INTERNAL AUDIT

Auditing Technique

SAFER, SMARTER, GREENER

TERMINOLOGIES & CONCEPTS
AUDIT
“

A systematic and independent and

documented process for obtaining
evidence and evaluating it
objectively to determine the extent
to which audit criteria are fulfilled”
TERMINOLOGIES & CONCEPTS

Audit Criteria
“Set of policies, procedures or
requirements used as reference”

Audit Evidence
“Records, statements of facts or
other information which are relevant
to audit criteria and verifiable”
TERMINOLOGIES & CONCEPTS

Audit Findings

“Results of the evaluation of the

collected audit evidence and audit
criteria, it can be either a conformity
or a non-conformity or an opportunity
of improvement”

Auditor
“Person with the competence to conduct an
audit”
TERMINOLOGIES & CONCEPTS

 FIRST PARTY AUDIT

 Undertaken by a company on its

own quality system - to seek
compliance and improvement.
 Known as the INTERNAL AUDIT.
 TERMINOLOGIES & CONCEPTS
 SECOND PARTY AUDIT

 These audits are conducted by parties having an interest in

the organization such as customers, or by other person on
their behalf.

 Known as the VENDOR AUDIT, or SUPPLIER ASSESSMENT.

 TERMINOLOGIES & CONCEPTS
 THIRD PARTY AUDIT

 Third party audits are conducted by external independent

organizations, such as a certification audit for ISO9001.
 Known as the assessment audit.
WHY INTERNAL AUDIT

 To identify the opportunity for

improvement
 To demonstrate the
compliance to customer or
third party
 To get the quality system
registered through a third
party
 On customer requirements
WHY INTERNAL AUDIT
 To meet regulatory / statutory requirement (For
product certification)
 To verify the effectiveness of corrective actions
taken on the non-conformities of earlier audit
 To assess the effect of organizational process
or product changes
 To investigate the actual / potential cause of
non-conformities
 WHEN AN INTERNAL AUDIT

 At defined intervals
 Provide assurance to customer
 Major changes in the organization
 Addition of new product lines
 Major expansion
 Major changes in the quality system
 On management direction
 Increased customer complaints / returns
 Companies decision to register its system
 HOW AN INTERNAL AUDIT

 Audit Planning
 Audit Execution
 Audit Reporting
 Corrective Actions
 Follow-up Audit
 AUDIT PLANNING

 AUDIT SCOPE: Defines the activities to be covered

 AUDITOR: The personnel responsible for conducting
audit
 AUDITEE: The personnel responsible for area / activity
to be audited
 SCHEDULE: Date(s) and Timings
 AUDIT PLANNING

 COMMUNICATION: About schedule to auditor & auditee and

other personnel
 PREPARATION OF CHECKSHEETS: Considering the standard,
established procedures and customer requirements. Scope
is considered as a basic document
 AUDIT PLANNING

 FAMILIRISING WITH THE SYSTEM: Through study of documents, previous audit

report, other product and process information
 AUDIT PLANNING

AUDIT TEAM REQUIREMENTS

 Audit team should include experience as:
– Team leader
– Systems auditor
– Technical specialist
– If not resourced internally then externally
 AUDIT PLANNING

AUDIT TEAM REQUIREMENTS CONTD..

 Audit team preferably to have 2 persons: Auditor and Second Man

– Second Man
– looking while the auditor is questioning
– listening and taking notes
– helping share load
– corroborating findings
– helping draft NCs
– assists reporting
 AUDIT PLANNING

PRE AUDIT PLANNING: CHECKLISTS

 ADVANTAGES  DISADVANTAGES
 useful guide to the audit  preparation time needed
process
 blinkered view
 records evidence
 record of audit  somewhat cumbersome
 part of report
 good help for beginners
 Requirements will be
researched
 Helps pace the audit
 Acts as a prompt
Checklists are advised they are not mandatory
They are an auditor’s Friend
 CONDUCTING AN AUDIT

STEP 1 : Decide Auditing Approach

STEP 2 : Conduct Interviews

STEP 3 : Verify Compliance

STEP 4 : Collect Objective Evidences

STEP 5 : Summarise the auditee.

 APPROACH : Process Auditing

 Process:
– An activity using resources and managed in order to
enable the transformation of inputs into outputs can be
considered as a process.
 Process Approach:
– The application of a system of processes within the
organization, together with the identification and
interactions of the these processes and their
management , is referred to as the process approach.
 Process Auditing

 How do we start?
 What to Look for?
 What is Process Auditing?
 How to look for links?
 How do you verify that all processes are identified?
 Do’s & Don’t
 Do’s – What should we look for?
A. Identify the Process Owner.
B. Get the current Metric / data for the process.
C. Identify the outputs defined. Look for records.
D. Audit the process steps or tasks and verify the inputs
and outputs.
E. USE THE TURTLE.

 Don’t - What should we not look for?

A. Procedures. ( They may have procedures)
B. Audit by the section or sub-section of TS. The old
approach.
C. Take a control plan and just audit to the control plan.
D. Just look at the tasks and not the metrics or
measurements.
 Most common issues

1. Only product flow is mapped or identified for an organization.

• Possible issues – Some support processes may be missing i.e. Training, HR; Management
processes are missing – Audits, Document Control etc.
2. No process data or metrics are available.
• Process measurement is not addressed or understood. It is new and in the process of being
implemented. Not talking to the process owner?
3. Effectiveness and Efficiency is not addressed.
• Definition is not understood. Output is not measured.
4. Process interaction is based on product flow.
• Interactions between processes is not understood. Support processes are not identified or
links not identified.
5. Cannot identify the owner of process.
• Process approach is not understood. Turtle approach was not used as a tool. Process
identified is complex and several sub-processes are part of the process.
 Most Common Issues

 Not identifying Customer Specific Requirements

 Not auditing Customer Specific Requirements
 Auditor not familiar with IATF 16949 Specification
 Auditing is not “process based”
 Knowledge of core tools (APQP, PPAP, FMEA, MSA, SPC)
inadequate
 Most Common Issues

 Wordings of findings
– What is the requirement
– What is the failure to meet the requirement
– Objective evidence of failure to meet the requirement
 Closure of findings
 Most Common Issues

 Current “Hot Button” is ROOT CAUSE ANALYSIS

– Root cause analysis should address a QMS deficiency
– Root cause analysis should not address only the specific finding cited
– Root cause analysis applies to 3rd party audits and internal audits
 CONDUCTING AN AUDIT

INTERVIEWING & QUESTIONING

INTERVIEW

 THE RIGHT PEOPLE

 THOSE RESPONSIBLE

 THOSE DOING
 CONDUCTING AN AUDIT

AUDIT ACTIVITIES & INTERVIEWING

 Explain why asking a particular question
 Ask a question in different ways if not understood
 If auditee becomes ‘stressed’ - take a break!
 Speak to supervisor first
 CONDUCTING AN AUDIT

INTERVIEWING & QUESTIONING

OPEN QUESTION

CLOSER

CLOSEST

RESULTS (CLOSED
QUESTION)
CONDUCTING AN AUDIT

INTERVIEWING & QUESTIONING

 Open Question
 Can you explain us how do you perform contract
review ?
 Closed Question
 Do you know where a copy of the documented
procedure is kept?
 CONDUCTING AN AUDIT

INTERVIEWING & QUESTIONING

 DEVELOPING A QUESTION TECHNIQUE

 ‘Show me!’
 ‘I don’t understand, please explain ....’
 ‘What if ......?’
 ‘Are you saying that ......?’
 Silent approach
 Puzzled look
 ‘Good’ or ‘You have that under
control!’
 CONDUCTING AN AUDIT

INTERVIEWING & QUESTIONING

What? Why?
When?

How? Where? Who?

 CONDUCTING AN AUDIT

VERIFICATION

Examination
of Documents
 CONDUCTING AN AUDIT

 Listening & Using Checklist for verification of Claims made by the auditee.
 Verifying VERIFICATION
– (please show me)
Believe a Confession
Verify a Claim
 Looking
– (try to look at everything and you see nothing)
 CONDUCTING AN AUDIT

 Audit where the action is!

– task observation is a powerful method of verification
VERIFICATION

Observation of
Activities and
Conditions
 CONDUCTING AN AUDIT

COLLECT OBJECTIVE EVIDENCE

 IN GOD WE TRUST

 FROM ALL OTHERS WE REQUIRE

OBJECTIVE EVIDENCE
 CONDUCTING AN AUDIT

COLLECT OBJECTIVE EVIDENCE

 Review requirements vs. records
 Observe practice vs. requirements
 Conduct interviews
to verify awareness
and understanding
 Check how is routine work handled
 Does the system work when something
non routine comes up?
 Are things in control in a crisis?
 CONDUCTING AN AUDIT

SUMMARISING THE AUDITEE

 At the end of each department verbally summarise the audit findings
– this gives a chance for auditee to correct you
– confirms with auditee the findings
 CONDUCTING AN AUDIT

QUALITIES OF GOOD AUDITOR

Good Communicates skills

Good Listener

Keen Observer

Analytical

Open Minded and positive attitude

 CONDUCTING AN AUDIT

QUALITIES OF GOOD AUDITOR

Patient & Impartial

Resilient

Tactful & Diplomatic

Be Objective

Organised and does good time

management.
 CONDUCTING AN AUDIT

POST AUDIT ACTIVITIES

 Audit reporting - distinguish between
– observations
– interpretations
– assessments
– judgements
– opinions
– advice
– recommendations
 CONDUCTING AN AUDIT

REMEMBER
 The thoroughness and integrity of the internal audit might go some way to doing the certifiers
work
 - external auditors can rely on and therefore use in their own audit many of the internal audit
results
Thank you

www.dnvgl.com

The trademarks DNV GL®, DNV®, the Horizon Graphic and Det Norske Veritas®
SAFER, SMARTER, GREENER are the properties of companies in the Det Norske Veritas group. All rights reserved.

42