Post on 12-Jul-2020
Changing the way we audit...
Internal AuditsInternal auditing is an independent, objective assurance, and consulting activity designed to add value and improve an organization's processes. It helps an organization accomplish its objectives by bringing systematic and a disciplined approach to evaluate and improve the effectiveness of the quality management processes.
Internal Audits When and Why?
Minimum once a year but may be performed more frequently or on a staggered basis. However, if during an internal audit of a department, deficiencies are discovered, it is advisable to increase the audit frequency of that department until the auditor is assured that the deficiencies will not repeat themselves.
Internal Audits When and Why?
Internal audits are another source of valuable information on the effectiveness of the management system, the effectiveness of training and to ensure that the personnel are following the procedure.
Becoming an Internal Auditor
This responsibility must be accepted and it
will require training, discipline, commitment
and attention to details. The internal audit is
the greatest defense against external audits
by a customer or an auditing registrar and is
a preventive program to ensure continuous
compliance to the organization’s quality
policy, objectives and system requirements.
DefinitionsQuality Audit
A systematic, independent examination of a quality system. Quality audits are typically performed at defined intervals and ensures that the organization has clearly-defined internal quality monitoring procedures linked to effective corrective action.
DefinitionsQuality Audits
The auditing determines if the quality system complies with applicable regulations or standards. The process involves assessing the standard quality system procedures for compliance to the regulations, and also verifying the actual processes against what is stated in the applicable procedures.
DefinitionsAuditor : A person who has the training and qualification to perform the audits.
Auditee: An organization or part of the organization to be audited
Client: A person or organization requesting the audit
DefinitionsObjective Evidence
Qualitative or quantitative information or records pertaining to the quality of an item or service or to the existence and implementation of a quality system element, which is based on observation, measurement or test that can be verified
DefinitionsObservation
A statement of fact made during an audit and substantiated by objective evidence. Observations are made in an effort to recommend improvement.
DefinitionsLead Internal Auditor
A lead internal auditor shall be placed in overall charge of internal auditing at the organization, whether the audit is carried out by a team or an individual
Internal Audit Team
The internal audit team may include experts with specialized background, auditor trainees or observers.
DefinitionsAuditor Independence
Internal Auditors must be independent of the processes that they audit. Internal auditors cannot have any direct responsibility to perform the processes or have any inter-relations with the auditees that may have an affect on their judgment during the audit.
Clarification of IndependentIndependent does not mean that an internal auditor can not audit their own department. Independent is different for an ISO auditor and includes many different conflict of interest clauses. Internal Auditors may audit most areas in the organization with the exception of their own work. For example; an auditor can not audit document control if they actually do that job themselves.
Audit objectives To determine conformity or non-conformity
of the quality system elements with specified requirements;
To determine the effectiveness of the quality system;
To provide the opportunity to improve the quality system;
To initially evaluate a supplier (external audits);
Audit objectives To verify that the facility’s quality system
meets specified requirements;
To ensure compliance with quality policies;
To optimize relationship quality/cost;
Identify weakness in the quality system;
To provide the opportunity to improve the processes;
To provide the opportunity to improve overall product quality.
Creating the TeamThe internal audit team shall consist of a group of auditors that are trained and competent in auditing. The internal audit team must have an understanding of the processes that they are auditing. When the internal auditors do not have experience in a specific process, they may invite an independent expert to assist in the evaluation of the processes and auditing.
Creating the TeamIn CIS, it is recommended that a management meeting be created to establish the internal audit team. The agenda should include the internal auditor’s names, their training, experience, and the processes that they can audit with no conflict of interest.
Creating the TeamThis will serve as a record of the Internal Audit Team and the meeting should be revised if new experts or auditors are created. This record will help when a registrar for ISO 9001:2000 certification audits your organization. Also, to close the loop, each auditor’s training should be recorded in the HR database of CIS as a record to show that all the Internal Auditors are trained and competent.
Creating the Internal Audit Team
Planning An internal audit must be planned in
advance and a schedule created for each internal audit process. The Management Meetings can be used to plan the audit and to record the results of each internal audit process. When planning the internal audit, consideration to following criteria shall be included when planning an internal audit:
Planning Each process and procedure must be
audited;
The audit frequency shall be determined
by the importance of the process and from
past auditing experience. The schedule
must include a date and time and an
estimate of how long the audit of the
process will be.
Planning Determine which internal auditor will audit
the process based on experience and training.
During each audit, the auditor should also review the documented quality system and compare it to the ISO 9001:2000 standard, statutes, regulations and customer specifications to ensure that the documented system meets these requirements.
Planning and CIS Using the management meeting in CIS will
simplify the auditing process. The
management meeting module has many
useful features and will serve as a record
of the internal audit plan and results. The
following are a list of the useful features of
the CIS Management Meeting:
Planning and CIS The plan may be cloned for future audits
to avoid re-entering the data;
Allows to specify the audit processes and
criteria to be audited in the agenda
section;
Allows to plan a date and assign
responsibility for the audit;
Planning and CIS Allows for supporting documents to be
uploaded in each meeting (audit);
Multiple audits may be created and
planned at the same time;
CIS will send out the agenda for the audit
to all parties concerned for planning
purposes;
Planning and CIS The agenda allows the auditor to enter
results and assign actions;
Any observations or nonconformities may be instantly entered into the action section of the meeting and assigned to a manager to be resolved;
All audits planned and action items resulting from an audit will appear on the master calendar and the participant’s personal web page when signing into CIS;
Planning and CIS The completed management meeting of an
internal audit will serve as an audit record that the internal audit was performed and may be used by management for establishing quality objectives for improvement.
Planning and CIS Create a management meeting for each
area to be audited. For example, you may want to divide the audit into processes such as receiving, shipping, re-work etc…
Planning and CISWhen completing the internal audit
management meeting select the internal auditors and the auditees since both will be advised of the planned audit when CIS sends out the Agenda E-mail. Remember that you may create multiple meetings or internal audit plans or you may clone this meeting for future internal audits.
Planning an Audit using CISReceiving Process Example
Specific Details for Each Audit Create the agenda items. The agenda
items will include the activities to be verified during the audit. To establish the activities to be audited, the internal audit team must take the time to review all the applicable procedures and establish input and outputs that can be verified during the internal audit that will determine if the processes are performed correctly and effectively.
Specific Details for Each Audit The agenda items (audit specifics) should
also include:
Introduction and closing meeting;
Procedure review and applicable ISO elements.
Creating the Audit Agenda Plan
Completing the Plan and CIS Once the Internal Audit meeting is
established with the agenda items, the management meeting may then be sent out to all internal auditors and auditees so that they may plan for the audit.
The management meeting of the internal audit will now appear on the master calendar.
Completing the Plan and CIS
Sharing the plan
Auditing Tips Make sure the authority of the audit
team is established. This will increase the cooperation from auditees;
Determine the scope of the audit - is it an overview of the area being audited or is it to concentrate on a specific system within the area?
Auditing Tips Determine the purpose of the audit - is it
to comply with government regulations, quality standards, internal procedures and system?
Hold a meeting with the auditors to discuss the plan, purpose, and scope of the audit;
Auditing Tips Read the documents you will be auditing.
Know what they say. Develop questions to ask the auditees;
A PDA is extremely handy. You can have all the required procedures and check lists at your finger tips. A PDA connects with CIS and you can download the procedures each time you audit. A PDA also can record results and findings and take pictures. Pictures and result files can be uploaded into CIS.
Auditing Tips Conduct an opening and closing meeting
with the auditees; Be professional at all times. Avoid being
judgmental;
Follow safety procedures, clean room procedures, and all other required procedures;
Auditing Tips Explain the purpose of the audit to the
auditees;
Answer questions or discuss compliance problems brought to your attention by auditees;
Be flexible - if you find a potential problem not within the scope of the audit, evaluate the potential risks of the problem if left unaddressed;
Auditing Tips Encourage honesty with the auditees;
Remain within the audit scope;
Exercise objectivity;
Collect and analyze evidence that is relevant and sufficient in order to draw the conclusions;
Act in an ethical manner!
Performing the Audit First print the agenda topics or in this
case, the auditing criteria. The print out will act as a checklist during the audit and a place to record notes and findings to be entered later into the CIS records.
You can use the traditional check list, however, remember that the problem with a check list is that it tends to narrow our vision during an audit;
Printing the Agenda Topics
Understanding the processes Review the audit agenda topics and print-
out all the procedures that are applicable for the processes to be audited. Review the procedures and highlight or make notes of important inputs and outputs to be verified and reviewed during the audit.
Understand the intent of each procedure so that during the audit, effectiveness can be evaluated.
Understanding the processes The printed procedures that have notes
and highlights may be filed and maintained since they are one of many objective evidence of the internal audit process.
However, do not use them again for another audit since the procedures may be revised between the two audits. Always print out the procedures during the planning stage.
Performing the Audit The audit team should always be on time for
the internal audit and start the audit with an opening meeting with the auditees.
The opening meeting should:
introduce the members of the audit team;
review the scope and the objectives of the audit;
provide a summary of the auditing methods to be used;
Performing the Audit establish communication links between the audit team and the auditees;
confirm that the resources and facilities needed by the audit team are available;
discuss any known problems with the owners of the processes. This may save time during the audit and may result in immediate actions required.
confirm the date and the time of the closing meeting and any interim meeting;
Performing the Audit The internal auditors should begin the
audit in a sequential manner. Starting at the beginning of the process and ending at the end of the processes. Take care to review the inputs and outputs of each process and compare them to the requirements in the procedures and/or work instructions. Use the prepared agenda (or checklist) for guidelines.
Performing the Audit Evidence should be collected through
interviews, direct examination of documents and observation of activities and conditions in the area;
Information gathered through interviews should be tested by acquiring the same information from other independent source;
Performing the Audit All audit observations should be
documented and reviewed to determine if they are to be reported as nonconformities (action items);
Nonconformities (action items) or areas for improvement should be documented in a clear manner in CIS;
Performing the Audit Nonconformities (action items) or areas for
improvement should be identified in terms of specific requirements of the standard or other applicable documents.
No Documented ProceduresWith the new ISO 9001 requirements
giving the responsibility of determining what documents are needed for control of processes, it will become part of the auditor's responsibility to determine if the necessary procedures and work instructions have been documented. How can an auditor determine if a process is controlled if there is no procedure or work instruction?
No Documented Procedures As an auditor, you must evaluate if the
process is being performed consistently, with consistent and acceptable results. An auditor can do this by asking several of the people performing the process questions. Ask the people the questions individually, so they do not influence one another's answers. If the process is in control, the answers will be consistent.
No Documented Procedures Some sample questions:
Can you explain the steps to this process?
What measuring and monitoring is required for this process?
What are acceptable ranges for the equipment?
What is the acceptance criteria for the product?
What records do you need to complete for this process?
No Documented Procedures Observe the processes and ask enough
people questions to give you a good idea of how much the process varies between each individual performing the process. If the answers vary, there should be a procedure.
No Documented Procedures The need for a procedure will generally
depend on the complexity of the process and the training of the people responsible for the process.
In many organizations, an excellent training program eliminates the need for procedures.
Completing the Audit Upon completing the internal audit, the
auditors should have a closing meeting with the auditees:
A closing meeting should be held at the end of the audit, prior to preparing the audit report;
The audit team and the auditees’ management (responsible for the functions audited or concerned ) should attend the meeting;
Completing the Audit Audit observations should be presented to the auditees’ management in such a manner as to ensure that they clearly understand and agree with the results of the audit;
Records (notes of the closing) meeting should be kept.
Internal Audit ReportingWhen a situation is found that is
nonconforming with a procedure or process requirement or it is determined during the audit that the process could be modified to become more effective, the internal auditor shall record the situation in the CIS agenda under action item and assign the action item to one or more managers.
Internal Audit Reporting You may upload into the meeting any
checklist results, scanned documents or reports that you find during an audit.
Uploading documents keeps them together and linked with the audit.
Action Item/Corrective Action Standards such as ISO 9001 do not specify
how a situation that is nonconforming in an internal audit should be resolved. The standards simply require action to FIX the situation.
CIS does this quite nicely by using the action item feature in the meeting. Records of how it is fixed, when and verification can be maintained.
Action Item/Corrective Action In addition, CIS will report all action items
not completed in the calendar, the manager’s home page and in the Management Report in Graphs and Reports.
These action items and the effectiveness of the actions may be reviewed in the management review meeting.
Action Item/Corrective ActionWhen issuing an action item to a manager
or group of managers, also include the internal auditor. By including the internal auditor, CIS will include this action item on the internal auditor’s home page and calendar to indicate that the internal auditor must follow-up, verify that the actions are complete and close the action.
Example of Reporting During the Audit
Notes and results
can be recorded on
the printed agenda
sheets or check list
and maintained on
file and then
transferred into CIS
Reporting in CIS (2 Examples)
Internal Audit Follow-Up The Internal Audit is not complete until the
audit team has verified that all action items resulting from the audit are completed and the issues resolved effectively.
The internal auditor must close and complete the verification section of each agenda item in the management meeting (internal audit).
Completing the Verification
Internal Audit Guidelines Hold an auditors meeting to discuss the
results of audits.
Complete the audit agenda (report) in a timely manner.
Encourage auditees to decide on their own corrective actions. Allowing auditees to have input will give them ownership in implementing changes.
Internal Audit Guidelines Assist those responsible for completing the
action items by setting reasonable deadlines. The action deadlines may vary depending on the severity of the noncompliance.
Be available and willing to help and participate in the solutions. Remember, as an internal auditor, you are part of a continual improvement team!
Internal Audit Guidelines Ask for feedback on how you and your
audit team were perceived - adjust your approach if necessary.
The audit should result in management action such as modification of policies, systems, and procedures. Continual improvement is the reason we audit.
An Internal AuditorDiplomatic; Professional; Articulate;Honest; Unbiased; Understanding;Observant; Impartial; Thick skinned.
A Team Player
An Internal Auditor Be able to remain open-minded and try to
forget company gossip;
Use “let’s see the proof” concept;
Be realistic;
Walk in “the other person’s shoes”;
Understand the auditees’ role within the company;
An Internal Auditor Be mature;
Do not react under pressure;
Be a good listener;
Do not weaken to influence;
Avoid distractions;
Convert ideas, instructions, or questions into words that the auditees will understand;
An Internal Auditor Avoid communication barriers (bad choice
of words, personal bias against the receiver, outside distractions, lack of interest in the message, different perceptions of the message between auditor and auditees);
Warning SignsWe tried that before;Our place is different; It cost too much; That’s beyond my responsibility; That’s not my job;We don’t have the time;We’ve never done it before; You’re right …..but ….;Not that again; It’s too much trouble to change.
Interviewing Techniques Basic: Show me how (where, what …)?
Ask the questions so that they follow the sequence of work. Be logical.
Prompts:
Hypothesis (What if…?);
Silence;
Obvious question.
Questions and Short Quiz Questions may be asked now before
starting the quiz.
Please complete the short quiz and include your name, company and address so that the certificate may be mailed.