Student Course Notes QMS 2015

STUDENT COURSE NOTES
ISO 9001 L.A.C. TRAINING COURSE

DOC NO. TUV-SUD.ME/QSN 002
STUDENT COURSE NOTES Rev No.: 02

QMS AUDITOR/LEAD AUDITOR Date: 03 Nov. 2015
Page: 1 of 135
AUDITOR/LEAD AUDITOR TRAINING COURSE

QUALITY MANAGEMENT SYSTEM
ISO 9001: 2015
Prepared by : Approved by:
Engr. MELCHOR E. FORMACIL Engr. MUHAMMAD AMIN ZAMMAN
DATE: 15.11.2015 DATE: 15.11.2015
FROF
If this document is printed - it is an Uncontrolled Copy unless authenticated and stamped “CONTROLLED COPY” and signed by the TUV SUD Middle East

Page: 2 of 135
1.0 Revision History
Rev Rev. Date Summary of Changes Page Prepared Approved by:

No. Revised by:
FROF

Page: 3 of 135
INTRODUCTION
THE COMPANY
TUV SUD Middle East LLC designed this International Register of Certificated Auditors
(IRCA) approved Quality Management Systems (QMS) Auditor/Audit team leader training
course to;
• provide students with the knowledge and skills required to perform first, second and
third-party audits of quality management systems against ISO 9001, in accordance
with ISO 19011 and ISO 17021, as applicable, and
• give students who successfully complete and satisfy the training requirements of the
QMS Auditor/Audit team leader course opportunity to become certified IRCA QMS
Auditor(within the three years after completing the course and prior to making an
application to become a certificated auditor).
Course Notes for Students is designed for the purpose of detailing the presentation of the
course approved by and registered with the International Register of Certificated Auditors -
IRCA as an ISO 9001 Auditor/Team leader training course.
This note details the minimum requirements that need to be met by the students, presented
fully in accordance with these requirements and respecting the company confidential nature of
training methods and materials used for this course.
The Course Notes for Students is established and developed to ensure that the learning
objective is effectively attained and meet IRCA requirements, the company’s training policy
and student’s satisfaction.
In the start of the program, it is only proper to make everybody aware of the rules and
regulations of this training.
TUV SUD.ME created a conducive learning environment to ensure that the established
training objectives are met and achieve learning satisfaction.
FROF

Page: 4 of 135
FROF

Page: 5 of 135
Prior knowledge
Before starting this course, Tutor informs students that they are expected to have the following prior
knowledge:
a) Management Systems:
• The Plan, Do, Check, Act (PDCA) cycle.
• The core elements of a management system and the interrelationship between top
management responsibility, policy, objectives, planning, implementation, measurement, review
and continuous improvement.
b) Quality management
• The fundamental concepts and the seven quality management principles:

− Customer focus
− Leadership
− Engagement of people
− Process approach
− Improvement
− Evidence-based decision making
− Relationship management
• The relationship between quality management and customer satisfaction.
c) ISO 9001
Knowledge of the requirements of ISO 9001 and the commonly used quality management terms
and definitions, as given in ISO 9000, which may be gained by completing an IRCA Certified QMS
Foundation Training course or equivalent.
The Tutor determines the prior knowledge by requiring you to answer a Pre-Course Assignment given
before the start of the course. The assignment is checked by the Tutor.
FROF

Page: 6 of 135
Course Learning Objectives & Student Evaluation
The aim of this IRCA certificated course is to provide students with the knowledge and skills required
to perform first, second and third-party audits of quality management systems against ISO 9001, in
accordance with ISO 19011 and ISO 17021, as applicable.
Learning objectives
Learning objectives describe what students shall be able to do by the end of the course. Students
will need to demonstrate acceptable performance in all of these areas in order to complete the
course successfully.
By the end of the course Students should be able to:
• Describe the purpose of a quality management system, of quality management systems

standards, of management system audit and of third-party certification.
• Explain the role of an auditor to plan, conduct, report and follow up a quality management
system audit in accordance with ISO 19011 (and ISO 17021 where appropriate).
• Plan, conduct, report and follow up an audit of a quality management system to establish
conformity (or otherwise) with ISO 9001 and in accordance with ISO 19011 (and ISO 17021
where appropriate).
Student Evaluation Process
IRCA requires students to undergo evaluation while participating on this course, which involve two
separate elements:-
1. Continuous assessment of each student base on individual performance on exercises and the
tutor’s personal scoring of the student’s overall manner in the course throughout the duration of
the course.
2. An examination on the final day of the five day course.
Student must demonstrate acceptable levels of performance in all three learning objectives.
Performance demonstrated through:
• Continuous Assessment document - a written daily examination of achievement of the learning
objective of the students in the entire duration of the course. This record is checked by the
Tutor and the result will be one of the means of grading the participant.
• Acceptable output in all practical activities and tasks.
IRCA certificated examination:
The Examination Proctor is responsible for ensuring;
FROF

Page: 7 of 135
• students are not provided with opportunities to copy, collude or otherwise cheat during
examinations
• the rules and regulations are explained to students for taking the examination
• allow students time to read the rules and regulations and deal with any questions before the
start of the examination.
• Reference material allowed into the examination is a copy of the appropriate standard and a
bilingual dictionary.
• Students whose first language is not the language in which the course is presented and
examined and whose ability in that language requires them to work more slowly, may be
permitted additional time not exceeding 30 minutes to complete the examination. They may
also have an appropriate two-language dictionary.
• Additional time be given to those students who suffer from particular disabilities, not exceeding
30 minutes to complete the examination.
Evaluation Criteria
At least two of TUV SUD Training tutors assess the completed examination papers. One tutor mark all
of the papers, indicating any errors, allocating marks and totaling the marks scored. A second tutor
checks the accuracy of the calculation of the marks.
To achieve a passing mark for this course the student needs;

• 70% of the total score in the Continuous Assessment exercises,
• 70% passing marks in the IRCA QMS examination papers.
Students who;
• fail the written examination, but pass the continuous assessment must be allowed to retake an
IRCA examination
• pass the continuous assessment, but fail the examination can only retake an examination once
(not the same previously failed examination paper) and this retake must occur within 12
months of initial examination under the same training organization.
• pass the continuous assessment, but fail the re-examination are required to attend another
entire certified course in order to successfully complete the training.
• fail the continuous assessment (less than 70% of the available marks) they will not be
permitted to take the examination.
Student Responsibilities
Student’s responsibilities are:
• this document and all other information are kept confidential.

FROF

Page: 8 of 135
• secure necessary copy of documents ISO 9000 and ISO 19011 standard for self-study
purposes.
• complete/attend the entire duration of this course.
• observe strictly the timing of each course program.
• demonstrate acceptable levels of performance in all three learning objectives
• pass the continuous assessment
• pass the written IRCA examination paper.
Students receive at the end of the course;
• Certificate of Successful Completion – if they passed the continuous assessment and the
written IRCA examination paper.
• Certificates of Attendance - may be issued to students who have not been successful in the
examination or the continuous assessment but who have satisfied the attendance requirement
Period of Validity.
Certificates of Successful Completion are valid for three years from the last day of the course,
irrespective of the date of successful completion of the examination, for meeting the training
requirements for certification as an IRCA auditor.
A student who wishes to become certified IRCA auditor must apply within the validity period of the
Certificates of Successful Completion to ISO 9001 Auditor/Audit team leader Training. This information
is written in the certificate of successful completion.
FROF

Page: 9 of 135
COURSE OUTLINE
The Quality Management System Auditor/Team leader Training Course is a 5 day course combining
tutorials, group exercises and role play activities in relation to the simulated assessment of the case
study company. It will provide with both theory and practical application in a safe learning
environment.
COURSE FORMAT
QMS Training course is presented wholly as a classroom-based course in sessions designed for
duration of 5 days.
It is arranged in succession to get the optimum benefits of meeting the learning objectives both for the
tutors and students:
1. Session Plan - this is the plan what to do per day to meet the course criteria including the
corresponding visual aids (slides and flipcharts)
2. Discussions with timing – The Tutor discusses the details of the session plan with interaction
with the Students. The students will perform tasks as per instructions of the Tutor.
This is applied for the whole duration of 5 days.
The course is formatted as follows;
• The first day starts with introduction of participants and tutor/s.

• Course outlined to view the program for the 5 day training schedules.
• Training by formal tutorials, individual task, group exercises and role play involving assessment
of a fictitious company.
• Students’ assessed daily through exercises in the Continuous Assessment document.
• Discussion and feedbacks after the exercises.
• The training days begin with review of the previous day topics and end in consolidation of the
learning objectives for the day.
• Breaks’ timing in between lessons.
The format and structure of the course is subject for continuing improvement by providing allowance
for adjustment or changes thus giving students with both theory and practical applications in a safe
learning environment.
The course has been certificated by the U.K. IRCA. The course program outlined below is applicable
for courses run with an audit Role Play performed with the tutor’s instruction.
The course may also be presented as a series of modules over an extended timeframe, however, in
this case specific requirements must be met by course organizers and delegates, and permission
must first be obtained from TUV SUD Middle East LLC.
Courses for management system disciplines where observation is an essential audit method must
include images (photographs and/or video) to support and provide contexts for learning points. For
example, environmental management, occupational health and safety management, and social
FROF

Page: 10 of 135
systems auditing should include images showing a variety of facilities (factories, sites, farms, etc) that
auditors may be faced with, as well as a variety of issues that the auditor may face (health, safety,
work activities and environment, etc).
Classroom-based training
TUV SUD ME provides a training environment conducive to effective learning and the use of
accelerated and participative training methods.
At the beginning of the course, students are provided with
• a description of the learning objectives, course structure, format and program, student
responsibilities, the assessment processes and assessment criteria, and you must also deal
with any concerns or worries that students may have.
• course based on the learning cycle and include opportunities for students to:
a) Experience new ideas and skills.

b) Reflect on their learning and identify strengths and weaknesses.
c) Address and improve on areas of weakness.
• a variety of learning methods to suit the range of learning styles .

• tutor presentations and tutor-led discussions to achieve knowledge-based learning
objectives.
The course includes;
• methods for monitoring and providing time for tutors and students to review tasks and activities,
and each student’s achievement of the learning objectives.
• provision for review and remedial work and individual coaching where necessary.
COURSE PROGRAM
Day 1 - Understanding of Quality Management System Process

Day 2 - Understanding ISO 9001 Requirements for assessment / audit process
Day 3 - Audit Planning / Auditing Techniques
Day 4 - Practical Auditing
Day 5 - Audit Reporting / Corrective Action Process
FROF

Page: 11 of 135
COURSE PROGRAM
Day 1 - Understanding of ISO 9001 and related issues
08.00 Registration
08.30 Introduction: Tutor/Students / Course Content / IRCA Certification
09.00 Pre-course Assignment / IRCA Learning Objectives
09.30 Prior Knowledge
10.00 BREAK
10.10 Understanding Quality Management Systems
10.50 Group activity: QMS/Standard Purpose & Benefits – E1D1S3
11.10 Discussion & Feedback
11.15 Continuous Assessment: Understanding QMS – CA1
12.10 Discussion and Feedback
12.15 LUNCH
13.00 ISO 9001 PDCA
13.30 Group work: PDCA Cycle Activity – E2D1S4
13.50 Discussion and feedback
13.55 Quality Management System Process
14.25 BREAK
14.35 Maintained and Retained Documented Information
14.55 Group Activity: Search for “Maintained and Retained Documented Information”
Search – E3D1S4
15.30 Continuous Assessment: Quality Management System Process – CA2

FROF

Page: 12 of 135
16.30 Consolidation of the learning objective in day 1

Day 1 Consolidation Quiz
Assignment – Specimen Examination Section 1
17.00 End of day 1

08.00 Review of day 1 - discussion / concerns
Day 1 Consolidation Quiz discussion
Specimen Examination – Section 1 discussion.
08.30 Audit type
08.45 Individual exercise: Identifying audit type – E4D2S5
09.15 Accreditation / Certification/ 3rd party audit & its benefits
09.30 Group work activity: Accreditation/Certification – E5D2S5
09.50 BREAK
10.00 Audit Process
11.00 Group Activity: Determine Audit Objective, Scope and Criteria – E6D2S6
11.30 Audit stages / Stage 1 Audit
12.00 LUNCH
12.45 Continuous Assessment: Document Review – CA3
14.50 Stage 2 Audit - Preparing Audit Plan
15.20 BREAK
FROF

Page: 13 of 135
15.30 Continuous Assessment: Audit Plan Preparation – CA4
16.30 Consolidation of learning Objective in day 2

Assignment: Specimen Examination – Section 2
17.00 End of day 2

Specimen Examination – Section 2 assignment discussion.
08.30 People in the Audit / Responsibilities
09.15 Continuous Assessment: People in the Audit – CA5
09.40 Determining Audit Time
10.00 BREAK
10.10 Group Activity: Audit Duration – E7D3S8
10.45 On-site Audit
11.05 Group activities: On-site Audit Activities – E8D3S8
11.40 LUNCH
12.25 Explain the Preparation of work document
12.55 Group Activities: Preparation of Sampling Plan – E9D3S8

FROF

Page: 14 of 135
13.40 Preparation of Audit Checklist -
14.10 Continuous Assessment: Writing Audit Checklist – CA6
14.55 BREAK
15.05 The Audit Trail
15.25 Group Activities: Perform Audit trail - E10D3S8
16.00 Explain Preparation of Opening Meeting
16.10 Group Activities: Preparation of Opening Meeting – E11D3S8
16.30 Consolidation of the learning objective in day 3

Assignment: Answer Specimen Examination – Section 3
17.00 End of day 3

08.30 Continuous assessment - Conducting Opening Meeting – CA7
09.40 Management of Audit Interview Effectively
09.55 BREAK
10.05 Group Activities: Perform Audit Interviews – E12D4S9
10.40 Stage 2 – Role Play exercise
10.55 Continuous Assessment: Performing the Audit – CA8

FROF

Page: 15 of 135
12.30 LUNCH
13.15 Generating audit findings
13.30 Group Activities: Write and Grade Nonconformities – E13D4S11
14.05 Continuous Assessment: Writing Non Conformity Report - CA9
14.40 BREAK
14.50 Audit Conclusion
15.05 Explain Closing Meeting
15.20 Group Activity: Closing Meeting Exercises – E14D4S11
16.30 Consolidation of Learning Objectives of Day 4

Assignment: Specimen Examination – Section 4
17.00 End of day 4
08.00 Review of day 4

09.00 Reporting the audit
09.20 Identification of Nonconformities, Potential Risk and Opportunities for

Improvement
09.40 Individual Activities: Identification of Nonconformities, Potential Risk and

Opportunities for Improvement – E15D5S12

FROF

Page: 16 of 135
10.15 BREAK
10.25 Corrective Action Process
10.45 Individual Activity: Root Cause Analysis – E16D5S12
11.20 Continuous Assessment: Writing Audit Summary – CA10
11.45 Report Writing
12.05 LUNCH
12.50 Continuous Assessment: Follow up Audit – CA11
13.20 Certification Grades and Summary of Grade Applicabilities

Outline the content and intent of the IRCA Code of Conduct
13.40 Tutor Evaluation
14.00 Lead Auditor Examination
16.30 Final discussion and course review

Recap of the course after the examination
17.00 End of Course
FROF

Page: 17 of 135
TUTOR COURSE NOTES
FROF

Page: 18 of 135
STUDENT INTRODUCTION:
WHAT IS:
• your name?
• _______________________________________
• your company?
• ____________________________________
• Your responsibility in the company?
________________________________________________________
How do you rate your knowledge or experience in this discipline?

From 1 to 5, 5 being the heights.
What are your expectations in completing this course?
What is your aim in taking this discipline?
TUTOR’S NAME: _________________________________________
TUTOR AID’S NAME: ______________________________________

FROF

Page: 19 of 135
DAY 1
FROF

Page: 20 of 135
Day 1 - Understanding of ISO 9001 and related issues
SESSION 1:
LESSON CONTENT TIMING
Registration 0800 – 0830
Introduction: Tutor/Students / Course Content / IRCA Certification 0830 – 0900
Pre-course Assignment / IRCA Learning Objectives 0900 – 0930
The pre-course assignment is given to students before starting this course to

determine the degree of understanding about auditing the management system.
Answer the assignment and submit it at the start of the training course.
The learning objective:
IRCA 9153 define the learning objectives of this course.
Learning objectives describe in outline what students will know and be able to do by
the end of the course. On completion, successful students will have the knowledge
and skills to:
Knowledge
• Explain the purpose of a quality management system, of quality management

systems standards, of management system audit, of third party certification and
the business benefits of improved performance of the quality management
system.
• Explain the role and responsibilities of an auditor to plan, conduct, report and
follow-up a quality management system audit in accordance with ISO 19011, and
ISO/IEC 17021, as applicable.
Skills
• Plan, conduct, report and follow-up an audit of a quality management system to

establish conformity (or otherwise) with ISO 9001 and in accordance with ISO
19011, and ISO/IEC 17021, as applicable.
FROF

Page: 21 of 135
FROF

Page: 22 of 135
SESSION 2:
PRIOR KNOWLEDGE: 0930 - 1000
Before starting this course, you must inform students that they are expected to have
the following prior knowledge:
a) Management systems
• The Plan, Do, Check, Act (PDCA) cycle

The model of a process-based quality management system illustrates that
customers play a significant role in defining requirements as inputs. Monitoring
of customer satisfaction requires the evaluation of information relating to
customer perception as to whether the organization has met the customer
requirements.
The methodology known as “Plan-Do-Check-Act” (PDCA) can be applied to all

processes. PDCA can be briefly described as follows.
Plan: establish the objectives and processes necessary to deliver results in

accordance with customer requirements and the organization's policies.
Do: implement the processes.
Check: monitor and measure processes and product against policies,

objectives and requirements for the product and report the results.
Act: take actions to continually improve process performance.
• The core elements of a management system and the interrelationship

between top management responsibility, policy, objectives, planning,
implementation, measurement, review and continuous improvement.
The core elements of Management System:
1. Policy. The top management is responsible for;
• implementing the policy

• providing input to the formulation and modification of the policy
• communicating the policy to all persons working make policy available
to the public.
Policy is the statement of commitment of the organization to conform to

quality management system and comply to legal and other requirements,
an evidence an auditor needs to assess if adequately met.
FROF

Page: 23 of 135
Objectives. The top management is responsible for establishing,

implementing, maintaining and documenting at relevant functions and
levels, measurable and practicable and consistent with the policy.
2. Planning
In fulfilling the organization's policy, the top management plans the

establishment, implementation and maintenance of its management
system. Being the core of an effective management system, audit seeks
evidence in these processes.
3. Implementation
Top Management is responsible in the implementation of its commitment

to improve management performance stated in the policy.
4. Checking of performance - measurement
The top management is responsible in checking of performance that

indicates effective implementation of the management system.
5. Management Review
An organization's top management is responsible to determines, conduct a

review of its environmental management system to evaluate the system's
continuing suitability, adequacy and effectiveness at planned intervals.
7. Continual improvement
The top management is responsible for continually evaluating its

management system performance and management system processes to
identify opportunities for improvement. Top management is involved
directly in this evaluation through the management review process.
b) Quality management
• The fundamental concepts and the seven quality management principles:
ISO 9001 described in this quality management concepts and principles gives
the organization the capacity to meet challenges presented by an environment
that is profoundly different from recent decades. The context in which an
organization works today is characterized by accelerated change,
globalization of markets and the emergence of knowledge as a principal
resource. The impact of quality extends beyond customer satisfaction: it can
also have a direct impact on the organization’s reputation.
Fundamental concept;
FROF

Page: 24 of 135
1. Quality
An organization:
• focused on quality promotes a culture that results in the behavior,

attitudes, activities and processes that deliver value through fulfilling the
needs and expectations of customers and other relevant interested
parties,
• quality products and services is determined by the ability to satisfy
customers and the intended and unintended impact on relevant
interested parties.
• quality of products and services includes not only their intended function
and performance, but also their perceived value and benefit to the
customer.
2. Quality management system
A QMS:
• comprises activities by which the organization identifies its objectives
and determines the processes and resources required to achieve
desired results and to provide value and realize results for relevant
interested parties.
• provides the means to identify actions to address intended and
unintended consequences in providing products and services.
• enables top management to optimize the use of resources
3. Context of an organization
The context of organization is a process that determines factors which
• influence the organization’s purpose, objectives and sustainability,

• considers values, culture, knowledge and performance
• legal, technological, competitive, market, cultural, social and economic
environments.
Examples of the ways in which an organization’s purpose can be

expressed include its vision, mission, policies and objectives.
4. Interested parties
The concept of interested parties extends beyond a focus solely on the

customer and all relevant interested parties.
Part of the process for understanding the context of the organization is to;
• identify its interested parties especially those that provide significant

risk to organizational sustainability if their needs and expectations are
not met.
• define what results are necessary to deliver to those relevant
FROF

Page: 25 of 135
interested parties to reduce that risk.

• attract, capture and retain the support of the relevant interested parties
they depend upon for their success.
5. Support
Top management support of the QMS and engagement of people enables:
• provision of adequate human and other resources;

• monitoring processes and results;
• determining and evaluating of risks and opportunities;
• implementing appropriate actions.
Responsible acquisition, deployment, maintenance, enhancement and

disposal of resources support the organization in achieving its objectives.
• Seven Quality management principles
1. Customer focus - primary focus of quality management is to meet

customer requirements and to strive to exceed customer expectations.
2. Leadership - at all levels establish unity of purpose and direction and
create conditions in which people are engaged in achieving the
organization’s quality objectives.
3. Engagement of people - Competent, empowered and engaged people at
all levels throughout the organization are essential to enhance the
organization’s capability to create and deliver value.
4. Process approach - Consistent and predictable results are achieved
more effectively and efficiently when activities are understood and
managed as interrelated processes that function as a coherent system.
5. Improvement - is essential for an organization to maintain current levels
of performance, to react to changes in its internal and external conditions
and to create new opportunities.
6. Evidence-based decision making - Decisions based on the analysis and
valuation of data and information often involves multiple types and sources
of inputs, as well as their interpretation that leads to greater objectivity and
confidence in decision making.
7. Relationship management - For sustained success, organizations
manage their relationships with interested parties that influence the
performance of an organization to optimize their impact on its
performance.
Reference: ISO 9000:2015
FROF

Page: 26 of 135
• The relationship between quality management and customer satisfaction.
ORGANIZATION
Management System customer satisfaction
c) ISO 9001
Knowledge of the requirements of ISO 9001 and the commonly used quality
management terms and definitions, as given in ISO 9000, which may be gained by
completing an IRCA Certified QMS Foundation Training course or equivalent.
Quality management enhances customer satisfaction through the effective application

of the system, including processes for continual improvement of the system and the
assurance of conformity to customer and applicable statutory and regulatory
requirements.
BREAK 1000 – 1010
SESSION 3:
UNDERSTANDING QUALITY MANAGEMENT SYSTEMS 1010 – 1050
SCOPE
ISO 9001 specifies requirements for a quality management system where an

organization:
a. needs to demonstrate its ability to consistently provide product that meets

customer and applicable statutory and regulatory requirements, and
b. aims to enhance customer satisfaction through the effective application of the

system, including processes for continual improvement of the system and the
FROF

Page: 27 of 135
assurance of conformity to customer and applicable statutory and regulatory

requirements.
APPLICATION
All requirements of ISO 9001 are generic and are intended to be applicable to all
organizations, regardless of type, size and product provided.
The following documents, in whole or in part, are normatively referenced in this

document and are indispensable for its application. For dated references, only the
edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies. ISO 9000:2015, Quality management
systems — Fundamentals and vocabulary
NEW HIGH LEVEL STRUCTURE OF ISO 9001:2015
Annex SL
Annex SL is the standard that defines the new high level structure for all ISO
management systems standards.
WHAT IS ANNEX SL?
Annex SL provides the new high level structure for ISO management systems
standards - it replaces the historical ISO Guide 83 and expands on the base structure
already implemented.
It has been created to introduce identical core text and common terms and
definitions. This will:
● streamline standards
● encourage standardization
● ease the integration of management systems
NEW HIGH LEVEL STRUCTURE OF CLAUSES
The numbered list below is the replica of the numbered sections of the high level
structure - the specific requirements of each management standard will be found
within these sections.
Clause 1 Scope
Clause 2 Normative Reference
Clause 3 Terms And Definitions
Clause 4 Context Of The Organization
Clause 5 Leadership
Clause 6 Planning
Clause 7 Support
FROF

Page: 28 of 135
Clause 8 Operation
Clause 9 Performance Evaluation
Clause 10 Improvement
PRACTICAL IMPLICATIONS
Annex SL will only affect future management systems standards - for example ISO
9001:2008 will not be affected, but the new ISO 9001:2015 will follow the structure,
core text and definitions of Annex SL.
What are the main changes to the standard?
• The standard is rewritten according to the HLS (High Level Structure)

• Risk management becomes a foundation of the standard
• Leadership
• A standard purposely open to the service industry
• No more quality manual?!
• Importance given to the context surrounding the certified organization and to its
stakeholders
• Knowledge is a resource like any other
TERMS & DEFINITION as commonly used in Quality Management System
For the purposes of this document, the terms and definitions given in ISO 9000 apply.
quality
degree to which a set of inherent characteristics of an object fulfills requirements
quality management system

management system to direct and control an organization with regard to quality
quality objective
something sought, or aimed for, related to quality
quality planning
part of quality management focused on setting quality objectives and specifying
necessary operational processes and related resources to fulfill the quality objectives
improvement
activity to enhance performance
quality improvement
part of quality management focused on increasing the ability to fulfill quality
requirements
continual improvement
recurring activity to increase the ability to fulfill requirements
FROF

Page: 29 of 135
effectiveness
extent to which planned activities are realized and planned results achieved
efficiency
relationship between the result achieved and the resources used
organization
person or group of people that has its own functions with responsibilities, authorities
and relationships to achieve its objectives
context of the organization

combination of internal and external issues that can have an effect on an
organization’s approach to developing and achieving its objectives.
interested party
stakeholder, person or organization that can affect, be affected by, or perceive itself
to be affected by a decision or activity.
EXAMPLE: Customers, owners, people in an organization, providers, bankers,
regulators, unions, partners or society that can include competitors or opposing
pressure groups.
customer
person or organization that could or does receive a product or a service that is
intended for or required by this person or organization.
EXAMPLE Consumer, client, end-user, retailer, receiver of product or service from an
internal process, beneficiary and purchaser.
provider
supplier or organization that provides a product or a service
quality management system realization

process of establishing, documenting, implementing, maintaining and continually
improving a quality management system.
SOURCE: ISO 10019:2005,
competence acquisition
process of attaining
procedure
specified way to carry out an activity or a process (
outsource
make an arrangement where an external organization performs part of an
organization’s function or process
audit
Systematic, independent and documented process for obtaining audit evidence and
FROF

Page: 30 of 135
evaluating it objectively to determine the extent to which audit criteria are fulfilled.
audit evidence
records, statements of fact or other information which are relevant to the audit criteria
and verifiable.
audit conclusion
outcome of an audit provided by the audit team after consideration of the audit
objectives and all audit findings
audit trail
a systematic approach to collecting evidence based on specific samples that the
output of a series of interrelated processes meets expected outcomes
All commonly used terms in the Quality Management System are defined and
referred in the ISO 9000 standard.
FROF

Page: 31 of 135
MANAGEMENT SYSTEM
Organizations of all sizes need to manage risk, meet customer and societal demands,
satisfy legislative requirements, and all in a world where change in those requirements
is the only constant. The business management system is the way that successful
organizations meet these challenges and ensures they set out principled programs of
change and improvement to address risk and opportunity.
ISO 9000 defines a management system as a 'set of interrelated or interacting

elements of an organization to establish policies and objectives and processes to
achieve those objectives,.
QUALITY MANAGEMENT SYSTEM
Quality Management System is part of the organization’s management system that

focuses on the achievement of quality objective to satisfy the needs, expectations and
requirements of customer.
Quality management systems can assist organizations in enhancing customer

satisfaction.
The potential benefits to an organization of implementing a quality management

system based on this International Standard are:
a) the ability to consistently provide products and services that meet customer and
applicable statutory and regulatory requirements;
b) facilitating opportunities to enhance customer satisfaction;
c) addressing risks and opportunities associated with its context and objectives;
d) the ability to demonstrate conformity to specified quality management system
requirements.
The purpose of implementing quality management system in the organization:
● approach encourages organizations to analyses customer requirements, define

the processes that contribute to the achievement of a product which is acceptable
to the customer, and keep these processes under control.
● It provides the framework for continual improvement to increase the probability of
enhancing customer satisfaction and the satisfaction of other interested parties
● It provides confidence to the organization and its customers that it is able to
provide products that consistently fulfill requirements. Reference: ISO 9000:2005
The organization continually improves the effectiveness of the established quality

management system based on ISO 9001 Standard’s requirements to;
● determine the processes needed for the quality management system and their
application throughout the organization
FROF

Page: 32 of 135
● determine the sequence and interaction of these processes,

● determine criteria and methods needed to ensure that both the operation and
control of these processes are effective,
● ensure the availability of resources and information necessary to support the
operation and monitoring of these processes,
● monitor, measure where applicable, and analyses these processes, and
● implement actions necessary to achieve planned results and continual
improvement of these processes.
Business benefits of continually improved Quality Management System:
1. Error Reduction
Continuous quality improvement can reduce the number errors your business
makes. Defective products and mistakes made when providing services are
examples of errors that can be costly. Because small companies cannot produce
goods and services in mass like larger companies, errors can be especially costly.
Focusing on continuously identifying potential sources of errors and fixing them
can avoid problems that might otherwise crop up over time.
2. Increased Adaptability
A philosophy of continuous quality improvement can make a business better

equipped to adapt to changes in an industry, take advantage of opportunities and
avoid threats. Processes in a company pursuing continuous quality improvement
continually undergo incremental changes. Companies used to continually
implementing changes are better equipped to adapt their businesses to changing
markets than those that employ rigid processes, such companies engaged in mass
production.
3. Increased Productivity
Continuous quality improvement can result in hiccups in productivity in the short

term as businesses implement better processes, but it can lead to increased
productivity in the long term. For example, a small business that revises its
production processes might have to shut down production for a day to implement
the improvements, resulting in a day of lost production. After the changes take
effect, though, the company might have fewer production slowdowns and higher
productivity.
4. Improved Morale
Continuous quality improvement focuses on improving business processes as a

means to improve a company rather than blaming workers for sources of
inefficiency. According to the Louisiana Department of Children & Family Services,
one of of the main benefits of continuous quality improvement is that it can improve
staff morale. Workers with high morale tend to be more productive and less likely
to quit their jobs than workers with low morale. Reducing turnover is especially
important for small business because owners must often recruit and train new
FROF

Page: 33 of 135
workers themselves.
ISO 9001 STANDARD
Purpose of ISO 9001 Standard is to;
• Provide work performance consistency

• Enable the discovery of causes of poor performance
• Stress the process approach
• Define goals and objectives for quality
• Provide benchmarks to measure improvements
Benefits of International Standards
International Standards bring technological, economic and societal benefits. They help
to harmonize technical specifications of products and services making industry more
efficient and breaking down barriers to international trade. Conformity to International
Standards helps reassure consumers that products are safe, efficient and good for the
environment.
Using standards can provide a number of key benefits to an organization:
● Improved business performance

Using standards ensures all business processes are integrated and aligned with
the business strategies of the organization. Used as a business management tool,
this will improve performance, remove complexity, drive real value and embed
continual improvement.
● Improved risk and opportunity management
The requirements to identify risks and opportunities affecting an organization
ensures they are managed more effectively thereby improving operational
efficiency, reducing duplication, saving both time and money.
● Enhanced reputation
Adopting a standard sends a clear message to existing and prospective customers
that the organization is taking a leading, innovative and proactive approach to
managing the business.
● Increased efficiency
By providing a robust framework and focus, standards can increase operational
efficiency, reducing expensive mistakes thereby saving time and money.
● Increased engagement
By adopting a management system, an organization can ensure all employees are
working to common goals driven from the business strategy.
● Improved integration
The new common structure for all management system standards will ensure that
integration of more than one system will be smoother, without investing a lot of
FROF

Page: 34 of 135
extra time and money.
For business, International Standard:
• strategic tools and guidelines to help companies tackle some of the most
demanding challenges of modern business.
• ensures that business operations are as efficient as possible,
• increase productivity and
• help companies access new markets.
Exercise no. 1 - E1D1S3 Group exercise: 1050 – 1110
Discussion and feedback 1110 – 1115
Continuous Assessment – 1115 – 1210

Exercise 1: Understanding Quality Management System
Discussion and Feedback 1210 – 1215
LUNCH 1215 – 1300
FROF

Page: 35 of 135
SESSION 4:
ISO 9001 PDCA 1300 – 1330
ISO 9001 promotes the adoption of a process approach when developing,

implementing and improving the effectiveness of a quality management system:
• to enhance customer satisfaction by meeting customer requirements.

• to achieve the intended results in accordance with the quality policy and strategic
direction of the organization
Understanding and managing interrelated processes as a system contributes to the

organization’s effectiveness and efficiency in achieving its intended results.
This approach:
• enables the organization to control the interrelationships and interdependencies

among the processes of the system, so that the overall performance of the
organization can be enhanced.
• involves the systematic definition and management of processes, and their
interactions, so as to achieve the intended results in accordance with the quality
policy and strategic direction of the organization.
Management of the processes and the system as a whole can be achieved using the
PDCA cycle with an overall focus on risk-based thinking aimed at taking advantage of
opportunities and preventing undesirable results.
The PDCA cycle enables an organization to ensure that its processes are adequately
resourced and managed, and that opportunities for improvement are determined and
acted on.
The application of the process approach in a quality management system enables:
understanding and consistency in meeting requirements;

the consideration of processes in terms of added value;
the achievement of effective process performance;
improvement of processes based on evaluation of data and information.
The PDCA cycle can be briefly described as follows:
Plan: establish the objectives of the system and its processes, and the resources
needed to deliver results in accordance with customers’ requirements and
the organization’s policies;
Do: implement what was planned;
Check: monitor and (where applicable) measure processes and the resulting
products and services against policies, objectives and requirements and
FROF

Page: 36 of 135
report the results;

Act: take actions to improve performance, as necessary.
PDCA Cycle of Quality Management System Processes:
ISO 9001 employs the process approach, which incorporates the Plan-Do-Check-Act
(PDCA) cycle and risk-based thinking.
The PDCA cycle enables an organization to ensure that its processes are adequately
resourced and managed, and that opportunity for improvement are determined and
acted on.
The Quality Management System processes in PDCA Cycle:
1. Context of the organization:
• Understanding the organization and its context to determine external and

internal issues that are relevant to its purpose and its strategic direction and
that affect its ability to achieve the intended result(s) of its quality management
system.
• Understanding the needs and expectations of interested parties to determine
their effect or potential effect on the organization’s ability to consistently
provide products and services that meet customer and applicable statutory
and regulatory requirements.
• Determining the scope of the quality management system, the boundaries and
applicability of the quality management system to establish its scope.
• Quality management system and its processes are established, implemented,
maintained and continually improved including the processes needed and
their interactions, in accordance with the requirements of this International
Standard.
2. Leadership
• Leadership and commitment of top management to demonstrate leadership

and commitment with respect to the quality management system.
FROF

Page: 37 of 135
• Policy - Top management establish, implement and maintain a quality policy

that is appropriate to the purpose and context of the organization and
supports its strategic direction.
• Organizational roles, responsibilities and authorities - Top management
ensures that the responsibilities and authorities for relevant roles are
assigned, communicated and understood within the organization.
3. PDCA Cycle:
Plan: Planning
• Actions to address risks and opportunities

• Quality objectives and planning to achieve them
• Planning of changes
Do: Support & Operation
• Resources
• Competence
• Awareness
• Communication
• Documented information
• Operational planning and control
• Requirement for product and services
• Design and development of products and services
• Control of externally provided processes, products and services
• Production and service provision
• Release of products and services
• Control of nonconforming outputs
Check: Performance Evaluation
• Monitoring, measurement, analysis and evaluation

• Internal Audit
• Management Review
Act: Improvement
• General
• Nonconformity and corrective action
• Continual Improvement
FROF

Page: 38 of 135
Exercise 2 - (E2D1S4) Group Exercise: 1330 - 1350
QUALITY MANAGEMENT SYSTEM PROCESSES: 1355 - 1425
Quality management system and its processes
The organization establish, implement, maintain and continually improve a quality

management system, including the processes needed and their interactions, in
accordance with the requirements of this International Standard.
The organization determines the processes needed for the quality management
system and their application throughout the organization, and:
determines the inputs required and the outputs expected from these processes;
determines the sequence and interaction of these processes;
determines and apply the criteria and methods needed to ensure the effective
operation and control of these processes;
determine the resources needed for these processes and ensure their availability;
assign the responsibilities and authorities for these processes;
address the risks and opportunities as determined in accordance with the
requirements of 6.1;
evaluate these processes and implement any changes needed to ensure that
these processes achieve their intended results;
improves the processes and the quality management system.
To the extent necessary, the organization:
maintains documented information to support the operation of its processes;

retains documented information to have confidence that the processes are being
carried
To improve the quality management system, the

the organization needs to establish,
implement and maintain the following requirements of the standard:
FROF

Page: 39 of 135
1. a quality policy that:
is appropriate to the purpose and context of the organization and supports its
strategic direction;
provides a framework for setting quality objectives;
includes a commitment to satisfy applicable requirements;
includes a commitment to continual improvement of the quality management
system.
2. quality objectives that are:
consistent with the quality policy;

measurable;
take into account applicable requirements;
relevant to conformity of products and services and to enhancement of
customer satisfaction;
monitored, communicated and updated as appropriate.
3. Support
• Resources are determined and provided for the establishment,

implementation, maintenance and continual improvement of the quality
management system
• People are determined and provided necessary for the effective
implementation of its quality management system and for the operation and
control of its processes.
4. an audit program(s) including the frequency, methods, responsibilities, planning

requirements and reporting, which shall take into consideration the importance of
the processes concerned and changes affecting the organization.
Implementation of Quality Management System
● Obtain a copy of the ISO 9001 Standard

● Designate a senior person to oversee development of the QMS
● Evaluate the adequacy of existing quality procedures
● Prepares and publishes the Quality Policy, Quality Objectives, and Action Plan
● Promote leadership by creating and sustaining employee awareness and
motivation
● Assess organizational structure
● Develop Documented Information with regards to processes
● Prepare and publish the Quality Manual
● Launch the QMS and continually audit and improve it.
● Establish review mechanisms
● Establish corrective as well as preventive action systems
● Select and hire a recognized and respected certification body.
FROF

Page: 40 of 135
The following QMS processes needed to establish, implement and maintain as

required by the standard. These are the key elements of an audit process that
auditors need to validate and verify for adequacy.
1. Operational planning and control
The organization plan, implement and control the processes needed to meet the
requirements for the provision of products and services, and to implement the
actions determined in Planning requirement of the standard, by:
determining the requirements for the products and services;

establishing criteria for:
− the processes;
− the acceptance of products and services;
• determining the resources needed to achieve conformity to the product and
service requirements;
• implementing control of the processes in accordance with the criteria;
• determining and keeping documented information to the extent necessary:
2. Design and development process that is appropriate to ensure the subsequent

provision of products and services.
3. Control of production and service provision
The organization implements production and service provision under controlled

conditions. Controlled conditions shall include, as applicable:
the availability of documented information:

the availability and use of suitable monitoring and measuring resources;
the implementation of monitoring and measurement activities at appropriate
stages;
the use of suitable infrastructure and environment for the operation of
processes;
the appointment of competent persons, including any required qualification;
the validation and periodic revalidation of the ability to achieve planned results
of the processes for production and service provision;
the implementation of actions to prevent human error;
the implementation of release, delivery and post-delivery activities.
4. Release of products and services
The organization implements planned arrangements for the release of products

and services to the customer, at appropriate stages, to verify that the product and
service requirements have been met and satisfactorily completed.
FROF

Page: 41 of 135
5. Internal audit
The organization conducts internal audits at planned intervals to provide

information on whether the quality management system:
conforms to:
− the organization’s own requirements for its quality management system;
− the requirements of this International Standard;
• is effectively implemented and maintained.
6. Improvement
The organization determines and selects opportunities for improvement and

implements any necessary actions to meet customer requirements and enhance
customer satisfaction.
The QMS requirements necessary for the operation of its processes and to achieve
conformity of products and services
1. Support
• People
• Infrastructure
• Environment for the operations of processes
2. Organizational knowledge
The following QMS processes needed to monitor, measure, analyze and

evaluate as required by the standard. These processes indicated conformance
of the organization’s quality management system that auditors need to verify.
1. Performance evaluation - monitored, measured, analyzed and evaluated:
what needs to be monitored and measured;

the methods for monitoring, measurement, analysis and evaluation needed to
ensure valid results;
when the monitoring and measuring shall be performed;
when the results from monitoring and measurement shall be analyzed and
evaluated.
The organization evaluates the performance and the effectiveness of the quality
management system.
2. Customer satisfaction - monitor customers’ perceptions of the degree to which

their needs and expectations have been fulfilled.
FROF

Page: 42 of 135
The organization shall d. The organization shall determine the methods for
obtaining, monitoring and reviewing this information.
3. Analysis and evaluation - appropriate data and information arising from

monitoring and measurement.
4. Nonconformity and corrective action – analyze the action when nonconformity

occur to eliminate its cause(s), in order that it does not recur or occur elsewhere.
The QMS process needed to review as required by the standard. This process
provides objective evidence of the organization’s commitment to conform with
the quality management system requirements.
1. Management review
Top management reviews the organization’s quality management system, at

planned intervals, to ensure its continuing suitability, adequacy, effectiveness and
alignment with the strategic direction of the organization.
2. Customer satisfaction - customers’ perceptions information are reviewed.
3. Nonconformity and corrective action – review the action when nonconformity

occur to eliminate its cause(s), in order that it does not recur or occur elsewhere
and the effectiveness of the corrective action taken.
The organization improves QMS by this process:
Continual improvement for the suitability, adequacy and effectiveness of the quality
management system by consider the results of;
• analysis and evaluation, and

• the outputs from management review, to determine if there are needs or
opportunities that shall be addressed as part of continual improvement.
FROF

Page: 43 of 135
BREAK 1425 – 1435
Documented Information 1435 – 1455
ISO 9000:2015 defines documented information as “information required to be

controlled and maintained by an organization and the medium on which it is
contained.
Documentation enables communication of intent and consistency of action. Its use

contributes to;
● achievement of conformity to customer requirements and quality improvement,

● provision of appropriate training,
● repeatability and traceability,
● provision of objective evidence, and
● evaluation of the effectiveness and continuing suitability of QMS.
Documentation requirements by the standard.
● documented statements of a quality policy and quality objectives,

● documented information required by this International Standard,
● documents determined by the organization to be necessary to ensure the
effective planning, operation and control of its processes.
When creating and updating documented information, the organization ensures

appropriate:
identification and description (e.g. a title, date, author, or reference number);

format (e.g. language, software version, graphics) and media (e.g. paper,
electronic);
review and approval for suitability and adequacy.
FROF

Page: 44 of 135
Documented information required by the quality management system and by this

International Standard are controlled to ensure:
it is available and suitable for use, where and when it is needed;

it is adequately protected (e.g. from loss of confidentiality, improper use, or loss of
integrity).
The control of documented information applies to:
distribution, access, retrieval and use;

storage and preservation, including preservation of legibility;
control of changes (e.g. version control);
retention and disposition.
Documented information:
• of external origin determined by the organization to be necessary for the planning and
operation of the quality management system are identified as appropriate, and
controlled.
• Are retained as evidence of conformity and protected from unintended alterations.
Exercise 3 – E3D1S4: Group Activity: DOCUMENTED INFORMATION 1455 – 1525
FROF

Page: 45 of 135
Continuous Assessment 1530 – 1625

Exercise 2: Quality Management System Process
Consolidation of the learning objective in day 1 1630 –1700

Assignment; Answer Section 1 of the Specimen Examination .
FROF

Page: 46 of 135
FROF

Page: 47 of 135
DAY 2
FROF

Page: 48 of 135
SESSION 5:
Review of day 1 - discussion / concerns 0800 – 0830
Day 1 consolidation quiz discussion
Specimen Examination – section 1 assignment discussion
Types of Audit 0830 – 0845
ISO 19011 International Standard provides guidance for organization’s “internal

audits” (first party) and “audits conducted by customers on their suppliers” (second
party). While those involved in management system certification audits follow the
requirements of ISO/IEC 17021-1:2015,
The relationship between ISO 19011 International Standard and ISO/IEC 17021-
1:2015
Audits are;
1. Internal audits or First-party audits - are conducted by the organization for

management review and other internal purposes, and may form the basis for an
organization’s declaration of conformity
2. External audits are;
• Second-party audits are conducted by parties having an interest in the

organization, such as customers or by other persons on their behalf.
• Third-party audits are conducted by external, independent auditing
organizations, such as those providing certification/registration of conformity to
ISO 9001 or ISO 14001.
There are three types of audit:
1. First party audits

Audits conducted by an organization’s own personnel (internal audits) and mainly
directed at improving the management system, and checking compliance of the
organization’s employee’s work practices and procedures. A properly conducted
internal audit program is recognized as an effective management tool.
2. Second party audits

Audits conducted of a supplier’s or contractor’s management system by a customer
(external audit). This type of audit is often used to establish how the customer’s
contract is being handled by an organization.
FROF

Page: 49 of 135
3. Third party audits

Audits conducted for certification purposes, usually by certification bodies accredited
by an International Accreditation Body. Certificates issued by accredited certification
bodies are recognized by international trading groups. This means that certified
organization have better access to markets globally, and that their customers are
provided with a level of confidence in their suppliers’ capability to meet requirements.
Certification of management systems (named in this International Standard

“certification”) is a third-party conformity assessment activity.
The overall aim of certification is to give confidence to all parties that a management
system fulfills specified requirements. The value of certification is the degree of public
confidence and trust that is established by an impartial and competent assessment by
a third-party.
Business management system audit provides the following benefits:
1. Value for the users and stakeholders who rely on management systems
certification to establish if the client organization’s management system can
consistently meet customer and applicable regulatory requirements
2. Value for the auditee by:
• Providing management with information regarding the organization’s ability to

meet its management system related business objectives
• Identifying problems that may prevent the client from meeting its management
system related business objectives
• Identifying meaningful opportunities for improvement and areas of risk that are
not identified or managed.
Audits are used to determine the extent to which the quality management system
requirements are fulfilled. Audit findings are used to assess the effectiveness of the
quality management system and to identify opportunities for improvement.
FROF

Page: 50 of 135
E4D1S5 - Individual exercise: 0845 – 0910
Certification, accreditation and 3rd party audit & its benefits 0915 - 0930
Certification of a management system, such as a quality or environmental

management system of an organization is one means of providing assurance that the
organization has implemented a system for the management of the relevant aspects
of its activities, in line with its policy.
Certification of a management system provides independent demonstration

demonstration that the
management system of the organization:
• conforms to specified requirements,

• is capable of consistently achieving its stated policy and objectives, and
• is effectively implemented.
Accreditation is a formal, third party recognition of competence to perform specific

tasks. It provides a means to identify a proven, competent evaluator who can
demonstrate to its customer that it has been successful at meeting the requirements
of international accreditation standards.
Usually the reason for getting something independently evaluated is to confirm it

meets specific requirements in order to reduce risks, examples are product failure,
health risks, company reputation or to meet legal or customer requirements. Anything
or anyone can be evaluated - products, equipment, people, management systems or
organizations.
Accreditation means that evaluators: testing and calibration laboratories, inspection

and certification bodies have been assessed against internationally recognized
standards to demonstrate their competence, impartiality and performance capability.
Reference: www.ukas.com
The benefit of third party certification to organization;
FROF

Page: 51 of 135
• Demonstrate compliance with national or international standards and regul

regulations
ations
• Demonstrate independent validation and verification of their commitment to safety
and quality.
• Increase credibility and acceptance with retailers, consumers and regulators
• Benefit from enhanced product quality and safety. Reference: www.nsf.org
Exercise 5 – E5D2S5 - Group Activity: 0930 – 0945
BREAK 0950 – 1000
SESSION 6:
Audit Process 1000 – 1100
Audit activity is an opportunity to obtain:
• Initial Contact – feasibility of an audit.

• Pre-Assessment Visit – information of nature of business, physical layout…
• Document Review – document adequacy and pursuing stage 2 audit
• Initial Preparation – audit plan and other work documents
• Development Of Schedule – arranged schedule of activities to be audited.
FROF

Page: 52 of 135
• Communication – updated information of the ongoing audit with the auditee.

• Detailed Planning – step by step activities of the audit
• The On-Site Audit - opening meeting, audit, evaluate results and closing meeting
progress.
• Formal Report – audit findings and recommendation
• Corrective Action – information if management system is monitored and checked
for conformance.
• Follow-Up And Surveillance – information on the continual improvement of the
management system’s established.
The similarity between first, second and third party audit is that:
First, second and third party audits are conducted with the same purpose, to confirm
the effectiveness of the management system or to obtain information for the
improvement of the management system.
The difference:
First party audits or internal audits are conducted by the organization itself, or on its
behalf, for management review and other internal purposes.
Second party audits are conducted by parties having an interest in the organization,
such as customers, or by other persons on their behalf.
Third party audits are conducted by independent auditing organizations, such as

regulators or those providing certification.
The ISO 19011 Standard provides guidance on auditing management systems, they
are:
1. Apply principles of auditing,

2. Managing an audit program and conducting management system audits,
3. The evaluation of competence of individuals involved in the audit process,
including the person managing the audit program, auditors and audit teams.
PRINCIPLES OF AUDITING
a) Integrity: the foundation of professionalism
Auditors and the person managing an audit program should:

• work with honesty, diligence, and responsibility;
• comply with any applicable legal requirements;
• demonstrate their competence while performing their work;
• remain fair and unbiased in all their dealings;
FROF

Page: 53 of 135
• be sensitive to any influences that may be exerted on their judgment while

carrying out an audit.
b) Fair presentation: the obligation to report truthfully and accurately. Audit findings,
audit conclusions and audit reports should reflect truthfully and accurately the audit
activities.
c) Due professional care: the application of diligence and judgement in auditing

auditing..
Auditors should exercise due care in the task they perform.
d) Confidentiality: security of information. Auditors should exercise discretion in the

use and protection of information acquired in the course of their duties.
e) Independence: the basis for the impartiality of the audit and objectivity of the audit
conclusions. Auditors should be indepe
independent
ndent of the activity being audited wherever
practicable, and should in all cases act in a manner that is free from bias and conflict
of interest.
f) Evidence-based approach: the rational method for reaching reliable and

reproducible audit conclusions in a systematic audit process
Audit evidence should be verifiable. It will in general be based on samples of the

information available, since an audit is conducted during a finite period of time and
with finite resources. An appropriate use of sampling should be applied, since this is
closely related to the confidence that can be placed in the audit conclusions.
FROF

Page: 54 of 135
MANAGING AUDIT PROGRAM AND CONDUCTING MANAGEMENT SYSTEM

AUDIT
Audit program is part of the preparation of the audit process. Programs established for;
• objectives for the audit program and individual audits;

• extent/number/types/duration/locations/schedule of the audits;
• audit program procedures;
• audit criteria;
• audit methods;
• selection of audit teams;
• necessary resources, including travel and accommodation;
• processes for handling confidentiality, information security, health and safety, and
other similar matters.
Determining the objectives, scope and criteria for an individual audit
Each individual audit should be based on documented audit objectives, scope and
criteria. These should be defined by the person managing the audit program and be
consistent with the overall audit program objectives.
The audit objectives determines the;
• extent of conformity of the management system to be audited with audit criteria;

• extent of conformity of activities, processes and products with the requirements
and procedures of the management system;
• capability of the management system to ensure compliance with legal and
contractual requirements and other requirements to which the organization is
committed;
• effectiveness of the management system in meeting its specified objectives;
• the areas for potential improvement of the management system.
The audit scope is consistently stated in audit program and audit objectives, such as;
• locations,
• organizational units,
• activities and processes to be audited, as well as the
• time period covered by the audit.
The audit criteria as reference against which conformity can be;
• policies,
• procedures,
FROF

Page: 55 of 135
• standards,
• legal requirements,
• management system requirements,
• contractual requirements,
• sector codes of conduct or other planned arrangements.
In the event of any changes to the audit objectives, scope or criteria, the audit program
are modified if necessary.
Identifying audit resources
When identifying resources, consider the following:
• the financial resources necessary to develop, implement, manage and improve

audit activities;
• audit methods;
• the availability of auditors and technical experts having competence appropriate to
the particular audit program objectives;
• the extent of the audit program and audit program risks;
• travelling time and cost, accommodation and other auditing needs;
• the availability of information and communication technologies.
COMPETENCE OF INDIVIDUALS INVOLVED IN THE AUDIT PROCESS
Confidence in the audit process and the ability to achieve its objectives depends on
the competence of those individuals who are involved in planning and conducting
audits, including auditors and audit team leaders.
Competence are evaluated through a process that considers personal behavior and
the ability to apply the knowledge and skills gained through education, work
experience, auditor training and audit experience.
Selecting the audit team members
The person managing the audit program appoints the members of the audit team,
including the team leader, any technical experts needed for the specific audit the
FROF

Page: 56 of 135
responsibility for auditing specific processes, activities, functions or locations.
It is important to take into account the independence and competence of auditors and
the effective use of resources, as well as different roles and responsibilities of auditors,
auditors-in-training and technical experts in order to ensure the achievement of the
audit objectives.
The composition of the audit team are determined according to:
• the competence of the audit team needed to achieve audit objectives, taking into
account audit scope and criteria;
• complexity of the audit;
• the audit methods;
• legal and contractual requirements;
• the need to ensure the independence of the audit team members from the
activities to be audited and to avoid any conflict of interest ;
• the ability of the audit team members to interact effectively with the representatives
of the auditee and to work together;
• the language of the audit, and the auditee’s social and cultural characteristics.
Personnel involved in the certification activities must have sufficient competence

for managing the type and range of audit programs and other certification work
performed. Referenced: ISO 17021.
Knowledge and skills of management system auditors:
a) Audit principles, procedures and methods:
• apply audit principles, procedures, and methods;

• plan and organize the work effectively;
• conduct the audit within the agreed time schedule;
• prioritize and focus on matters of significance;
• collect information through effective interviewing, listening, observing and
reviewing documents, records and data;
• understand and consider the experts’ opinions;
• understand the appropriateness and consequences of using sampling techniques
for auditing;
• verify the relevance and accuracy of collected information;
• confirm the sufficiency and appropriateness of audit evidence to support audit
findings and conclusions;
• assess those factors that may affect the reliability of the audit findings and
conclusions;
• use work documents to record audit activities;
• document audit findings and prepare appropriate audit reports;
FROF

Page: 57 of 135
• maintain the confidentiality and security of information, data, documents and

records;
• communicate effectively, orally and in writing (either personally, or through the use
of interpreters and translators);
• understand the types of risks associated with auditing.
b) Management system and reference documents: to comprehend the audit scope

and apply audit criteria, and should cover the following:
• management system standards or other documents used as audit criteria;

• the application of management system standards by the auditee and other
organizations, as appropriate;
• interaction between the components of the management system;
• recognizing the hierarchy of reference documents;
• application of the reference documents to different audit situations.
c) Organizational context: to comprehend the auditee’s structure, business and

management practices, and should cover the following:
• organizational types, governance, size, structure, functions and relationships;

• planning, budgeting and management of personnel;
• cultural and social aspects of the auditee.
d) Applicable legal and contractual requirements and other requirements that

apply to the auditee:
• laws and regulations and their governing agencies;

• basic legal terminology;
• contracting and liability.
Knowledge and skills of auditors of quality management system in;
• terminology relating to quality, management, organization, process and product,

characteristics, conformity, documentation, audit and measurement processes;
• customer focus, customer-related processes, monitoring and measuring of
customer satisfaction, complaints handling, code of conduct, dispute resolution;
• leadership – role of top management in managing for the sustained success of an
organization in quality management systems;
• involvement of people, human factors, competence, training and awareness;
• process approach, process analysis, capability and control techniques, risk
treatment methods;
• system approach to management, types and value, projects, quality plans,
configuration management;
• continual improvement, innovation and learning;
• factual approach to decision making, risk assessment, evaluation of quality
FROF

Page: 58 of 135
management, measurement and monitoring , root cause analysis, statistical

techniques;
• characteristics of processes and products, including services;
• mutually beneficial supplier relationships, quality management system
requirements and requirements for products, particular requirements for quality
management in different sectors.
Reference: A.4 Illustrative example of discipline-specific knowledge and skills of

auditors in quality management. ISO 19011:2011.
Auditors-in-training may be included in the audit team, but should participate under the
direction and guidance of an auditor.
Selecting the audit methods
The person managing the audit program selects and determines the methods for
effectively conducting an audit, depending on the audit objectives, scope and criteria.
Applying audit methods
An audit can be performed using a range of audit methods. The audit methods chosen
for an audit depend on the defined audit objectives, scope and criteria, as well as
duration and location. Applying a variety and combination of different audit methods
can optimize the efficiency and effectiveness of the audit process and its outcome.
Performance of an audit involves an interaction among individuals with the
management system being audited and the technology used to conduct the audit.
Table 1 provides examples of audit methods that can be used. If an audit involves the
use of an audit team with multiple members, both on-site and remote methods may be
used simultaneously. Reference: ISO 19011
THE TURTLE DIAGRAM
A useful tool for describing, understanding and analyzing processes, frequently

referred to as a "turtle" diagram, as shown in diagram 1, was presented by Russ
Hopkins, then strategy and business engineer for Ford Supplier Technical Assistance
(STA), at several ISO/TS 16949:2002 rollout sessions. His diagram subsequently
appeared on page 185 in the ISO/TS 16949:2002 implementation guide published by
the AIAG (Automotive Industry Action Group) June 2003. The AIAG subsequently put
this publication into the public domain.
This diagram utilizes four legs to represent four questions about a process;
• who,
• what,
• how,
• how many
The head and tail to represent the questions about the;

FROF

Page: 59 of 135
• process inputs - what should we receive and

• process outputs - what should we deliver to meet expectations.
The "shell" of the turtle is used for the process name.
The establishment and documentation of a turtle diagram for each of the processes
needed for the quality management system might be a good approach for defining
process interactions as well because the outputs from each process would be
traceable to their input into the other process(s) of the quality management system.
Reference: http://www.jhoti.com/turtle_diagram.asp
FROF

Page: 60 of 135
Group activity: E6D2S6 1100 – 1125

Determine audit objective, scope and criteria.
MANAGEMENT SYSTEM AUDIT 1130 – 1200
An audit assures organization who relies on management systems certification that

their management system can consistently meet customer and applicable regulatory
requirements.
An audit help auditee by:
• Providing management with information regarding the organization’s ability to

meet its management system objectives
• Identifying problems that may prevent the client from meeting its management
system objectives
• Identifying meaningful opportunities for improvement and areas of risk that are not
identified or managed.
AUDIT STAGES
As per ISO 17021-1, the initial certification audit of a management system shall be
conducted in two stages:
• stage 1 and
• stage 2.
STAGE 1 AUDIT
Planning stage 1 audit ensures that the objectives of stage 1 is met and the client is
informed of any “on site” activities during stage 1.
The objectives of stage 1 are to:
1. review the client’s management system documented information;

2. evaluate the client’s site-specific conditions and to undertake discussions with the
client’s personnel to determine the preparedness for stage 2;
3. review the client’s status and understanding regarding requirements of the
standard, in particular with respect to the identification of key performance or
significant aspects, processes, objectives and operation of the management
system;
FROF

Page: 61 of 135
4. obtain necessary information regarding the scope of the management

management system,
including:
• the client’s site(s);
• processes and equipment used;
• levels of controls established (particularly in case of multisite clients);
• applicable statutory and regulatory requirements;
5. review the allocation of resources for stage 2 and agree the details of stage 2 with
the client;
6. provide a focus for planning stage 2 by gaining a sufficient understanding of the
client’s management system and site operations in the context of the
management system standard or other normative document;
7. evaluate if the internal audits and management reviews are being planned and
performed, and that the level of implementation of the management system
substantiates that the client is ready for stage 2.
Auditing the management system documentation. Document review is performed in
order to:
• gather information to prepare audit activities and applicable work documents on

processes, functions;
• establish an overview of the extent of the system documentation to detect
possible gaps.
The documentation should include, as applicable, management system documents

and records, as well as previous audit reports. The document review should take into
account the size, nature and complexity of the auditee’s management system and
organization, and the audit objectives and scope.
FROF

Page: 62 of 135
LUNCH 1200 – 1245

Exercises 3: Document Review
Discussion and Feedback 1445 - 1450
STAGE 2 AUDIT 1450 – 1520
The purpose of stage 2 is to evaluate the implementation and effectiveness of the

client’s management system. It takes place at the site(s) of the client and it include the
auditing of at least the following:
• information and evidence about conformity to all requirements of the applicable

management system standard or other normative documents;
• performance monitoring, measuring, reporting and reviewing against key
performance objectives and targets (consistent with the expectations in the
applicable management system standard or other normative document);
• the client’s management system ability and its performance regarding meeting of
applicable statutory, regulatory and contractual requirements;
• operational control of the client’s processes;
• internal auditing and management review;
• management responsibility for the client’s policies.
Reference: ISO/IEC 17021-1
FROF

Page: 63 of 135
The audit team analyze all information and audit evidence gathered during stage 1 and
stage 2 to review the audit findings and agree on the audit conclusions.
Preparing the audit plan
The audit team leader prepares an audit plan based on the information contained in
the audit program and in the documentation provided by the auditee. The plan
facilitates the efficient scheduling and coordination of the audit activities in order to
achieve the objectives effectively.
The plan covers the:
• audit objectives;
• audit scope;
• audit criteria;
• locations, dates, duration of audit activities
• meetings with the auditee’s management;
• audit methods
• audit evidence and the design of the sampling plan, if applicable;
• roles and responsibilities of the audit team members, as well as guides and
observers;
• allocation of appropriate resources to critical areas of the audit.
The audit team leader considers the following in preparing the audit plan;
• the appropriate sampling techniques ;

• the composition of the audit team and its collective competence;
• the risks to the organization created by the audit.
The audit plan is reviewed and accepted by the audit client, and should be presented
to the auditee. Any objections by the auditee to the audit plan should be resolved
between the audit team leader, the auditee and the audit client.
The audit team leader prepares an audit plan according to the audit program and in
the documentation provided by the auditee.
The plan;
• Considers the effect of the audit activities on the auditee’s processes

• provide the basis for the agreement regarding the conduct of the audit among the
audit client, audit team and the auditee.
• facilitate the efficient scheduling and coordination of the audit activities in order to
achieve the objectives effectively.
• reflect the scope and complexity of the audit, as well as the effect of uncertainty on
achieving the audit objectives.
The audit plan contains:

FROF

Page: 64 of 135
• development of audit objectives;

• identification of audit scope, organizational and functional units and the processes
to be audited;
• determination of the audit criteria and any reference documents;
• the locations, dates, expected time and duration of audit activities
• the audit methods to be used, audit sampling plan
• the roles and responsibilities of the audit team members, guides and observers;
• the allocation of resources to critical areas of the audit.
The audit plan includes the;
• identification of the auditee’s representative for the audit;

• the working and reporting language of the audit where this is different from the
language of the auditor or the auditee or both;
• the audit report topics;
• logistics and communications arrangements, including specific arrangements for
the locations to be audited;
• any specific measures to be taken to address the effect of uncertainty on achieving
the audit objectives;
• matters related to confidentiality and information security;
• any follow-up actions from a previous audit;
• any follow-up activities to the planned audit;
• coordination with other audit activities, in case of a joint audit.
The audit plan reviewed and accepted by the audit client, and presented to the
auditee. Any objections by the auditee to the audit plan resolved between the audit
team leader, the auditee and the audit client
FROF

Page: 65 of 135
BREAK 1520 – 1530

Exercise 4: Audit Planning Preparation
Consolidation of Learning Objectives in day 2 1630 – 1700

Assignment: Answer Section 2 of the Specimen Examination.
FROF

Page: 66 of 135
FROF

Page: 67 of 135
DAY 3
FROF

Page: 68 of 135
SESSION 7:
Specimen Examination – Section 2 assignment discussion
PEOPLE IN THE AUDIT 0830 – 0915
The people in the audit includes:
• Auditor
• Lead auditor or Audit Team Leader
• Auditee
• Observer
• Audit Client
• Technical Expert
• Guides
Responsibilities of People in the Audit
Personnel involved in the certification activities have sufficient competence for

managing the type and range of audit programs and other certification work
performed.
Auditors
The responsibilities of auditors include:

1. complying with the applicable regulatory requirements for auditing
2. helping the auditee understand the regulatory requirements
3. planning and carrying out assigned responsibilities objectively, effectively and
efficiently within the audit scope and in accordance with a code of ethics for
auditors established and documented by the auditing organization
4. co-operating with and supporting the Audit team leader
5. collecting, analyzing and, where appropriate, documenting objective evidence that
is relevant and sufficient to permit the establishment of conclusions regarding
compliance of the quality management system with regulatory requirements and
the effectiveness of its implementation in meeting quality objectives
6. establishing the extent to which the procedures, documents and other information
describing or supporting the required elements of the quality management system
are known, available, understood and used by the auditee’s personnel
7. remaining alert to any indications or evidence that can influence the audit results
and possibly require more extensive auditing
FROF

Page: 69 of 135
8. informing the Audit team leader of audit findings in a timely manner

9. assisting the Audit team leader in preparing the report of the audit
10. informing the Audit team leader immediately of any major obstacles encountered in
performing the audit
11. safeguarding the confidentiality of all documents and information obtained in
association with the audit:
• when submitting such documents to the auditing organization through the Audit
team leader
• treating privileged information with discretion
12. verifying that corrective actions have been taken and have been effective:
• as a result of a previous audit
• during the audit, as feasible
• based on experience gained with devices on the market (e.g. post market
surveillance)
• based on incidents of a serious nature
13. minimizing disruption to the auditee’s personnel and processes during the audit
while attaining the audit's objectives
14. complying with any health and safety or other applicable requirements of the
auditee.
Audit team leader
The Audit team leader is ultimately responsible to the auditing organization for all
phases of the audit. During the audit, the Audit team leader shall have authority to
make final decisions regarding the conduct of the audit and any audit findings.
The Audit team leader is responsible for;

1. identifying the requirements of each audit assigned to the Audit team leader by the
auditing organization
2. selection of the audit team members and assigning roles and responsibilities for
individual audit.
3. reviewing the quality management system for adequacy in meeting applicable
regulatory requirements, prior to the on-site audit
4. preparing the audit plan (if appropriate, as part of an audit program) and working
documents and briefing the audit team
5. representing the audit team with the auditee’s management
6. communicating any nonconformities to the auditee as soon as possible after they
are identified and indicating whether such nonconformities may affect compliance
with the regulatory requirements
7. reporting to the auditee and to the auditing organization any major obstacles
encountered in performing the audit as planned
FROF

Page: 70 of 135
8. preparing and presenting the audit results clearly and conclusively to the auditee
at the closing meeting
9. preparing and submitting the audit report to the auditing organization in a timely
manner.
Auditees
The responsibilities of the auditee include:

1. defining the scope and objectives of the audit in conjunction with the auditing
organization
2. informing relevant employees about the objectives and scope of the audit
3. appointing responsible members of staff to accompany members of the audit team
and ensuring that audit team members are aware of health, safety and other
applicable requirements
4. providing resources needed for the audit team in order to ensure an effective and
efficient audit process
5. providing access to the facilities and evidential material pursuant to the regulatory
requirements as requested by the auditors
6. co-operating with the auditors to permit the audit objectives to be achieved
7. receiving the audit findings
8. determining what follow-up corrective actions are to be taken to address
nonconformities and other audit findings, and implementing such actions in a
timely and effective manner and informing the auditing organization as required
9. informing the auditing organization of any significant change to the quality
management system as required
10. informing any other auditees that may be affected by the audit, of its objectives,
scope and any other relevant arrangements
Where auditees, other than the manufacturer, are involved in the audit (i.e., suppliers),
sections (a), (b) and (h) through (k) remain with the responsibility of the manufacturer.
Audit client
Organization or person requesting an audit. In the case of internal audit, the audit
client can also be the auditee or the person managing the audit program. Requests for
external audit can come from sources such as regulators, contracting parties or
potential clients.
The role of the Audit client;
• Initiate the audit to the organization for the application of the management system,
• Enter into an agreement and contract to the certifying body who will certify their
organization to the management system of their choice.
FROF

Page: 71 of 135
• Provide resource and support necessary for the certifying body to perform the
assessment effectively and efficiently.
• Supply information needed by the auditors necessary for the completion of the
assessment.
• Provide safety environment for the auditors during the conduct of the audit.
• Communicate with the auditors during the process of audit and in the entire period
of the certification.
• Any other responsibilities the certifying body stated adamant to maintain the
requirements in subscribing to the management system.
Guides
Each auditor shall be accompanied by a guide, unless otherwise agreed to by the

audit team leader and the client. Guide(s) are assigned to the audit team to facilitate
the audit. The audit team shall ensure that guides do not influence or interfere in the
audit process or outcome of the audit.
The responsibilities of a guide:
• establishing contacts and timing for interviews;

• arranging visits to specific parts of the site or organization;
• ensuring that rules concerning site safety and security procedures are known and
respected by the audit team members;
• witnessing the audit on behalf of the client;
• providing clarification or information as requested by an auditor.
Observers
1. With the auditee’s consent (unless it is a regulatory requirement) observers may

be present at an audit for:
• the purpose of an observer’s training for auditing or
• observing the effectiveness of the audit process according to the requirements
for the designation of the auditing organization or in the course for assessing
the auditing organization for the purpose of their recognition as specified in
agreements.
2. Confidentiality
Observers are required to meet to the same level of confidentiality as other audit
team members. This shall be established prior to any audit activity. (See also
section 7.4)
3. Function
During the audit, the observer(s) take no active part in the audit process but
“observe” the activities, interviews and documents reviewed by the auditors.
Observers may provide feedback to the audit team at previously agreed intervals.
FROF

Page: 72 of 135
Management responsibilities of Audit team leader in managing the audit and the
audit team;
The Audit team leader must possess leadership and additional knowledge and skills to
manage the audit team, in order to facilitate the efficient and effective conduct of the
audit. The knowledge and skills necessary for audit team leader are;
a) balance the strengths and weaknesses of the individual audit team members;
b) develop a harmonious working relationship among the audit team members;
c) manage the audit process, including:
• planning the audit and making effective use of resources during the audit;
• managing the uncertainty of achieving audit objectives;
• protecting the health and safety of the audit team members during the audit,
including ensuring compliance of the auditors with the relevant health, safety
and security requirements;
• organizing and directing the audit team members;
• providing direction and guidance to auditors-in-training;
• preventing and resolving conflicts, as necessary;
d) represent the audit team in communications with the person managing the audit
program, audit client and auditee;
e) lead the audit team to reach the audit conclusions;
f) prepare and complete the audit report.
FROF

Page: 73 of 135
The Need for Communicating during the audit
During the audit, effective communication to the audit team, auditee, the audit client
and potentially with external bodies may be necessary to;
• clear matters especially where legal requirements require the mandatory reporting
of non-compliances.
• exchange information, assess audit progress, and reassign work between the audit
team members, as needed.
• periodically communicate the progress of the audit and any concerns to the
auditee and audit client, as appropriate.
• report immediately evidence collected that suggests significant risk to the auditee
without delay to the auditee,
• report any concern about an issue outside the audit scope.
• report and determine appropriate action for audit evidence that indicates the audit
objectives are unattainable. Such action may include reconfirmation or modification
of the audit plan, changes to the audit objectives or audit sco
scope,
pe, or termination of
the audit.
Any need for changes to the audit plan which may become apparent as auditing
activities progress should be reviewed and approved, as appropriate, by both the Audit
team leader and the auditee.
Confidentiality: security of information
Auditors exercise discretion in the use and protection of information acquired in the
course of their duties. Audit information are not to be used inappropriately for personal
gain by the auditor or the audit client, or in a manner detrimenta
detrimentall to the legitimate
interests of the auditee. This concept includes the proper handling of sensitive or
confidential information.
Continuous Assessment 0915 - 0935

Exercise 5: People in the Audit
FROF

Page: 74 of 135
SESSION 8:

DETERMINING AUDIT TIME 0940 – 1000
The audit time is determined and planned to accomplish a complete and effective audit
of the client's management system. In determining the audit time, the audit team
considers, among other things, the following aspects:
• the requirements of the relevant management system standard;

• size and complexity;
• technological and regulatory context;
• any outsourcing of any activities included in the scope of the management
management system;
• the results of any prior audits;
• number of sites and multi-site considerations;
• the risks associated with the products, processes or activities of the organization;
• when audits are combined, joint or integrated.
Audit Duration
Audit duration for all types of audits is the effective time measured in auditor days
required to carry out auditing activity. The duration of an auditor day is normally 8 hours
and may or may not include travel time or lunch depending upon local legislation.
FROF

Page: 75 of 135
Audit duration for all types of audits includes on site time at a client's premises and time
spent off-site carrying out planning, document review, interacting with client personnel
and report writing.
It is expected that the audit duration involved in such planning and report writing
combined should not typically reduce the total on-site audit duration to less than 80% of
the time shown in the Tables 2. This applies to initial, surveillance and recertification
audits. Where additional time is required for planning and/or report writing, this will not
be justification for reducing on-site audit duration for any audit.
Table 2: Reference IAF MD5
BREAK 1000 – 1010
EXERCISE 7 E7D3S8 - GROUP WORK 1010 – 1040
ON-SITE AUDIT 1045 – 1105
To minimize interference between audit activities and the auditee’s work processes
and to ensure the health and safety of the audit team during a visit, the following
should be considered:
a) planning the visit:
• ensure permission and access to those parts of the auditee’s location, to be visited
in accordance with the audit scope;
• provide adequate information (e.g. briefing) to auditors on security, health,
occupational health and safety matters and cultural norms for the visit including
requested and recommended
• vaccination and clearances, if applicable;
• confirm with the auditee that any required personal protective equipment (PPE) will
be available for the audit team, if applicable;
• except for unscheduled ad hoc audits, ensure that personnel being visited will be
FROF

Page: 76 of 135
informed about the audit objectives and scope;
b) on-site activities:
• avoid any unnecessary disturbance of the operational processes;

• ensure that the audit team is using PPE properly;
• ensure emergency procedures are communicated (e.g. emergency exits, assembly
points);
• schedule communication to minimize disruption;
• adapt size of the people in the audit accordance with the audit scope,;
• hands off any equipment, unless explicitly permitted;
• if an incident occurs during the on-site visit, the audit team leader should review
the situation with the auditee and
and,, if necessary, with the audit client and reach
agreement on whether the audit should be interrupted, rescheduled or continued;
• no photographs or video material, ask for authorization if needed;
• if taking copies of documents of any kind, ask for permission in advance and
consider confidentiality and security matters;
• when taking notes, avoid collecting personal information unless required by the
audit objectives or audit criteria.
EXERCISE 8: E8D3S8 Group Activities – Onsite Audit Activities 1105 – 1135
LUNCH 1140 – 1225
PREPARATION OF WORK DOCUMENT 1225 - 1255
The audit team members collect and review the information relevant to their audit
assignments and prepare work documents, for reference and for recording audit
evidence. Such work documents include:
• checklists;
FROF

Page: 77 of 135
• audit sampling plans;

• forms for recording information, such as supporting evidence, audit findings and
records of meetings.
The use of checklists and forms should not restrict the extent of audit activities, which
can change as a result of information collected during the audit.
Work documents, including records resulting from their use are retained at least until
audit completion, or as specified in the audit plan and suitably safeguarded at all
times by the audit team members.
AUDIT SAMPLING
Auditors know it may not be practical to examine all available evidence due to its
volume and dispersal. In those cases, a sample is selected to evaluate against the
audit criteria and help develop the audit conclusion.
Sample Definition
A sample is a small part of anything, intended as representative of the whole. It may
not be practical to examine all available data. For example, records may be too
numerous or dispersed, or may be too time consuming or costly.
Audit Principle
ISO 19011:2011, Guidelines for Auditing Management Systems, describes an
“Evidence-based Approach” that is based on sampling.
This audit principle (in clause 4.f) uses a rational method for reaching reliable and
reproducible audit conclusions. It states that audits are conducted during a finite period
of time and with finite resources, so audit evidence should be verifiable, and based on
samples of available information. The principle concludes by saying that the
appropriate use of “sampling” is closely related to the “confidence” that can be placed
in the audit conclusions.
Audit Guidance
The ISO 19011:2011 auditing guidance standard also states that audit procedures
should address the use of appropriate sampling methods (5.3.5). Does your audit
procedure cover sampling? Most audit procedures I review do not.
Lead auditors should be aware of sampling techniques when preparing the audit plan
(6.3.2.1), and the audit plan should cover the extent of the sampling needed to obtain
sufficient audit evidence (6.3.2.2). Work documents may include a specific sampling
plan (6.3.4)
More Audit Guidance

But, ISO 19011:2011 is not through on the sampling subject. It also states in 6.4.2 that
the opening meeting should clarify that the audit evidence will be based on a sample
of information. Later, it states that information should be collected by means of
appropriate audit sampling (6.4.6).
The closing meeting should advise participants that the audit evidence was collected
based on information samples (6.4.9). Then in the “Auditor Competence” section it
FROF

Page: 78 of 135
states that auditors should understand the appropriateness and consequences of

sampling techniques (7.2.3.2). The ISO 19011:2011 edition even added an Annex B.3
with two pages devoted to audit sampling.
The 2002 edition of ISO 19011 only mentioned samples and sampling 9 times. The
current 2011 edition mentions those terms 68 times! Think audit sampling was
considered important?
Sampling Steps
Audit sampling typically involves these six steps:
1. First, establish the objectives of the sampling plan, e.g., you may want to reduce
the audit disruption, yet have a representative sample that provides confidence in
the audit conclusions.
2. Next, define the extent and composition of the population. What is the audit
scope?
3. Then, select a sampling method. For quality audits, it will likely be judgmental
sampling. However, you can still use a statistical method to help identify items
within your sample.
4. At this point, determine the sample size to be taken. If you want a statistically valid
sample, you will calculate the sample size for the desired confidence level.
5. Now you are ready to conduct the sampling activity, followed by the sixth step.
6. Evaluating, reporting, and documenting the results.
Sampling Methods
When we know our sampling objective, and the extent and composition of the
population to be assessed, we will select our sampling method before determining the
sample size. You may decide to use “judgmental” (non-statistical) sampling and rely
on the auditor knowledge, skills, and experience. But, if you need a statistical estimate
of the effect of uncertainty on the audit findings and audit conclusion, then a
“statistical” sampling method will be selected.
Statistical
Before choosing a statistical sampling method, you should consider if the outcomes to
be examined are attribute-based or variable-based. More on that later. There are four
primary methods for statistical sampling:
1. Systematic – Picking every nth item. This would be appropriate for looking over a
period of time.
2. Random – Selecting a random sample, which could involve a random number
generator.
3. Stratified – Divides the population into homogeneous subgroups that need to be
represented.
4. Cluster – Divides the population into heterogeneous clusters that match the
population.
We will discuss each of these four methods later in the article.
FROF

Page: 79 of 135
Non-statistical
As mentioned earlier, we may want to use “judgmental” sampling based on auditor
knowledge, skills, and experience. For example, the auditor may know which items
have had problems in the past, or may be a higher risk to the organization.
“Convenience” sampling, sometimes referred to as “haphazard” sampling, uses
samples that are readily available. I will focus on judgmental sampling later in the
article, but first, let’s look at statistical sampling.
Statistical Sampling
Statistical sampling uses a sample selection process based on probability theory.
Attribute-based sampling is used when there are only two possible outcomes for
each sample, for example, conforming or nonconforming when assessing completed
forms to the procedural requirements.
Variable-based sampling is used when the sample outcomes occur in a continuous

range, for example, the number of security breaches over time.
Sampling Plan - Key elements that will affect your audit sampling plan are the:
• Size of the organization (since it affects the population size)

• Number of competent auditors (available to share the sampling load)
• Frequency of audits during the year (sample wide or sample deep)
• Time of the individual audit (duration available for samples to be taken)
• Any externally required confidence level (forcing statistical sampling)
• Of course, the use of statistical methods does not eliminate the need to still
exercise auditor judgment. You won’t be on auditor auto-pilot.
Confidence Level - A sampling risk of 5% (which equates to a 95% confidence level)

accepts the risk that 5 in 100 samples will not reflect the values that would be seen if
the entire population was examined. Auditors should document the sampling work and
include the:
• Description of the population to be sampled

• Sampling criteria to be used for evaluation (what is considered an acceptable
sample)
• Statistical parameters and methods that were used
• Number of samples evaluated and the results obtained.
Sample Sizes - If we increase the confidence level to 95%, and changing the
nonconformity rate to 1% or less, it would expand the sample for a population of 1000
to 259, far more than 45. Financial audits typically use statistical sampling methods.
However, due to time constraints and cost factors, quality audits often use non-
statistical sampling methods.
FROF

Page: 80 of 135
Systematic Sampling - Systematic sampling selects every Nth item in the population
as the sample. For example, to sample 30 items out of a population of 360, the
sampling interval would be N=12.
You would select a random starting point within the first interval, e.g., between 1 and
12, you could randomly pick 7. Then, you would extract every 12th item, i.e., 7, 19, on
to 343, 355.
However, you have to ensure the systematic sampling interval does not introduce bias.
For example, if a warehouse has even locations on one side of the aisle and odd
locations on the other side, and you selected every 50th item, and started at 20, you
would never pick an odd location.
Random sampling would be more suitable for this scenario. Remember, auditor
judgment is still needed for statistical sampling. Systematic sampling is most
appropriate for looking over a period of time, since it ensures an even spread of
selected items in a sample of the timeframe under review.
Random Sampling
Random sampling gives each item in the sampled population an equal chance of
being selected. That means picking one item, has no impact on the probability of any
other item being selected.
One random sampling method is to generate a random number for each item to be
sampled, sort these random numbers, and then take the top or bottom X, where X is
the sample size.
Stratified Sampling
When items from each subgroup within the population need to be represented, you
can use “stratified” sampling. To do that, divide the population into subgroups, or
strata. Then select random or systematic samples from within each subgroup.
The sampling fraction for each subgroup may be taken in the same proportion that the
subgroup has in the population. For example, you would randomly select customers of
each type in proportion to the number of customers of that type in the population.
Suppose that 70% of your customers are commercial and 30% are government. You
could divide the population into those two groups and take 70% of your samples from
the commercial group and 30% of your samples from the government group.
Cluster Sampling
In “stratified” sampling, the subgroups are homogeneous. In “cluster” sampling, the
cluster is as heterogeneous as possible to match the population.
A random sample is taken from within one or more selected clusters. For example, if
there are 20 small projects in the scope, you might use cluster sampling to randomly
select 4 projects as representative for the audit.
Unless clusters are selected randomly, and many are sampled, you cannot always
generalize about the entire population. For example, random sampling from all parts
produced last week, or for a specific product, may cause sampling bias.
Judgment Sampling
Judgment-based sampling relies on the knowledge, skills, and experience of the audit
FROF

Page: 81 of 135
team. The sampling should consider:
• Previous audit experience within the audit scope (may spend more time if little
experience)
• Complexity and interaction of the processes (sample more if a complex process)
• Changes in technology and the management system (sample more if higher risk)
• Previously identified risk areas and improvement areas (consider weak areas)
• Output from monitoring of the management system (listen to feedback on issues)
The sample should provide coverage of all types of items within the population. A
drawback of judgment-based sampling is there can be no statistical estimate of the
effect of uncertainty on your audit findings and conclusions.
Convenience Sampling
Another type of non-statistical sampling is “convenience” sampling. With this method,
you select a nearby and readily available sample. Sounds easy. However, in most
cases, you cannot draw conclusions about the total population, because the sample is
not likely to be representative.
For example, when auditing purchase orders, you may be tempted to assess the ones
on the buyer’s desk. However,
• The buyer may have placed “correct” ones on the desk to be used for the audit
• Or, the POs may be recently, carefully created knowing the audit was imminent
• Or, the POs on the desk may be from the few suppliers handled by that buyer
Sampling Concerns
If you are not careful, your sample may be invalid, too large, or too small.
Invalid Sample
If a sample is not representative of the population, it is not a valid sample. Since
auditors rely on samples to form their audit opinion, an invalid sample could lead to an
invalid conclusion.
Over-Auditing
If the sample taken is too large, it was unnecessary and has wasted valuable time.
You want to select the smallest sample leading to valid audit results.
Under-Auditing
If the sample is too small, it may not be representative of the population, which means
there is a risk that nonconformities will not be detected.
Sampling Risk
Speaking of risk, if you are sampling two out of ten items, and there is one
nonconforming item, what is the risk of missing that nonconformity with a random
sample of only two items?
There are 45 different combinations when taking two items at a time from a population
of ten. That means there would be nine combinations with the bad item, and 36
combinations without it. So, while the percent of bad items is 10%, the risk of selecting
a sample without the bad item is 36 of 45, or an 80% risk. That highlights the impact of
FROF

Page: 82 of 135
sample size on the detection risk.
Sample Selection
Audit samples are taken to evaluate if practices are producing results that meet stated
requirements. Our audit samples include which procedures to review, people to
interview, activities to observe, and records to examine.
However, there is not enough time available to look at everything. In fact, you may
have been given an audit assignment with a specific audit duration, which ends up
being a limiting factor for your sampling.
The audit sample should be relevant and representative, which means it should be
selected by the auditor, not the possibly “loaded dice” offered by the auditee. How
thoughtful of them.
Your audit checklist, if you use one, may define the planned sample through the
selected areas to assess, documents to review, and records to examine.
There will be a difference between your “planned” sample and the “actual” sample, as
you adjust to the responses, practices, and evidence during the audit. Your auditor
notes will record the sample actually taken, which will be helpful in reporting results
and guiding future audits of the area.
Evidence Types
There are four types of evidence:
• Documents,
• Observations,
• Records,
• Statements, which forms the acronym D-O-R-S.
This audit evidence is compared to the four types of requirements to judge conformity:
• Legal,
• Organization,
• Customer,
• Standard, which forms the acronym L-O-C-S.
If the objective evidence indicates a requirement is not being met, then

nonconformity has been identified.
Remember, when you interview someone, you are listening to their understanding of
the “current” process. When you review documents, you are hopefully looking at the
“current” versions. When you observe work activities, you are viewing the “current”
practices.
However, to assess conformity in the “past”, since the last audit, you must examine
records generated during that time interval, not just the records generated today.
Evidence Samples
How many people, documents, activities, and records should be sampled during a
FROF

Page: 83 of 135
quality audit? The sample sizes should be based on the population size and business
risk. And, larger samples will provide more confidence in the audit conclusions.
However, the samples will be limited due to the audit’s cost and operational disruption,
as well as, by the time allocated for the audit, and the types of evidence being
examined.
For example, with monthly management reviews, and semi-annual audits, you could
look at only six records and have a 100% sample since the last audit.
If 1000 purchase orders have been issued since the last audit, picking 20
representative orders would be a 2% sample over the past six months. However, for a
statistically valid audit sample for a 95% confidence level, and a nonconformity rate of
1% or less, you would have to sample 259 orders, or a 26% sample. When was the
last time you examined 259 POs in an audit?
Record Sampling
Consider the time period to be assessed, when you select records be included in your
sample. Remember that old records were created by old processes. If you find a
problem in the past, similar nonconformities may not exist with the current process.
So, focus on records related to the current processes. Consider the records that have
been generated since the last audit. However, you should still select some older
records for assessing adherence to record retention policies.
Sampling Disclaimer
Audit results reflect the situation you found at the time of the audit. You relied upon a
limited sample taken during a brief period of time. Therefore, consider including a
disclaimer like this one in your audit report:
This audit was based on random samples and every aspect of the system was not
necessarily covered. Therefore, nonconformities may exist that have not been
identified in this report.
Explain to the audited organization that if no nonconformities were found in sample,

that does not mean there are no nonconformities in their system.
Summary
To recap, audit results will be based on sampled information.
The selected samples should be representative of the population.
It is important to understand the different audit sampling techniques, and to be aware
of the uncertainty introduced by sampling.
You want to determine an acceptable sample size for confidence of all parties:
• the audit client,

• the auditee,
• the audit team,
Take the steps necessary to improve your judgment-based sampling, since that will
likely be the primary sampling method for your audits. Avoid under-auditing (selecting
too few samples).
Sample all types of evidence:

FROF

Page: 84 of 135
• people,
• documents,
• activities,
• records,
Report the sampling level, and include a disclaimer in your audit report.
Group Activities: E9D3S8 – Preparation of Sampling Plan 1255 – 1335
Preparation of Audit Checklist 1340 – 1410
When preparing work documents, the audit team consider the questions below for
each document.
a) Which audit record will be created by using this work document?

b) Which audit activity is linked to this particular work document?
c) Who will be the user of this work document?
d) What information is needed to prepare this work document?
The work documents should be adequate to address all those elements of the
management system (discussed on day 1) within the audit scope and may be provided
in any media.
A checklist may be used to ensure that all relevant standards’ requirements are
addressed.
Checklist if developed for a specific audit and used correctly can;
• promote planning for the audit

• ensure a consistent audit approach
• act as a sampling plan and time manager.
• serve as a memory aid.
• provide a repository for notes collected during the audit process.
FROF

Page: 85 of 135
• assist auditor to perform effective audit

• ensure adequate evidence are collected.
• provide continuity to the audit
• provide objective evidence that the audit was performed
Disadvantages of using audit checklist;
• The focus of the checklist may restrict the scope to identify specific problems.
• It may be used as a substitute for audit plan.
• It may not help in generating adequate audit evidence if not communicated
properly.
There are advantages and disadvantages in using audit checklists. It depends on

many factors, including customer needs, time and cost restraints, auditor’s experience
and other requirements. Auditors should assess the value of the checklist as an aid in
audit process and consider its uses as a functional tool.

Exercise 6: Writing Audit Checklist
BREAK 1455 – 1505
AUDIT TRAIL 1505 – 1525
A systematic approach to collecting evidence based on specific samples, that the

output of a series of inter-related processes meets expected outcomes.
Auditors establish the path of the process that they are auditing and perform the audit
accordingly, ensuring that the requirements of the process are being met.
An effective audit trail;
FROF

Page: 86 of 135
• Use the chosen samples and identify the process path and the controls that were
applied. It is vital that the samples are linked and come from the same trail.
• Procedures, forms, checklists and so on, all ensure that a process is managed and
controlled effectively. It is essential that auditors take the time to understand what is
required from the process they are auditing.
• A second- or third-party auditor to carry out an audit of an organization starting the
trail with the specification of its product or service, including statutory and regulatory
requirements.
• This professional approach to auditing that allows the auditor to identify any
weaknesses in the process and decide if an organization is capable of meeting the
specified requirements.
• The audit trail approach applies to any audit be it an internal, second- or third-party
audit.
Consider the following components of a process;
• Input
• Activities
• Outputs
• Measures of effectiveness
Below is an example of how to prepare an audit trail.

Types of Inputs Audit trail
Personnel Human resources

Documents Document Control Administrator
Materials Purchasing, Customer Specification, or Incoming
Inspection
Equipment Maintenance
Using the audit of a purchasing activity as an example, you need to identify what
material or equipment has been purchased for your sample order. It is always important
to understand what drives the process. In this case, it is normally the requisition, which
defines what is wanted.
If the auditor does not understand the specification, then he or she cannot check if the
process being followed meets the requirements of the requisition.
• what does the requisition require – does this comply with the agreed specification?
• how is the decision to purchase made?
• how is the specification decided? Is it adequate?
• who decides what is required and do they have the authority?
• who chooses the supplier and by what criteria?
• what is the process for bid evaluation?
• how is the specification advised to the supplier?
• are national or international standards used?
• what controls the process?
FROF

Page: 87 of 135
• are there any special packing delivery requirements?
These are just some of the issues that need to be addressed, many of which follow the
clauses of ISO 9001. Reference: ISO 9001 Auditing Practices Group – ISO/IAF © ISO
& IAF 2009 – All rights reserved www.iaf.nu; www.iso.org/tc176/ISO9001AuditingPracticesGroup
EXERCISE 10: E10D3S8 - Group Activities: – Perform Audit Trail

1525 – 1555
Discussion and feedback

1555 – 1600
Preparing Opening Meeting 1600 – 1610
The purpose of the opening meeting is to:
• confirm the agreement of all parties (e.g. auditee, audit team) to the audit plan;
• introduce the audit team;
• ensure that all planned audit activities can be performed.
The meeting chaired by the audit team leader, and the following items should be
considered, as appropriate;
• introduction of the participants, including observers and guides, and an outline of

their roles;
• confirmation of the audit objectives, scope and criteria;
• confirmation of the audit plan and other relevant arrangements with the auditee,
such as the date and time for the closing meeting, any interim meetings between
the audit team and the auditee’s management, and any late changes;
• presentation of the methods to be used to conduct the audit, including advising the
auditee that the audit evidence will be based on a sample of the information
available;
• introduction of the methods to manage risks to the organization which may result
from the presence of the audit team members;
• confirmation of formal communication channels between the audit team and the
auditee;
• confirmation of the language to be used during the audit;
• confirmation that, during the audit, the auditee will be kept informed of audit
progress;
• confirmation that the resources and facilities needed by the audit team are
available;
• confirmation of matters relating to confidentiality and information security;
• confirmation of relevant health and safety, emergency and security procedures for
the audit team;
FROF

Page: 88 of 135
• information on the method of reporting audit findings including grading, if any;

• information about conditions under which the audit may be terminated;
• information about the closing meeting;
• information about how to deal with possible findings during the audit;
• information about any system for feedback from the auditee on the findings or
conclusions of the audit, including complaints or appeals.
The opening meeting may simply consist of communicating that an audit is being conducted
and explaining the nature of the audit
EXERCISE 11: E11D3S8 - Group Activities: - Preparation of Opening Meeting 1610 – 1630

Assignment; Answer Section 3 of the Specimen Examination
FROF

Page: 89 of 135
FROF

Page: 90 of 135
DAY 4
FROF

Page: 91 of 135
SESSION 9:
COURSE CONTENT TIMING
Day 3 consolidation quiz discussion
Specimen Examination – Section 3 Assignment discussion
CONDUCTING THE OPENING MEETING 0830 – 0940
A formal opening meeting held in the client’s location before proceeding with the audit,
with the client's management and those responsible for the functions or processes to
be audited. The opening meeting is conducted by the audit team leader, is to provide a
short explanation of how the audit activities will be undertaken.
Continuous Assessment;
Exercise 7: Opening Meeting
Management of Audit Interviews 0940 - 0955
Interviews are one of the important means of collecting information and should be
carried out in a manner adapted to the situation and the person interviewed, either
face to face or via other means of communication.
An effective audit interview must be;
• held with persons from appropriate levels and functions performing activities or
tasks within the audit scope;
• conducted during normal working hours and, where practical, at the normal
workplace of the person being interviewed;
• an attempt to put the person being interviewed at ease prior to and during the
interview;
• the reason for the interview and any note taking should be explained;
• initiated by asking the persons to describe their work;
• careful selection of the type of question used (e.g. open, closed, leading
questions);
• summarized and reviewed the results with the interviewed person;
• thanked the interviewed persons for their participation and cooperation.
FROF

Page: 92 of 135
BREAK 0955 – 1005
EXERCISE 12 - E12D4S9 - Group Activities: – Perform Audit Interviews 1005 – 1035
SESSION 10:
Stage 2 – Conducting the Audit 1040 – 1055
Conducting the Audit
The sequence in conducting the audit:
• Conducting the opening meeting

• Performing document review while conducting the audit
• Communicating during the audit
• Assigning roles and responsibilities of guides and observers
• Collecting and verifying information
• Generating audit findings
• Preparing audit conclusions
• Conducting the closing meeting
FROF

Page: 93 of 135
Performing document review while conducting the audit
The auditee’s relevant documentation should be reviewed to:
• determine the conformity of the system, as far as documented, with audit criteria;
• gather information to support the audit activities.
Communicating during the audit
During the audit, the audit team assess audit progress and exchange information.
Communication during audit that are important and need to address such as;
• The need to reassign work between the audit team members and periodically
communicate the progress of the audit and any concerns to the client.
• Where the available audit evidence indicates that the audit objectives are
unattainable or suggests the presence of an immediate and significant risk (e.g.
safety), the audit team leader shall report this to the client and, if possible, to the
certification body to determine appropriate action. Such action may include
reconfirmation or modification of the audit plan, changes to the audit objectives or
audit scope, or termination of the audit. The audit team leader shall report the
outcome of the action taken to the certification body.
• The audit team leader shall review with the client any need for changes to the audit
scope which becomes apparent as on-site auditing activities progress and report
this to the certification body.
The audit team should meet as needed to review the audit findings at appropriate
stages during the audit and unresolved points should be recorded..
The audit team leader ensures that audit records are created, managed and maintained
to demonstrate the implementation of the audit program. Processes should be
established to ensure that any confidentiality needs associated with the audit records
are addressed.
Collecting and verifying information
• During the audit, information relevant to the audit objectives, scope and criteria
(including information relating to interfaces between functions, activities and
processes) are collected by appropriate sampling and verified to become audit
evidence.
• Methods to collect information shall include, but are not limited to:
interviews;
observation of processes and activities;
review of documentation and records.
FROF

Page: 94 of 135
During the audit, information relevant to the audit objectives, scope and criteria,
including information relating to interfaces between functions, activities and processes
are collected by means of different ways.
Only information that is verifiable are accepted as audit evidence. Audit evidence
leading to audit findings are recorded.
Source of Information;
• interviews with employees and other persons;

• observations of activities and the surrounding work environment and conditions;
• documents, such as policies, objectives, plans, procedures, standards,
instructions, licenses and permits, specifications, drawings, contracts and
orders;
• records, such as inspection records, minutes of meetings, audit reports, records
of monitoring program and the results of measurements;
• data summaries, analyses and performance indicators;
• information on the auditee’s sampling plans and on the procedures for the
control of sampling and measurement processes;
• reports from other sources, e.g. customer feedback, external surveys and
measurements, other relevant information from external parties and supplier
ratings;
• databases and websites;
• simulation and modeling.

Exercise 8: Performing the Audit
LUNCH 1230 – 1315
FROF

Page: 95 of 135
SESSION 11:
Generating audit findings 1315 – 1330
Determining audit findings
When determining audit findings, consider:
• follow-up of previous audit records and conclusions;

• requirements of audit client;
• findings exceeding normal practice, or opportunities for improvement;
• sample size;
• categorization (if any) of the audit findings;
Audit finding:
1. Audit evidence is evaluated against the audit criteria.

2. Audit findings indicate conformity or nonconformity with audit criteria.
3. Audit findings include conformity and good practices, opportunities for
improvement, and any recommendations to the auditee.
4. Audit findings are reviewed with the auditee ;
• to obtain acknowledgement that the audit evidence is accurate, and
• so that the nonconformities are understood
• to resolve any diverging opinions concerning the audit evidence or findings
FROF

Page: 96 of 135
Audit conformities indicate a positive audit findings;
For records of conformity, it consists of:
• identification of the audit criteria against which conformity is shown;

• audit evidence to support conformity;
• declaration of conformity, if applicable.
Identifying Nonconformities;
Non conformities may arise from;

• product -The failure to meet the specification of the product
• process - The absence of a documented process or procedure will fundamentally
affect consistency and effective implementation of any process.
• management system – failure to meet the requirements of the standard the
organization is subscribing with.
• potential nonconformities
Writing Nonconformities
In order for the significance of nonconformities to be characterized utilizing any

nonconformity grading system, it is essential that nonconformities are clearly worded
with factual and precise language that enables the reader to comprehend the actual
nonfulfillment that was detected during the audit. The information presented should
be an accurate representation of the reviewed records, samples and procedures, as
well as interviews conducted.
There are three parts to a well-documented nonconformity:
1. the statement of nonconformity. one-sentence statement as to why the

evidence violates the requirements. The statement is the negative of the clause.
2. the audit evidence to support auditor findings; You must write down your
evidence. What you saw, what you heard, what you read, etc.
3. the requirement against which the nonconformity is detected; You must indicate
the actual requirement, which will typically be the exact clause of ISO 9001 that is
in violation or the language from an internal procedure - or both.
FROF

Page: 97 of 135
EXERCISE 13 - E13D4S11: Group Activity: – Writing nonconformities 1330 – 1400

Exercise 9: Writing Nonconformity Report
BREAK 1440 – 1450
Preparing audit conclusions 1450 – 1505
The audit team confer prior to the closing meeting in order to:
FROF

Page: 98 of 135
• review the audit findings, and any other appropriate information collected during
the audit, against the audit objectives;
• agree on the audit conclusions, clearing all issues encountered during the audit
process;
• prepare recommendations;
• discuss audit follow-up.
Audit conclusions addresses issues such:
• the extent of conformity with the audit criteria and robustness of the management
system, including the effectiveness of the management system in meeting the
stated objectives;
• the effective implementation, maintenance and improvement of the management
system;
• the capability of the management review process to ensure the continuing
suitability, adequacy, effectiveness and improvement of the management system;
• achievement of audit objectives, coverage of audit scope, and fulfillment of audit
criteria;
• root causes of findings, if included in the audit plan;
• similar findings made in different areas that were audited for the purpose of
identifying trends.
If specified by the audit plan, audit conclusions can lead to recommendations for
improvement, or future auditing activities.
1505 – 1520
Closing Meeting
The audit team confer prior to the closing meeting in order to:
• review the audit findings, and any other appropriate information collected during
the audit, against the audit objectives;
• agree on the audit conclusions, taking into account the uncertainty inherent in the
audit process;
• prepare recommendations, if specified by the audit plan;
A closing meeting, facilitated by the audit team leader is held to present the audit
findings and conclusions. As appropriate, the following should be explained to the
auditee in the closing meeting:
• advising that the audit evidence collected was based on a sample of the
information available;
• the method of reporting;
• the process of handling of audit findings and possible consequences;
• presentation of the audit findings and conclusions in such a manner that they are
understood and acknowledged by the auditee’s management;
• any related post-audit activities (e.g. implementation of corrective actions, audit
complaint handling, appeal process).
FROF

Page: 99 of 135
EXERCISE 14 - E14D4S13: Closing Meeting Exercise 1520 – 1630

Assignment: Answer Specimen Examination – Section 4
FROF

Page: 100 of 135
FROF

Page: 101 of 135
DAY 5
FROF

Page: 102 of 135
SESSION 12:
Day 4 Consolidation Quiz Discussion
Specimen Examination – Section 4 assignment discussion
Reporting the audit 0900 – 0915
The audit team leader reports the audit results in accordance with the audit program
procedures.
The audit report provide a complete, accurate, concise and clear record of the audit,
and should include or refer to the following:
• the audit objectives;

• the audit scope, particularly identification of the organizational and functional units
or processes audited;
• identification of the audit client;
• identification of audit team and auditee’s participants in the audit;
• the dates and locations where the audit activities were conducted;
• the audit criteria;
• the audit findings and related evidence;
• the audit conclusions;
• a statement on the degree to which the audit criteria have been fulfilled.
Distributing the audit report
The audit report is issued within an agreed period of time. If it is delayed, the reasons
should be communicated to the auditee and the person managing the audit program.
Managing the audit program outcome
• review and approval of audit reports, including evaluating the suitability and
adequacy of audit findings;
• review of root cause analysis and the effectiveness of corrective actions and
preventive actions;
• distribution of audit reports to the top management and other relevant parties;
• determination of the necessity for any follow-up audit.
Completing the audit
The audit is completed when all planned audit processes/activities have been carried
out.
FROF

Page: 103 of 135
Documents pertaining to the audit are:
• retained or destroyed by agreement between the participating parties and in

accordance with audit program procedures and applicable requirements.
• not disclosed, the contents of documents, any other information obtained during
the audit, or the audit report, unless required by law to any other party without the
explicit approval of the audit client and, where appropriate, the approval of the
auditee.
• disclosed if required, the audit client and auditee should be informed as soon as
possible.
Lessons learned from the audit should be entered into the continual improvement
process of the management system of the audited organizations.
Identification of Nonconformities, Potential Risk and Opportunities for Improvement 0920 - 0940
Identifying Nonconformity
It is the responsibility of all personnel to bring suspected nonconformities to the

attention of the Management Representative or immediate superior. Nonconformities
are identified through the following activities:
• Inspection activities – subsequent reporting details the nature of the

nonconformity and done quickly to allow containment and correction action.
• Analysis of trends in monitoring and measurement data and corrective action is
taken and the process is monitored for stability.
• Management system auditing, competent auditors describe the nature of the
problem, the requirement, including its source and appropriate evidence.
• Potential nonconformities trigger the preventive action process. Any potential
problem is described in terms of its nature, the requirement and evidence that the
requirement will not be fulfilled unless the system is changed.
Potential Risk and Opportunities for Improvement.
When changes, legal liabilities or even manmade disasters occur, operations can be
disrupted.
Organization identify potential risks, then prioritize and take action to handle them,
which include avoiding the risk, reducing negative effects, accepting the
consequences of the risk, or transferring the risk elsewhere. Proactively managing
risks will help organization sustain growth.
Some categories of risk to consider could help organization identify potential risk:
• Compliance – risks related to the need to comply with rules and regulations.
• Operational – risks are linked to company’s administrative and operational
procedures.
FROF

Page: 104 of 135
Identified potential risk provide organization an opportunity for improvement.

http://www.industriuscfo.com/
Opportunity for Improvement are advantageous circumstances to raise

something/someone to a more desirable or more excellent quality or condition.
Mistakes are the main contributors in helping to improve the results by addressing
those findings and consider it a great opportunities for improvement.
In improving the results, organization resolve problems by analyzing the root cause.
For these matters QMS requires organization to establish methods of addressing the
findings.
EXERCISE 15 - E15D5S12: Individual Activities: - Identification of 0940 – 1010

Nonconformities, Potential Risk and Opportunities for Improvement
Discussion and feedback 1010 - 1015
BREAK 1015 – 1025
FROF

Page: 105 of 135
Corrective Action Process 1025 – 1045
The management responsible for the area being audited ensures that any necessary
corrections and corrective actions are taken without undue delay to eliminate detected
nonconformities and their causes.
Corrective actions is appropriate to the effects of the nonconformities encountered and

establish documented procedure to define requirements for;
• reviewing nonconformities (including customer complaints),

• determining the causes of nonconformities,
• evaluating the need for action to ensure that nonconformities do not recur,
• determining and implementing action needed,
• records of the results of action taken, and
• reviewing the effectiveness of the corrective action taken.
Cause analysis of nonconformities
The certification body requires the client to analyse the cause and describe the specific
correction and corrective actions taken, or planned to be taken, to eliminate detected
nonconformities, within a defined time.
Effectiveness of corrections and corrective actions
The certification body ;

• reviews the corrections, identified causes and corrective actions submitted by the
client to determine if these are acceptable.
• verifies the effectiveness of any correction and corrective actions taken.
• records evidence obtained to support the resolution of nonconformities.
• Informs client of the result of the review and verification. The client shall be
informed if an additional full audit, an additional limited audit, or documented
evidence (to be confirmed during future audits) will be needed to verify effective
FROF

Page: 106 of 135
correction and corrective actions.
Verification of effectiveness of correction and corrective action can be carried out

based on a review of documented information provided by the client, or where
necessary, through verification on-site. Usually this activity is done by a member of the
audit team.
EXERCISE 16 - E16D5S12: Group Activity: Root Cause Analysis 1045 – 1115

Exercise 10: Writing Audit Summary
Report Writing 1145 – 1205
The audit report is dated, reviewed and approved, then be distributed to the recipients
as defined in the audit procedures or audit plan.
Conducting Follow-up audit
The conclusions of the audit can, depending on the audit objectives, indicate the
need for;
• corrections, or
• corrective action,
• preventive action or
• improvement actions.
Such actions are usually decided and undertaken by the auditee within an agreed
timeframe and immediately keep the person managing the audit program and the
audit team informed of the status of these actions. The completion and effectiveness
of these actions are verified on subsequent audit or surveillance audit.
LUNCH 1205 – 1250

Exercise 11: Follow-up Audit
FROF

Page: 107 of 135
FROF

Page: 108 of 135
SESSION 13:
Certification Grades and Summary of Grade Applicabilities 1320 – 1340
Most auditor schemes have four main grades of certification and two provisional
grades. However, some schemes have different/limited grades, or different terms (eg
Assessor). Please refer to the respective appendix for further guidance on any
scheme.
GRADE APPLICABILITY
You should consider this grade if you conduct internal ‘partial
Internal system’ audits of your organization’s management system, or a
Auditor supplier’s management system. It is likely that you will not be a
fulltime auditor, and you may only audit a few times each year.
Whilst the internal auditor grade requires the applicant to have
Provisional conducted audits, the provisional grade does not. It is therefore
Internal appropriate for professionals who have attended an internal auditor
Auditor training course, but that do not or have not had the opportunity to
conduct audits, yet wish to receive formal recognition of their ability.
The auditor grade is appropriate for those who conduct ‘full system’
audits as a member of an audit team and/or as a sole auditor. They
may be conducting internal full system audits, second-party full
Auditor
system audits, or conducting third-party audits for certification
purposes but do not yet have sufficient experience of leading audit
teams.
Whilst the auditor grade requires the applicant to have conducted
Provisional audits, the provisional grade does not. It is therefore appropriate for
Auditor professionals who have attended an auditor training course, but
that do not or have not yet had the opportunity to conduct audits.
This grade applies to competent auditors experienced at managing
audits and at leading audit teams. This would be the case for
Lead Auditor
auditors working as audit team leaders for certification bodies or
those who perform supplier audits for organizations.
This grade is appropriate for Senior Audit professionals with an
extensive and demonstrable history of conducting full system audits
as lead auditors, who may no longer lead audit teams, or conduct
Principal audits on a regular basis. Principal Auditors are not required to
Auditor submit evidence of audits at re-grade, as they may have
progressed
into audit training or management roles. However, submission of
any audits carried out is recommended.
FROF

Page: 109 of 135
Quality Management System Auditor Scheme Specific Requirements and Guidance
Scheme specific (additional) requirements
In the sector understanding and work experience sections of the application form, you
are required to demonstrate the following knowledge and competencies:
• Knowledge of basic quality management principles

• Understanding of quality management tools and techniques that are applied in
organizations that will enable the auditor to assess a quality management system,
and generate audit findings and conclusions
• An understanding of an organization’s operational activities and its interactions, to
enable you to understand the relationship with product quality.
The QMS Scheme is based on the auditing key standard:
• ISO 9001: Quality management systems – Requirements
Guidance for who this scheme is intended for
• Quality management system auditors, such as those employed by third-party

certification bodies/registrars or by purchasing organizations (second-party
auditors)
• Quality management practitioners, such as quality management consultants,
quality managers and third-party certification managers
• Employees conducting quality management system audits within their own
organizations (internal audits).
Outline the content and intent of the IRCA code of Conduct
The Chartered Quality Institute Professional Code of Conduct
For the purposes of this code “members” refers to all individuals whose competence
is recognized formally by The Chartered Quality Institute [The CQI]. This includes
but is not restricted to CQI members, IRCA registered auditors and individuals on
other CQI registers, as well as all members of the Board of Trustees, Advisory
Council and other governance bodies.
Statement of Personal Responsibility
It is the ethical and professional responsibility of all members to demonstrate the

required professional competence and behaviors in discharging the responsibilities
of their role.
Members must uphold the highest ethical standards and integrity in exercising their
professional duties or other activities which might impact on the reputation of the
profession and of the CQI.
FROF

Page: 110 of 135
In support of these aims all members are expected to understand and comply with
this code of conduct.
Furthermore, the CQI reserves the right to suspend or withdraw membership and all
associated benefits from members who fail to comply with this code of conduct, in
accordance with the Enforcement Processes detailed below.
Professional Competence and Behavior
In recognizing the values and requirements of this code of conduct members shall:
• Maintain professional knowledge and competence in order to successfully

undertake their role
• Act with due skill, care and diligence and with proper regard for professional
standards
• Undertake appropriate continuing professional development and record it in an
appropriate manner
• Ensure that clients, employers and others who may be affected by their activities
are not misled or ill-informed with regard to their level of competence and
capability to successfully discharge their responsibilities
• Seek appropriate support whenever they are aware that their level of competency
(knowledge, skills, behaviors and experience) might be lacking with respect to the
responsibilities they are assigned
• Accept responsibility and accountability for their own professional actions and
decisions
• Always act in a way which supports and upholds the reputation of the Quality
profession
• Work to ensure that the credibility and reputation of the CQI and all of its
stakeholders is protected
• Be mindful of the distinction between acting in a personal and in a professional
capacity
• When managing a team, ensure that those working for them have the appropriate
level of competence, supervision and support
• Co-operate fully with the Institute in assuring the effective implementation of this
Code of Conduct (including investigation and resolution of any alleged or actual
breaches)
Ethical Standards and Integrity
In recognizing the values and requirements of this code of conduct members shall:
• Seek to establish, maintain and develop business relationships based on

confidence, trust and respect
FROF

Page: 111 of 135
• Always act honestly in all matters relating to the Institute

• Demonstrate sensitivity for the customs, working practices, culture and personal
beliefs of others
• Safeguard all confidential, commercially-sensitive and personal data acquired as
a result of business relationships and not use it for personal advantage or for the
benefit or detriment of third parties
• Comply with prevailing laws
• Advise the CQI Executive in writing whenever there is a suspicion that this code
of conduct has been breached
• Be mindful of their responsibilities as professional people towards the wider
community
• Ensure potential or known conflicts of interest are declared at the earliest
opportunity to ensure professional judgement is not compromised or perceived to
be compromised.
Processes for Enforcement of this Code
All members, by virtue of their association with the Institute, have agreed to abide by
the following enforcement processes.
1. CQI0070 details the Misconduct Handling process for:
• Reporting breaches of misconduct to the CQI

• Undertaking a Preliminary Investigation
• Conducting a Disciplinary Hearing
• Establish and acting on the Board’s decision
• Grounds for appeal
2. CQI0058 details the Disciplinary Appeals process for:
• Submitting an appeal to the Advisory Council

• Preliminary review of the appeal
• Convening an appeal panel
• Reviewing the appeal submission
• Holding an appeal hearing
• Making an appeal recommendation to the Advisory Council
• Communicating the outcomes of the Appeal Panel (Preliminary
Recommendation)
• Council review of recommendation
• Appeal decision announced and actioned.
FROF

Page: 112 of 135
1340 – 1400
Training Program and Tutor/Assistant Tutor Evaluation
Preparation for the examination 1400 – 1630
AUDITOR/LEAD AUDITOR EXAMINATION

1630 – 1700
Final discussion and course review
END OF COURSE
FROF

Page: 113 of 135
FROF

Page: 114 of 135
FROF

Page: 115 of 135
EXERCISES BRIEF
FROF

Page: 116 of 135
Student Instruction For Group Works
This course involves activities such as group/team works and role play. Students are
formed into suitably sized work teams in various course exercises and role play activities.
Course exercises and role play activities are done by group. Each group choses their
Audit team leader. Under the tutor’s guidance, each member of the team plays an
importance and equal roles. They are expected to contribute and cooperate. All are given
chance to become Audit team leader. These team groupings must be effectively
assembled with student’s initiative to facilitate good performance. The Tutor will grade the
performance accordingly.
The results of the exercises and role play activities are presented in the class at the end
of the time allotted for it. The Audit team leader can make an arrangement on the
presentation of the results of their activity and the documents they produced (if
necessary).
FROF

Page: 117 of 135
CASE STUDY COMPANY
URISE was established in 2007 in Dubai. The initial concept and core company business
activity was as a twenty-four hour, seven day a week waste logistics service provider,
supporting both waste collection agencies and local councils…
Our URISE operation philosophy ensures that we maximise production capacity and
reintroduce to the supply chain everything that is produced. We control the quality of
feedstock which results in quality material being produced, minimising residue whilst
maximising recovery of recyclables.
The URISE is an essential stage in the recycling process. In addition to sorting the
materials into their respective grades we remove materials which are considered to be
contaminates, thereby eliminating any problems that they cause at the URISE or later in
the recycling process at the destination factories.
URISE is registered with The Environment Agency as a licensed waste handler.

URISE adopts and complies with the Regulation EN 11.0 – Waste Management of UAE
(Dubai).
The design and implementation of the URISE quality management system has been
influenced by URISE particular business environment and risks associated with that
environment. In addition, the system has been structured to support the varying needs of
the business, its particular objectives, the services it provides, the processes it employs
and its size and organisational structure.
The implementation of the requirements of the ISO 9001:2015 international standard have
been used to meet customer and statutory and regulatory requirements applicable to
products and services. The implementation and interaction of the system processes are
managed to produce the desired process outcome.
In relation to the International Standard and URISEs implementation of ISO 9001:2008 the
term “product” applies to the product intended for, or required by, a customer or the
product realization processes. This applies to any intended output resulting from a product
realization processes, including purchasing.
Where appropriate, statutory and regulatory requirements are also expressed as legal
requirements.
FROF

Page: 118 of 135
URISE RECYCLING FACILITIES
MANAGING DIRECTOR
ADMINISTRATION HUMAN RESOURCE QUALITY OPERATIONS

MANAGER MANAGER MANAGER/ MANAGER RESEARCH AND
MANAGEMENT DEVELOPMENT
REPRESENTATIVE MANAGER
Accounting/ Sales/ HR Assistant Laboratory TECHNICAL

HSE OFFICER Researcher
Finance Marketing Manager MANAGER
Manager Manager
Accounting Account Laboratory PLANT

Executive Technician MANAGER
Sales Warehouse Maintenance

Purchasing personnel Plant Supervisor
Manager Supervisor Supervisor
Purchaser
Labor
ORGANIZATIONAL CHART
URISE RECYCLING FACILITIES
FROF

Page: 119 of 135
STUDENT EXERCISE BRIEF
Your Tutor(s) will require you to work together in groups or individually to prepare for and ultimately
undertake an audit of a case study company. The full details of this will be explained at the appropriate
time by the course tutors; however it will basically involve the following:
1. Understanding Quality Management & ISO 9001 Standards - E1D1S3

2. Understanding Quality Management System – Continuous Assessment Exercise 1
3. PDCA Cycle activities with ISO 9001 clauses – E2D1S4
4. Maintained and Retained Documented Information search. – E3D1S4
5. The Quality Management System Process - Continuous Assessment Exercise 2
6. identifying audit type. E4D1S5
7. Accreditation/Certification identification – E5D2S5
8. Determine audit objective, scope and criteria - E6D2S6
9. Document Review – CA3
10. Audit Plan Preparation – CA4
11. People in the Audit – CA5
12. Audit Duration Exercise – E7D3S8
13. On-site Audit Activities – E8D3S8
14. Preparation of Sampling Plan – E9D3S8
15. Writing Audit Checklist – CA6
16. Perform Audit trail – E10D3S8
17. Preparation of Opening Meeting – E11D3S8
18. Opening Meeting – CA7
19. Perform Audit Interviews – E12D4S9
20. Performing the Audit – CA8
• Stage 2 – Role Play Exercise
21. Writing Nonconformities –E13D4S11
22. Writing Non Conformity Report – CA9
23. Closing meeting exercise – E14D4S11
24. Identification of Nonconformities, Potential Risk and Opportunities for Improvement –
E15D5S12
25. Determine the Root Cause and Corrective Action – E16D5S12
26. Writing Audit Summary – CA10
27. Follow up Audit – CA11
EXERCISES INSTRUCTION:
1. Understanding Quality Management System & ISO 9001 Standard.
Tutor will explain what a quality management system is. He will speak about the management
system and the different aspects of the management in the organizations by using the slides. Using
the pre-prepared form in the student notes, each groups of 3-4 people and Tutor will ask the groups
to fill these form as instructed.
Each group will identify the benefits of developing quality management system to the organization
and in subscribing to ISO 9001 standards in their organization. Using the different aspect of
FROF

Page: 120 of 135
management, student will learn the importance of quality management system and the standards’
contribution to the organization. The tutor will ask the students to use the form provided for this
exercise in their notes. Give 5 each.
2. The Quality Management System Process – CA1
The purpose of this exercise is to assess the student’s understanding of the quality management
systems and the standards. Tutor will instruct the students to answer the questions in continuous
assessment exercise 1;
This is one of the continuous assessment exercises and therefore be marked.

This exercise will be for 25 minutes and 5 min discussion.
3. PDCA Cycle activities with ISO 9001 clauses – E2D1S4
You will prepare a list of activities for each elements of the Plan-Do-Check-Act (PDCA) cycle and
state the clause number of the ISO standard for the activities you identify.
The purpose of this exercise is to determine how much you know about the PDCA cycle.
4. Maintained and Retained Documented Information search in the standard – E3D1S4
To prepare you for using the standard and in using the clauses for evidence based audit, tutor will
guide you to perform phrase search. In ISO 9001 standard search and identify the documented
information that is maintained and retained. Identify the corresponding clause of the standard that
requires them.
5. The Quality Management System Process – CA 2
To understand the terms and definitions used in the management system, Tutor will distribute the
terms and definition exercise documentation and will ensure all the groups will work on the selected
terms and their associated definitions. As per Tutor’s instruction the students will answer the
questions on the form provided.

This exercise will be for 25 minutes and 5 min discussion
6. Identifying audit type - E4D1S5
Individual exercise: Using the scenario given by the Tutor, answer the following by identifying what
audit type correspond to the activities given.
7. Accreditation / Certification Identification –E5D2S5
FROF

Page: 121 of 135
In the form provided for establish the connection between accreditation and certification with the
institution and the standard. You will write the standard and the institution for the Accreditation body
on the space provided for. In the other side write the standard and the institution for the Certification
body.
The purpose of this exercise is to explain the difference between accreditation body and certification
body and the institution the accredit and certifies. What are the standards being accredited and
certified.
8. Determine audit objective, scope and criteria - E6D2S6
The Tutor will give 2 scenarios information and the students based on the information given during
the relevant discussion will read, understand and identify what audit objectives, audit scope and
audit criteria appropriate with the information given.
9. Document Review - CA3
The purpose of this exercise is to provide experience in undertaking a "Document "Review". A full
assessment of an organization against the requirements of ISO 9001 requires the assessing
organization to adopt the two stage approach:
Stage 1: A review of the documentary evidence provided by the organization to demonstrate that it
has understood and developed processes designed to implement the requirements of ISO 9001, and
to confirm that the organization is ready to be audited.
Stage 2: An on-site audit to verify that the organization is implementing it's documented system and
effective.
You will be working with the supplied case study manual and the results of the Day 1 discussion
group activities your syndicate team should now undertake a "Document Review" of the case study
organization's Quality Manual, prepare a formal presentation and also complete the Document
Review form in your Continuous Assessment documents as instructed by your tutor(s).
Although this is a team exercise, however, the entries into the Continuous Assessment documents
will be made by the individual delegates and should be identical to the respective group findings.
Your presentation will need to comprise the completed document review form and also address the
following questions:
1. Do the supplied case study manual provides sufficient assurance that:

a. the organization has met the requirements of ISO 9001?
b. the organization has the processes been designed to meet the requirements of ISO
9001, and would be appropriate to progress to Stage2?
2. Are there areas of concern (weakness) that you think should be focus out for in-depth
verification during the Stage 2 audit.

FROF

Page: 122 of 135
10. Audit Plan Preparation – CA4
The purpose of this exercise is for the students understand the importance and function of Audit Plan
in the audit process. The Team Leader will prepare the detailed plan of the activities, purpose,
objectives, time lines who will be the auditor and auditee, activities and areas to be audited at the
time of the audit. This is for both auditee and auditor information what will be done at the time of the
audit. This is to be given to the auditee well in advance for them to prepare for the audit. After the
tutor explains the details of an audit plan, the groups will prepare the audit plan as per the tutors
instructions of the case study company and they will record their plan on to the form supplied.

11. People in the Audit – CA5
The students should know who the people in the audit are and what are their roles and
responsibilities. After the tutor’s explanations, the groups will answer the continuous assessment
exercise as per the instruction of the tutor. Then tutor will ask to the groups to identify the roles,
duties, responsibilities of each of these groups of people in an audit situation. Groups will identify
the responsibilities by choosing from the given form.
This is part of the continuous assessment so the students will write on their continuous assessment
form

12. Audit Duration Exercise – E7D3S8
You will perform audit duration exercise as per the instruction of your tutor.
The tutor will ask you to refer to IAF-MD5 when computing for mandays. With the scenario given by
your tutor determine the audit duration in mandays using the Annex A–QUALITY MANAGEMENT
SYSTEMS Table QMS 1 – Quality Management Systems
Relationship between Effective Number of Personnel and Audit Time of IAF - MD 5.
13. On-site Audit Activities – E8D3S8
The student will be tasked to give the on-site activities during Certification Audit, Surveillance Audit
and Recertification Audit. The student would understand the commonalities of different audits as well
as their differences based on the on-site activities. Answers will be written on the flichart and the
cosen leader will discuss.
FROF

Page: 123 of 135
14. Preparation of Sampling Plan – E9D3S8
The students will be tasked in groups to prepare sampling plan for a given audit situation the tutor
will give. The group should write their answers on the flipchart and the chosen leader will discuss
their output.
15. Writing Audit Checklist – CA6
It is now time for you to think about all the questions you wish to ask and things you would like to
examine (audit sample) at the time of audit.
You should work with your plan of action and your questions you need to verify and think about what
questions you need to ask, the documents, records, tools, materials that you need to examine
(together with sample sizes) in order to get the necessary information to answer your questions.
These check lists are for your use and benefit during the audit, so that you know exactly what to look
at and look for and what questions to ask.

16. Perform Audit trail – E10D3S8
The students in groups are tasked by the Tutor to perform audit trail based on the processes
assigned to them. They will ask the relevant questions and they should give the corresponding
standard clauses. The leader in behalf of the group will reach an outcome of the performed audit
trail. The answers will be written on the flipchart and the leader will explain their answers.
17. Preparation of Opening Meeting – E11D3S8
Using the Audit Plan you prepared prepare the agenda of the opening meeting your Tutor will ask
you to be used in the opening meeting of the audit you are going to perform. You have to write all the
information you want to discuss in the meeting. The audit is certification and you must clear all the
questions the auditee may raise.
18. Opening Meeting Exercise –CA7is
Under the guidance of your course tutor(s) prepare to conduct an Opening Meeting with the case
study company management team. You will need to use the previously prepared schedule at the
meeting and should request the tutor(s) to take some copies for you, one of which should be given to
the tutor for use by the management team. Please allow each team member to provide a brief input
at a suitable time in the meeting to explain what areas they will be auditing.
The Team Leader will need to chair the meeting and work to a prepared agenda following the format
given in the course notes. The groups will perform the opening meeting in front of the other groups
acting as the auditee one at a time allotted by the tutor. The tutor will rate the performance of the
students during the opening meeting and marked.
FROF

Page: 124 of 135
This is one of the continuous assessment exercises and therefore be marked. 70 mins
19. Perform Audit Interviews – E12D4S9
The students will be tasked individually to prepare questions against given process and use the
prepared questions to ask the Tutor in an interview. The students should give the reasons of asking
the questions and what will be the next plan of action. The students should develop a plan in mind
what is achieved of the line of questioning.
The processes are:

1. Management Responsibility
2. Resource Management
3. Product Realization
4. Monitoring, Analysis and Improvement
20. Performing the Audit – CA8
Stage 2 – Role Play exercise
Your tutor will explain what needs to be done at each stage, if you are in any way confused please
do not hesitate to ask for clarification.
During the simulated assessment (role play) you will work as a team, with each member of the
group conducting his/her own part of the audit in turn.
You decide for yourselves the best approach to this, however it is important that each team member
has an opportunity to ask questions of the auditees and control their part of the audit, and also to
follow trails if felt to be relevant to the overall objectives and scope of the assessment.
You may find it easier to work in pairs so that one auditor can take good notes whilst the other is
conducting the audit, however the team should all carefully listen to each interview and discuss /
exchange information when the opportunities for team meetings arise.
You will need to take good notes but are not required to fill out Nonconformity reports at the time of
audit. Your tutor will explain how the audit role play will be undertaken.
The students will perform simulated audit using the scenarios the Tutor will provide to address the
following:
• determination of customer, statutory and regulatory requirements

• auditee’s quality policy,.
• Quality objectives
• Responsibilities and authorities
• Resource requirements
• product realization
• monitoring and measurement requirements
• Control of any outsourced processes
• Corrective and preventive actions.
• product realization processes
• monitoring and measuring quality
• Management Review
FROF

Page: 125 of 135
• management commitment
During the audit you may ask to speak to any person at the company, but do not jump from person
to person in too rapid succession, and you are not required to go through the protocol of formal
introductions as there is simply insufficient time for this.
You may ask to see any document, material, component or product. If you ask the right questions of
the right people you will obtain hard copy audit evidence - please do not write on this or mark it in
any way.
Sometimes you may ask to see evidence that does not exist for role play purposes, in these
situations your tutors will 'show' you whatever you wish to see in role play but will immediately ask
you (out of role play) what evidence you are looking for. Just tell them what objective evidence you
are seeking and they will tell you honestly if it is there or not.
You will need to use some imagination to gain the most from the role play exercise, however in
some cases you will be shown actual documentation which you will then need to study carefully
before handing back to the tutors.
This exercise will take 90 min and 5 min discussion.
21. Writing Nonconformities – E13D4S11
The students, individually will evaluate scenarios given by the Tutor and will determine the evidence
of nonconformity and the relevant standard clause why it is a nonconformity. The student will then
write the statement of nonconformity, the objective evidence of the non conformity and the clause
why it is nonconformity.
22. Writing Non Conformity Report – CA9
The team will write one nonconformity statement for every team member (working together), using
the facts found at the time of the simulated audit and contained in your auditor's notes. The team
leader will present the summary statement and the nonconformities are to be presented by each
member of the team in turn (including the team leader) to the class using flip chart sheets, and each
team member should be prepared to logically reason and explain their nonconformity statement.
Other class members will constructively critique each nonconformity statement. The purpose of this
exercise is to ensure that delegates understand how to write nonconformity statements that clearly
communicate "What" (objective evidence) the auditor has found, and "Why" (clause of the
requirement) it is a nonconformity.

This exercise will take 25 min and 5 min discussion
23. Closing Meeting Exercise – E14D4S11
You will work in groups and perform closing meeting exercise as instructed by your tutor. Referring
to ISO 19011 clauses 6.4.9 prepare and perform closing meeting in front of the auditee team.
This exercise will take 60 min and 10 minutes discussion

FROF

Page: 126 of 135
24. Identification of Nonconformities, Potential Risk and Opportunities for Improvement –

E15D5S12
The tutor will give scenario company activities to the groups of student for them to identify
nonconformities, potential risks and opportunities for improvement. The group will write the answers
on the flipchart and the chosen leader will explain their answers to the class.
They should report the following:
1. Nonconformity
2. Potential Risk
3. Opportunities of Improvement.
25. Determine the Root Cause and Corrective Action – E16D5S12
From the scenarios given by the Tutor for the student to determine the nonconformities, the student
will be tasked to determine the root cause of the non conformities. Each student should give the
right corrective actions based on the determined root cause.
26. Writing Audit Summary – CA10
The team should prepare a Summary Statement that summarizes the outcome of the audit and
would normally be presented at a Closing Meeting, and be included in a final report. (For Third
Party Certification audits this Summary Statement would also make it clear if a "Recommendation
for Certification" would be made by the Team Leader to the certification company)
You must remember that the assessment that has just been completed has been carried out in
accordance with the schedule presented at the Opening Meeting, and that the only nonconformities
found are in the areas given to you as the limited role play sample.
Your Summary Statement should reflect this situation. (You have found no nonconformities
throughout the company other than those found in the simulated audit) You should work from the
collective notes taken by your group at the time of audit to provide the group with the total number
of nonconformities that you think you have found.
This is part of the continuous assessment so the students will write on their continuous assessment
form

27. Follow up Audit – CA11
After the audit is closed and there is nonconformity, the nonconformity must be closed out by
verifying that the corrective action was implemented and effective.
You are asked to close out the previous nonconformity. Using the scenario given by the tutor, write
the action you would take to close out the given nonconformity.
This is part of the continuous assessment so the students will write on their continuous
assessment form. 25 minutes and 5 min discussion.
END OF COURSE
FROF

Page: 127 of 135
APPENDIX 1:
Accreditation Body Members

A2LA: American Association for Laboratory Accreditation
AA: Akkreditierung Austria (Accreditation Austria)
ACCREDIA: Italian Accreditation Body
ANAB: American National Standards Institute - American Society for Quality National Accreditation Board LLC
ANSI: American National Standards Institute
ATS: Accreditation Body of Serbia (ATS)
BoA: Bureau of Accreditation (Vietnam)
BELAC: Belgian Accreditation Structure
CAI: Czech Accreditation Institute (Český institut pro akreditaci, o.p.s.)
CGCRE: General Coordination for Accreditation (Brazil)
CNAS: China National Accreditation Service for Conformity Assessment
COFRAC: Comite Francais d'Accreditation (France)
DA: Directorate of Accreditation (Albania)
DAC: Dubai Accreditation Center (United Arab Emirates)
DANAK: Danish Accreditation
DAK: Kosovo Accreditation Directorate (under the UNSC Resolution 1244/1999)
DAkkS: German Accreditation
DSM: Department of Standards Malaysia
ECA: Costa Rican Accreditation Entity
EMA: Mexican Accreditation Entity, (Entidad Mexicana de Acreditacion)
ENAC: Entidad Nacional de Acreditacion (Spain)
EGAC: Egyptian Accreditation Council
ESYD: Hellenic Accreditation System S.A. (Greece)

FROF

Page: 128 of 135
FINAS: Finnish Accreditation Service
GAC: Gulf Cooperation Council Accreditation Center
HKAS: Hong Kong Accreditation Service
IAJapan: International Accreditation Japan
IAS: International Accreditation Service (USA)
INAB: Irish National Accreditation Board
INDECOPI: National Institute for the Defense of Competition and Protection of Intellectual Property (Peru)
INN: Instituto Nacional de Normalizacion (Chile)
IPAC: Portuguese Institute for Accreditation
JAB: Japan Accreditation Board
JAS-ANZ: Joint Accreditation System of Australia and New Zealand
JASC: Japan Accreditation System for Product Certification Bodies of JIS Mark
JIPDEC: Information Management Systems Promotion Center Japan
KAB: Korea Accreditation Board
KAN: Accreditiation Body of Indonesia (Komite Akreditasi Nasional)
KAS: Korea Accreditation System
KENAS: Kenya Accreditation Service
MAURITAS: Mauritias Accreditation Service
NA: Norwegian Accreditation
NABCB: National Accreditation Board for Certification Bodies (India)
NACI: National Accreditation Center of Iran
NAT: Hungarian Accreditation Board
NCA: National Center of Accreditation (Kazakhstan)
NSC: National Standardization Council of Thailand
OAA: Organismo Argentino de Acreditacion (Argentina)

FROF

Page: 129 of 135
OLAS: Luxembourg Office of Accreditation
ONAC: Colombia National Accreditation Body
OUA: Organismo Uruguayo de Acreditacion
PAB: Philippine Accreditation Bureau
PCA: Polish Centre for Accreditation
PNAC: Pakistan National Accreditation Council
RENAR: Romanian Accreditation Association (Asociatia de Acreditare din Romania)
RvA: Dutch Accreditation Council (Raad Voor Accreditatie)
SA: Slovenska Akreditacija (Slovenia)
SAC: Singapore Accreditation Council
SAE: Ecuadorian Accreditation Service (Servicio de Acreditación Ecuatoriano)
SANAS: South African National Accreditation System
SAS: State Secretariat for Economic Affairs (SECO), Swiss Accreditation Service
SCC: Standards Council of Canada
SLAB: Sri Lanka Accreditation Board for Conformity Assessment
SNAS: Slovak National Accreditation Service (Slovakia)
STC-IS: Scientific Technical Centre on Industrial Safety (Russian Federation)
SWEDAC: Swedish Board for Accreditation and Conformity Assessment
TAF: Taiwan Accreditation Foundation (Chinese Taipei)
TUNAC: Tunisian Accreditation Council (Conseil National d'Accreditation, CNA)
TURKAK: Turkish Accreditation Agency
UKAS: United Kingdom Accreditation Service
CERTIFICATION BODIES:
FROF

Page: 130 of 135
QMS ISO 9001, OH&S BS OSHAS 18001 (ISO 45001), QMS NSF International for North
AS9100, QMS TS 16949, QMS MDD ISO 13485, QMS America only based ISO/IEC
Pharmaceutical, cGMP Pharmaceuticals, GLP, OTC Pharmaceutical 17021, ISO/TS 22003 also operating
cGMP, EUA (Emergency Use Authorization), EMS ISO 14001, certification body within the USA and
FSMS ISO 22000 and variants including FSMS HACCP-9000® regions of Asia Pacific only
TÜV SÜD [ISO/IEC 17021,

QMS ISO 9001, EMS ISO 14001, EMAS 761, ISMS ISO/IEC
ISO/TS 22003, ISO/IEC 27006,
20000, QMS MDD ISO 13485, "CE" Mark services, QMS TS
16949, QMS AS9100, inquire on FSMS ISO 22000, QC 080000, certification body] within the USA,
NB Canada, Asia, Japan, and European
Community only
QMS ISO 9001, QMS MDD ISO 13485 based QSR 21 CFR 820, BRS [(ISO/IEC 17021, ISO/IEC
QHCS - Quality HealthCare, QMS Pharma, EMS ISO 14001, 17020, ISO/TS 22003, ISO/IEC
FSMS ISO 22000,ISO 29990, HACCP MS, and HACCP HARPC 27006, ISO/IEC 17065) North
MS, OSHMS® (BS OHSAS 18001, 29 CFR 1910, 1926, ISO 45001, America, South America, European
ISMS ISO/IEC 27001, ISO 29990, Social Accountability (SR&A), Community, Euro Asia, North Africa &
Inspection and assess IAW Federal CFR, and EnMS 50001 Middle East, and Asia Pacific only
QMI* [(ISO/IEC 17021, ISO/TS

QMS ISO 9001, TL-9000, EMS ISO 14001, inquire on ISO 9000-3, 22003, ISO/IEC 27006) Canada,
Tick-IT / ITQS ISO/IEC 20000, and ISMS ISO/IEC 27001, QMS USA and Colombia only
TS 16949, and QMS MDD ISO 13485 - CMDCAS, and Canadian
Regulations Note 1: Acquired by services group SAI Global.
Note 2: Please report any certification issues with
consulting.
FROF

Page: 131 of 135
QMS ISO 9001, FSMS ISO 22000, EMS ISO 14001, EMAS DNV (Dert Norske
761/2001, SA 8000, NB "CE" Mark services, QMS MDD ISO Veritas) [(ISO/IEC 17021,
13485, QMS TS 16949, FSMS HACCP, OH&S BS OHSAS 18001 ISO/IEC 17020, ISO/TS 22003,
/ OSHMS, (inquire information ISO 27001), QMS TL 9000, QMS ISO/IEC 27006) Europe, North &
AS9100, QC 080000, inquire on ISMS ISO/IEC 27001 South America, Asia, Middle-East only
LLOYD's Register Quality

QMS ISO 9001, FSMS ISO 22000, EMS ISO 14001, EMAS, QMS Assurance Limited [(ISO/IEC
AS9100, QMS TS 16949, QMS TL 9000, FSMS HACCP, OSHMS 17021, ISO/IEC 17020, ISO/TS
based BS OHSAS 18001, QMS MDD ISO 13485, FSMS ISO 22003, ISO/IEC 27006, ISO/IEC
22000 and variants, QC 080000, "CE" Mark Services NB 17065)] North America and European
Community only
NSAI* , National Standard

Authority of Ireland for
QMS ISO 9001, ITQMS, EMS ISO 14001, QMS MDD ISO 13485, European Community and North
"CE" Mark services, QMS TL 9000, EMAS, inquire information America only [(ISO/IEC 17021,
ISMS ISO/IEC 27001 and OH&S BS OHSAS 18001 ISO/IEC 17020, ISO/TS 22003] North
America and Ireland only
Note: Please report any certification issues with consulting.
Certification Europe for the

QMS ISO 9001 and TS 16949, EMS ISO 14001, EN 16001, OH&S
Euro Zone
BS OHSAS 18001, QMS SW ISO 2000, BS 25999, ISMS ISO/IEC
27001, BS 8901, Tick-IT, EnMS ISO 50001 Community only [ISO/IEC 17021,
ISO/IEC 27006]
NQA* [(ISO/IEC 17021,

ISO/IEC 17020, ISO/TS 22003,
QMS ISO 9001, QMS TL 9000, QMS TS 16949, QMS AS9100, ISO/IEC 27006)] United Kingdom
Tick-IT, QMS AS9100 and North America only
FROF

Page: 132 of 135
Nimbus [(ISO/IEC 17021,

QMS ISO 9001, EMS ISO 14001, FSMS ISO 22000 and associated ISO/IEC 17020, ISO/TS 22003,
variants, OH&S BS OHSAS 18001, QMS MDD ISO 13485, ISMS ISO/IEC 27006)] Certifications for
ISO/IEC 27001, CE, QMS ISO/IEC 20000 North America, PRC, Singapore and
Bangladesh only
DQS [(ISO/IEC 17021, ISO/IEC

17020, ISO/TS 22003, ISO/IEC
QMS ISO 9001, QMS TS 16949, QC 080000, NB for CE Marking
27006)]Europe, North America, Asia
only
HSB Registrar Services

[ISO/IEC 17021] North
QMS ISO 9001, QMS QS 9000, QMS AS9000 and ASME
Inspections America, Asia Pacific and Colombia
only - specialty for the metal and
heavy industry (steel related) sector
BSi* British Standard

Institution Quality
QMS ISO 9001 and TS 16949, EMS ISO 14001 and EMAS
761/2001, OH&S / BS OHSAS 18001, Tick-IT, QMS ISO/IEC Assurance [(ISO/IEC 17021, ISO/IEC
20000, QMS MDD ISO 13485 and CMDCAS, NB, FSMS ISO 17020, ISO/TS 22003, ISO/IEC
22000 and associated variants, "CE" Mark Services, QMS TL 9000, 27006)] Europe and North America
ISMS ISO/IEC 27001 only
QSR , [ISO/IEC 17021] Quality

QMS ISO 9001 Systems Registrar for United
States of America only
AFNOR - French Association for

Quality Assurance [(ISO/IEC
QMS ISO 9001, EMS ISO 14001 and EMAS 761/2001, FSMS ISO
22000, "CE" Mark, QMS TS 16949 17021, ISO/IEC 17020, ISO/TS
22003, ISO/IEC 27006)] for European
Community only
FROF

Page: 133 of 135
ITS -
QMS AS9100, TS 16949 and TL 9000, "CE" Marking, QMS MDD Intertek Services [(ISO/IEC
ISO 13485 with CMDCAS, NB for CE Mark, and OH&S BS 17021, ISO/IEC 17020, ISO/TS
OHSAS 18001, ISMS ISO/IEC 27001, QMS ISO/IEC 20000 22003, ISO/IEC 27006)] for European
Community and North America only
BVC* [(ISO/IEC 17021, ISO/IEC

17020, ISO/TS 22003, ISO/IEC
27006)] Only the European
QMS ISO 9001, EMS ISO 14001, EMAS 761/2001, QMS AS9100, Community, also see CESMEC below,
QMS TS 16949, SA 8000, OH&S BS OHSAS 18001, ISMS which is BVC acquired business unit,
ISO/IEC 27001, QMS ISO/IEC 20000, QMS TL 9000, FSMS ISO
UK only
22000 and variants, QC 080000
Note: Please report any certification issues with consulting-
training. Current litigation issues in South America, once
allegations and accusations are processed by a court we will
review the status of BVQI.
AWM , Advanced Waste

Management Systems, Inc.
EMS ISO 14001 [ISO/IEC 17021] North America, Latin
America and European Community
only
SQS , Swiss Association for

Quality Management [(ISO/IEC
17021, ISO/IEC 17020, ISO/TS
QMS ISO 9001 and EMS ISO 14001
22003, ISO/IEC 27006)] North
America, Middle-East and European
Community only
SIRIM QAS*, [(ISO/IEC

17021, ISO/IEC 17020, ISO/TS
QMS ISO 9001, EMS ISO 14001, QMS MDD ISO 13485, FSMS 22003, ISO/IEC 27006)] Asia-Pacific
HACCP-9000® and regions of Asia, ASEAN countries
only
CESMEC* , Chile and

"MercoSur" (regions of South
America) only; Acquired by BVQI, see
QMS ISO 9001 and EMS ISO 14001 prior in this listing of BVQI
Note: Please report any certification issues with consulting,

whether BVQI or CESMEC.
FROF

Page: 134 of 135
SGS* - [(ISO/IEC 17021,

ISO/IEC 17020, ISO/TS 22003,
QMS ISO 9001, QMS AS9100, EMS ISO 14001, EMAS, "CE" ISO/IEC 27006)] European
Marking services, OH&S BS OHSAS 18001, QMS TS 16949, QMS Community, USA, Canada and limited
MDD ISO 13485, QMS TL 9000 ISMS ISO/IEC 27001) regions of Latin America only.
IAPMO - plumbing and relating

QMS ISO 9001, OH&S BS OHSAS 18001, inquire on business sector [ISO/IEC
other management systems 17021] USA, Canada, European
Community and Asia Pacific only
Platinum - quality
QMS ISO 9001 and inquire on other management
management sector [ISO/IEC
systems
17021] USA, Canada, Mexico only
LNE/G-MED America* -
regulatory requirements and
QMS ISO 9001, QMS MDD ISO 13485, ISO 15378 and management sector based ISO/IEC
EMS ISO 14001, and "CE" Marking services, NB 17021 USA, Canada and European
Community only
UL LLC - regulatory
requirements and management
QMS MDD ISO 13485, (QMS ISO 9001), CMDCAS, NB
sector based ISO/IEC 17021 for the
for CE Marking based Europe office
Medical Devices Community, European
Community only
Qualitivity is the North

America Representative based
QMS ISO 9001, QMS MDD ISO 13485, EMS ISO
in USA operations of Transpacific
14001, FSMS ISO 22000, ISMS ISO/IEC 27001, BS
Certifications Ltd - regulatory
OHSAS 18001
requirements and management sector
based ISO/IEC 170
FROF

Student Course Notes QMS 2015

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Student Course Notes QMS 2015

Uploaded by

Copyright:

Available Formats

STUDENT COURSE NOTES

ISO 9001 L.A.C. TRAINING COURSE

STUDENT COURSE NOTES Rev No.: 02

AUDITOR/LEAD AUDITOR TRAINING COURSE

Prepared by : Approved by:

Engr. MELCHOR E. FORMACIL Engr. MUHAMMAD AMIN ZAMMAN

DATE: 15.11.2015 DATE: 15.11.2015

STUDENT COURSE NOTES Rev No.: 02

1.0 Revision History

Rev Rev. Date Summary of Changes Page Prepared Approved by:

STUDENT COURSE NOTES Rev No.: 02

STUDENT COURSE NOTES Rev No.: 02

STUDENT COURSE NOTES Rev No.: 02

• The fundamental concepts and the seven quality management principles:

• The relationship between quality management and customer satisfaction.

STUDENT COURSE NOTES Rev No.: 02

Course Learning Objectives & Student Evaluation

By the end of the course Students should be able to:

• Describe the purpose of a quality management system, of quality management systems

Student Evaluation Process

IRCA certificated examination:

The Examination Proctor is responsible for ensuring;

STUDENT COURSE NOTES Rev No.: 02

To achieve a passing mark for this course the student needs;

Student’s responsibilities are:

• this document and all other information are kept confidential.

STUDENT COURSE NOTES Rev No.: 02

Students receive at the end of the course;

STUDENT COURSE NOTES Rev No.: 02

This is applied for the whole duration of 5 days.

The course is formatted as follows;

• The first day starts with introduction of participants and tutor/s.

STUDENT COURSE NOTES Rev No.: 02

At the beginning of the course, students are provided with

a) Experience new ideas and skills.

• a variety of learning methods to suit the range of learning styles .

The course includes;

Day 1 - Understanding of Quality Management System Process

STUDENT COURSE NOTES Rev No.: 02

Day 1 - Understanding of ISO 9001 and related issues

08.30 Introduction: Tutor/Students / Course Content / IRCA Certification

09.00 Pre-course Assignment / IRCA Learning Objectives

09.30 Prior Knowledge

10.10 Understanding Quality Management Systems

10.50 Group activity: QMS/Standard Purpose & Benefits – E1D1S3

11.10 Discussion & Feedback

11.15 Continuous Assessment: Understanding QMS – CA1

12.10 Discussion and Feedback

13.00 ISO 9001 PDCA

13.30 Group work: PDCA Cycle Activity – E2D1S4

13.50 Discussion and feedback

13.55 Quality Management System Process

14.35 Maintained and Retained Documented Information

15.25 Discussion and Feedback

15.30 Continuous Assessment: Quality Management System Process – CA2

16.25 Discussion and Feedback

STUDENT COURSE NOTES Rev No.: 02

16.30 Consolidation of the learning objective in day 1

17.00 End of day 1

Day 2 - Understanding ISO 9001 Requirements for assessment / audit process

08.30 Audit type

08.45 Individual exercise: Identifying audit type – E4D2S5

09.10 Discussion and feedback