits (often referred to as third –
party audits)
 System Audit

First party
Organisation
Third party
skills
resources
facilities Second party
Certification body
time

confirmation
Supplier
 TYPES OF AUDIT
First party
Audits initiated by an organization on its processes
with the result going back to the management of the
organization. The Audit can be performed by the staff
of the organization or by consultants
Second party
Audits by an organization ( or through representative)
on a supplier usually for business transaction purposes.
It is initiated by the Organization. The results goes to
the Organization
Third party
Audits by an independent body on an organization
usually for certification purposes
 REASONS FOR 1ST PARTY AUDIT

• Management System standards requires it

• It is a control mechanism utilized by
management
• It allows for correction of nonconformance's
before external bodies find them
• It is a powerful tool for assessing
improvement
 REASONS FOR 2nd PARTY AUDIT

• It is a powerful tool that enhances the

strength of an organization’s supply chain
• It enables organizations correct problems
before they affect the customer or end user to
avoid product recall, service failure or
compliance issues
• It ensures a strong and transparent quality
control process
 REASONS FOR 3rd PARTY AUDIT

• Regulatory requirement: Some regulatory bodies require third-party

certification to verify compliance.

• Supplier qualification: Today, ISO management system standards especially

ISO 9001 is widely used as a qualification requirement for suppliers in many
different product and service sectors eg. automotive, aerospace,
telecommunications and other industries have sector specific versions of ISO
9001 that are used with suppliers. These all require third-party certification.

• Internal use: Organizations do this based on a perception of market advantage

and use the certificates in advertisements promoting their goods and services.
Some organizations use third party audits and certification to verify for their
own management the adequacy of their quality management system.
 Phases of an Audit
• Planning and preparation
• Conducting the audit
• Evaluating the results
• Agreeing to take corrective action
• Follow up actions
 AUDITING PHASES

S ES
A
E PH
HES
G HT
ROU
TH
T GO
US
U DIT
M FOLLOW UP
LE DA
U
ED
CH
RYS
E
EV

EXECUTION

56
 MODULE 4

AUDIT PHASES,
AUDIT PLANNING & PREPARATION
 AUDIT PLANNING & PREPARATION-
COMPONENTS
• Audit responsibilities allocated
• Team selection (Who to use)
• Task definition (Team Leader & Auditors)
• Audit Programme (scope/time)
• Audit communication (circulation)
• Resources/logistics consideration
• Audit criteria (standards/policies/ references
for audit)
• Audit documented information (forms, papers)
 AUDITORS’ RESPONSIBILITIES

• Some knowledge of the organization’s processes

• Participate in planning, opening and closing
meetings
• Checklists preparation
• Conducting audits
• Writing nonconformance statements
• Conducting follow up audits
 TEAM LEADER’S
RESPONSIBILITIES
Responsible for:
• Overall audit planning
• Checklist preparation
• Directing the opening and closing meetings
• Coordinating and participating in audits
• Ensuring good conduct during audits
• Deciding on nonconformance classification,
• Preparing audit summary reports
• Ensuring a follow up to close out the audit
 RESPONSIBILITIES OF
AUDITEE’S MANAGEMENT
Ensuring:
• Understanding the scope and objectives of audit
• Auditee’s availability and appointments of audit
guides
• Reception of auditors and logistics provision
• Good conducts and provision of necessary audit
evidence during the audit
• That timely corrective actions are taken on non
conformances
 Assignment for discussion

• Differentiate between a team leader and a

lead auditor
• Explain the roles of an auditor, auditees and
auditee’s organization in an audit system
• Explain the roles of an Audit Coordinator

62
ISO 9001: 2015 Auditors Course
 AUDIT PROGRAMME/PLAN

Audit programme
Shows audit spread for a period of time
indicating the frequency

Audit plan
Shows a detailed audit planned for a specified
time, date and location including details of
names of auditors, auditee, time, etc,.

Based on status and importance of activity

 Decisions at Planning Stage
• Types and scope of audit

• When best to perform the audit

• Information to be gained

• Expertise required.
 Audit plan - content
1. Areas/activities
2. Duration
3. Auditors assigned
4. Time for opening meeting
5. Time for closing meeting
6. Team leader
7. Key personnel – Auditee
8. Audit criteria
 CHOP – I - CHOP Audit plan
Audit criteria ISO 9001, Quality manual, Dept Manual, other
requirements
Activity / Scope Time Auditors Auditee
Opening meeting 8.30 – 8.45am ALL Auditors MGT
Admin/Security 9.00 – 10.30 Tom/Jerry Daffy Duck
Procurement 9.00 – 10.20 Cayote/Road Elmer Frost
Runner
Maintenance 9.00 – 10.30 Pinky/Brain Roger Rabbit
Accounts 9.00 – 10.30 Speedy Donald Duck
Gonzalez/Porky
QHSE/Stores 9.00 – 10.30 Powerpuff girls Bart Simpson
Ops – Cementing 9.00 – 10.30 Sponge bob Squarepants
Ops -Pipeline 9.00 – 10.30 Tompolo/Boyloaf Asari Dokubo
Logistics 9.00 – 10.30 Neverland Pirates Jake
Ops - Coil tubing 9.00 – 10.30
Closing meeting 10.30 – 10.45am ALL Auditors MGT
 Departments J Feb Ma Apr Ma J Jul Au Se Oct No De
a r y u g p v c
n n
Sales P     A     A          

Admin.   P                    

Technical     P   A   A          

Planning       P         A      

Logistics A       P       A      

Purchasing       A   P     A      

Store 1 A     A     P          

Store 2   A             P      

Processing1     A     A       P    

Processing2   A       A         P  

Calibration         A             P

Key: P = Audits programmed on the basis of IMPORTANCE only.

A = Additional audits taking into account the STATUS and IMPORTANCE.
 Typical audit plan: Nigeria Incorporated unlimited

Date Opening Meeting ALL Time

NIGERIAN
S
aa/b/0c Department Names of Auditors Process 9.30am
Owner
dd/e/0f Legal Gani/Falana Aondooka 10-12pm

gg/h/0i Operations Ribadu/Larmode Diezanni 10-11am

jj/k/0l Quality OBJ/IBB Buhari 10-1pm

xx/y/0z Closing meeting ALL 3.30pm

Very soon NIGERIAN Very soon
S
 AUDIT COMMUNICATION
• Advance information required
• Not a surprise exercise
• Programme should be circulated to all
concern
• Obtain necessary approval
• Clarify issues with those concerned
• Ensure proper understanding of the
objective of the audit
 AUDIT RESOURCES
• Documented information
• Information
• Inspection tools
• Travel costs
• Date and Time
 CHECKLIST
• A list of items required
• A list things to be done
• A list of points to be considered

• A checklist for any internal quality audit is

composed of a set of questions derived from the
Management System standard requirements and
any process documented information prepared by
the company
 USE OF CHECKLIST
• Focus on essentials

• Aide to audit planning

• Maintain audit direction

• Permit continuity
 Checklist contd

 Advantages Focus on specifics

Aide memoir
Used for note taking

 Disadvantages Inhibits flexibility

Becomes
questionnaire
Copycat audits
 Checklist Preparation
Checklist Questions should be written
such that:

• Strike a balance between too specific

and being too general
 Checklist Preparation
Examples of broad questions are;

 Do they have a non conformity

control system?

 Do they have a non conformity

report?
 Checklist Preparation
Examples of in-depth questions are:

 Do they use the nonconformity report (NCR) Exhibit

17A of their QA Manual?
 Is the description block of NCRs filled in, signed and
dated as required?
 Is the “resolution completed” block of NCRs filled in,
signed and dated as required
 Checklist Preparation
More examples of in-depth questions are:

 Do they identify nonconformingcheques

with red tag?
 Do they segregate nonconforming
products (when practical)?
 Checklist Preparation
Checklists should include the number of
random samples to check because a
conclusion based on one record would be
questionable.
Samples size should therefore be
determined for checklist issue. E.g.
Auditor picks three calibration cards at
random and records observations
 Checklist
S/No Checklist sample criteria Result

1 Pumps Maintenance logs 5 logs QMSP 002 Log shows No maintence on

(4.0) pumps 3,8 9 of wk 23 & 47.
No Superv review in wk 14, 32,
37
 MODULE 5

AUDIT PHASES
-AUDIT EXECUTION
 CONTENT OF OPENING MEETING

A meeting for clarifying and verifying audit related issues

between the auditors and auditee
 Audit objectives, scope and criteria & timetable;
 Audit methods and procedures to be used
 Explain the sampling and uncertainty nature of audit
 The language of audit;
 Resources and facilities needed by the audit team
 Matters relating to confidentiality;
 CONTENT OF OPENING MEETING

• Relevant work safety, emergency and security

procedures for the audit team;
• Availability, roles and identities of any guides;
• The method of reporting & grading
• Information about conditions under which the audit
may be terminated;
• Handling of complaints on the audit.
• Clarifications by auditee.
AUDIT METHODS/ CONDUCT
Conduct of Meetings during audit
 Speak with authority
 Listen with care
 Maintain good manners
 Watch body language
 Control the situation
 Finish with clear objectives
 Audit Techniques and
Methods
1. Use of improvised questions:
In addition to checklist questions, improvised
questions can also be very useful in audits.
a) Unexpected questions
e.g. What do you do if a thermocouple breaks
during heat treatment?
b) Requirement question
e.g. How do you meet the Standard’s requirements
for document control?
 Audit Techniques and
Methods
Use of improvised questions:
c) Leading questions
e.g. If the QC Inspector can’t be here to
witness the operation you don’t wait do
you?
d) Naive question
e.g. I don’t understand how you do this, how
do you do it?
 Audit Techniques and Methods
2. Reviewing Activities :e.g. from procedures,
instructions, etc for accuracy or
implementation?
3. Spot-in-depth Technique: e.g. of an
activity, product or area for in-depth
system or technique?
4. Tracker technique :e.g. Trace forward,
trace backward and make cross reference
 Audit Techniques and Methods
5. Documentation examination : e.g. spot-
check documents to verify compliance
with QM or implementation procedure

6. Computer system check: e.g. ask for a

demonstration of an example you pick
 Audit Techniques and
Methods
7. Picking the questions: e.g. do not ask to be
shown typical documents or records; ask
to see the list and make your own
selection.
8. Switch audit techniques : e.g. avoid
becoming predictable; remember that the
element of surprise is important
 Type of Description Examples Comments
Question

  An open question will lead to a ·         What is your interpretation of the ·         Open questions may sidetrack your
  wide range of answers. result obtained? conversation and focus.
Open Generally, use it to seek the ·         Could you tell me how you process ·         It may be difficult for the auditee
auditee’s opinion, to get an these intermediate results? to respond.
explanation/description from the ·         How do you implement the waste ·         They may be so open that you will
auditee or to allow for reasoning management program? get general answers.
on certain matters.
    ·         Do you know that there is a ·         These questions provide limited
  A closed question is used to get a documented procedure for this? information and if you are in search of
  “yes” or “no” answer, while a ·         What’s your responsibility? an extended answer, use an open
Closed/ direct question will invite a short ·         Has this specific environmental impact question.
Direct answer with one or a few words. been monitored? ·         Be careful of the “tone” when you
These questions are used to get use this type of question.
specific information. ·         As a guide, avoid using more than
    ·         In what way was corrective action three
·      consecutive closed or direct
  These are open questions, but completed? questions.
    If you need to encourage the auditee
Probing/ they aim at getting more or ·         Could you provide me with some to elaborate, use this type of question.
Clarifying clarifying information about a examples on these? ·         Avoid frequent use as the auditee
subject by specifying conditions. ·         What do you mean by “referring to the may think that you are not listening.
guidelines on the site emergency plan”?
    ·         You do check for the accuracy of the ·         This type of questions should be
Leading A leading question suggests an equipment every morning, don’t you? avoided as it may lead to biased
answer, as the answer is normally ·         You determine your sample size based information.
implied in the question. on the sampling table, don’t you?

    ·         Don’t you agree with me that you have ·         Avoid this type of questions.
Interrogative These questions put the auditee not correctly verified the incident reports
/Antagonistic on the defensive. according to the internal standards?
 
Audit Techniques and Methods
Questions
Six friends - Elephant Child, R. Kipling

When? Why? Where?

What? How? Who?
Seventh friend – Show me
 Audit Techniques and Methods

Ask???
Verify
Observe
1. WHAT ARE YOU TRYING TO DO?
The question is directed to all the three levels of any
organization.
• At the enterprise or corporate level, - the
mission/vision/policy
• At the Intermediate level (managers) – the objectives
• At the lower level (operational) – accomplishing task
• In terms of the ISO 9001 :2015 therefore, Auditor will focus
on quality policy and quality objectives and relate them to
the relevant clauses of the standard.
 2. HOW DO YOU MAKE IT
HAPPEN?
Auditors therefore will have to find out if the
organization
• Identified it’s processes.
• Determine their sequence and interaction.
• Develop criteria and methods for the
processes.
• Provide necessary information about and for
the processes.
• Lastly provide adequate resources for the
processes.
 3. HOW DO YOU KNOW IT’S
RIGHT?
• At the enterprise/corporate level, top management
should know how the organization is performing against
plan e.g. financial reports or monthly, quarterly etc
reports.
At the Intermediate (managerial) level, the process
objectives are assessed e.g. observations and periodic
reports.
• At the lower (operational) level, the question addresses
how the individual is performing against work
assignments or objectives e.g. for an operator –
information from instrumental panel on machine.
 4. HOW DO YOU KNOW IT’S
THE BEST WAY OF DOING IT?
If the above question is never asked, there will never
be continual improvement and thus such an
organization will eventually be overtaken by the
competition.
In terms of the application of the standard therefore,
an auditor will seek to know how the organization.
• Monitor and measure processes.
• Analyze processes.
• Continually improve processes
 In short the Auditor will look for how the
organization, in terms of the standard:
• Monitor and measure product.
• Monitor and measure processes.
• Analyze product and processes.
• Implement actions to achieve planned
results.
5. WHAT DO THEY DO WHEN THINGS GO
WRONG?

Auditors ask this question in various ways

when they seek to know if the auditee
organization:
• Control non conforming products.
• Carry corrective action.
• Have action plans to address identified risks.
 Audit Techniques and
Methods
Audit conduct
The Auditor must be
 Professional in conduct
 Credible to keep information
 Avoid the “I caught you” syndrome
 Audit Techniques and
Methods
Audit conduct
The Auditor must
 Avoid drawing conclusions or making
evaluations beyond evidence being
examined.
 Avoid making observations as to the
efficiency of activities and suggestions
as to a better way.
 Audit Techniques and Methods
For a thorough audit process , Auditor must :

•Adequately prepare for the audit

•Use a process-based audit checklist
•Ensure they put auditees at ease
•Interview all functions and levels
•Encourage top management involvement
•Ensure organization welcome nonconformities as opportunities for
improvement
•Focus on known weaknesses
 NOTE TAKING

Visual Details observed

Verbal Information given
Factual Specific instances
References For correlation
 NOTE TAKING

Activity/Area Details Criteria

 SUMMARY OF THE PROCESS APPROACH TO QMS AUDITS
CONTROLS
· Who is responsible for the process, is
responsibility defined
· What are the customer requirements, how are
they defined
· Are the objectives, relevant to the process, clearly
defined
· What controls, checks are in place
· What acceptable limits are in place

OUTPUTS
PROCESS · What is the product by
INPUTS  What are the process steps this process
 What input data / material is  What happens at each step · How do we ensure the
required  What doc’s / records are product
 Where do the inputs come meets requirements
generated
from  Is process implementation as EFFECTIVENESS
 Are they received on time described • What is the purpose of
 Are they fit for purpose  Are activities carried out by this process
intended qualified people · How does it impact on the
customer and other
· RESOURCE REQUIREMENTS processes
Equipment: what equipment & resources are required · Is there evidence that the
to complete the process. process objectives are
Is equipment suitable for use and maintained? being met & that other
People: what competency requirements are necessary? affected process objectives
Is there evidence that people are suitably trained?
are met
· Where is the effectiveness
of the process felt within
interlinking activities
· Where might failures
occur & where might they
be noticed and identified
 MODULE 6

AUDIT PHASES
-AUDIT EVALUATION
 Audit Results
Objective Recording:
• Audit findings must be recorded so that they can be
investigated by another auditor and audited
organisation and should include objective evidence
to support findings.

• Recording non conformance

1. Factual observation (What)
2. Identified location (Where)
3. Established criteria (Why & how)
4. Person involved (where unavoidable) Who?
 AUDITING RESULTS

Judging Non conformance

Against • Policy
• Procedures
• Standards
• Practices/Instructions
• Requirements

IT MUST BE AGAINST AGREED REFERENCE

 AUDITING RESULTS

Non conformity Types

• Documentation
• Equipment
• Material
• Personnel
• Location
• Activity
NON CONFORMITY CATEGORIZATIONS

 Category 1 System breakdown –Major NC

Cumulative effect of similar

 Category 2
deficiencies –Major NC

 Category 3 Minor deficiencies –Minor NC

108
 AUDITING RESULTS
Can indicate: -
• Minor isolated errors –Category 3
• Errors happening too frequently –
category 2
• Too many minor errors - category 2
• Inadequate controls - category 1
 Nonconformity statements
• Log shows on pumps 3,8 9 had no maintenance
information for wk 23 & 47 as against QMSP
002 -4.0.
• Maintenance log reports for Pumps No 3,5 & 7
were not reviewed by the Supervisor in wk 14,
32 & 37 as against QMSP 002 -4.5.
 RESOLVING NONCONFORMITY

Evaluate Determine
root cause
Effectiveness of
Action Taken

NONCONFORMITY

Take
corrective Correction
action e.g
5 whys

111
 Five Why Analysis
Why? Reason
Why was our The service has been delivered too late. The customer
Why 1
customer unhappy? was unsatisfied.
Why was the service We did not prepare the service on time because it took
Why2 not prepared on
much longer than we expected.
time?
Why did it take so Because we did not receive all approvals on time and
Why3 much longer? underestimated the duration of the project.
Why did we
Why4 underestimate the Because we forgot to prepare a detailed list of all tasks.
project duration?
Why did we forget Because we were running behind on other projects and
Why5 failed to review our task list and time estimation during
about it?
the project.
Root Because we didn’t have a checklist to clearly identify all tasks that we must
achieve to estimate time accurately. We need to develop a systematic
Cause* approach to include these factors in future projects.

* Note the root cause(s) of the problem here. Only the one who experienced the problem is qualified to perform
the analysis. There are usually more than one root cause
 REMEMBER LIKELY ROOT CAUSES OF QUALITY PROBLEMS

• Lack of organisational structures

• Lack of training
• Lack of discipline
• Lack of resources
• Lack of time
• Lack of top management support
So, if something goes wrong it is never the
person, always the system!
 MODULE 7

AUDIT PHASES
-AUDIT REPORTING
 CLOSING MEETING
Conduct closing or exit meeting to:
• Review objectives and scope
• Explain limitations of the audit
• Present audit report
/ non-conformances
• Agree on close out dates
 CLOSING MEETING contd
• The summary presented must also reflect what
effects the results of the audit will have on the
department/processes and the company
• Clarify ambiguous issues.
• Show appreciation and depart

NB: Take list of attendees at the closing meeting.

 AUDIT REPORTING
Content of Audit Report
 Report reference
 Date of Audit
 Organization audited
 Department (s) / Unit (s) visited
 Audit scope
 Audit basis
 Personnel seen
 Summary of major findings
 AUDIT REPORTING
 Checklist used (NOT MANDATORY)
 Recommendations
 Corrective action schedule
 Follow-up recommendations
 Audit method
 Report distribution list
 Signature of auditor (s)/ Team Leader with date
 AUDIT FOLLOW-UP

OBJECTIVES
Ensure corrective action taken
Evaluate effectiveness
Close out records
Permit satisfactory conclusion
 AUDIT FOLLOW-UP
Follow- up options
 Limited re-audit

 Review of documentation

 Verification
YOUR CONDUCT AS AN AUDITOR
 Smile and be relaxed  Avoid being argumentative
 Be unemotional and don’t be rude
 Be articulate and speak with  Maintain good manners
authority  Maintain calmness under
 Speak clearly and simply pressure
 Look at the person, while  Maintain calmness under
talking provocation
 Listen with care
 Be honest and fair to all
 Rephrase the question if
necessary

121
TO PREPARE FOR AN AUDIT,
AUDITORS SHOULD:
• Become familiar with the context of the organization
• Understand the scope of the audit and audit criteria
• Refresh his knowledge of the requirements of the standard
• Ensure specific knowledge of the sector
• Understand the positive value from audit finding and
prepare to add value
• Be familiar with the procedures for internal audit
THANK YOU