QUALITY AUDIT

AS PER ISO 19011 : 2011

 WHAT IS AN AUDIT ?
(TERMINOLOGY)

AUDIT

Systematic, independent and

documented process for obtaining
audit evidence and evaluating it
objectively to determine the extent
to which audit criteria are fulfilled
 TERMINOLOGY

AUDIT CRITERIA
Set of Policies, Procedures
or Requirements

Audit criteria are used as a reference

against which audit evidence is
compared
 TERMINOLOGY
AUDIT EVIDENCE
Records, statements of fact or other
information which are relevant to
the audit criteria and verifiable

Collected on sample basis

large enough to generate
confidence in audit process
 Objectivity of Auditing

AUDIT AUDIT
CRITERIA EVIDENCE

AUDIT FINDINGS

Improvement Conformance Non-Conformance

Major Minor

AUDIT CONCLUSION

RECOMMENDATION RECOMMENDATION
FOR CERTIFICATION FOR RE-AUDIT
 TERMINOLOGY
AUDITOR - Person with the
demonstrated personal attributes and
competence to conduct an audit

AUDITEE – Organization being

audited

AUDIT CLIENT - Organization or

person requesting an audit
 Terms…
 Non –conformity
 Correction
 Corrective Action
 Preventive action
 Quality Control
 Quality Assurance
 Quality Improvement
 WHY AUDITS ?

- It is requirement of ISO 9001

(clause 8.2.2)
- It is requirement by a certification
body for the purposes of certification
- It is an effective management tool to
know, monitor and improve its
management systems
 REQUIREMENTS OF
ISO 9001
 Clause 8 measurement, analysis and
improvement
--Clause 8.2 monitoring and measurement
--Clause 8.2.2 internal audit
 Purpose of clause 8
 To demonstrate conformity of the product
 To ensure conformity of qms
 To continually improve the effectiveness of
QMS
 REQUIREMENTS OF
ISO 9001
 Clause 8.2.2 internal audits
 Conduct audits at planned intervals to
determine if QMS:
Conforms to planned arrangements
Conforms to the requirements of
ISO 9001
Meets requirements of the
organization
Is effectively implemented and
maintained
 REQUIREMENTS OF
ISO 9001

 Plan an audit programme

 Consider :
 Status and importance of process and
areas to be audited
 Results of previous audits
 Define audit criteria,scope, frequency
and methods
 Ensure objectivity and impartiality
 Audit of one‘s own work not permitted
 REQUIREMENTS OF
ISO 9001

 Corrective actions to be taken

Without undue delay

By management of area audited

To eliminate detected NCs and

their causes
Follow up activities should :

•Verify actions taken

•Report verification results

•Report results for Mgt Review

(ref 5.6.2a)
 AUDIT OBJECTIVES

 Examples:
-Meet requirements for certification
-Verify conformance with contractual
requirements
-Obtain and maintain confidence in
capability of supplier
-Contribute to improvement of
management system
 INCORRECT OBJECTIVES

 To find faults

 To police processes and activities

 To fix blame

 To transfer responsibility for quality

 BENEFITS OF AUDIT
 Gaining information in an independent &
unbiased way

 Enables one to detect conditions that

remained uncorrected, led to a breakdown
in the system

 Provides confidence to both management

and employees

 Provides opportunity for improvement

 LEVELS OF AUDITS

Audits are carried out at two levels

1) To evaluate if the present
System / Procedures are suitable
for achieving organizational goals
and objectives
2) To evaluate compliance to
existing Procedures/Criteria
 TYPES OF AUDIT

 Adequacy Audit First Party

(Document Review)
Second Party

 Compliance Audit Third Party

 First Party Audits

First Party (Internal) Audits are

carried out by trained Internal
Auditors against the
organisation’s own management
system.
 Second Party Audits
Second Party Audits are carried
out by the Customer on the
Organisation. The audit is based
on the requirements of the
contract or potential contract.
 Third Party Audits
Third Party Audits are carried out
by
an independent organisation
against
the requirements of a recognised
standard.
 Principles of auditing

1. Integrity: the foundation of professionalism

:— perform their work with honesty, diligence, and responsibility;
— observe and comply with any applicable legal requirements;
— demonstrate their competence while performing their work;
— perform their work in an impartial manner, i.e. remain fair and
unbiased in all their dealings;
— be sensitive to any influences that may be exerted on their
judgement while carrying out an audit.

6/24/2015 URS Nepal

 Principles of auditing

2. Fair presentation: the obligation to report

truthfully and accurately
 Audit findings, audit conclusions and audit reports
should reflect truthfully and accurately the audit
activities. Significant obstacles encountered during
the audit and unresolved diverging opinions
between the audit team and the auditee should be
reported. The communication should be truthful,
accurate, objective, timely, clear and complete.

6/24/2015 URS Nepal

 Principles of auditing

3. Due professional care: the

application of diligence and
judgment in auditing
 Auditors should exercise due care in accordance with the
importance of the task they perform and the confidence
placed in them by the audit client and other interested
parties. An important factor in carrying out their work
with due professional care is having the ability to make
reasoned judgments in all audit situations.

6/24/2015 URS Nepal

 Principles of auditing
4. Confidentiality: security of information
 Auditors should exercise discretion in the use and
protection of information acquired in the course of their
duties. Audit information should not be used
inappropriately for personal gain by the auditor or the
audit client, or in a manner detrimental to the legitimate
interests of the auditee. This concept includes the
proper handling of sensitive or confidential information.

6/24/2015 URS Nepal

 Principles of auditing
5. Independence: the basis for the
impartiality of the audit and objectivity
of the audit conclusions
 Auditors should be independent of the activity being
audited wherever practicable, and should in all cases
act in a manner that is free from bias and conflict of
interest.
 For internal audits, auditors should be independent
from the operating managers of the function being
audited. Auditors should maintain objectivity
throughout the audit process to ensure that the audit
findings and conclusions are based only on the audit
evidence. 6/24/2015 URS Nepal
 Principles of auditing

6. Evidence-based approach: the rational method for

reaching reliable and reproducible audit conclusions
in a systematic audit process
 Audit evidence should be verifiable. It will in general be
based on samples of the information available, since an
audit is conducted during a finite period of time and with
finite resources. An appropriate use of sampling should be
applied, since this is closely related to the confidence that
can be placed in the audit conclusions.

6/24/2015 URS Nepal

 AUDIT PROCESS/LIFE CYCLE
(AUDIT PROGRAMME)
 Authority for Audit Programme
 Audit Planning
 Audit Preparation
 Conduct of Audit/ Audit Execution
 Audit Report
 Corrective Action (by auditee)
 Follow up
 Monitoring, Review & Improvement of Audit
Programme
 AUDIT PROGRAMME
P D C A CYCLE
ACT PLAN
Improve Objective & Extent
Procedure & Resources
Audit programme Competent Auditors
Document Review
Audit Plan / Schedule
Preparation for Audit

CHECK DO
Audit Activities
Monitoring & Reviewing
Opening Meeting
Evaluation of Auditors Collecting/Verifying
information
Need for CA/PA Findings & Conclusion
Opportunities for Closing Meeting; Report
Improvement Follow- up (if reqd)
 STEPS IN THE AUDIT PROCESS

Write
Agree Opening Report
Audit Scope & Meeting
Resources

Collect Action
Preliminary
Evidence
Document By Auditee
Review
Document &
Prepare Audit Plan :
Review Audit Follow-up
Methodology
Findings
Priority Areas
Time Schedule
Reporting Closing Meeting Review/
Working documents Present Findings Improvement
 AUDIT PLANNING
 Audit Objectives
 Audit Criteria
 Audit Scope
 Audit Frequency
 Audit Programme Resources
 Audit Plan / Schedule
Schedule covers expected time and duration.
It includes identification of audit team
(assuring competence of auditors) and may
include identification of auditee‘s representative
 AUDIT SCOPE

Extent and boundaries of audit

 Location Covered
Organizational under
Units, depts , QMS
Activities, Processes
 FREQUENCY OF AUDIT
 Identification of critical areas/ processes
for planning freq.:
 Critical
 Complex
 Those needing validation
 Those needing qualified personnel
 Those needing close monitoring
 Where problems have occurred
 Where measuring devices need
frequent calibration
 AUDIT FREQUENCY/PLAN

AUDIT PLAN
PERIOD: 1 JAN _____ TO 31 DEC_____

Month JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

Dept.
A X X X X

B X X X X X X

C X X
 AUDIT SCHEDULE

-Schedule covers expected time and

duration
-It includes identification of audit team
(assuring competence of auditors)
-Provision of experts (if needed)
-May include identification of auditee‘s
representative
 AUDIT SCHEDULE INPUTS

 List of Auditors, indicating their work

 List of Functions/Deptts/ Processes

 Include Management / M.R.

 Audit plan matrix is a useful tool

 AUDIT SCHEDULE
 Scope:
 Reference documents:
 Team composition:
 Schedule:
Dept./
Process Date Time Auditor (S) Auditee
Mgt+M.R.
B
C
 AUDIT BENEFIT TIME CURVE

BENEFIT
GAINED
FROM
AUDIT

AUDITING TIME ALLOWED

 AUDIT PREPARATION

 Familiarity with procedures to be

audited (document review)
 Understanding of the
organization/dept/activity/
Process
 Awareness of previous audit history
 Awareness of problem history
 THE AUDITEE‘S ORGANIZATION
This is the story of four people:
Everybody,somebody,anybody and nobody
There was an important job to be done and
everybody was asked to do it
Everybody assumed that somebody would do it
Anybody could have done it but nobody did it
Somebody got angry about that because it was
everybody’s job
Everybody thought that anybody ought to do it, but
nobody realized everybody wouldn't do it
Finally anybody blamed everybody for not helping
Somebody wisely concluded that nobody is the most
helpful person in the company
If you want a job done make nobody responsible
 AUDIT PREPARATION

 Decide audit team size and team

members
(In internal audits, it may be single member
team- ref schedule)
 Distribute program to the auditee
 Hold briefing sessions with other team
members
 Modify audit programme / schedule,if
reqd
 AUDIT PREPARATION
 Obtain details of audit decision

 Objectives, type/depth/scope

 When to conduct audit (ref schedule - it

could be open within a time frame)

 Likelyimpact of postponement / or
major problems uncovered

 Audit personnel / expert (specialist)

 AUDIT PREPARATION

 Notify/ confirm with the auditee

 Gather preliminary information from
the auditee
 Obtain and review (study) information
-- Manuals / procedures / annual
report / contracts / product details /
auditee file / reports / product
performance records etc
 AUDIT PREPARATION (LOOKING AT
DEPARTMENT/ACTIVITY/PROCESS)
 What is the function of the
department? Or what is the
activity/process?
(What is the department‘s
product/output of the process?)
 Who are the department‘s
customers?
 Who are the department‘s suppliers?
(Own source,other departments,
from outside the organization)
 WORKING DOCUMENTS

 Check Lists

 Sampling Plans

 Forms for Recording Information

 CHECK LIST

 Guide to course of assessment

 Helps ensuring all aspects are covered

 Helps control pace of audit

 Provides objective evidence

 COMPLEXITY/ DEPTH OF
CHECK LIST
 Consider:
 Objective/ scope of audit
 Deptt/ process being audited
 Time available
 Experience of auditor
 Generic check list
 Specific check list for deptt/function/
process
 GENERIC CHECKLIST
EXAMPLE

A checklist for clause 4.2.3

 Are documents controlled?
 Is there a documented procedure
for control of documents?
 Does the documented procedure
address the requirements of
clause 4.2.3 a) to g)?
 EXAMPLE OF GENERIC CHECKLIST

REQUIREMENT WHAT THE AUDITOR IS

CLAUSE 6.2.2 TRYING TO FIND OUT

THE ORGANIZATION HAS THE ORGANIZATION

SHALL IDENTIFY NEEDED IDENTIFIED NEEDED COMPETE-
COMPETENCE FOR PERSONNEL NCE FOR PERSONNEL
PERFORMING WORK
PERFORMING WORK AFFECTING AFFECTING PRODUCT
PRODUCT QUALITY QUALITY?

THE ORGANIZATION SHALL HAS THE ORGANIZATION PROV-

PROVIDE TRAINING OR TAKE IDED TRAINING OR TAKEN
OTHER ACTIONS TO SATISFY OTHER ACTIONS TO SATISFY
THESE NEEDS THESE NEEDS ?
 EXAMPLE OF GENERIC CHECKLIST
 THE ORGANIZATION SHALL  HAS THE ORGANIZATION
EVALUATE THE EVALUATED THE
EFFECTIVENESS OF THE EFFECTIVENESS OF THE
ACTIONS TAKEN ACTIONS TAKEN ?
 THE ORGANIZATION SHALL
 HAS THE ORGANIZATION
ENSURED THAT ITS
ENSURE THAT ITS PERSONNEL ARE AWARE OF
PERSONNEL ARE AWARE THE RELEVANCE AND
OF THE RELEVANCE AND IMPORTANCE OF THEIR
IMPORTANCE OF THEIR ACTIVITIES ?
ACTIVITIES AND HOW  HAS THE ORGN ENSURED
THEY CONTRIBUTE TO THE THAT ITS EMPLOYEES ARE
ACHIEVEMENT OF THE AWARE OF HOW THEY
QUALITY OBJECTIVES CONTRIBUTE TO THE
ACHIEVEMENT OF QUALITY
OBJECTIVES ?
 EXAMPLE OF GENERIC CHECKLIST

 The organization  Has the

shall maintain organization
records of maintained
education, records of
training, skills education,
and experience training, skills
and experience ?
 SPECIFIC CHECKLIST

 Questionsto be asked together with

audit sample

 Documents to be checked

 Records to be examined

 Activities to be observed
EXAMPLE OF SPECIFIC CHECKLIST

 Could you explain how test

specifications are produced ?
 How do you ensure test specifications
are adequate ?
 How do you ensure test specifications
are sent to those who need to have
them ?
 How is this instrument calibrated?
 CHECK LIST EXAMPLE-PURCHASING
 Measurable objectives
 Doc control-Rev status of QM & QP;
 Records- Identification, Storage,Retrieval etc.
 Specification of Materials/Services procured
 Selection of Suppliers- Evaluation
-Check records of three suppliers added during last six
months
(Application , visit, approval etc as per procedure)
-re-evaluation (vendor rating exercise of last two years &
follow-up)(ref proc)
 Purchase orders(5):supplier approved? Description;
authority;verification details
 Verification of material ( liaison with QC/store)
 Competence / Training
 Process performance (monitoring,measurement),
 Data analysis, IA,CA,PA,feedback for Mgt review
SPECIFIC CHECKLIST EXAMPLE : STORES
 Process details; interaction
 Identification (coding)
 Inspection status of new arrivals
 Shelf life items?
 Storage environment
 Issue (authority ; FIFO method)
 Handling
 Check availability of two items at random
with stock register
 Objectives
 Doc control
 CHECKLIST

ISO PROC/ WHAT TO WHAT TO SAMPLE REMARKS

CL WI LOOK AT LOOK FOR SIZE
REF
 CHECK LISTS
WARNING

 There are advantages and disadvantages

of check lists

 Check lists are just ―one of the tools

available‖

 NOT THE “ENTIRE TOOLBOX”

 SESSION VI

AUDIT EXECUTION
And
REPORTING
 AUDIT EXECUTION

 The opening meeting (may not be

elaborate/reqd in internal audit)
 Evaluations at the work place
(Collecting and verifying information)
 Generating audit findings and preparing
audit conclusions
 Closing meeting
 OPENING MEETING -PURPOSE

 To confirm audit objective & plan

 To provide short summary of how audit
activities will be undertaken
 To confirm communication channels
 To confirm other logistic details
 To provide opportunity for auditee to
ask questions
 OPENING MEETING

 Put the manager at ease

 This is not a witch hunt

 Atmosphere of improvement

 Deal with manager‘s questions

 Cover top level issues of the audit

 OPENING MEETING

 Must involve those responsible for the

function being audited

 Establishes the ―modus operandi‖ for

the audit

 Prevents misunderstanding
 OPENING MEETING AGENDA
 Introduction
 Objective, scope, criteria
 Time table, closing meeting time
 Method , proc for audit
 Sample basis- level of uncertainty
 Communication channels & language
 Resource & facilities
 Confidentiality
 Work safety, security proc for team
 Guides
 Method of reporting nonconformities
 Conditions for terminating audit
 Appeal provisions
 AUDIT PROCESS

 Auditor should use a combination of

strategies like :
-- horizontal
-- Vertical
-- Forwards
-- Backwards
-- Trail following
METHOD OF COLLECTING EVIDENCE
 Examining documents and products
(Policy, objectives, plans, procedures, flow charts,
instructions, standards, drawings, licences and
permits, contracts and orders, minutes of
meetings, audit reports, results of measurements,
sampling prog.Reports from other sources; such as
customer feedback, supplier ratings etc,
computerized databases and web sites)
 Observation of activities
(Operation of process.Competence,
communication, infrastructure, work
environment etc)
 Conducting interviews
 AUDIT PROCESS

OBSERVE

CHECK ASK
 CONDUCTING INTERVIEWS

 With persons of appropriate levels

and functions
 Put the person at ease
 Can be initiated by asking the person
to describe his work
 Results should be summarized
 Person should be thanked for
participation and cooperation
 INTERVIEWS
There are many types of questions:

 Those which elicit a YES/NO Answer

 Those which obtain maximum

information

 Those which force a false answer

 Those which are irrelevant

 QUESTIONING TECHNIQUE
 Open ended question
 Close ended question
 Hypothetical question
 The silent question
 Obvious or dumb question
 Inverse questions
 Irrelevant questions
BE SENSITIVE TO SITUATIONS
 TYPES OF QUESTIONS
CLOSED QUESTIONS

Those requiring only

―YES/NO‖ response

(Normally starting with ―IS‖, ―ARE‖,

―WERE‖, ―HAVE‖, ―DO YOU‖)
 QUESTIONING TECHNIQUE
I keep six honest serving men
(They taught me all I knew)
Their names are
--- WHAT
--- WHY
--- WHEN
--- HOW
--- WHERE
--- WHO
Seventh friend (the crunch question)
―SHOW ME ―
 TYPES OF QUESTIONS
 Ask open questions:
 WHAT is the process for ensuring tenders are tracked
by receipt date ?
 WHY do you write the date on the tender when you
have a stamp ?
 WHEN do you submit the tender for approval ?
 HOW do you ensure production personnel are
involved in planning for special requirements ?
 WHERE do you keep the records of tender
reviews ?
 WHO is responsible for approving tenders ?
 Questions with YES/NO Answers should be used
only to establish a position before moving forward
 ASKING QUESTIONS
UNDESIRABLE:
 Asking & answering own questions
 Asking more than one question in one
go
 Not giving the auditee sufficient time to
respond
 Not asking questions at all, just
continuing to chat or expressing
opinions
 TYPES OF QUESTIONS
HYPOTHETICAL QUESTIONS

-- What happens if ……..

-- How would you respond when ….

-- Let us suppose that …….

 TYPES OF QUESTIONS
SILENT QUESTIONS
-- Non-verbal questions

-- Auditor‘s look of disbelief

-- Puzzled expressions

-- Raising of eyebrows
METHOD OF OBTAINING INFORMATION

 Negative questions receive confusing

answers
 Q : don‘t you have a system for this ?
A : YES
This could mean :
YES, we do
or
YES, we don‘t
 QUESTIONING TECHNIQUES

 Imposing question may receive false

answers

Q : You do review them before you

sign them, don‘t you ?
A : YES
( Obviously he/she may not be doing)
 QUESTIONING TECHNIQUES
Further Enquiry
 ‗Apple‘Technique:
-Bite by bite until you reach the core
Active Listening
 ‗Funnel‘ Technique :
- Ask a question
- Listen
- Summarize
 INTERVIEWING
 Record answers to questions
 Use the prepared checklist
 Follow-up areas where unclear answers
are given
 Don‘t be frightened to ask for clarification
about a technical aspect or process issue
 Incorrect answers or vague statements
must be clarified before moving on to
another point
 AT THE END OF INTERVIEW
 Summarize what has been stated and
found during the interview
 Obtain agreement about what is regarded
a problem
( E.G. Non-conformity)
 Check the information provided at the
interview with other sources
(cross- references)
 Thank the person interviewed
 CLOSING MEETING
 Purpose of the closing meeting
 To communicate findings
 Agenda
 Thank the auditee for courtesy / cooperation
 Highlight good points
 Extent of conformity of system
 Areas where improvements are possible
 Report non-conformities
 Get time frame for corrective action
 Answer any queries
 Thank once again and close the meeting
 OPENING / CLOSING MEETINGS
 Relevance of opening and closing meeting
in internal audits
 Needed to clarify scope, focus of internal
audits
 Can be used to convey type of samples to
be chosen
 To solicit cooperation of auditees
 Closing meeting can be used to discuss
areas of concern and get commitment on
time frame for corrective actions and need
for follow up
 DIVERGING OPINIONS

 Discuss and resolve any divergent

opinion between audit team and
auditee about audit finding

 Ifnot resolved , all opinions should

be recorded
 AUDITING
GENERAL
 IT Policy,procedure,resources, competence
 Interaction with other processes
 Initial planning of audit
 Selection of auditors
 Training
 General trends in it
 Audit specific considerations
 Inclusion of expert in audit team
 Familiarization with EBMS
 AUDITING
DOCUMENT CONTROL (4.2.3)
 Document control:policy & procedure
 Ease of modification
 Approval control
 Document access policy & security
 Availability of both- ‗e‘ docs and hard copies-
revision status
 Downloading & printing
(sunset clause)
 Obsolete documents
 AUDITING
CONTROL OF RECORDS (4.2.4)
 Text, pdf, spreadsheet, database
 Data capturing
 Accuracy
 Security
 Back up
 Records received from external sources
 E-mails, attachments
 Retrieval
 Retention time & disposition
 AUDITING

 Inspection, testing , monitoring

(8.2.4), (7.6)

 Validation
and revalidation of
software (calibration)
 AUDITING
 Infrastructure(6.3)
 Maintenance

 Work environment (6.4)

 Software updation
 e-communication
 Internal
 External

 e-commerce
 e- procurement
 AUDIT REPORT

AUDITING PROCESS
(PLANNING
INPUTS OUTPUT
PREPARING
CONDUCTING)
 AUDIT REPORT
 Customers for the report
(All or some of the following):
 Auditor himself/ herself
 Auditee
 Auditor(s) who verify C. A.
 M.R.
 Management
 Auditor(s) who carry out next audit
 Client / Certification Body
 Accreditation Body
 AUDIT REPORT

 Design reports keeping customers in

mind
 Trends, comparison with past
performance for the management

 Reportfor immediate correction for

the auditee
 AUDIT REPORT

 Qualities of a good report

 Complete, accurate, concise, clear,

precise, backed by objective
evidence

 Describe Nonconformities clearly

 AUDIT REPORT
Should include conclusions;such as:
 Conformance of the Management system
to the audit criteria
 The effective implementation of the mgt
system
 Any areas not covered though within
scope
 Any unresolved diverging opinion
between audit team and auditee
---Distribution list for report
 NONCONFORMITY
 DEFINITION

--Non-fulfillment of a requirement

 CATEGORIES

--Major

--Minor
 Report Writing
Non Conformity Categorization
IAF Guidance for the application of ISO 17021 define a
non- conformity as
 The absence of, or the failure to implement and
maintain, one or more quality management system
requirements, or a situation which would, on the
basis of available objective evidence, raise significant
doubt as to the quality of what the organization is
supplying.
ISO 9000: 2005 defines a nonconformity as
 Non fulfillment of a requirement

Revision 21 July 2013 CMC International (UK) Ltd

 Report Writing
Non Conformity Categorisation
Major Non Conformity
 Absence of mandatory documentation
 Specified standard requirement not
implemented
 Product not meeting customer or legal
requirements (CE Marking, Food Safety
Management system,(HACCP))
 High number of minor NC against one clause
.

Revision 21 July 2013 CMC International (UK) Ltd

 Report Writing
Non Conformity Categorization
 A single major non conformity will mean that
approval of a company’s management system
cannot be recommended but it can be
considered if there are a few minor non
conformities
 Certification cannot be granted until all
nonconformities have been corrected and the
corrective action verified by the certification
body by a site visit or other appropriate means.
 Certification to ISO 9001 cannot be denied on
the grounds that the organisation does not
comply with matters not covered by the
Revision 21 July 2013 CMC International (UK) Ltd
 Report Writing

 Non Conformity Categorisation

 Minor Non Conformity
A single lapse against the
requirements of the standard or
the company’s documented
quality system.

Revision 21 July 2013 CMC International (UK) Ltd

 Report Writing

Observations/Opportunity for
Improvement
A process for adding value to the
management system.
Identifying potential weaknesses
in the system.

Revision 21 July 2013 CMC International (UK) Ltd

 Example of a Nonconformity Report (NCR) form
(TAKEN FROM ISO-IAF WEB SITE)

NCR # Client: File No

Function/Area/
Site:
Process:
Std. and
Clause No(s):
Section 1- Details of non-conformity:
Description

Auditor : Auditee representative Category:

acknowledgement:

Date:
 EXAMPLE OF NCR FORM (CONT.)
Section 2- Auditee Proposed Action Plan
(Attach separate sheet if required)
Root Cause analysis (how/why did this happen?):

Correction (fix now) with completion dates:

Corrective Action (to prevent recurrence) with completion dates:

“Auditor” review and acceptance of Corrective Action Plan:

Auditee representative: Date:
Section 3- Details of “Auditor” verification of Auditee
implementation of action plan

Section 4- NCR closed out by “Auditor” Team Leader

“Auditor” on (date): name:
DOCUMENTING NONCONFORMITY

Three parts of a nonconformity:

1. Audit evidence to support audit
findings

2. Requirement against which

nonconformity is detected

3. Statement of nonconformity
SESSION VII

FOLLOW UP ACTION
ON
AUDIT FINDINDS

AUDITOR‘S TRAITS
 FOLLOW UP & CORRECTIVE ACTION
 Evaluate NC
 Correct NC
 Decide need for corrective action
 Identify root cause
 Take actions to remove root cause
 Study effect of actions taken
 Collect evidence & conduct
follow-up audit, if needed
 Modify procedures, if required
 Close NC
 RESPONSE TO NONCONFORMITY

 Correction  Analysis of cause

 Analysis of cause  Correction
 Corrective action  Corrective action

CORRECTION : Action to eliminate a

detected nonconformity

CORRECTIVE ACTION : Action to

eliminate the cause of detected
nonconformity
 A HILARIOUS SITUATION
 An auditee reported that ‗root cause‘ of all
NCs is only one,……………….and that is
-
-
-
-
-
-
External auditor
 SOME PITFALLS
 AUDIT PROGRAM NOT INITIATED WHEN DUE
 SCHEDULE NOT ADHERED TO
 LACK OF COMPETENCE/TRAINING OF AUDITORS
 NO EVIDENCE OF PREPARATION BY AUDIT TEAM
 WORDING OF NC AMBIGUOUS / VAGUE
 REFERENCE TO CLAUSE NUMBER OF STANDARD /
DOCUMENT NOT INDICATED
 ROOT CAUSE ANALYSIS NOT DONE
 ONLY CORRECTION INDICATED - NOT C.A.
 INDICATION WHEN NO NC IS OBSERVED
 CONTROL/REVIEW/IMPROVEMENT OF PROCESS
 AUDITOR COMPETENCE

 Education

 Work Experience

 Training

 Audit Experience

 Skill
 AUDITOR QUALIFICATION
Stage 1
Education+Training+Work
Experience+Audit Experience+Personal
Attributes
Stage 2
General Competencies + Specific
Competencies
 AUDITOR QUALIFICATION
 Education
 At least higher secondary
 Training
 Knowledge of the standards
 Techniques of examining, questioning,
recording information collected,
evaluating and reporting
 Abilities of communicating, planning,
organizing and directing an audit
 AUDITOR QUALIFICATION

 Work experience
 Should have 5 years of appropriate
work experience – 4 years if post
secondary education is completed

 Atleast 2 years - development of

knowledge and ability in quality
management
 AUDITOR QUALIFICATION
 Audit experience
 Experience in documentation review and
reporting
 4 complete audits for 20 workdays
 Auditing experience should cover all
elements of the standard
 Experience under a qualified team
leader
 On the job training should be
reasonably current – within 3 years
 AUDITOR‘S ATTRIBUTES
 Ethical – Fair, truthful, sincere, honest & discreet.
 Open-minded – Willing to consider alternative ideas
or points of view.
 Diplomatic – Tactful in dealing with people.
 Observant – Actively aware of physical surroundings
and activities.
 Perceptive – Instinctively aware of and able to
understand situations.
 Versatile – Adjusts readily to different situations.
 Tenacious – Persist, focused on achieving objectives.
 Decisive – Reaches timely conclusions based on
logical reasoning and analysis.
 Self-reliant – Acts and functions independently while
interacting effectively with others.
 AUDITOR‘S ATTRIBUTES

 Good communicator / excellent

communication skills
 Good listener
 Firm & fair
 Flexible in approach
 Sound judgement
 Enquiring mind
Poor Qualities of Auditor

NEGATIVE CHARACTERISTICS

POOR AT PREPARATION & PLANNING

TOO RIGID
OPINIONATED
JUMPS TO CONCLUSIONS
ARGUMENTATIVE
BAD COMMUNICATOR
EASILY INFLUENCED
STAYS IN OFFICE
POOR TIMEKEEPING
AFRAID OF PASSING UNPOPULAR JUDGEMENTS
 KNOWLEDGE AND SKILL
GENERAL
 Audit principles, procedures and
techniques
 Management system and reference
documents
 Organizational situations
 Applicable laws, regulations and
other requirements relevant to
discipline
 KNOWLEDGE AND SKILL
SPECIFIC
 Quality related Methods and Techniques
 Quality terminology
 Q. M. Principles and their application
 Q . m. Tools and their application

 Processes and Products

 Sector specific terminology
 Sector specific processes and practices
 Technical characteristics of processes/ products
(including services)
 AUDITOR COMPETENCE

 Maintaining competence:
 Audits
 Assessment of auditor:
 Quality of report
 Feedback
 Witness by other lead auditor
 Continual professional development
 SESSION VIII

AUDIT PROGRAMME REVIEW

AND
IMPROVEMENT

AUDIT RECORDS

SUMMARY
 ASSESSING EFFECTIVENESS OF IA

 Competence of internal auditors:

 Identification of competence requirements

 Providing training

 Monitoring performance of auditors

 Inclusion of sector specific persons/ experts

in team, if needed
 MONITORING AND REVIEWING
AUDIT PROGRAMME (CHECK AND ACT)
 Have audit objectives been met?
 Performance of auditors and audit
team
 Adherence to audit programme and
schedules
 Positive and negative feedback from
audit client, auditee and auditors
 Re-train auditor(s), if necessary
 Review / revise auditors‘ list
 AUDIT PROGRAMME RECORDS
 Related to individual audit
 Audit plans
 Audit reports
 Nonconformity reports
 Corrective and preventive action reports
 Audit follow up reports, if applicable
 Results of audit programme review
 Related to audit personnel
 Competence and performance evaluation
 Audit team selection
 Maintenance and improvement of competence
AUDITEE TACTICS USED DURING AN
AUDIT
 Being aggressive or argumentative
 Time wasters- Be Slow, Long Lunch
Duration, Cook‘s Tour , Red Herring
 Forget where information is
 This can backfire
 A meandering answer also wastes a
bit more time!
 Beware of the trained auditors
 TACTICS USED BY AUDITORS
 Be in control of the situation – particularly
when the auditee is not happy to have you
around
 Be calm and professional
 Follow audit trails through to their logical
conclusion
 Don‘t be put off the trail just because
information is difficult to obtain.
Try to obtain it from another angle/source
 Auditee trained in auditing creates problems
sometimes - handle carefully
 AUDITEE‘S BILL OF RIGHTS
 Auditees have the right to disagree
 Auditees have the right to change their minds
 Auditees have the right to make mistakes-
and be responsible for them
 Auditees have the right to question the
auditor
 Auditees have the right to appeal
 Auditees have the right to determine
corrective action
 Auditees have the right to say ―i don‘t know‖
 AUDITOR‘S BILL OF RIGHTS
 You have the right to judge the state of
compliance
 You have the right to make mistakes –
and be responsible for them
 You have the right to change your mind
 You have the right to say no, without
feeling guilty
 You have the right to say ―i don‘t know‖
 You have the right to say ―i don‘t
understand‖
 You have the right to be independent of
the goodwill of others
SUMMARY OF QUALITY AUDITS

 Effectiveness of audits
 What are the audit objectives ?
 Are they realized ?

 Doaudit observations lead to

improvements ?
 SUMMARY OF QUALITY AUDITS

 Auditcan be a powerful tool to

identify opportunities for improvement

 Auditscan keep systems from

deteriorating

 Auditscan help evaluate the correctness

of decisions taken
 SUMMARY OF QUALITY AUDITS
 Auditors should be
Competent
Ethical
Professional
 Client should
 Ensure adequate resources
 Ensure sound auditing procedures
 Take requisite actions on audit reports
 Auditee should
 Provide co-operation
 take corrective action promptly
 Root Cause Identification

?
 FISH BONE – CAUSE AND EFFECT DIAGRAM
Materials Environment

Cause Cause

Cause Cause

Cause Cause

Effect
Problem
Definition

Cause Cause Cause

Cause Cause Cause

Cause Cause Cause

People Equipment Methods

Revision 21 July 2013 CMC International (UK) Ltd

 FISH BONE – CAUSE AND EFFECT DIAGRAM
Petrol Electrical

Blown Fuse BRAINSTORMED LISTED

Water
Flat PETROL

Contaminated ELECTRICS
Battery
ENGINE
Sugar Cracked IGNITION
Dirt Starter Motor DRIVER
Sand

Not turning key Cannot Start

Wrong
correctly Position Car
Wrong Position
Mechanical
Ignition Timing Timing
Still half asleep
Component
Coil
Spark Plugs Seized
No spark
Points or
Electronic
HT Leads ignition
People Ignition Engine

Revision 21 July 2013 CMC International (UK) Ltd

 Pareto
Why and When

To display the relative importance of causes

To choose a start point for problem solving
To compare before and after
To breakdown broad causes into components
To compare data over different time periods

Revision 21 July 2013 CMC International (UK) Ltd

 Pareto Principle

80% of problems or errors are often

due to only 20% of the causes (The
Vital Few)
The remaining 80% of causes account
for only 20% of the problems or errors
(The Trivial Many)

20%

80%

80%

20%
Revision 21 July 2013 CMC International (UK) Ltd