Professional Documents
Culture Documents
Student Course Notes QMS 2015
Student Course Notes QMS 2015
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
INTRODUCTION
THE COMPANY
TUV SUD Middle East LLC designed this International Register of Certificated Auditors
(IRCA) approved Quality Management Systems (QMS) Auditor/Audit team leader training
course to;
• provide students with the knowledge and skills required to perform first, second and
third-party audits of quality management systems against ISO 9001, in accordance
with ISO 19011 and ISO 17021, as applicable, and
• give students who successfully complete and satisfy the training requirements of the
QMS Auditor/Audit team leader course opportunity to become certified IRCA QMS
Auditor(within the three years after completing the course and prior to making an
application to become a certificated auditor).
Course Notes for Students is designed for the purpose of detailing the presentation of the
course approved by and registered with the International Register of Certificated Auditors -
IRCA as an ISO 9001 Auditor/Team leader training course.
This note details the minimum requirements that need to be met by the students, presented
fully in accordance with these requirements and respecting the company confidential nature of
training methods and materials used for this course.
The Course Notes for Students is established and developed to ensure that the learning
objective is effectively attained and meet IRCA requirements, the company’s training policy
and student’s satisfaction.
In the start of the program, it is only proper to make everybody aware of the rules and
regulations of this training.
TUV SUD.ME created a conducive learning environment to ensure that the established
training objectives are met and achieve learning satisfaction.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Prior knowledge
Before starting this course, Tutor informs students that they are expected to have the following prior
knowledge:
a) Management Systems:
• The Plan, Do, Check, Act (PDCA) cycle.
• The core elements of a management system and the interrelationship between top
management responsibility, policy, objectives, planning, implementation, measurement, review
and continuous improvement.
b) Quality management
c) ISO 9001
Knowledge of the requirements of ISO 9001 and the commonly used quality management terms
and definitions, as given in ISO 9000, which may be gained by completing an IRCA Certified QMS
Foundation Training course or equivalent.
The Tutor determines the prior knowledge by requiring you to answer a Pre-Course Assignment given
before the start of the course. The assignment is checked by the Tutor.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
The aim of this IRCA certificated course is to provide students with the knowledge and skills required
to perform first, second and third-party audits of quality management systems against ISO 9001, in
accordance with ISO 19011 and ISO 17021, as applicable.
Learning objectives
Learning objectives describe what students shall be able to do by the end of the course. Students
will need to demonstrate acceptable performance in all of these areas in order to complete the
course successfully.
• Explain the role of an auditor to plan, conduct, report and follow up a quality management
system audit in accordance with ISO 19011 (and ISO 17021 where appropriate).
• Plan, conduct, report and follow up an audit of a quality management system to establish
conformity (or otherwise) with ISO 9001 and in accordance with ISO 19011 (and ISO 17021
where appropriate).
IRCA requires students to undergo evaluation while participating on this course, which involve two
separate elements:-
1. Continuous assessment of each student base on individual performance on exercises and the
tutor’s personal scoring of the student’s overall manner in the course throughout the duration of
the course.
2. An examination on the final day of the five day course.
Student must demonstrate acceptable levels of performance in all three learning objectives.
Performance demonstrated through:
• Continuous Assessment document - a written daily examination of achievement of the learning
objective of the students in the entire duration of the course. This record is checked by the
Tutor and the result will be one of the means of grading the participant.
• Acceptable output in all practical activities and tasks.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
• students are not provided with opportunities to copy, collude or otherwise cheat during
examinations
• the rules and regulations are explained to students for taking the examination
• allow students time to read the rules and regulations and deal with any questions before the
start of the examination.
• Reference material allowed into the examination is a copy of the appropriate standard and a
bilingual dictionary.
• Students whose first language is not the language in which the course is presented and
examined and whose ability in that language requires them to work more slowly, may be
permitted additional time not exceeding 30 minutes to complete the examination. They may
also have an appropriate two-language dictionary.
• Additional time be given to those students who suffer from particular disabilities, not exceeding
30 minutes to complete the examination.
Evaluation Criteria
At least two of TUV SUD Training tutors assess the completed examination papers. One tutor mark all
of the papers, indicating any errors, allocating marks and totaling the marks scored. A second tutor
checks the accuracy of the calculation of the marks.
Students who;
• fail the written examination, but pass the continuous assessment must be allowed to retake an
IRCA examination
• pass the continuous assessment, but fail the examination can only retake an examination once
(not the same previously failed examination paper) and this retake must occur within 12
months of initial examination under the same training organization.
• pass the continuous assessment, but fail the re-examination are required to attend another
entire certified course in order to successfully complete the training.
• fail the continuous assessment (less than 70% of the available marks) they will not be
permitted to take the examination.
Student Responsibilities
• secure necessary copy of documents ISO 9000 and ISO 19011 standard for self-study
purposes.
• complete/attend the entire duration of this course.
• observe strictly the timing of each course program.
• demonstrate acceptable levels of performance in all three learning objectives
• pass the continuous assessment
• pass the written IRCA examination paper.
• Certificate of Successful Completion – if they passed the continuous assessment and the
written IRCA examination paper.
• Certificates of Attendance - may be issued to students who have not been successful in the
examination or the continuous assessment but who have satisfied the attendance requirement
Period of Validity.
Certificates of Successful Completion are valid for three years from the last day of the course,
irrespective of the date of successful completion of the examination, for meeting the training
requirements for certification as an IRCA auditor.
A student who wishes to become certified IRCA auditor must apply within the validity period of the
Certificates of Successful Completion to ISO 9001 Auditor/Audit team leader Training. This information
is written in the certificate of successful completion.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
COURSE OUTLINE
The Quality Management System Auditor/Team leader Training Course is a 5 day course combining
tutorials, group exercises and role play activities in relation to the simulated assessment of the case
study company. It will provide with both theory and practical application in a safe learning
environment.
COURSE FORMAT
QMS Training course is presented wholly as a classroom-based course in sessions designed for
duration of 5 days.
It is arranged in succession to get the optimum benefits of meeting the learning objectives both for the
tutors and students:
1. Session Plan - this is the plan what to do per day to meet the course criteria including the
corresponding visual aids (slides and flipcharts)
2. Discussions with timing – The Tutor discusses the details of the session plan with interaction
with the Students. The students will perform tasks as per instructions of the Tutor.
The format and structure of the course is subject for continuing improvement by providing allowance
for adjustment or changes thus giving students with both theory and practical applications in a safe
learning environment.
The course has been certificated by the U.K. IRCA. The course program outlined below is applicable
for courses run with an audit Role Play performed with the tutor’s instruction.
The course may also be presented as a series of modules over an extended timeframe, however, in
this case specific requirements must be met by course organizers and delegates, and permission
must first be obtained from TUV SUD Middle East LLC.
Courses for management system disciplines where observation is an essential audit method must
include images (photographs and/or video) to support and provide contexts for learning points. For
example, environmental management, occupational health and safety management, and social
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
systems auditing should include images showing a variety of facilities (factories, sites, farms, etc) that
auditors may be faced with, as well as a variety of issues that the auditor may face (health, safety,
work activities and environment, etc).
Classroom-based training
TUV SUD ME provides a training environment conducive to effective learning and the use of
accelerated and participative training methods.
• a description of the learning objectives, course structure, format and program, student
responsibilities, the assessment processes and assessment criteria, and you must also deal
with any concerns or worries that students may have.
• course based on the learning cycle and include opportunities for students to:
• methods for monitoring and providing time for tutors and students to review tasks and activities,
and each student’s achievement of the learning objectives.
• provision for review and remedial work and individual coaching where necessary.
COURSE PROGRAM
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
COURSE PROGRAM
08.00 Registration
10.00 BREAK
12.15 LUNCH
14.25 BREAK
14.55 Group Activity: Search for “Maintained and Retained Documented Information”
Search – E3D1S4
09.50 BREAK
11.00 Group Activity: Determine Audit Objective, Scope and Criteria – E6D2S6
12.00 LUNCH
15.20 BREAK
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
10.00 BREAK
11.40 LUNCH
14.55 BREAK
09.55 BREAK
12.30 LUNCH
14.40 BREAK
10.15 BREAK
12.05 LUNCH
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
STUDENT INTRODUCTION:
WHAT IS:
• your name?
• _______________________________________
• your company?
• ____________________________________
________________________________________________________
DAY 1
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
SESSION 1:
LESSON CONTENT TIMING
Registration 0800 – 0830
Learning objectives describe in outline what students will know and be able to do by
the end of the course. On completion, successful students will have the knowledge
and skills to:
Knowledge
Skills
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
SESSION 2:
Before starting this course, you must inform students that they are expected to have
the following prior knowledge:
a) Management systems
2. Planning
3. Implementation
5. Management Review
7. Continual improvement
b) Quality management
ISO 9001 described in this quality management concepts and principles gives
the organization the capacity to meet challenges presented by an environment
that is profoundly different from recent decades. The context in which an
organization works today is characterized by accelerated change,
globalization of markets and the emergence of knowledge as a principal
resource. The impact of quality extends beyond customer satisfaction: it can
also have a direct impact on the organization’s reputation.
Fundamental concept;
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
1. Quality
An organization:
A QMS:
• comprises activities by which the organization identifies its objectives
and determines the processes and resources required to achieve
desired results and to provide value and realize results for relevant
interested parties.
• provides the means to identify actions to address intended and
unintended consequences in providing products and services.
• enables top management to optimize the use of resources
3. Context of an organization
The context of organization is a process that determines factors which
4. Interested parties
Part of the process for understanding the context of the organization is to;
5. Support
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
ORGANIZATION
c) ISO 9001
Knowledge of the requirements of ISO 9001 and the commonly used quality
management terms and definitions, as given in ISO 9000, which may be gained by
completing an IRCA Certified QMS Foundation Training course or equivalent.
SESSION 3:
LESSON CONTENT TIMING
UNDERSTANDING QUALITY MANAGEMENT SYSTEMS 1010 – 1050
SCOPE
APPLICATION
All requirements of ISO 9001 are generic and are intended to be applicable to all
organizations, regardless of type, size and product provided.
Annex SL
Annex SL is the standard that defines the new high level structure for all ISO
management systems standards.
WHAT IS ANNEX SL?
Annex SL provides the new high level structure for ISO management systems
standards - it replaces the historical ISO Guide 83 and expands on the base structure
already implemented.
It has been created to introduce identical core text and common terms and
definitions. This will:
● streamline standards
● encourage standardization
● ease the integration of management systems
The numbered list below is the replica of the numbered sections of the high level
structure - the specific requirements of each management standard will be found
within these sections.
Clause 1 Scope
Clause 2 Normative Reference
Clause 3 Terms And Definitions
Clause 4 Context Of The Organization
Clause 5 Leadership
Clause 6 Planning
Clause 7 Support
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Clause 8 Operation
Clause 9 Performance Evaluation
Clause 10 Improvement
PRACTICAL IMPLICATIONS
Annex SL will only affect future management systems standards - for example ISO
9001:2008 will not be affected, but the new ISO 9001:2015 will follow the structure,
core text and definitions of Annex SL.
For the purposes of this document, the terms and definitions given in ISO 9000 apply.
quality
degree to which a set of inherent characteristics of an object fulfills requirements
quality objective
something sought, or aimed for, related to quality
quality planning
part of quality management focused on setting quality objectives and specifying
necessary operational processes and related resources to fulfill the quality objectives
improvement
activity to enhance performance
quality improvement
part of quality management focused on increasing the ability to fulfill quality
requirements
continual improvement
recurring activity to increase the ability to fulfill requirements
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
effectiveness
extent to which planned activities are realized and planned results achieved
efficiency
relationship between the result achieved and the resources used
organization
person or group of people that has its own functions with responsibilities, authorities
and relationships to achieve its objectives
interested party
stakeholder, person or organization that can affect, be affected by, or perceive itself
to be affected by a decision or activity.
EXAMPLE: Customers, owners, people in an organization, providers, bankers,
regulators, unions, partners or society that can include competitors or opposing
pressure groups.
customer
person or organization that could or does receive a product or a service that is
intended for or required by this person or organization.
EXAMPLE Consumer, client, end-user, retailer, receiver of product or service from an
internal process, beneficiary and purchaser.
provider
supplier or organization that provides a product or a service
competence acquisition
process of attaining
procedure
specified way to carry out an activity or a process (
outsource
make an arrangement where an external organization performs part of an
organization’s function or process
audit
Systematic, independent and documented process for obtaining audit evidence and
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
evaluating it objectively to determine the extent to which audit criteria are fulfilled.
audit evidence
records, statements of fact or other information which are relevant to the audit criteria
and verifiable.
audit conclusion
outcome of an audit provided by the audit team after consideration of the audit
objectives and all audit findings
audit trail
a systematic approach to collecting evidence based on specific samples that the
output of a series of interrelated processes meets expected outcomes
All commonly used terms in the Quality Management System are defined and
referred in the ISO 9000 standard.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
MANAGEMENT SYSTEM
Organizations of all sizes need to manage risk, meet customer and societal demands,
satisfy legislative requirements, and all in a world where change in those requirements
is the only constant. The business management system is the way that successful
organizations meet these challenges and ensures they set out principled programs of
change and improvement to address risk and opportunity.
a) the ability to consistently provide products and services that meet customer and
applicable statutory and regulatory requirements;
b) facilitating opportunities to enhance customer satisfaction;
c) addressing risks and opportunities associated with its context and objectives;
d) the ability to demonstrate conformity to specified quality management system
requirements.
● determine the processes needed for the quality management system and their
application throughout the organization
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
1. Error Reduction
Continuous quality improvement can reduce the number errors your business
makes. Defective products and mistakes made when providing services are
examples of errors that can be costly. Because small companies cannot produce
goods and services in mass like larger companies, errors can be especially costly.
Focusing on continuously identifying potential sources of errors and fixing them
can avoid problems that might otherwise crop up over time.
2. Increased Adaptability
3. Increased Productivity
4. Improved Morale
workers themselves.
International Standards bring technological, economic and societal benefits. They help
to harmonize technical specifications of products and services making industry more
efficient and breaking down barriers to international trade. Conformity to International
Standards helps reassure consumers that products are safe, efficient and good for the
environment.
• strategic tools and guidelines to help companies tackle some of the most
demanding challenges of modern business.
• ensures that business operations are as efficient as possible,
• increase productivity and
• help companies access new markets.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
SESSION 4:
LESSON CONTENT TIMING
ISO 9001 PDCA 1300 – 1330
This approach:
Management of the processes and the system as a whole can be achieved using the
PDCA cycle with an overall focus on risk-based thinking aimed at taking advantage of
opportunities and preventing undesirable results.
The PDCA cycle enables an organization to ensure that its processes are adequately
resourced and managed, and that opportunities for improvement are determined and
acted on.
Plan: establish the objectives of the system and its processes, and the resources
needed to deliver results in accordance with customers’ requirements and
the organization’s policies;
Do: implement what was planned;
Check: monitor and (where applicable) measure processes and the resulting
products and services against policies, objectives and requirements and
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
ISO 9001 employs the process approach, which incorporates the Plan-Do-Check-Act
(PDCA) cycle and risk-based thinking.
The PDCA cycle enables an organization to ensure that its processes are adequately
resourced and managed, and that opportunity for improvement are determined and
acted on.
2. Leadership
3. PDCA Cycle:
Plan: Planning
• Resources
• Competence
• Awareness
• Communication
• Documented information
• Operational planning and control
• Requirement for product and services
• Design and development of products and services
• Control of externally provided processes, products and services
• Production and service provision
• Release of products and services
• Control of nonconforming outputs
Act: Improvement
• General
• Nonconformity and corrective action
• Continual Improvement
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
The organization determines the processes needed for the quality management
system and their application throughout the organization, and:
determines the inputs required and the outputs expected from these processes;
determines the sequence and interaction of these processes;
determines and apply the criteria and methods needed to ensure the effective
operation and control of these processes;
determine the resources needed for these processes and ensure their availability;
assign the responsibilities and authorities for these processes;
address the risks and opportunities as determined in accordance with the
requirements of 6.1;
evaluate these processes and implement any changes needed to ensure that
these processes achieve their intended results;
improves the processes and the quality management system.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
is appropriate to the purpose and context of the organization and supports its
strategic direction;
provides a framework for setting quality objectives;
includes a commitment to satisfy applicable requirements;
includes a commitment to continual improvement of the quality management
system.
3. Support
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
The organization plan, implement and control the processes needed to meet the
requirements for the provision of products and services, and to implement the
actions determined in Planning requirement of the standard, by:
5. Internal audit
conforms to:
− the organization’s own requirements for its quality management system;
− the requirements of this International Standard;
• is effectively implemented and maintained.
6. Improvement
The QMS requirements necessary for the operation of its processes and to achieve
conformity of products and services
1. Support
• People
• Infrastructure
• Environment for the operations of processes
2. Organizational knowledge
The organization evaluates the performance and the effectiveness of the quality
management system.
The organization shall d. The organization shall determine the methods for
obtaining, monitoring and reviewing this information.
The QMS process needed to review as required by the standard. This process
provides objective evidence of the organization’s commitment to conform with
the quality management system requirements.
1. Management review
Continual improvement for the suitability, adequacy and effectiveness of the quality
management system by consider the results of;
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Documented information:
• of external origin determined by the organization to be necessary for the planning and
operation of the quality management system are identified as appropriate, and
controlled.
• Are retained as evidence of conformity and protected from unintended alterations.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
DAY 2
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
SESSION 5:
LESSON CONTENT TIMING
Review of day 1 - discussion / concerns 0800 – 0830
Day 1 consolidation quiz discussion
Specimen Examination – section 1 assignment discussion
The relationship between ISO 19011 International Standard and ISO/IEC 17021-
1:2015
Audits are;
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
The overall aim of certification is to give confidence to all parties that a management
system fulfills specified requirements. The value of certification is the degree of public
confidence and trust that is established by an impartial and competent assessment by
a third-party.
1. Value for the users and stakeholders who rely on management systems
certification to establish if the client organization’s management system can
consistently meet customer and applicable regulatory requirements
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Certification, accreditation and 3rd party audit & its benefits 0915 - 0930
Reference: www.ukas.com
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
SESSION 6:
LESSON CONTENT TIMING
Audit Process 1000 – 1100
The similarity between first, second and third party audit is that:
First, second and third party audits are conducted with the same purpose, to confirm
the effectiveness of the management system or to obtain information for the
improvement of the management system.
The difference:
First party audits or internal audits are conducted by the organization itself, or on its
behalf, for management review and other internal purposes.
Second party audits are conducted by parties having an interest in the organization,
such as customers, or by other persons on their behalf.
The ISO 19011 Standard provides guidance on auditing management systems, they
are:
PRINCIPLES OF AUDITING
b) Fair presentation: the obligation to report truthfully and accurately. Audit findings,
audit conclusions and audit reports should reflect truthfully and accurately the audit
activities.
e) Independence: the basis for the impartiality of the audit and objectivity of the audit
conclusions. Auditors should be indepe
independent
ndent of the activity being audited wherever
practicable, and should in all cases act in a manner that is free from bias and conflict
of interest.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Audit program is part of the preparation of the audit process. Programs established for;
Each individual audit should be based on documented audit objectives, scope and
criteria. These should be defined by the person managing the audit program and be
consistent with the overall audit program objectives.
The audit scope is consistently stated in audit program and audit objectives, such as;
• locations,
• organizational units,
• activities and processes to be audited, as well as the
• time period covered by the audit.
• policies,
• procedures,
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
• standards,
• legal requirements,
• management system requirements,
• contractual requirements,
• sector codes of conduct or other planned arrangements.
In the event of any changes to the audit objectives, scope or criteria, the audit program
are modified if necessary.
Confidence in the audit process and the ability to achieve its objectives depends on
the competence of those individuals who are involved in planning and conducting
audits, including auditors and audit team leaders.
Competence are evaluated through a process that considers personal behavior and
the ability to apply the knowledge and skills gained through education, work
experience, auditor training and audit experience.
The person managing the audit program appoints the members of the audit team,
including the team leader, any technical experts needed for the specific audit the
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
It is important to take into account the independence and competence of auditors and
the effective use of resources, as well as different roles and responsibilities of auditors,
auditors-in-training and technical experts in order to ensure the achievement of the
audit objectives.
• the competence of the audit team needed to achieve audit objectives, taking into
account audit scope and criteria;
• complexity of the audit;
• the audit methods;
• legal and contractual requirements;
• the need to ensure the independence of the audit team members from the
activities to be audited and to avoid any conflict of interest ;
• the ability of the audit team members to interact effectively with the representatives
of the auditee and to work together;
• the language of the audit, and the auditee’s social and cultural characteristics.
Auditors-in-training may be included in the audit team, but should participate under the
direction and guidance of an auditor.
The person managing the audit program selects and determines the methods for
effectively conducting an audit, depending on the audit objectives, scope and criteria.
An audit can be performed using a range of audit methods. The audit methods chosen
for an audit depend on the defined audit objectives, scope and criteria, as well as
duration and location. Applying a variety and combination of different audit methods
can optimize the efficiency and effectiveness of the audit process and its outcome.
Performance of an audit involves an interaction among individuals with the
management system being audited and the technology used to conduct the audit.
Table 1 provides examples of audit methods that can be used. If an audit involves the
use of an audit team with multiple members, both on-site and remote methods may be
used simultaneously. Reference: ISO 19011
This diagram utilizes four legs to represent four questions about a process;
• who,
• what,
• how,
• how many
The establishment and documentation of a turtle diagram for each of the processes
needed for the quality management system might be a good approach for defining
process interactions as well because the outputs from each process would be
traceable to their input into the other process(s) of the quality management system.
Reference: http://www.jhoti.com/turtle_diagram.asp
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
• Identifying problems that may prevent the client from meeting its management
system objectives
• Identifying meaningful opportunities for improvement and areas of risk that are not
identified or managed.
AUDIT STAGES
As per ISO 17021-1, the initial certification audit of a management system shall be
conducted in two stages:
• stage 1 and
• stage 2.
STAGE 1 AUDIT
Planning stage 1 audit ensures that the objectives of stage 1 is met and the client is
informed of any “on site” activities during stage 1.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
The audit team analyze all information and audit evidence gathered during stage 1 and
stage 2 to review the audit findings and agree on the audit conclusions.
The audit team leader prepares an audit plan based on the information contained in
the audit program and in the documentation provided by the auditee. The plan
facilitates the efficient scheduling and coordination of the audit activities in order to
achieve the objectives effectively.
• audit objectives;
• audit scope;
• audit criteria;
• locations, dates, duration of audit activities
• meetings with the auditee’s management;
• audit methods
• audit evidence and the design of the sampling plan, if applicable;
• roles and responsibilities of the audit team members, as well as guides and
observers;
• allocation of appropriate resources to critical areas of the audit.
The audit team leader considers the following in preparing the audit plan;
The audit plan is reviewed and accepted by the audit client, and should be presented
to the auditee. Any objections by the auditee to the audit plan should be resolved
between the audit team leader, the auditee and the audit client.
The audit team leader prepares an audit plan according to the audit program and in
the documentation provided by the auditee.
The plan;
The audit plan reviewed and accepted by the audit client, and presented to the
auditee. Any objections by the auditee to the audit plan resolved between the audit
team leader, the auditee and the audit client
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
DAY 3
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
SESSION 7:
LESSON CONTENT TIMING
Review of day 2 - discussion / concerns 0800 – 0830
Day 2 Consolidation Quiz discussion
Specimen Examination – Section 2 assignment discussion
• Auditor
• Lead auditor or Audit Team Leader
• Auditee
• Observer
• Audit Client
• Technical Expert
• Guides
Auditors
The Audit team leader is ultimately responsible to the auditing organization for all
phases of the audit. During the audit, the Audit team leader shall have authority to
make final decisions regarding the conduct of the audit and any audit findings.
8. preparing and presenting the audit results clearly and conclusively to the auditee
at the closing meeting
9. preparing and submitting the audit report to the auditing organization in a timely
manner.
Auditees
Where auditees, other than the manufacturer, are involved in the audit (i.e., suppliers),
sections (a), (b) and (h) through (k) remain with the responsibility of the manufacturer.
Audit client
Organization or person requesting an audit. In the case of internal audit, the audit
client can also be the auditee or the person managing the audit program. Requests for
external audit can come from sources such as regulators, contracting parties or
potential clients.
• Initiate the audit to the organization for the application of the management system,
• Enter into an agreement and contract to the certifying body who will certify their
organization to the management system of their choice.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
• Provide resource and support necessary for the certifying body to perform the
assessment effectively and efficiently.
• Supply information needed by the auditors necessary for the completion of the
assessment.
• Provide safety environment for the auditors during the conduct of the audit.
• Communicate with the auditors during the process of audit and in the entire period
of the certification.
• Any other responsibilities the certifying body stated adamant to maintain the
requirements in subscribing to the management system.
Guides
Observers
2. Confidentiality
Observers are required to meet to the same level of confidentiality as other audit
team members. This shall be established prior to any audit activity. (See also
section 7.4)
3. Function
During the audit, the observer(s) take no active part in the audit process but
“observe” the activities, interviews and documents reviewed by the auditors.
Observers may provide feedback to the audit team at previously agreed intervals.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Management responsibilities of Audit team leader in managing the audit and the
audit team;
The Audit team leader must possess leadership and additional knowledge and skills to
manage the audit team, in order to facilitate the efficient and effective conduct of the
audit. The knowledge and skills necessary for audit team leader are;
a) balance the strengths and weaknesses of the individual audit team members;
b) develop a harmonious working relationship among the audit team members;
c) manage the audit process, including:
• planning the audit and making effective use of resources during the audit;
• managing the uncertainty of achieving audit objectives;
• protecting the health and safety of the audit team members during the audit,
including ensuring compliance of the auditors with the relevant health, safety
and security requirements;
• organizing and directing the audit team members;
• providing direction and guidance to auditors-in-training;
• preventing and resolving conflicts, as necessary;
d) represent the audit team in communications with the person managing the audit
program, audit client and auditee;
e) lead the audit team to reach the audit conclusions;
f) prepare and complete the audit report.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
During the audit, effective communication to the audit team, auditee, the audit client
and potentially with external bodies may be necessary to;
• clear matters especially where legal requirements require the mandatory reporting
of non-compliances.
• exchange information, assess audit progress, and reassign work between the audit
team members, as needed.
• periodically communicate the progress of the audit and any concerns to the
auditee and audit client, as appropriate.
• report immediately evidence collected that suggests significant risk to the auditee
without delay to the auditee,
• report any concern about an issue outside the audit scope.
• report and determine appropriate action for audit evidence that indicates the audit
objectives are unattainable. Such action may include reconfirmation or modification
of the audit plan, changes to the audit objectives or audit sco
scope,
pe, or termination of
the audit.
Any need for changes to the audit plan which may become apparent as auditing
activities progress should be reviewed and approved, as appropriate, by both the Audit
team leader and the auditee.
Auditors exercise discretion in the use and protection of information acquired in the
course of their duties. Audit information are not to be used inappropriately for personal
gain by the auditor or the audit client, or in a manner detrimenta
detrimentall to the legitimate
interests of the auditee. This concept includes the proper handling of sensitive or
confidential information.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
SESSION 8:
The audit time is determined and planned to accomplish a complete and effective audit
of the client's management system. In determining the audit time, the audit team
considers, among other things, the following aspects:
Audit Duration
Audit duration for all types of audits is the effective time measured in auditor days
required to carry out auditing activity. The duration of an auditor day is normally 8 hours
and may or may not include travel time or lunch depending upon local legislation.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Audit duration for all types of audits includes on site time at a client's premises and time
spent off-site carrying out planning, document review, interacting with client personnel
and report writing.
It is expected that the audit duration involved in such planning and report writing
combined should not typically reduce the total on-site audit duration to less than 80% of
the time shown in the Tables 2. This applies to initial, surveillance and recertification
audits. Where additional time is required for planning and/or report writing, this will not
be justification for reducing on-site audit duration for any audit.
To minimize interference between audit activities and the auditee’s work processes
and to ensure the health and safety of the audit team during a visit, the following
should be considered:
• ensure permission and access to those parts of the auditee’s location, to be visited
in accordance with the audit scope;
• provide adequate information (e.g. briefing) to auditors on security, health,
occupational health and safety matters and cultural norms for the visit including
requested and recommended
• vaccination and clearances, if applicable;
• confirm with the auditee that any required personal protective equipment (PPE) will
be available for the audit team, if applicable;
• except for unscheduled ad hoc audits, ensure that personnel being visited will be
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
b) on-site activities:
The audit team members collect and review the information relevant to their audit
assignments and prepare work documents, for reference and for recording audit
evidence. Such work documents include:
• checklists;
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
The use of checklists and forms should not restrict the extent of audit activities, which
can change as a result of information collected during the audit.
Work documents, including records resulting from their use are retained at least until
audit completion, or as specified in the audit plan and suitably safeguarded at all
times by the audit team members.
AUDIT SAMPLING
Auditors know it may not be practical to examine all available evidence due to its
volume and dispersal. In those cases, a sample is selected to evaluate against the
audit criteria and help develop the audit conclusion.
Sample Definition
A sample is a small part of anything, intended as representative of the whole. It may
not be practical to examine all available data. For example, records may be too
numerous or dispersed, or may be too time consuming or costly.
Audit Principle
ISO 19011:2011, Guidelines for Auditing Management Systems, describes an
“Evidence-based Approach” that is based on sampling.
This audit principle (in clause 4.f) uses a rational method for reaching reliable and
reproducible audit conclusions. It states that audits are conducted during a finite period
of time and with finite resources, so audit evidence should be verifiable, and based on
samples of available information. The principle concludes by saying that the
appropriate use of “sampling” is closely related to the “confidence” that can be placed
in the audit conclusions.
Audit Guidance
The ISO 19011:2011 auditing guidance standard also states that audit procedures
should address the use of appropriate sampling methods (5.3.5). Does your audit
procedure cover sampling? Most audit procedures I review do not.
Lead auditors should be aware of sampling techniques when preparing the audit plan
(6.3.2.1), and the audit plan should cover the extent of the sampling needed to obtain
sufficient audit evidence (6.3.2.2). Work documents may include a specific sampling
plan (6.3.4)
Sampling Steps
Audit sampling typically involves these six steps:
1. First, establish the objectives of the sampling plan, e.g., you may want to reduce
the audit disruption, yet have a representative sample that provides confidence in
the audit conclusions.
2. Next, define the extent and composition of the population. What is the audit
scope?
3. Then, select a sampling method. For quality audits, it will likely be judgmental
sampling. However, you can still use a statistical method to help identify items
within your sample.
4. At this point, determine the sample size to be taken. If you want a statistically valid
sample, you will calculate the sample size for the desired confidence level.
5. Now you are ready to conduct the sampling activity, followed by the sixth step.
6. Evaluating, reporting, and documenting the results.
Sampling Methods
When we know our sampling objective, and the extent and composition of the
population to be assessed, we will select our sampling method before determining the
sample size. You may decide to use “judgmental” (non-statistical) sampling and rely
on the auditor knowledge, skills, and experience. But, if you need a statistical estimate
of the effect of uncertainty on the audit findings and audit conclusion, then a
“statistical” sampling method will be selected.
Statistical
Before choosing a statistical sampling method, you should consider if the outcomes to
be examined are attribute-based or variable-based. More on that later. There are four
primary methods for statistical sampling:
1. Systematic – Picking every nth item. This would be appropriate for looking over a
period of time.
2. Random – Selecting a random sample, which could involve a random number
generator.
3. Stratified – Divides the population into homogeneous subgroups that need to be
represented.
4. Cluster – Divides the population into heterogeneous clusters that match the
population.
We will discuss each of these four methods later in the article.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Non-statistical
As mentioned earlier, we may want to use “judgmental” sampling based on auditor
knowledge, skills, and experience. For example, the auditor may know which items
have had problems in the past, or may be a higher risk to the organization.
“Convenience” sampling, sometimes referred to as “haphazard” sampling, uses
samples that are readily available. I will focus on judgmental sampling later in the
article, but first, let’s look at statistical sampling.
Statistical Sampling
Statistical sampling uses a sample selection process based on probability theory.
Attribute-based sampling is used when there are only two possible outcomes for
each sample, for example, conforming or nonconforming when assessing completed
forms to the procedural requirements.
Sampling Plan - Key elements that will affect your audit sampling plan are the:
Sample Sizes - If we increase the confidence level to 95%, and changing the
nonconformity rate to 1% or less, it would expand the sample for a population of 1000
to 259, far more than 45. Financial audits typically use statistical sampling methods.
However, due to time constraints and cost factors, quality audits often use non-
statistical sampling methods.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Systematic Sampling - Systematic sampling selects every Nth item in the population
as the sample. For example, to sample 30 items out of a population of 360, the
sampling interval would be N=12.
You would select a random starting point within the first interval, e.g., between 1 and
12, you could randomly pick 7. Then, you would extract every 12th item, i.e., 7, 19, on
to 343, 355.
However, you have to ensure the systematic sampling interval does not introduce bias.
For example, if a warehouse has even locations on one side of the aisle and odd
locations on the other side, and you selected every 50th item, and started at 20, you
would never pick an odd location.
Random sampling would be more suitable for this scenario. Remember, auditor
judgment is still needed for statistical sampling. Systematic sampling is most
appropriate for looking over a period of time, since it ensures an even spread of
selected items in a sample of the timeframe under review.
Random Sampling
Random sampling gives each item in the sampled population an equal chance of
being selected. That means picking one item, has no impact on the probability of any
other item being selected.
One random sampling method is to generate a random number for each item to be
sampled, sort these random numbers, and then take the top or bottom X, where X is
the sample size.
Stratified Sampling
When items from each subgroup within the population need to be represented, you
can use “stratified” sampling. To do that, divide the population into subgroups, or
strata. Then select random or systematic samples from within each subgroup.
The sampling fraction for each subgroup may be taken in the same proportion that the
subgroup has in the population. For example, you would randomly select customers of
each type in proportion to the number of customers of that type in the population.
Suppose that 70% of your customers are commercial and 30% are government. You
could divide the population into those two groups and take 70% of your samples from
the commercial group and 30% of your samples from the government group.
Cluster Sampling
In “stratified” sampling, the subgroups are homogeneous. In “cluster” sampling, the
cluster is as heterogeneous as possible to match the population.
A random sample is taken from within one or more selected clusters. For example, if
there are 20 small projects in the scope, you might use cluster sampling to randomly
select 4 projects as representative for the audit.
Unless clusters are selected randomly, and many are sampled, you cannot always
generalize about the entire population. For example, random sampling from all parts
produced last week, or for a specific product, may cause sampling bias.
Judgment Sampling
Judgment-based sampling relies on the knowledge, skills, and experience of the audit
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
• Previous audit experience within the audit scope (may spend more time if little
experience)
• Complexity and interaction of the processes (sample more if a complex process)
• Changes in technology and the management system (sample more if higher risk)
• Previously identified risk areas and improvement areas (consider weak areas)
• Output from monitoring of the management system (listen to feedback on issues)
The sample should provide coverage of all types of items within the population. A
drawback of judgment-based sampling is there can be no statistical estimate of the
effect of uncertainty on your audit findings and conclusions.
Convenience Sampling
Another type of non-statistical sampling is “convenience” sampling. With this method,
you select a nearby and readily available sample. Sounds easy. However, in most
cases, you cannot draw conclusions about the total population, because the sample is
not likely to be representative.
For example, when auditing purchase orders, you may be tempted to assess the ones
on the buyer’s desk. However,
• The buyer may have placed “correct” ones on the desk to be used for the audit
• Or, the POs may be recently, carefully created knowing the audit was imminent
• Or, the POs on the desk may be from the few suppliers handled by that buyer
Sampling Concerns
If you are not careful, your sample may be invalid, too large, or too small.
Invalid Sample
If a sample is not representative of the population, it is not a valid sample. Since
auditors rely on samples to form their audit opinion, an invalid sample could lead to an
invalid conclusion.
Over-Auditing
If the sample taken is too large, it was unnecessary and has wasted valuable time.
You want to select the smallest sample leading to valid audit results.
Under-Auditing
If the sample is too small, it may not be representative of the population, which means
there is a risk that nonconformities will not be detected.
Sampling Risk
Speaking of risk, if you are sampling two out of ten items, and there is one
nonconforming item, what is the risk of missing that nonconformity with a random
sample of only two items?
There are 45 different combinations when taking two items at a time from a population
of ten. That means there would be nine combinations with the bad item, and 36
combinations without it. So, while the percent of bad items is 10%, the risk of selecting
a sample without the bad item is 36 of 45, or an 80% risk. That highlights the impact of
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Sample Selection
Audit samples are taken to evaluate if practices are producing results that meet stated
requirements. Our audit samples include which procedures to review, people to
interview, activities to observe, and records to examine.
However, there is not enough time available to look at everything. In fact, you may
have been given an audit assignment with a specific audit duration, which ends up
being a limiting factor for your sampling.
The audit sample should be relevant and representative, which means it should be
selected by the auditor, not the possibly “loaded dice” offered by the auditee. How
thoughtful of them.
Your audit checklist, if you use one, may define the planned sample through the
selected areas to assess, documents to review, and records to examine.
There will be a difference between your “planned” sample and the “actual” sample, as
you adjust to the responses, practices, and evidence during the audit. Your auditor
notes will record the sample actually taken, which will be helpful in reporting results
and guiding future audits of the area.
Evidence Types
There are four types of evidence:
• Documents,
• Observations,
• Records,
• Statements, which forms the acronym D-O-R-S.
This audit evidence is compared to the four types of requirements to judge conformity:
• Legal,
• Organization,
• Customer,
• Standard, which forms the acronym L-O-C-S.
Remember, when you interview someone, you are listening to their understanding of
the “current” process. When you review documents, you are hopefully looking at the
“current” versions. When you observe work activities, you are viewing the “current”
practices.
However, to assess conformity in the “past”, since the last audit, you must examine
records generated during that time interval, not just the records generated today.
Evidence Samples
How many people, documents, activities, and records should be sampled during a
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
quality audit? The sample sizes should be based on the population size and business
risk. And, larger samples will provide more confidence in the audit conclusions.
However, the samples will be limited due to the audit’s cost and operational disruption,
as well as, by the time allocated for the audit, and the types of evidence being
examined.
For example, with monthly management reviews, and semi-annual audits, you could
look at only six records and have a 100% sample since the last audit.
If 1000 purchase orders have been issued since the last audit, picking 20
representative orders would be a 2% sample over the past six months. However, for a
statistically valid audit sample for a 95% confidence level, and a nonconformity rate of
1% or less, you would have to sample 259 orders, or a 26% sample. When was the
last time you examined 259 POs in an audit?
Record Sampling
Consider the time period to be assessed, when you select records be included in your
sample. Remember that old records were created by old processes. If you find a
problem in the past, similar nonconformities may not exist with the current process.
So, focus on records related to the current processes. Consider the records that have
been generated since the last audit. However, you should still select some older
records for assessing adherence to record retention policies.
Sampling Disclaimer
Audit results reflect the situation you found at the time of the audit. You relied upon a
limited sample taken during a brief period of time. Therefore, consider including a
disclaimer like this one in your audit report:
This audit was based on random samples and every aspect of the system was not
necessarily covered. Therefore, nonconformities may exist that have not been
identified in this report.
Summary
To recap, audit results will be based on sampled information.
The selected samples should be representative of the population.
It is important to understand the different audit sampling techniques, and to be aware
of the uncertainty introduced by sampling.
You want to determine an acceptable sample size for confidence of all parties:
Take the steps necessary to improve your judgment-based sampling, since that will
likely be the primary sampling method for your audits. Avoid under-auditing (selecting
too few samples).
• people,
• documents,
• activities,
• records,
Report the sampling level, and include a disclaimer in your audit report.
When preparing work documents, the audit team consider the questions below for
each document.
The work documents should be adequate to address all those elements of the
management system (discussed on day 1) within the audit scope and may be provided
in any media.
A checklist may be used to ensure that all relevant standards’ requirements are
addressed.
• The focus of the checklist may restrict the scope to identify specific problems.
• It may be used as a substitute for audit plan.
• It may not help in generating adequate audit evidence if not communicated
properly.
Auditors establish the path of the process that they are auditing and perform the audit
accordingly, ensuring that the requirements of the process are being met.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
• Use the chosen samples and identify the process path and the controls that were
applied. It is vital that the samples are linked and come from the same trail.
• Procedures, forms, checklists and so on, all ensure that a process is managed and
controlled effectively. It is essential that auditors take the time to understand what is
required from the process they are auditing.
• A second- or third-party auditor to carry out an audit of an organization starting the
trail with the specification of its product or service, including statutory and regulatory
requirements.
• This professional approach to auditing that allows the auditor to identify any
weaknesses in the process and decide if an organization is capable of meeting the
specified requirements.
• The audit trail approach applies to any audit be it an internal, second- or third-party
audit.
• Input
• Activities
• Outputs
• Measures of effectiveness
Using the audit of a purchasing activity as an example, you need to identify what
material or equipment has been purchased for your sample order. It is always important
to understand what drives the process. In this case, it is normally the requisition, which
defines what is wanted.
If the auditor does not understand the specification, then he or she cannot check if the
process being followed meets the requirements of the requisition.
• what does the requisition require – does this comply with the agreed specification?
• how is the decision to purchase made?
• how is the specification decided? Is it adequate?
• who decides what is required and do they have the authority?
• who chooses the supplier and by what criteria?
• what is the process for bid evaluation?
• how is the specification advised to the supplier?
• are national or international standards used?
• what controls the process?
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
These are just some of the issues that need to be addressed, many of which follow the
clauses of ISO 9001. Reference: ISO 9001 Auditing Practices Group – ISO/IAF © ISO
& IAF 2009 – All rights reserved www.iaf.nu; www.iso.org/tc176/ISO9001AuditingPracticesGroup
• confirm the agreement of all parties (e.g. auditee, audit team) to the audit plan;
• introduce the audit team;
• ensure that all planned audit activities can be performed.
The meeting chaired by the audit team leader, and the following items should be
considered, as appropriate;
The opening meeting may simply consist of communicating that an audit is being conducted
and explaining the nature of the audit
EXERCISE 11: E11D3S8 - Group Activities: - Preparation of Opening Meeting 1610 – 1630
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
DAY 4
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
SESSION 9:
COURSE CONTENT TIMING
Review of day 3 - discussion / concerns 0800 – 0830
Day 3 consolidation quiz discussion
Specimen Examination – Section 3 Assignment discussion
A formal opening meeting held in the client’s location before proceeding with the audit,
with the client's management and those responsible for the functions or processes to
be audited. The opening meeting is conducted by the audit team leader, is to provide a
short explanation of how the audit activities will be undertaken.
Continuous Assessment;
Exercise 7: Opening Meeting
Interviews are one of the important means of collecting information and should be
carried out in a manner adapted to the situation and the person interviewed, either
face to face or via other means of communication.
• held with persons from appropriate levels and functions performing activities or
tasks within the audit scope;
• conducted during normal working hours and, where practical, at the normal
workplace of the person being interviewed;
• an attempt to put the person being interviewed at ease prior to and during the
interview;
• the reason for the interview and any note taking should be explained;
• initiated by asking the persons to describe their work;
• careful selection of the type of question used (e.g. open, closed, leading
questions);
• summarized and reviewed the results with the interviewed person;
• thanked the interviewed persons for their participation and cooperation.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
SESSION 10:
LESSON CONTENT TIMING
Stage 2 – Conducting the Audit 1040 – 1055
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
• determine the conformity of the system, as far as documented, with audit criteria;
• gather information to support the audit activities.
During the audit, the audit team assess audit progress and exchange information.
Communication during audit that are important and need to address such as;
• The need to reassign work between the audit team members and periodically
communicate the progress of the audit and any concerns to the client.
• Where the available audit evidence indicates that the audit objectives are
unattainable or suggests the presence of an immediate and significant risk (e.g.
safety), the audit team leader shall report this to the client and, if possible, to the
certification body to determine appropriate action. Such action may include
reconfirmation or modification of the audit plan, changes to the audit objectives or
audit scope, or termination of the audit. The audit team leader shall report the
outcome of the action taken to the certification body.
• The audit team leader shall review with the client any need for changes to the audit
scope which becomes apparent as on-site auditing activities progress and report
this to the certification body.
The audit team should meet as needed to review the audit findings at appropriate
stages during the audit and unresolved points should be recorded..
The audit team leader ensures that audit records are created, managed and maintained
to demonstrate the implementation of the audit program. Processes should be
established to ensure that any confidentiality needs associated with the audit records
are addressed.
• During the audit, information relevant to the audit objectives, scope and criteria
(including information relating to interfaces between functions, activities and
processes) are collected by appropriate sampling and verified to become audit
evidence.
• Methods to collect information shall include, but are not limited to:
interviews;
observation of processes and activities;
review of documentation and records.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
During the audit, information relevant to the audit objectives, scope and criteria,
including information relating to interfaces between functions, activities and processes
are collected by means of different ways.
Only information that is verifiable are accepted as audit evidence. Audit evidence
leading to audit findings are recorded.
Source of Information;
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
SESSION 11:
LESSON CONTENT TIMING
Generating audit findings 1315 – 1330
Audit finding:
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Identifying Nonconformities;
Writing Nonconformities
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
The audit team confer prior to the closing meeting in order to:
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
• review the audit findings, and any other appropriate information collected during
the audit, against the audit objectives;
• agree on the audit conclusions, clearing all issues encountered during the audit
process;
• prepare recommendations;
• discuss audit follow-up.
• the extent of conformity with the audit criteria and robustness of the management
system, including the effectiveness of the management system in meeting the
stated objectives;
• the effective implementation, maintenance and improvement of the management
system;
• the capability of the management review process to ensure the continuing
suitability, adequacy, effectiveness and improvement of the management system;
• achievement of audit objectives, coverage of audit scope, and fulfillment of audit
criteria;
• root causes of findings, if included in the audit plan;
• similar findings made in different areas that were audited for the purpose of
identifying trends.
If specified by the audit plan, audit conclusions can lead to recommendations for
improvement, or future auditing activities.
1505 – 1520
Closing Meeting
The audit team confer prior to the closing meeting in order to:
• review the audit findings, and any other appropriate information collected during
the audit, against the audit objectives;
• agree on the audit conclusions, taking into account the uncertainty inherent in the
audit process;
• prepare recommendations, if specified by the audit plan;
A closing meeting, facilitated by the audit team leader is held to present the audit
findings and conclusions. As appropriate, the following should be explained to the
auditee in the closing meeting:
• advising that the audit evidence collected was based on a sample of the
information available;
• the method of reporting;
• the process of handling of audit findings and possible consequences;
• presentation of the audit findings and conclusions in such a manner that they are
understood and acknowledged by the auditee’s management;
• any related post-audit activities (e.g. implementation of corrective actions, audit
complaint handling, appeal process).
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
DAY 5
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
SESSION 12:
LESSON CONTENT TIMING
Review of day 4 - discussion / concerns 0800 – 0900
Day 4 Consolidation Quiz Discussion
Specimen Examination – Section 4 assignment discussion
The audit team leader reports the audit results in accordance with the audit program
procedures.
The audit report provide a complete, accurate, concise and clear record of the audit,
and should include or refer to the following:
The audit report is issued within an agreed period of time. If it is delayed, the reasons
should be communicated to the auditee and the person managing the audit program.
• review and approval of audit reports, including evaluating the suitability and
adequacy of audit findings;
• review of root cause analysis and the effectiveness of corrective actions and
preventive actions;
• distribution of audit reports to the top management and other relevant parties;
• determination of the necessity for any follow-up audit.
The audit is completed when all planned audit processes/activities have been carried
out.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Lessons learned from the audit should be entered into the continual improvement
process of the management system of the audited organizations.
Identification of Nonconformities, Potential Risk and Opportunities for Improvement 0920 - 0940
Identifying Nonconformity
When changes, legal liabilities or even manmade disasters occur, operations can be
disrupted.
Organization identify potential risks, then prioritize and take action to handle them,
which include avoiding the risk, reducing negative effects, accepting the
consequences of the risk, or transferring the risk elsewhere. Proactively managing
risks will help organization sustain growth.
Some categories of risk to consider could help organization identify potential risk:
• Compliance – risks related to the need to comply with rules and regulations.
• Operational – risks are linked to company’s administrative and operational
procedures.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
In improving the results, organization resolve problems by analyzing the root cause.
For these matters QMS requires organization to establish methods of addressing the
findings.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
The management responsible for the area being audited ensures that any necessary
corrections and corrective actions are taken without undue delay to eliminate detected
nonconformities and their causes.
The certification body requires the client to analyse the cause and describe the specific
correction and corrective actions taken, or planned to be taken, to eliminate detected
nonconformities, within a defined time.
The audit report is dated, reviewed and approved, then be distributed to the recipients
as defined in the audit procedures or audit plan.
The conclusions of the audit can, depending on the audit objectives, indicate the
need for;
• corrections, or
• corrective action,
• preventive action or
• improvement actions.
Such actions are usually decided and undertaken by the auditee within an agreed
timeframe and immediately keep the person managing the audit program and the
audit team informed of the status of these actions. The completion and effectiveness
of these actions are verified on subsequent audit or surveillance audit.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
SESSION 13:
Most auditor schemes have four main grades of certification and two provisional
grades. However, some schemes have different/limited grades, or different terms (eg
Assessor). Please refer to the respective appendix for further guidance on any
scheme.
GRADE APPLICABILITY
You should consider this grade if you conduct internal ‘partial
Internal system’ audits of your organization’s management system, or a
Auditor supplier’s management system. It is likely that you will not be a
fulltime auditor, and you may only audit a few times each year.
Whilst the internal auditor grade requires the applicant to have
Provisional conducted audits, the provisional grade does not. It is therefore
Internal appropriate for professionals who have attended an internal auditor
Auditor training course, but that do not or have not had the opportunity to
conduct audits, yet wish to receive formal recognition of their ability.
The auditor grade is appropriate for those who conduct ‘full system’
audits as a member of an audit team and/or as a sole auditor. They
may be conducting internal full system audits, second-party full
Auditor
system audits, or conducting third-party audits for certification
purposes but do not yet have sufficient experience of leading audit
teams.
Whilst the auditor grade requires the applicant to have conducted
Provisional audits, the provisional grade does not. It is therefore appropriate for
Auditor professionals who have attended an auditor training course, but
that do not or have not yet had the opportunity to conduct audits.
This grade applies to competent auditors experienced at managing
audits and at leading audit teams. This would be the case for
Lead Auditor
auditors working as audit team leaders for certification bodies or
those who perform supplier audits for organizations.
This grade is appropriate for Senior Audit professionals with an
extensive and demonstrable history of conducting full system audits
as lead auditors, who may no longer lead audit teams, or conduct
Principal audits on a regular basis. Principal Auditors are not required to
Auditor submit evidence of audits at re-grade, as they may have
progressed
into audit training or management roles. However, submission of
any audits carried out is recommended.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
In the sector understanding and work experience sections of the application form, you
are required to demonstrate the following knowledge and competencies:
For the purposes of this code “members” refers to all individuals whose competence
is recognized formally by The Chartered Quality Institute [The CQI]. This includes
but is not restricted to CQI members, IRCA registered auditors and individuals on
other CQI registers, as well as all members of the Board of Trustees, Advisory
Council and other governance bodies.
Statement of Personal Responsibility
Members must uphold the highest ethical standards and integrity in exercising their
professional duties or other activities which might impact on the reputation of the
profession and of the CQI.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
In support of these aims all members are expected to understand and comply with
this code of conduct.
Furthermore, the CQI reserves the right to suspend or withdraw membership and all
associated benefits from members who fail to comply with this code of conduct, in
accordance with the Enforcement Processes detailed below.
In recognizing the values and requirements of this code of conduct members shall:
In recognizing the values and requirements of this code of conduct members shall:
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
All members, by virtue of their association with the Institute, have agreed to abide by
the following enforcement processes.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
1340 – 1400
Training Program and Tutor/Assistant Tutor Evaluation
Preparation for the examination 1400 – 1630
END OF COURSE
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
EXERCISES BRIEF
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
This course involves activities such as group/team works and role play. Students are
formed into suitably sized work teams in various course exercises and role play activities.
Course exercises and role play activities are done by group. Each group choses their
Audit team leader. Under the tutor’s guidance, each member of the team plays an
importance and equal roles. They are expected to contribute and cooperate. All are given
chance to become Audit team leader. These team groupings must be effectively
assembled with student’s initiative to facilitate good performance. The Tutor will grade the
performance accordingly.
The results of the exercises and role play activities are presented in the class at the end
of the time allotted for it. The Audit team leader can make an arrangement on the
presentation of the results of their activity and the documents they produced (if
necessary).
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
URISE was established in 2007 in Dubai. The initial concept and core company business
activity was as a twenty-four hour, seven day a week waste logistics service provider,
supporting both waste collection agencies and local councils…
Our URISE operation philosophy ensures that we maximise production capacity and
reintroduce to the supply chain everything that is produced. We control the quality of
feedstock which results in quality material being produced, minimising residue whilst
maximising recovery of recyclables.
The URISE is an essential stage in the recycling process. In addition to sorting the
materials into their respective grades we remove materials which are considered to be
contaminates, thereby eliminating any problems that they cause at the URISE or later in
the recycling process at the destination factories.
The design and implementation of the URISE quality management system has been
influenced by URISE particular business environment and risks associated with that
environment. In addition, the system has been structured to support the varying needs of
the business, its particular objectives, the services it provides, the processes it employs
and its size and organisational structure.
The implementation of the requirements of the ISO 9001:2015 international standard have
been used to meet customer and statutory and regulatory requirements applicable to
products and services. The implementation and interaction of the system processes are
managed to produce the desired process outcome.
In relation to the International Standard and URISEs implementation of ISO 9001:2008 the
term “product” applies to the product intended for, or required by, a customer or the
product realization processes. This applies to any intended output resulting from a product
realization processes, including purchasing.
Where appropriate, statutory and regulatory requirements are also expressed as legal
requirements.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
MANAGING DIRECTOR
Purchaser
Labor
ORGANIZATIONAL CHART
URISE RECYCLING FACILITIES
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Your Tutor(s) will require you to work together in groups or individually to prepare for and ultimately
undertake an audit of a case study company. The full details of this will be explained at the appropriate
time by the course tutors; however it will basically involve the following:
EXERCISES INSTRUCTION:
Tutor will explain what a quality management system is. He will speak about the management
system and the different aspects of the management in the organizations by using the slides. Using
the pre-prepared form in the student notes, each groups of 3-4 people and Tutor will ask the groups
to fill these form as instructed.
Each group will identify the benefits of developing quality management system to the organization
and in subscribing to ISO 9001 standards in their organization. Using the different aspect of
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
management, student will learn the importance of quality management system and the standards’
contribution to the organization. The tutor will ask the students to use the form provided for this
exercise in their notes. Give 5 each.
The purpose of this exercise is to assess the student’s understanding of the quality management
systems and the standards. Tutor will instruct the students to answer the questions in continuous
assessment exercise 1;
You will prepare a list of activities for each elements of the Plan-Do-Check-Act (PDCA) cycle and
state the clause number of the ISO standard for the activities you identify.
The purpose of this exercise is to determine how much you know about the PDCA cycle.
To prepare you for using the standard and in using the clauses for evidence based audit, tutor will
guide you to perform phrase search. In ISO 9001 standard search and identify the documented
information that is maintained and retained. Identify the corresponding clause of the standard that
requires them.
To understand the terms and definitions used in the management system, Tutor will distribute the
terms and definition exercise documentation and will ensure all the groups will work on the selected
terms and their associated definitions. As per Tutor’s instruction the students will answer the
questions on the form provided.
Individual exercise: Using the scenario given by the Tutor, answer the following by identifying what
audit type correspond to the activities given.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
In the form provided for establish the connection between accreditation and certification with the
institution and the standard. You will write the standard and the institution for the Accreditation body
on the space provided for. In the other side write the standard and the institution for the Certification
body.
The purpose of this exercise is to explain the difference between accreditation body and certification
body and the institution the accredit and certifies. What are the standards being accredited and
certified.
The Tutor will give 2 scenarios information and the students based on the information given during
the relevant discussion will read, understand and identify what audit objectives, audit scope and
audit criteria appropriate with the information given.
The purpose of this exercise is to provide experience in undertaking a "Document "Review". A full
assessment of an organization against the requirements of ISO 9001 requires the assessing
organization to adopt the two stage approach:
Stage 1: A review of the documentary evidence provided by the organization to demonstrate that it
has understood and developed processes designed to implement the requirements of ISO 9001, and
to confirm that the organization is ready to be audited.
Stage 2: An on-site audit to verify that the organization is implementing it's documented system and
effective.
You will be working with the supplied case study manual and the results of the Day 1 discussion
group activities your syndicate team should now undertake a "Document Review" of the case study
organization's Quality Manual, prepare a formal presentation and also complete the Document
Review form in your Continuous Assessment documents as instructed by your tutor(s).
Although this is a team exercise, however, the entries into the Continuous Assessment documents
will be made by the individual delegates and should be identical to the respective group findings.
Your presentation will need to comprise the completed document review form and also address the
following questions:
2. Are there areas of concern (weakness) that you think should be focus out for in-depth
verification during the Stage 2 audit.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
The purpose of this exercise is for the students understand the importance and function of Audit Plan
in the audit process. The Team Leader will prepare the detailed plan of the activities, purpose,
objectives, time lines who will be the auditor and auditee, activities and areas to be audited at the
time of the audit. This is for both auditee and auditor information what will be done at the time of the
audit. This is to be given to the auditee well in advance for them to prepare for the audit. After the
tutor explains the details of an audit plan, the groups will prepare the audit plan as per the tutors
instructions of the case study company and they will record their plan on to the form supplied.
The students should know who the people in the audit are and what are their roles and
responsibilities. After the tutor’s explanations, the groups will answer the continuous assessment
exercise as per the instruction of the tutor. Then tutor will ask to the groups to identify the roles,
duties, responsibilities of each of these groups of people in an audit situation. Groups will identify
the responsibilities by choosing from the given form.
This is part of the continuous assessment so the students will write on their continuous assessment
form
You will perform audit duration exercise as per the instruction of your tutor.
The tutor will ask you to refer to IAF-MD5 when computing for mandays. With the scenario given by
your tutor determine the audit duration in mandays using the Annex A–QUALITY MANAGEMENT
SYSTEMS Table QMS 1 – Quality Management Systems
Relationship between Effective Number of Personnel and Audit Time of IAF - MD 5.
The student will be tasked to give the on-site activities during Certification Audit, Surveillance Audit
and Recertification Audit. The student would understand the commonalities of different audits as well
as their differences based on the on-site activities. Answers will be written on the flichart and the
cosen leader will discuss.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
The students will be tasked in groups to prepare sampling plan for a given audit situation the tutor
will give. The group should write their answers on the flipchart and the chosen leader will discuss
their output.
It is now time for you to think about all the questions you wish to ask and things you would like to
examine (audit sample) at the time of audit.
You should work with your plan of action and your questions you need to verify and think about what
questions you need to ask, the documents, records, tools, materials that you need to examine
(together with sample sizes) in order to get the necessary information to answer your questions.
These check lists are for your use and benefit during the audit, so that you know exactly what to look
at and look for and what questions to ask.
The students in groups are tasked by the Tutor to perform audit trail based on the processes
assigned to them. They will ask the relevant questions and they should give the corresponding
standard clauses. The leader in behalf of the group will reach an outcome of the performed audit
trail. The answers will be written on the flipchart and the leader will explain their answers.
Using the Audit Plan you prepared prepare the agenda of the opening meeting your Tutor will ask
you to be used in the opening meeting of the audit you are going to perform. You have to write all the
information you want to discuss in the meeting. The audit is certification and you must clear all the
questions the auditee may raise.
Under the guidance of your course tutor(s) prepare to conduct an Opening Meeting with the case
study company management team. You will need to use the previously prepared schedule at the
meeting and should request the tutor(s) to take some copies for you, one of which should be given to
the tutor for use by the management team. Please allow each team member to provide a brief input
at a suitable time in the meeting to explain what areas they will be auditing.
The Team Leader will need to chair the meeting and work to a prepared agenda following the format
given in the course notes. The groups will perform the opening meeting in front of the other groups
acting as the auditee one at a time allotted by the tutor. The tutor will rate the performance of the
students during the opening meeting and marked.
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
This is one of the continuous assessment exercises and therefore be marked. 70 mins
The students will be tasked individually to prepare questions against given process and use the
prepared questions to ask the Tutor in an interview. The students should give the reasons of asking
the questions and what will be the next plan of action. The students should develop a plan in mind
what is achieved of the line of questioning.
Your tutor will explain what needs to be done at each stage, if you are in any way confused please
do not hesitate to ask for clarification.
During the simulated assessment (role play) you will work as a team, with each member of the
group conducting his/her own part of the audit in turn.
You decide for yourselves the best approach to this, however it is important that each team member
has an opportunity to ask questions of the auditees and control their part of the audit, and also to
follow trails if felt to be relevant to the overall objectives and scope of the assessment.
You may find it easier to work in pairs so that one auditor can take good notes whilst the other is
conducting the audit, however the team should all carefully listen to each interview and discuss /
exchange information when the opportunities for team meetings arise.
You will need to take good notes but are not required to fill out Nonconformity reports at the time of
audit. Your tutor will explain how the audit role play will be undertaken.
The students will perform simulated audit using the scenarios the Tutor will provide to address the
following:
• management commitment
During the audit you may ask to speak to any person at the company, but do not jump from person
to person in too rapid succession, and you are not required to go through the protocol of formal
introductions as there is simply insufficient time for this.
You may ask to see any document, material, component or product. If you ask the right questions of
the right people you will obtain hard copy audit evidence - please do not write on this or mark it in
any way.
Sometimes you may ask to see evidence that does not exist for role play purposes, in these
situations your tutors will 'show' you whatever you wish to see in role play but will immediately ask
you (out of role play) what evidence you are looking for. Just tell them what objective evidence you
are seeking and they will tell you honestly if it is there or not.
You will need to use some imagination to gain the most from the role play exercise, however in
some cases you will be shown actual documentation which you will then need to study carefully
before handing back to the tutors.
The students, individually will evaluate scenarios given by the Tutor and will determine the evidence
of nonconformity and the relevant standard clause why it is a nonconformity. The student will then
write the statement of nonconformity, the objective evidence of the non conformity and the clause
why it is nonconformity.
The team will write one nonconformity statement for every team member (working together), using
the facts found at the time of the simulated audit and contained in your auditor's notes. The team
leader will present the summary statement and the nonconformities are to be presented by each
member of the team in turn (including the team leader) to the class using flip chart sheets, and each
team member should be prepared to logically reason and explain their nonconformity statement.
Other class members will constructively critique each nonconformity statement. The purpose of this
exercise is to ensure that delegates understand how to write nonconformity statements that clearly
communicate "What" (objective evidence) the auditor has found, and "Why" (clause of the
requirement) it is a nonconformity.
You will work in groups and perform closing meeting exercise as instructed by your tutor. Referring
to ISO 19011 clauses 6.4.9 prepare and perform closing meeting in front of the auditee team.
The tutor will give scenario company activities to the groups of student for them to identify
nonconformities, potential risks and opportunities for improvement. The group will write the answers
on the flipchart and the chosen leader will explain their answers to the class.
They should report the following:
1. Nonconformity
2. Potential Risk
3. Opportunities of Improvement.
From the scenarios given by the Tutor for the student to determine the nonconformities, the student
will be tasked to determine the root cause of the non conformities. Each student should give the
right corrective actions based on the determined root cause.
The team should prepare a Summary Statement that summarizes the outcome of the audit and
would normally be presented at a Closing Meeting, and be included in a final report. (For Third
Party Certification audits this Summary Statement would also make it clear if a "Recommendation
for Certification" would be made by the Team Leader to the certification company)
You must remember that the assessment that has just been completed has been carried out in
accordance with the schedule presented at the Opening Meeting, and that the only nonconformities
found are in the areas given to you as the limited role play sample.
Your Summary Statement should reflect this situation. (You have found no nonconformities
throughout the company other than those found in the simulated audit) You should work from the
collective notes taken by your group at the time of audit to provide the group with the total number
of nonconformities that you think you have found.
This is part of the continuous assessment so the students will write on their continuous assessment
form
After the audit is closed and there is nonconformity, the nonconformity must be closed out by
verifying that the corrective action was implemented and effective.
You are asked to close out the previous nonconformity. Using the scenario given by the tutor, write
the action you would take to close out the given nonconformity.
This is part of the continuous assessment so the students will write on their continuous
assessment form. 25 minutes and 5 min discussion.
END OF COURSE
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
APPENDIX 1:
ANAB: American National Standards Institute - American Society for Quality National Accreditation Board LLC
INDECOPI: National Institute for the Defense of Competition and Protection of Intellectual Property (Peru)
JASC: Japan Accreditation System for Product Certification Bodies of JIS Mark
SAS: State Secretariat for Economic Affairs (SECO), Swiss Accreditation Service
CERTIFICATION BODIES:
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
QMS ISO 9001, OH&S BS OSHAS 18001 (ISO 45001), QMS NSF International for North
AS9100, QMS TS 16949, QMS MDD ISO 13485, QMS America only based ISO/IEC
Pharmaceutical, cGMP Pharmaceuticals, GLP, OTC Pharmaceutical 17021, ISO/TS 22003 also operating
cGMP, EUA (Emergency Use Authorization), EMS ISO 14001, certification body within the USA and
FSMS ISO 22000 and variants including FSMS HACCP-9000® regions of Asia Pacific only
QMS ISO 9001, QMS MDD ISO 13485 based QSR 21 CFR 820, BRS [(ISO/IEC 17021, ISO/IEC
QHCS - Quality HealthCare, QMS Pharma, EMS ISO 14001, 17020, ISO/TS 22003, ISO/IEC
FSMS ISO 22000,ISO 29990, HACCP MS, and HACCP HARPC 27006, ISO/IEC 17065) North
MS, OSHMS® (BS OHSAS 18001, 29 CFR 1910, 1926, ISO 45001, America, South America, European
ISMS ISO/IEC 27001, ISO 29990, Social Accountability (SR&A), Community, Euro Asia, North Africa &
Inspection and assess IAW Federal CFR, and EnMS 50001 Middle East, and Asia Pacific only
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
QMS ISO 9001, FSMS ISO 22000, EMS ISO 14001, EMAS DNV (Dert Norske
761/2001, SA 8000, NB "CE" Mark services, QMS MDD ISO Veritas) [(ISO/IEC 17021,
13485, QMS TS 16949, FSMS HACCP, OH&S BS OHSAS 18001 ISO/IEC 17020, ISO/TS 22003,
/ OSHMS, (inquire information ISO 27001), QMS TL 9000, QMS ISO/IEC 27006) Europe, North &
AS9100, QC 080000, inquire on ISMS ISO/IEC 27001 South America, Asia, Middle-East only
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
ITS -
QMS AS9100, TS 16949 and TL 9000, "CE" Marking, QMS MDD Intertek Services [(ISO/IEC
ISO 13485 with CMDCAS, NB for CE Mark, and OH&S BS 17021, ISO/IEC 17020, ISO/TS
OHSAS 18001, ISMS ISO/IEC 27001, QMS ISO/IEC 20000 22003, ISO/IEC 27006)] for European
Community and North America only
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East
DOC NO. TUV-SUD.ME/QSN 002
Platinum - quality
QMS ISO 9001 and inquire on other management
management sector [ISO/IEC
systems
17021] USA, Canada, Mexico only
LNE/G-MED America* -
regulatory requirements and
QMS ISO 9001, QMS MDD ISO 13485, ISO 15378 and management sector based ISO/IEC
EMS ISO 14001, and "CE" Marking services, NB 17021 USA, Canada and European
Community only
UL LLC - regulatory
requirements and management
QMS MDD ISO 13485, (QMS ISO 9001), CMDCAS, NB
sector based ISO/IEC 17021 for the
for CE Marking based Europe office
Medical Devices Community, European
Community only
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East