02 Slides - QMS04101ENGX - v6 (AD05) - Oct2021

CQI and IRCA Certified ISO 9001:2015 Lead Auditor Training Course
Training Academy
D
I-I
Copyright © 2021 BSI. All rights reserved. QMS04101ENGX v6.0(AD05) Oct 2021
BS
5-
(Reminder to delegates)
01
Delegates are expected to have the following prior knowledge:
:2
01
a) Management systems
90
• The Plan, Do, Check, Act (PDCA) cycle
O
• The core elements of a management system and the interrelationship between top
IS
management responsibility, policy, objectives, planning, implementation, measurement,

review and improvement
e
rs
ou
b) Quality management
rC
• The fundamental concepts and the seven quality management principles

• The relationship between quality management and customer satisfaction
to
di
c) ISO 9001
Au
• Knowledge of the requirements of ISO 9001 and the commonly used quality management
ad
terms and definitions

Le
QMS04101ENGX v6.0(AD05) Oct 2021 Copyright © 2021 BSI. All rights reserved. 1
Benefits to you
D
I-I
2
Copyright © 2021 BSI. All rights reserved.
BS
5-
To maintain credibility, organizations need competent auditors. Recognized and valued
01
worldwide, this CQI and IRCA (Chartered Quality Institute and International Register of
Certificated Auditors) course is the accepted benchmark for management systems auditor
:2
training. 01
90
Organizations recognize the value of using management systems to control business risk and
O
add value to their business. They rely on skilled professionals to assess the performance of
IS
their management practices to enhance efficiency and credibility.

e
rs
With increasing globalization and competitiveness, it is more important than ever for
ou
organizations to use competent, certified auditors.

rC
This course will give you the confidence to effectively audit a quality management system in
to
accordance with internationally recognized best practice techniques.

di
Au
In addition, this course will help you:

ad
• Identify the aims and benefits of an ISO 9001 audit

Le
• Interpret ISO 9001 requirements for audit application

• Plan, conduct and follow-up auditing activities that add real value
• Grasp the application of risk-based thinking, leadership and process management
• Access the latest auditor techniques and identify appropriate use
• Build stakeholder confidence by managing processes in line with the latest requirements
You’ll be evaluated through the relevant CQI and IRCA examination and skills assessment. By
successfully completing your CQI and IRCA certified auditor training, you’ll demonstrate the
knowledge and necessary skills to undertake and lead an effective management systems
audit.
Welcome FIRE
EXIT
D
I-I
3
BS
5-
For your personal safety, please be aware of the emergency exits from your classroom and
01
the building, and assembly points and fire drill test times.
:2
The tutor will inform you of the nearest restrooms. 01
90
Please do not leave valuable items unattended in the classroom. Keep them with you, or make
O
other arrangements for their safekeeping.

IS
Please be considerate of other delegates and avoid distractions from your personal electronic
e
rs
devices – mobile phones off/silent please.

ou
rC
Please do not use recording devices since they may restrict free discussion.
to
The tutor will inform you of the lunch and break schedule. Please return to class on time.
di
Au
The tutor will inform delegates of any area(s) known to be available for smoking.
ad
If there are any special needs (dietary, etc.) please confirm these now.
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Delegate introductions
Introductions
10 minutes
Click here to start
D
I-I
4
BS
5-
Your tutor(s) will introduce themselves.
01
Your turn!
:2
01
• Delegate name?
90
• Organization and product, or service?
O
• Job position or role?

IS
• Experience of quality management, and knowledge of ISO 9001?

• Any specific question to be answered/expectation from the course?
e
rs
• Something interesting about YOU?

ou
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Course aim
Provide knowledge and skills required to perform

first, second and third-party audits of quality
management systems against ISO 9001, in
accordance with ISO 19011 and ISO/IEC 17021, as
applicable.
D
I-I
5
BS
5-
You may be unfamiliar with some of the terms above; please do not worry, these will be
01
explained as the course progresses.
:2
…………………………………………………………………………………………………………………………… 01
90
……………………………………………………………………………………………………………………………
O
……………………………………………………………………………………………………………………………
IS
e
……………………………………………………………………………………………………………………………
rs
ou
……………………………………………………………………………………………………………………………
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Learning objectives
Knowledge Skills
Explain the purpose of:

Have the skills to:
• A QMS
• Plan
• QMS standards
• Conduct
• Management system audit
• Report, and
• Third-party certification
• Follow-up…
• Business benefits
Explain the role and

…an audit of a QMS to
responsibilities of an auditor to
establish conformity (or
plan, conduct, report and
otherwise) with ISO 9001 and
follow-up a QMS audit in
in accordance with ISO 19011,
accordance with ISO 19011,
and ISO/IEC 17021, as
and ISO/IEC 17021, as
applicable.
applicable.
D
I-I
6
BS
5-
Learning objectives describe in outline what delegates will know and be able to do by the
01
end of the course.
:2
On completion, successful delegates should gain the displayed knowledge and skills. 01
90
O
……………………………………………………………………………………………………………………………
IS
e
……………………………………………………………………………………………………………………………
rs
ou
……………………………………………………………………………………………………………………………
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Course structure
Materials
Evaluation:
• Continuous assessment
• Exam
D
I-I
7
BS
5-
This course includes a detailed delegate workbook, tutorial sessions, practical activities,
01
continual evaluation and a two-hour written examination.
:2
There is also a course notepad, which should be used as a ‘Learning Diary’, for recording 01
self-marking of model answers and during later reflection. The contents of the Delegate
90
Workbook include an agenda, slides and associated notes (like these), activities, references
O
and case study materials.

IS
If any delegate has a question, which they feel might not be appropriate to ask at that
e
rs
particular point in the course, a recording facility (flipchart page) has been provided. This
ou
will be periodically reviewed by the tutor and questions dealt with at the appropriate time.
rC
Model answers (in references section) are included in the folder for reference only after
to
completing the activity, and not for copying from during the activities (the only person you
di
will be cheating if you do look is yourself!); as exams are closed book it’s the learning
Au
during the course and activities that will be important to you. However, if you manage to
ad
finish an Activity early then please review the model answer; also compare with your own
outputs and then feedback any gaps and learning gained.
Le
Delegates are expected and encouraged to participate, experiment, and question in a stress-
free environment.
Throughout this course, delegates will be assessed by the tutor against the criteria
contained within a personal continuous assessment record (PCAR), including:
• Participation in class and team activities, written assignments, attitude and personal
attributes, attendance and punctuality, communication skills and feedback
There is also an exam, on the last day, for 2 hours (70% to pass). Examination is ‘closed
book’, with four sections to complete. You may however re-sit the exam within a 12 month
period if you happen to be unsuccessful at the first attempt.
Delegates may use a ‘clean’ copy of the requirement standard (not annotated or marked)
during the exam – these are the only items normally permitted for reference.
Delegates, whose first language is not the language the course is presented in, may also use
an appropriate dictionary, and are also entitled to an extra 24 minutes (20%) for the
examination.
Dictionaries (for use in the exam) are also permitted for any delegate who has learning
difficulties; they are also entitled to an extra 36 minutes (30%) for the examination.
A specimen exam paper is provided, as part of the course materials, and you will have the
opportunity to work through this sample paper, before the actual exam.
……………………………………………………………………………………………………………………………
D
I-I
……………………………………………………………………………………………………………………………
BS
……………………………………………………………………………………………………………………………
5-
01
……………………………………………………………………………………………………………………………
:2
…………………………………………………………………………………………………………………………… 01
90
……………………………………………………………………………………………………………………………
O
……………………………………………………………………………………………………………………………
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Course methodology
Delegate
Interactive
centred
Activity
Collaborative
based
Realistic
case study
D
I-I
9
BS
5-
As auditing is a practical activity, and involves finding things out, this course is very
01
interactive in nature. Many activities have therefore been included where delegates will
collaborate in pairs/teams to create knowledge, rather than purely information
:2
provision/discussion sessions from the tutor. This will greatly enhance your knowledge01
retention, and provide an opportunity to discuss topics from other team members’
90
perspectives. The tutor will facilitate this learning, as appropriate. Team members will also
O
be swapped around, to ensure valuable existing knowledge and experience is shared

IS
between delegates.
e
rs
Do not concern yourself with the size of the case study; as your tutor will explain how
ou
auditors would deal with this when auditing in a real life environment.
rC
to
di
………………………………………………………………………………………………………………………
Au
………………………………………………………………………………………………………………………
ad
………………………………………………………………………………………………………………………
Le
………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
Enabling objectives
Knowledge
D
I-I
10
BS
5-
In order for delegates to achieve the overall learning objectives, you will need to acquire and
01
develop specific knowledge and skills. These are specified as ‘enabling objectives’ and can be
considered as steps to the achievement of learning objectives.
:2
01
We will start with the ‘knowledge’ elements.
90
O
……………………………………………………………………………………………………………………………
IS
……………………………………………………………………………………………………………………………
e
rs
ou
……………………………………………………………………………………………………………………………
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
First, second and third-party audits
First-party: Second-party: External Third-party:

Internal audit Provider audit, or other Certification or statutory
interested party etc. and similar audit
D
I-I
11
BS
5-
First-party - Internal
01
A first-party audit is an audit conducted by an organization on itself, to determine whether
their systems and processes are consistently improving their ability to provide products and/or
:2
services to customers and users, and as a means to evaluate conformance with their 01
processes and the standard. Internal audits are a requirement of ISO 9001 Clause 9.2.
90
O
Second-party – External provider audit, or other interested party audit

IS
A second-party audit is that carried out on a current or potential external provider by a

purchasing organization; audit results may then be used as part of the purchasing equation.
e
rs
This is just one method of complying with ISO 9001 Clause 8.4. Purchasers must consider
ou
how much assurance is needed for a particular product, service or project. By consideration of
rC
a number of factors, a decision can be reached as to the relative importance of the external
provider having a fully compliant system. This could mean that even if an external provider
to
had a very attractive price and delivery, they would not be given a contract where risk was
di
involved due to weaknesses in their Quality Management System.

Au
ad
Third-party – Certification and/or accreditation, or statutory, regulatory and

Le
similar audit
The third-party ISO 9001 certification scheme was designed to reduce, and perhaps remove
the need for many second-party audits, by providing a list of organizations whose systems
had been assessed and shown to be in conformance with ISO 9001. The assurance thus
provided to potential customers would mean that they might not have to audit external
providers themselves, providing that the assurance given by the third-party satisfied their
needs. It is becoming increasingly common that a purchasing organization will not even
consider a tender from an external provider unless they are certified to ISO 9001.
An organization may also invite an independent body (e.g. a consultancy) to audit their
management systems for a purpose other than certification, e.g. an evaluation of statutory
and regulatory requirements applicable to a product (8.2.2 a), or to assess the effectiveness
of a particular process etc. This could also be considered a third-party audit, from the
perspective of the consultancy and the organizations.
Activity 1
Differences between first, second

and third-party audits
10 minutes
Click here to start
D
I-I
12
BS
[Please keep in mind, for all activities on this course: There may be more than one ‘correct’
5-
answer. Try to identify the strongest or most direct answer in each case, and be prepared to
01
consider, defend, or rebuke alternate answers raised during class discussions.]
:2
01
Activity 1: Differences between first, second and third-party audits
90
O
Purpose:
IS
To explain the differences (approach, duration, formality, objective etc.) between first, second
and third-party certification audits of management systems.
e
rs
ou
Duration:
rC
10 minutes in pairs
10 minutes classroom discussion/review model answers
to
5 minutes reflection/application to own workplace

di
Au
Directions:
ad
The tutor will label three flip charts with: ‘First Party Audits’, ‘Second Party Audits’ and ‘Third-
Party Audits’.
Le
In pairs, try and think of the differences between these audit types (approach, duration,
formality, objective etc.) Record, as many as you both can think of, onto ‘Post-it/Sticky Notes’,
and affix to the appropriate flipchart.
The tutor will then review your feedback.
Accredited certification
International Accreditation Forum Multilateral Recognition Arrangements

Certified once, accepted everywhere Establishes Mandatory Documents
Accreditation Body Personal Certification Body

UKAS, or equivalent local national body (e.g. CQI and IRCA)
Certificates Accredits
Accredits
BSI or esteemed Training course,

Certification Body competitor Auditor Tutor,
Trains Training body
Certifies (USA, ‘Registers’) Uses

Audits
Organization
D
I-I
13
BS
5-
01
One of the benefits of operating to a standard is that it provides a common reference point
against which to assess performance. However, there is a difficulty in trying to make an
:2
objective assessment of that performance. This can best be achieved through an 01
independent audit process.
90
O
Governments have authorized Accreditation Bodies to oversee the work and competence of
IS
various certification bodies; such as the British Standards Institution (BSI).

e
rs
Certification bodies are accredited to carry out independent audits of organizations to

ou
determine if they conform to the requirements of a given standard.

rC
If it does conform, the organization is able to claim that it is certificated to the standard and
to
this provides a degree of assurance to other bodies in the organization’s competence of the
di
given area.
Au
ad
Impact of IAF Mandatory Documents on third-party audits (Extracted from: IAF GD

5:2006 Guidance on ISO/IEC Guide 65:1996)
Le
Accreditation reduces risk for business and its customers by assuring them that accredited
bodies are competent to carry out the work they undertake. Accreditation bodies that are
members of the International Accreditation Forum, Inc. (IAF) are required to operate at the
highest standard and to require the bodies they accredit to comply with appropriate
international standards and IAF Guidance to the application of those standards.
Accreditations granted by accreditation body members of the IAF Multilateral

Recognition Arrangement (MLA), based on regular surveillance to assure the equivalence of
their accreditation programs, allows companies with an accredited conformity assessment
certificate in one part of the world to have that certificate recognized everywhere else in the
world.
Therefore certificates in the fields of management systems, products, services, personnel and
other similar programs of conformity assessment issued by bodies accredited by members of
the IAF MLA are relied upon in international trade.
IAF publishes Guidance for the use of accreditation bodies when accrediting
certification/registration bodies to assure that they also operate their programs in a consistent
and equivalent manner. IAF Guidance documents are not intended to establish, interpret,
subtract from or add to the requirements of any ISO/IEC Guide but simply to assure
consistent application of those Guides.
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
D
I-I
……………………………………………………………………………………………………………………………
BS
……………………………………………………………………………………………………………………………
5-
……………………………………………………………………………………………………………………………
01
:2
……………………………………………………………………………………………………………………………
01
……………………………………………………………………………………………………………………………
90
……………………………………………………………………………………………………………………………
O
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
……………………………………………………………………………………………………………………………
rC
……………………………………………………………………………………………………………………………
to
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Third-party accredited certification
Accredited body, Non-accredited body?
Independently Not independently

assessed, assessed?
ISO 17021 compliant. Not ISO 17021 compliant?
?
ISO 9001 certification ISO 9001 certification
awarded by an accredited awarded by a
organization non-accredited organization
D
I-I
15
BS
5-
Certification is an independent assessment of both an organization’s implementation and
01
the effectiveness of a Management System, in accordance with an internationally agreed
standard of best practice i.e. ISO 9001.
:2
01
Certification may be awarded by an organization that is not accredited. In this case it is
90
possible that no-one is auditing the auditor/organization. This organization could audit in any
O
way they choose – even bad practice, or to undercut others on time/cost. This is not to say
IS
they would do so, but there is clearly a level of doubt and risk from a prospective customer.
e
rs
On the other hand, an accredited certification organization, has been assessed and
ou
accredited by an independent body, i.e. UKAS (United Kingdom Accreditation Service) to

rC
provide a certification service. The accredited organization is then subject to compliance with
ISO 17021 (Conformity assessment. Requirements for bodies providing audit and certification
to
of management systems), and are thus audited against this requirement by the awarding
di
accredited body i.e. UKAS.

Au
ad
Using an accredited certification organization provides a level of independent assurance for

the prospective customer and the organization itself.
Le
(The audited organization’s processes meet the requirement of the particular management
system, and are continually improving in line with their policy commitments and objectives i.e.
they can probably provide needed product or services, when needed).
Other benefits
Independent assurance to insurers and other stakeholders of an effective quality management
system.
Enhances reputation by demonstrating your organization’s commitment to good quality

practices to shareholders, employees and customers, which in turn can help to attract new
investors.
Accredited certification can be a differentiator from competitors, helping you to retain your
existing customer base, and attract new business. More and more invitations to tender require
accredited certified quality management systems to be in place.
Application of the principles of ISO 9001 and certification not only provides direct benefits, but
also makes an important contribution to managing cost and risks. Benefit, cost and risk
management considerations are important for the organization, its customers and other
interested parties. These considerations on overall performance of the organization may
impact customer loyalty and:
• Repeat business and referral

• Operational results such as revenue and market share
• Flexible and fast responses to market opportunities
D
• Cost and cycle times through efficient and effective use of resources
I-I
BS
• Alignment of processes which will best achieve desired results
5-
• Competitive advantages through improved organizational capabilities
01
• Understanding and motivation of people towards the organizational goals and objectives,
:2
as well as participation in continual improvement
01
• Confidence of interested parties in the effectiveness and efficiency of the organization, as
90
demonstrated by the financial and social benefits from the organization’s performance,
O
product life cycle, and reputation

IS
• Ability to create value for both the organization and its external providers by optimization
e
of cost and resources; as well as flexibility and speed of joint responses to changing
rs
markets
ou
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Audit process
Similarities – First, second and third-party
certification audit
INPUTS AUDIT ACTIVITY OUTPUTS
EVALUATION
AUDIT CRITERIA
(REQUIREMENTS) Stage 1
Assessment Report .
AUDIT EVIDENCE
(OBJECTIVE EVIDENCE)
AUDIT
FINDINGS
D
I-I
17
BS
5-
Audit Process, (Generic) to any management system audit, is shown above.
01
Also there are three main dimensions to auditing:
:2
01
• Assessment of the documented management system (INTENT)
90
• Assessment of the degree of implementation (IMPLEMENTATION)
O
• Assessment of the QMS effectiveness (EFFECTIVENESS)

IS
Intent
e
rs
Does Top Management intend to implement a QMS? If so, how is this intent demonstrated?
ou
Conformance with the minimum documented information requirements of the standard; as

rC
auditors we need to know that the organization has planned to meet the requirements.
to
Implementation
di
Does the implementation of the QMS reflect the intent of Top Management?
Au
Conformance here is all about checking if activities are as they are supposed to be, following
ad
processes, policies, protocols etc.

Le
Effectiveness
Is the implementation effective (i.e. does it meet the parameters established by the intent?).
Conformance here is in the effectiveness of the management system – is it on target to
deliver the organization's policy, objectives and customer’s requirements?
Improvements - as auditors we want to see that the system is healthy and self-healing; if
there are problems they are addressed, and that there is a continual focus on how the system
could be improved for the purposes of customer satisfaction.
Activity 2
Typical audit activities
10 minutes
Click here to start
D
I-I
18
BS
5-
Activity 2: Typical audit activities
01
Purpose:
:2
To explain the audit process. 01
90
Duration:
O
10 minutes in groups
IS

e
rs
ou
Directions:
rC
The tutor will provide each group with a pack of cards. Please try and arrange these into a
logical process to explain the sequence of activities that are involved in a generic
to
management system audit. Please resist viewing the forthcoming slides!

di
Au
THESE CARDS WILL BE USED AGAIN FOR THE NEXT ACTIVITY – SO PLEASE KEEP THE
ad
CARDS ON YOUR DESK IN THE FINAL ORDER CHOSEN.

Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Cards cover the below activities: (in no particular order!)
Header cards:
Conducting audit activities
Conducting audit follow-up
Completing audit
Initiating audit
Preparing and distributing audit report
Preparing audit activities
Cards (within headers above):

Assigning roles and responsibilities of guides and observers
Assigning work to audit team
Audit information availability and access
D
Audit planning
I-I
Audit planning details
BS
Collecting and verifying information
Communicating during audit
5-
Conducting closing meeting
01
Conducting opening meeting
:2
Content of audit conclusions 01
Determining audit conclusions
90
Determining feasibility of audit
Distributing audit report
O
IS
Establishing contact with auditee

General (audit Team Leader responsibility)
e
rs
General (sequence may be varied)

ou
Generating audit findings

Performing review of documented information
rC
Preparation for closing meeting

to
Preparing audit report

di
Preparing documented information for audit

Au
Reviewing documented information while conducting audit

ad
Risk-based approach to planning

Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Audit process
Similarities – First, second and third-party audit
D
I-I
20
BS
5-
The tutor will now explain in further detail the process steps just identified.
01
Please ask questions on any step as they arise, with the tutor.
:2
01
Main areas of similarities include:
90
O
Preparation – before the audit

IS
Communication – during the audit

Collection and verifying findings
e
rs
Conclusions – from findings

ou
Reporting – preparation and distribution

rC
A useful acronym is P.E.R.C:

to
di
Planning
Au
Execute
ad
Reporting
Close out/down findings
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
ISO 19011 ‘Conducting an audit’ activities 6.2 Initiating audit

6.2.1 General (audit Team Leader responsibility)
6.2.2 Establishing contact with auditee
6.2.3 Determining feasibility of audit
6.3 Preparing audit activities

6.3.1 Performing review of documented information
6.3.2 Audit planning
6.3.2.1 Risk-based approach to planning
6.3.2.2 Audit planning details
6.3.3 Assigning work to audit team
6.3.4 Preparing documented information for audit
6.4 Conducting audit activities

6.4.1 General (sequence may be varied)
6.4.2 Assigning roles and responsibilities of guides and observers
6.4.3 Conducting opening meeting
6.4.4 Communicating during audit
6.4.5 Audit information availability and access
6.4.6 Reviewing documented information while conducting audit
6.4.7 Collecting and verifying information
6.4.8 Generating audit findings
6.4.9 Determining audit conclusions
6.4.9.1 Preparation for closing meeting
6.4.9.2 Content of audit conclusions
6.4.10 Conducting closing meeting
6.5 Preparing and distributing audit report

6.5.1 Preparing audit report NOTE:
6.5.2 Distributing audit report Subclause numbering
refers to the relevant
subclauses of this
6.6 Completing audit International Standard.
D
6.7 Conducting audit follow-up
I-I
21
BS
5-
The tutor will direct the class to ISO 19011 Clause 6, and also refer the class to the Terms
01
and definitions for: ‘3.1 Audit’ definition‘.
:2
For clarification: 01
The tutor will also refer the class to the definition of an ‘audit plan’: By reference to ISO
90
19011 3.6, and what an ‘audit programme’ is defined as: By reference to ISO 19011 3.4.
O
These will be covered in more depth later in the course, when you will be auditing a supplier’s
IS
‘audit programme. Please note that particular attention always needs to be paid to the design,
planning and validation of an audit programme in the case of multiple locations/sites or where
e
rs
important functions are outsourced.

ou
rC
to
……………………………………………………………………………………………………………………………
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 3
Audit process differences
10 minutes
Click here to start
D
I-I
22
BS
5-
Activity 3: Audit process differences
01
Purpose:
:2
To explain the differences in audit process between first-party, second-party and third-party
01
certification audits.
90
O
Duration:
IS
10 minutes in pairs
e
rs

ou
rC
Directions:
In pairs, review the cards on your desk from the previous activity. Identify where differences
to
may lie between first/second/third-party audits. Record, as many as you both can think of,
di
onto ‘Post-it/Sticky Notes’, and also affix to the flipcharts from Activity 1. Please mark the
Au
‘Post-it/Sticky Notes’ as ‘Differences’.

ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Audit objectives, scope and criteria
D
I-I
23
BS
5-
Three aspects need deciding:
01
The first is the objective of the audit. Is it to assess an organization for its degree of
:2
conformance to the Quality Management System standard? Is it to determine where the 01
greatest problems lie? Is it to determine the organization's ability to make a particular product
90
or to deliver on time? Or is it to follow-up on nonconformities reported at a previous audit?
O
The audit objectives define what is to be accomplished by the individual audit.

IS
The second aspect is the scope: Which relates to the ‘extent and boundaries’ of an audit. The
e
rs
audit scope generally includes a description of the physical locations, organizational units,
ou
activities and processes, as well as the time period covered. For a third-party audit this tends
rC
to cover the complete scope of the organization’s management system. A second-party audit
may also include this, but more probably only the area of interest. A first-party audit tends to
to
be just one item on the audit programme which itself will cover the complete management
di
system scope.
Au
ad
If an organization makes washing machines and refrigerators, but the interest is in

refrigerators only then that will be reflected on the scope and the effort required. Similarly, if
Le
the audit is required to look at all departments associated with that product range from order
receipt through to delivery, that also will have a bearing on early decisions. For second-party
audits the scope is decided by the client. The audit scope should be consistent with the audit
programme and audit objectives.
The scope of a management system could be the same as the scope of a second/ third-party
audit, except for the omission of a time period.
The audit criteria are used as a reference against which conformity is determined.
Each individual audit should be based on documented audit objectives, scope and criteria.
These should be defined by the person managing the audit programme and be consistent with
the overall audit programme objectives.
In summary:
Scope – What are the boundaries of the audit?
Criteria – What are you going to be assessing against?
Objectives – What are you auditing for/to achieve?
The significance for auditors (you) is that these are your terms of reference; your details of
works, which everything emanates from. These will dictate your document review, work
documents, appear in your audit plan, opening meeting, closing meeting and audit report.
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
D
I-I
……………………………………………………………………………………………………………………………
BS
……………………………………………………………………………………………………………………………
5-
01
……………………………………………………………………………………………………………………………
:2
…………………………………………………………………………………………………………………………… 01
90
……………………………………………………………………………………………………………………………
O
……………………………………………………………………………………………………………………………
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 4
Determine objectives, scopes and criteria
10 minutes
Click here to start
D
I-I
25
BS
5-
Activity 4: Determine objectives, scopes and criteria
01
Purpose:
:2
To determine possible audit objectives, scopes and criteria for QMS audits. 01
90
Duration:
O
10 minutes individually
IS

e
rs
ou
Directions:
rC
Working individually try and think of some audit objectives, scopes and criteria, and write
them on your notepads. Then explain these to your neighbour, and listen also to their
to
answers to this activity. Be ready to query the answers if you do not agree with their findings.
di
Discuss any where you are not sure with the tutor and class after.
Au
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Resources: What resource will you need?
People / Auditees Technical Experts

Documented information
Logistics / Infrastructure
D
I-I
26
Copyright © 2021 BSI. All rights reserved. Audit Team
BS
5-
Resources for an audit could be split between:
01
Audit team – Availability of competent auditors for the sector/discipline – might include
:2
legal, culture and geographical considerations, interpreters, technical experts i.e. chemists, 01
security clearances – children/government.
90
O
Technical experts – Availability: If the language of the auditee, or the auditee’s social and
IS
cultural characteristics are unknown to the auditor, or skills are lacking. If all the necessary
competence is not covered by the auditors in the audit team, technical experts with additional
e
rs
competence should be included in the team. Technical experts should operate under the
ou
direction of an auditor, but should not act as auditors. All communications should be through
rC
the auditor, and not through the expert.

to
People (Auditee’s) – Availability of person(s) responsible/managing the activity being

di
audited and actually carrying it out, top management availability, key functions –
Au
procurement, HR etc.
ad
Logistics/infrastructure – Availability of meeting rooms/team meeting facilities, internet

Le
access, PPE, guides, car parking, security and health and safety for your team, movement
within the site (transport - distances etc.)
Documented information during the audit – Documents, records, processes, programmes,

archives etc.
Resourcing: Competency
CV
D
I-I
27
BS
5-
Resourcing the audit will include the importance of auditor and team competency, and the
01
selection of team members. This will be particularly important regarding personal
characteristics, generic knowledge and skills, the knowledge of the relevant management
:2
system discipline, industry sector, regulations, and auditor training. See ISO 19011 Clause 7.
01
90
For example:
Personal characteristics (Examples demonstrating an absence of competency)
O
• Ethical – Tell another department what a mess the last department you audited was –
IS
have a laugh about people getting nonconformities. Lie, or twist the facts to get someone
e
you don’t like into trouble!

rs
• Diplomatic – If the auditee is worried about getting his/her department into trouble, but
ou
you find a major problem. Be tactful in dealing with this person – it’s not you I’m auditing,
rC
this is a chance for improvement so we should all welcome it etc.

to
• Tenacious – The auditor asks to see a particular sample, but the auditee provides a
di
different one. The auditor accepts this and moves on!

Au
• Decisive – The auditee keeps arguing and giving different excuses and the questioning is
going round and round, even though there is sufficient objective evidence to close the
ad
finding!
Le
• Culturally sensitive – shaking a woman’s hand when this would not be appropriate, or
continuing to audit when certain prayer times are normally adhered to. Offering
food/drink to the auditee when they are fasting, etc.
Generic knowledge and skills of management system auditors (Examples

demonstrating an absence of competency)
• An auditor who is being handed samples to look through, but is not selecting samples
themselves
• Not spending more time on processes of greater risk to the product/service
• Auditing outside the scope because he/she knows more about that area, or is interested
in it!
Applicable Legal requirements that apply (Examples demonstrating an absence of

competency)
• Clear breach admitted by the auditee in a product legal requirement i.e. CE Marking, but
the auditor is not comfortable, or is unaware how to raise this in a nonconformity
statement and says: ‘We’ll I’m not that informed on legal, so best we leave that alone,
don’t you think?’
Discipline specific (Examples demonstrating an absence of competency)

• A quality management system auditor who has been tasked with an ISO 45001
management system audit, but has no knowledge of occupational health and safety
Generic knowledge and skills of audit team leaders (Examples demonstrating an

absence of competency)
• Not making effective use of resources – one team member (auditor) has a very long lunch
D
break; perhaps waiting for an activity to start, the Audit team leader not ensuring his
I-I
team’s health and safety, or not resolving conflicts within the team or with the auditee’s
BS
management
5-
Clause 7 of ISO 19011 details very specific auditor knowledge and skills expectations. For
01
example: Understanding the types of risks and opportunities associated with auditing and the
:2
principles of the risk-based approach to auditing; auditing a process from start to finish,
01
including the interrelations with other processes and different functions, where appropriate;
90
relationships and interactions between the management system(s) processes; the needs and
expectations of relevant interested parties that impact the MS; principles, methods and
O
IS
techniques relevant to the discipline and sector, so the auditor can determine and evaluate
opportunities associated with the audit objectives; and discussing strategic issues with top
e
rs
management of the auditee to determine whether they have considered these issues when
ou
evaluating their risks and opportunities. Continual professional development activities should
also take into account changes in sector or discipline.
rC
to
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Roles and responsibilities
For who?
D
I-I
29
BS
5-
Clearly, defined and understood roles and responsibilities, for all parties involved in the audit,
01
need to be established.
:2
The main parties involved will be the: 01
• Audit client
90
• Individual(s) managing the audit programme – establish its extent, audit objectives, scope
O
and criteria for individual audits, determine necessary resource, responsibilities, audit
IS
methods, selecting the audit team, evaluating auditors, audit records, improve the
programme and inform top management of its contents. The individual(s) managing the
e
rs
audit programme should also identify and present to the audit client the risks and
ou
opportunities considered when developing the audit programme, and resource

rC
requirements, so that they can be addressed appropriately, and review the audit
programme to identify opportunities for its improvement
to
• Audit team leader

di
• Auditor(s)
Au
• Auditee(s), including management

ad
• Guide(s) and observer(s)

Le
Main roles are:

• Audit client – to commission/request an audit (for an internal audit – can also be the
auditee or the person managing the audit programme)
• Audit team leader – to audit and manage the process to achieve the defined audit
objectives
• Auditor(s) – to audit under the direction of the Audit team leader
• Auditee(s), including management – to assist the auditor during the collection of the
objective evidence
• Guide(s) – to assist the audit team and act on the request of the audit team leader
Activity 5
Roles and responsibilities
10 minutes
Click here to start
D
I-I
30
BS
5-
Activity 5: Roles and responsibilities
01
Purpose:
:2
To describe the main responsibilities of the auditee(s) management, auditors, audit team 01
leaders, auditees, guides and observers.
90
O
Duration:
IS
e
rs

ou
rC
Directions:
The tutor will allocate a sheet of sticky labels to each group detailing the main responsibilities
to
and the functions concerned.

di
Au
In your groups:
ad
• Review the labels and discuss

Le
• Peel each label from the sheet and place on a flipchart, matching the main responsibilities
to the functions concerned
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Management responsibilities
Audit Team Leader

• Managing the audit and audit team
D
I-I
31
BS
5-
The Audit Team Leader is effectively the team captain. Their specific management
01
responsibilities are discussed below.
:2
Throughout the audit the team leader needs to prepare for the next stage of the audit and 01
manage the audit and the audit team. This will include:
90
• Following up on any ‘leads' which have become apparent as the audit progresses, and
O
deciding changes to the audit plan (with the client)

IS
• Deciding whether the audit is progressing to plan, and whether audit objectives can still be
e
achieved
rs
• Co-ordinating review sessions with client management and audit team meetings
ou
• Planning and management of the opening and closing meetings – specifically time
rC
management and questions arising

to
• Assisting and managing the audit team if major concerns are found
di
• Deciding on the severity of non-conformances – Major or Minor findings

Au
• Ensuring the ‘tone’ and ‘conduct’ of the audit is appropriate in their team: In line with
looking for conformance, not just searching for things that are wrong
ad
Le
The audit team leader is ultimately responsible for all phases of the audit. The audit team
leader should have management capabilities and experience and should be given
authority to make final decisions regarding the conduct of the audit and any audit
observations and conclusions.
Please note: Assigning work to the audit team should include assigning, as appropriate,
authority for decision-making.
Auditor confidentiality
Confidentiality
Is there a
need? and
Regulators
D
I-I
32
BS
5-
An audit is confidential between the two parties, as is any information raised before, during or
01
thereafter. This confidentiality binds management system auditors. CQI and IRCA
registered auditors/audit team leaders are also bound by a Code of Conduct stipulating this.
:2
A statement to this effect should therefore be made by the leader auditor; normally in the
01
opening/closing meetings and audit report.
90
O
The format of notes and the medium on which to write them are matters for each auditor to
IS
decide. Many use clipboards with loose sheets, which are then clipped together, others find a
notebook more practical. Whichever format they use, auditors must safeguard the
e
rs
confidentiality of the information they gain during the audit.

ou
rC
The very fact that an audit has taken place is confidential between the two parties, and the
information must not be disclosed to another party without the permission of both parties.
to
There are of course two exceptions; firstly, during an audit which is determining the way one
di
organization audits its external providers, and secondly, if the audit is for the purpose of
Au
certification and the auditee is successful. Then they can give permission to advertise the fact.
ad
A second-party audit is also a matter between the two parties, and any breach of
Le
confidentiality is not only a serious breach of trust but may also result in legal proceedings.
A first-party internal audit is in effect, no different to the above, in that it is a matter between
the auditor/employee and the organization. Any unauthorized disclosure of sensitive
information may result in disciplinary proceedings.
In keeping with the ethics of auditing, if requested to do so, an auditor should have no
hesitation in signing a confidentiality agreement.
Activity 6
Audit methods
15 minutes
Click here to start
D
I-I
33
BS
5-
Activity 6: Audit methods
01
Purpose:
:2
To outline different audit methods. 01
90
Duration:
O
IS

e
rs
ou
Directions:
rC
Individually – provide one advantage and disadvantage for each of the methods detailed in
Table A.1 - Audit methods of ISO 19011 (Page 35).
to
di
Please note: Audit methods also need to be determined based on where, when, and how to
Au
access audit information. This is crucial to the outcome of a successful audit and is
ad
independent of where the information is created and used etc. Audit methods may need to
change as audit circumstances change during the audit (to access audit information) See A.1.
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Stage 1 audit Clarify scope and

objective
Assess organizational
readiness for an audit
Plan the audit Gain an understanding
of the organization
Purposes
Establish the of Define process flow
adequacy
of documentation Stage 1 and interaction
audit
Identify layout of
company/plant
Identify any special
needs, skills, Agree processes
protective clothing to be used
Resolve any during audit
misunderstandings
D
I-I
34
BS
5-
Stage 1: As defined by ISO 17021 (Conformity assessment. Requirements for bodies
01
providing audit and certification of management systems), has the purposes of:
:2
• Confirming the duration of the audit 01
• Confirming the competence of the team
90
• Clarifying the scope and objective of an audit
O
• Gain an understanding of the business

IS
• Evaluate the internal audits and management review are being planned and performed
• Review the clients status and understanding regarding with respect to identification of key
e
rs
performance indicators, processes and objectives of the management system

ou
• Define process flow and interaction

rC
• Agree processes to be used during audit

• Resolve any misunderstandings
to
• Identify any special needs, skills, protective clothing

di
• Identify layout of company/plant

Au
• Establish the adequacy of documentation – The key word here is ‘establish’. This is just an
ad
overview and not testing the implementation or effectiveness of processes

• Assess the organizations readiness for the next stage
Le
• Plan the next stage of the audit
Third-party certification audits include a stage 1 site visit, and the costs are built into the initial
proposal. The visits can be of great value. They allow the team leader to meet various
members of the auditee's staff, and they are a good opportunity for the team leader to be
given a ‘quick tour’ of the site, and thus appreciate the scale, layout and geography involved.
Should transport around the site, or special protective clothing be necessary, it also gives the
team leader time before the audit to ensure these will be available, thus saving valuable audit
time. The meeting obviously provides the auditee with an opportunity to ask the team leader
about the way the audit will be conducted.
Stage 1 audit process and outputs
D
I-I
35
BS
5-
Stage 1 audit process and outputs.
01
See diagram overleaf.
:2
01
90
……………………………………………………………………………………………………………………………
O
……………………………………………………………………………………………………………………………
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Inputs
• Audit objectives, scope, criteria
• Audit methods, duration, location
• Audit team members (including
team leader - responsibilities)
Activities:
• Establish initial contact with the auditee
• Determine feasibility of the audit
• Request documentation relevant to the scope,
objective and criteria.
Outputs/Inputs:
Contact is established and audit is feasible
(or not as the case may be – inform audit client),
D
I-I
relevant documentation.
BS
Activity:
5-
Perform document review
01
:2
Outputs/Inputs: 01
• Documentation meets criteria (or not)
90
• Areas or concern/risk identified
O
IS
Activity:
e
Prepare audit plan

rs
ou
rC
Outputs/Inputs:
Audit plan to achieve audit objective and consider
to
risk/importance, sent to Auditee’s management for

di
agreement (or change)

Au
ad
Activity:
Assign work to the audit team
Le
Outputs/Inputs:
Auditor communicated and referenced in
the audit plan
Activity:
Prepare work documents according to the audit plan
Output
Ready for stage 2
Stage 2 audit: Preparation activities

Consider Consider:
• Past results (if available) The risk potential of
• Current problems/risks • Activities
• Management's concerns • Products
• Management's priorities (where appropriate) • and Services
Determine Consider the context

Scale of audit and importance/risk
and resources (including legislation)
required
Prepare
and agree
Contact Assign
audit plan
Auditee and work to the
agree date(s) audit team
Brief the
audit team
Consider report from
Stage 1 site visit Prepare
work
documents
D
I-I
37
BS
5-
01
Stage 2: As defined by ISO 17021:2015 (Conformity assessment. Requirements for
bodies providing audit and certification of management systems), has the purposes of:
:2
01
Assessing the ‘implementation’ and ‘effectiveness’ of the management system.
90
O
Some preparation considerations for this stage of the audit include:

IS
Determine scale of audit and resources required

e
•
rs
• Consider past results (if available)

ou
• Consider current problems/risks

rC
• Consider management's concerns

• Consider management's priorities (where appropriate)
to
• Contact auditee and agree date(s)

di
Report from stage 1 site visit

Au
•
• Determining the setting and importance/risk (including legislation)
ad
• Identify the risk potential of activities, products and services

Prepare and agree audit plan
Le
•
• Assigning work to the audit team
• Audit team briefing
• Prepare work documents
………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
………………………………………………………………………………………………………………………
Initial certification audit – Stages 1 and 2

From ISO 17021
17021:2011
Document Review
Audit go/no-go decision
Audit Plan Work documents
Stage 1
Stage 2 Opening Meeting
Audit
Summary Report Nonconformity Reports
Closing Meeting
Corrective Actions
Continuing Assessment Visits
3 Yearly Recertification
D
I-I
38
BS
5-
01
This slide establishes the context of an initial certification audit and its outcomes. Use it as the
course progresses, and to show the broad architecture of the audit process.
:2
01
There is an opening meeting, summary report, nonconformities if applicable, closing meeting
90
and corrective action if applicable at both Stage 1 and 2.

O
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
……………………………………………………………………………………………………………………………
rC
to
……………………………………………………………………………………………………………………………
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 7
Audit plan template
20 minutes
Click here to start
D
I-I
39
BS
5-
Activity 7: Audit plan template
01
Purpose:
:2
To prepare an audit plan structure (template). 01
90
Duration:
O
IS

e
rs
ou
Directions:
rC
Individually, read ISO 19011 Clause 6.3.2 (Audit planning). Then, in groups try and create an
audit plan structure (template) on a flipchart, that could be populated later. Ensure it includes
to
2 auditors (Lead and Auditor) with space to cover a duration over 2 days (use 2 sheets in
di
landscape view).
Au
ad
This will be populated later.

Le
The tutor will then invite other groups to critique your template during feedback.
After the activity, please read the notes on ‘The Audit Plan’ in your References section.
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Work documents
Preparing
D
I-I
40
BS
5-
Audit team members should collect and review the information relevant to their audit
01
assignments, and prepare work documents as necessary for reference and for recording audit
evidence. Such work documents may include the following:
:2
01
• Checklists
90
• Audit sampling plans
O
• Forms for recording information (such as supporting evidence, audit findings and
IS
records of meetings)
e
rs
The use of checklists and forms should not restrict the extent of audit activities, which can
ou
change as a result of information collected during the audit.

rC
Work documents may also include: Nonconformity report forms, audit summary report
to
forms, corrective action schedules etc.

di
Au
An Aide Memoire approach may be more beneficial for experienced auditors; who are then
ad
able to follow audit trails and use their own experience to verify conformity. However these
could also have disadvantages; such as auditor bias and skewing the sampling from the audit
Le
criteria.
The tutor will create an example format(s) for a checklist/Aide memoire, on a

flipchart, for you. Record it in your learning diary.
Please note: Preparing documented information for audit can include digital checklists, and
audio visual information.
Audit sampling takes place when it is not practical, or cost effective, to examine all available
information during an audit, e.g. records are too numerous or too dispersed geographically to
justify the examination of every item in the population. Audit sampling typically involves the
following steps:
• Establish the objectives of the sampling plan

• Select the extent and composition of the population to be sampled
• Select a sampling method
• Determine the sample size to be taken
• Conduct the sampling activity
• Compile, evaluating, reporting and documenting results
Departments/Records available?
D
I-I
BS
5-
01
:2
01
90
O
IS
e
rs
ou
rC
to
How many would typically be sampled from the above?

di
Au
What would you do if n/c is found in one of them, or risk is higher, or lots of n/c’s at the last
ad
audit?
Le
Samples should test the effectiveness of the system and should be:
• Representative with an equal probability of being picked by you
• Structured
• Independently selected
Sample size should be based on:

• Risk
• Importance
• Status
• Findings from the previous/current audit
Please refer to ISO 19011 A.6 (Page 37)
Work documents
Advantages and disadvantages
of using checklists
D
I-I
42
BS
5-
Advantages and disadvantages of using checklists.
01
Checklist benefits
:2
• Sample relevant to audit objectives 01
• Formality: Defines the audit processes
90
• Requires research and thought
O
• Helps maintain the pace of an audit (and time management)

IS
• Keeps audit objectives clear

• Historical reference as an audit record
e
rs
• Reduces workload for the auditor during the audit

ou
• Assures auditee of auditor professionalism

rC
• Ensures auditors keep the processes in mind

• Can be used an audit criterion for other audits (benchmark)
to
di
Disadvantages
Au
• Can become a tick list

ad
• Can become full of yes/no questions

• If not on checklist might be so distracted by the next questions that important audit
Le
trails can be lost

• Stifles initiative and analysis of the processes
• If used time and time again the sample of questions become rigid and fixed, and
therefore can lose its value to the organization
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Opening meeting
Main purpose?
D
I-I
43
BS
5-
The purpose of the opening meeting is to:
01
1. Confirm the agreement of all parties to the audit plan
:2
2. Introduce the audit team 01
3. Ensure that all planned audit activities can be performed
90
O
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
……………………………………………………………………………………………………………………………
rC
to
……………………………………………………………………………………………………………………………
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 8
Opening meeting
15 minutes
Click here to start
D
I-I
44
BS
5-
Activity 8: Opening meeting
01
Purpose:
:2
To identify agenda items for use in an opening meeting and their purpose. 01
90
Duration:
O
15 minutes whole class

IS

e
rs
Directions:
ou
Whole class, please shout out the possible agenda items for an opening meeting. The tutor
rC
will record these on a flipchart, and ask the purpose/meaning behind them.
to
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Opening meeting
Problems/issues encountered?
D
I-I
45
BS
Problems encountered during an opening meeting might include:
5-
01
• MD proposes an hour’s long video of the organization
:2
• Suggested two hour lunch at a five star restaurant 01
• Each departmental head will give a 15 minute presentation
90
• Samples have been pre-prepared by the auditee
Best staff are available who have been audited many times
O
•
IS
• Dept ‘x’ is off limits due to manager just coming back after sick leave for stress
• Lots in internal audit nonconformity, so there is no need for you to look at it again
e
rs
• Suggested extended site tour

ou
• No guide available – but free to wander around

Key members of staff off-sick
rC
•
• Records not on site, so have preselected ones for you to save time etc…
to
di
Can you think of any others?

Au
These issues will be looked at again tomorrow and how to respond to them.
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 9
Audit evidence
10 minutes
Click here to start
D
I-I
46
BS
5-
Activity 9: Audit evidence
01
Purpose:
:2
To explain how audit evidence is collected and how this can become objective. 01
90
Duration:
O
IS

e
rs
ou
Directions:
rC
In groups, please draw a large triangle on a flipchart and try and label the sides with three
different methods for collecting audit evidence. Then, for each side, consider how to make
to
this evidence objective (data supporting the existence or verity of something – i.e. not your
di
opinion!). Record this next to the evidence.

Au
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Effective communication
Eye contact
Facial expression
Gestures
Posture
Haptic/Touch
Personal ` ` ` Culture
space ` `
D
I-I
47
BS
5-
Perhaps the biggest challenge for the auditor is the fact that finding out information depends,
01
amongst other things, on communication skills. Within a very short time of meeting
someone the auditor needs to have developed a degree of rapport with that person to
:2
obtain the facts essential to the investigation whilst remaining objective. If these facts are
01
indicative of a lack of management control in the area, then the auditor needs to be tactful in
90
the way these findings are presented.
O
IS
The main method of soliciting information is by asking questions in a series of interview

situations. Though not always appreciated, the best interviewers are those who say least and
e
rs
have an ability to listen or hear what is being said. By combining this with the right kind of
ou
attitude and tone, the auditors generate an atmosphere in which good communication can
rC
take place.
to
The interviewee (the auditee) must not feel threatened by the auditor. Many people are
di
easily intimidated by auditors. The auditor can avoid generating this by being polite,
Au
patient, slightly informal and not afraid to smile. Showing interest in what people say is
ad
essential. Holding a degree of eye contact, small verbal acknowledgements, ‘I see’, ‘ah’,
‘yes’, and so on will show that the ‘transmission is being received’, as will the right facial
Le
expression and head movement. There are no standard expressions and head movements
recommended to elicit information, each auditor will develop their own style.
It often happens that the auditee, (because the majority of them are human), misunderstands
a question or is determined to tell the auditor about some other matter. They may even say
something which the auditor knows not to be true. If the auditor interrupts abruptly, or
directly contradicts the auditee, easy communication will not continue.
At the end of the ‘interview’ the auditor should thank all auditees for their help and time,
regardless of whether it was beneficial or otherwise.
Opinion questions are often neglected. There is a danger in straying too far from fact, but this
type of question can be very useful for gaining someone's attention or for gaining new
approaches to problem solving. They indicate that the auditor regards the auditee's view as
important, thus raising the auditee's self image, and encourages auditees who regard
themselves as the ‘local expert' to say more. They can also encourage junior people in an
organization to say more: ‘What do you think would be the most effective . . . ?', ‘How would
you go about . . . ?’.
Please note: When conducting interviews, the careful selection of the types of question used
is therefore important (including appreciative inquiry).
Non-verbal questions may seem to be a contradiction in terms, but questions do exist in this
form. For example, the raising of the eyebrows whilst maintaining eye contact can indicate a
D
wish for the auditee to continue.
I-I
BS
Please note: An awareness of limited non-verbal communication in virtual settings should be
remembered, with perhaps then more focus applied on the type of questions to use in finding
5-
objective evidence.
01
:2
…………………………………………………………………………………………………………………………… 01
90
……………………………………………………………………………………………………………………………
O
……………………………………………………………………………………………………………………………
IS
e
……………………………………………………………………………………………………………………………
rs
ou
……………………………………………………………………………………………………………………………
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 10
Effective communications
5 minutes
Click here to start
D
I-I
49
BS
5-
Activity 10: Effective communications
01
Purpose:
:2
To recognize examples of effective communications, during an audit. 01
90
OPTION 1: e-learning module on ‘Questioning Techniques’
O
Duration:
IS
5 minutes classroom e-learning

5 minutes to create learning test questions (with your neighbour) for the rest of the class
e
rs

ou

rC
Directions:
to
The tutor will now run an e-learning module for the rest of the class; please listen and take
di
notes. If the tutor is going too fast for you: Please slow him/her down!
Au
When this is finished, please reflect on what you have learnt, and discuss any learning points
ad
with your neighbour. Think of questions (in your pairs) that you could ask - to test the other
groups learning i.e. provide example of different questions and then ask other groups what
Le
type of question it is.
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
OPTION 2:
Duration:
10 minutes in pairs
Directions:
In pairs, the tutor will provide you with two types of questions from the below:
1st pair – Open and Specific
2nd pair – Leading and Closed
3rd pair – Hypothetical and Reflective
4th pair – Probing and Rhetorical
D
Please think of one statement to demonstrate the questions above for a real life audit
I-I
situation. Get ready to feed these back to the rest of the class.
BS
5-
5th pair – How could you funnel these questions to come up with an audit finding? Which
01
ones would you start with etc. and end with?
:2
01
90
……………………………………………………………………………………………………………………………
O
……………………………………………………………………………………………………………………………
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Audit findings
What could they be?
• Conformance and positive audit

findings
• Opportunities for improvement

(OFI’s)
• Nonconformity (ISO 9000- non-

fulfilment of a requirement)
D
I-I
51
BS
5-
Conformance and positive audit findings – Such as those areas or processes which were
01
found to be meeting the audit criteria requirements and were perhaps very effective, or
indeed good practice found. Also, to thank the auditees for their cooperation and courtesy.
:2
01
Opportunities for improvement or potential risks (OFI’s) – While a particular process
90
may be effective, it might not be as efficient as it could be. It might be the case that the
O
auditor has specialist knowledge, or has explored best practice with the auditee. However,
IS
third-party auditors should exercise caution; as identifying OFI’s could be construed as giving
advice/consultancy. There may also be areas of concern, but for which there is insufficient
e
rs
objective evidence to raise conformity or nonconformity. For example, whilst a particular

ou
process meets the requirements today, it is likely that it will not should either: (i) if the same
rC
state of affairs is to continue e.g. deterioration, or (ii) if there is a change in the situation e.g.
an expected or unexpected demand is made of the process. An OFI could therefore be
to
described as a statement referring to a potential enhancement, weakness, or potential

di
deficiencies in a management system. It can also provide a rationale for improvement, and
Au
generic information about industrial best practice, without providing a specific solution. BSI
ad
assessors may also use a finding called an ‘Observation’, for specific schemes where
accreditation rules prohibit the certifying body from issuing an OFI.
Le
Nonconformity (ISO 9000: Non-fulfilment of a requirement)

There will be a audit nonconformity if an audit criteria has not been fulfilled:
1. The process (documented or not) does not comply with the requirements of the criteria
2. The process (documented or not) has not been implemented
3. The process (documented or not) (what is actually being done) is not effective, i.e. the
required output is not produced
As soon as the objective evidence points to a nonconformity, the auditor should immediately
voice their thoughts to the auditee to seek clarification, and verification. This is not a cause
for rejoicing, but total openness from auditors will hopefully encourage the same from the
auditee. It is essential that both parties fully understand what the problem is and how serious
it is. Auditors will often need a little help from the auditee to do that. Once the facts of the
matter are established, they should be written down by the auditor and agreed with the
auditee.
When determining audit findings: Accuracy; sufficiency and appropriateness of objective

evidence to support audit findings; and the extent to which planned audit activities are
realized and planned results achieved, should be considered. Therefore, when recording
conformity, an auditor should consider audit evidence to support effectiveness, if applicable.
(See process audit preparation slide, introduced later in the course, on process effectiveness.)
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
D
I-I
……………………………………………………………………………………………………………………………
BS
……………………………………………………………………………………………………………………………
5-
……………………………………………………………………………………………………………………………
01
:2
……………………………………………………………………………………………………………………………
01
……………………………………………………………………………………………………………………………
90
……………………………………………………………………………………………………………………………
O
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
……………………………………………………………………………………………………………………………
rC
……………………………………………………………………………………………………………………………
to
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Audit meetings
• End-of day meetings

• Progress meetings
• Team meetings
D
I-I
53
BS
5-
Auditors should be focused on the intended result of the management system throughout the
01
audit process. While processes and what they achieve are important, the result of the
management system and its performance are what counts.
:2
01
It may be helpful to the auditee, and management, to provide a summary of the days
90
auditing progress – in particular progress against the audit plan, positives encountered,
O
areas of non-conformance encountered, and anything that is/could affect the audit objective,
IS
or the plan the next day.

e
rs
Before the closing meeting, but immediately after the actual auditing process is
ou
completed, an audit team meeting should be held so that the team leader can plan the closing
rC
meeting in detail, and ensure the team knows what is going to be presented to the
organization in the way of conformance, nonconformities and conclusion. The team meeting
to
needs to be at least an hour before the closing meeting, less if some of the work has already
di
been done the night before, for example.

Au
ad
Some auditors try to ‘squeeze in’ a bit more auditing at this point. The law of diminishing
returns operates, and very little will be gained by trying to rush through some more auditing.
Le
The team leader chairs the audit team meeting and only the audit team is present. The team
completes any nonconformity reports and reviews all findings. The team leader prepares the
audit report and final conclusions.
There is no set rule about who presents the information. The team leader may present
everything – all nonconformities and the report – or the team members may be asked to
present the nonconformities they have found. The review of nonconformities is
important, and members should be rigorous in their review of one another's statements. Are
all the facts there? Is it clear that it is a nonconformity? Can it be read easily? Is it
grammatically correct?
As a result of the ‘review team’ findings the team leader prepares an audit report. This
report reflects the degree to which an organization is complying with its own QMS and the
relevant audit criteria.
As a suggestion, a team leader could do worse than answer three questions asked about the
system in any audit:
• Is there a system intending to address all the clauses of the relevant standard? To what
extent? (audit of intent)
• Has this system been put into practice? To what extent? (audit of implementation)
• Is the system achieving its intent/objectives? To what extent? (audit of effectiveness).
To answer these questions, the nonconformities raised will give some guide.
Further questions may be answered by the report:
D
• Do the nonconformities raised indicate weakness in any particular area(s) of the
I-I
organization?
BS
• Do the nonconformities raised indicate weaknesses in any particular sections of the
management system?
5-
01
Please note: The content of audit conclusions should also address issues such as the
:2
identification of risks and the effectiveness of actions taken by the auditee to address risks
01
and consider the level of the integration of different management systems and their intended
90
results. The absence of a process or documentation can be important in a high risk, or
complex organisation, but not so significant in other organizations.
O
IS
The team leader will also prepare an agenda for the closing meeting and arranges, either
e
rs
through a team member or a guide, for copies of each nonconformity to be passed over to
ou
the organization's management at the appropriate time. It is ideal, but by no means possible
on every audit, for the team leader to organize the seating arrangements for the closing
rC
meeting. This is not for any underhand reason, but they should try to ensure that the
to
arrangements suit the purpose, and, that no one is in an awkward position. Often, the closing
di
meeting may be in the very room the auditors are using for their team meeting.
Au
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Closing meeting
D
I-I
55
BS
5-
The closing meeting is the concluding meeting of the audit, and is the formal presentation by
01
the team of the findings and conclusions of the audit.
:2
The way the meeting is carried out is by conventions which have been drawn up over the 01
years in which audits have been carried out. As long as the auditee management understands
90
the findings and agrees the facts surrounding them, before the team leaves, the team leader
O
and team have done their job.

IS
At the pre-agreed time the team should make themselves available for the meeting. The team
e
rs
leader chairs the meeting. The team leader should take the initiative and work through the
ou
agenda as prepared during the audit team meeting.

rC
The following points need to be covered in some form.

to
List of attendees at the closing meeting

di
The team leader or second auditor passes around a headed list with name and position to be
Au
entered onto it by each attendee.

ad
Please note: The closing meeting can be attended by, as applicable, other relevant interested
Le
parties as determined by the audit client and/or auditee.
Thanks
The team leader should thank the organization on behalf of the team for their help and time
etc. If the audit was carried out in an open fashion by the organization, the team leader
should say so and thank them for it. If it was not, then silence is the preferred method. The
team leader should also thank the guides.
Objectives, scope and criteria

As a formality, and to ensure that the basis for the audit is in no doubt, the objectives and the
scope should be restated. This is for a number of practical reasons. There is usually no real
doubt about this in the auditee organization, because it has been discussed and agreed before
the audit took place. However, some of the people attending the closing meeting may not
have been present at the opening meeting, or are not necessarily aware of everything that
has happened in between. Audits cover a lot of ground, some of it (not too much in a well-
planned audit) irrelevant. The objectives can become hazy. Therefore this statement by the
team leader resets the context of the audit. It is also important to state whether the audit
objective has been accomplished (or not), as the case may be. This is important when
activities/processes, or responsible key personnel were not available during the audit
(although planned to be). This may reduce the reliance on the conclusion (through sampling),
and hence in certain instances make the conclusion unreliable.
Report
The outline of how the audit will be formally reported and the results sent to the auditee
should be described. Ask who the report should be distributed to, within the auditee’s
organization.
D
Limitations
I-I
It bears repetition that the audit was a sample of activities, and is therefore subject to the
BS
risks associated with sampling. Not every conforming or nonconforming area was seen, only a
representative selection. Therefore the possibility exists that there are nonconformities in
5-
areas not covered by this audit.
01
:2
It is recommended that the auditors develop a standard statement covering the essence of
01
the above in their own words, although many certification bodies include the appropriate
90
wording in their report documents.
O
IS
As appropriate, an explanation of the fact that an audit is not necessarily fully representative
of the overall effectiveness of the auditee’s processes should also be covered.
e
rs
ou
Presentation of findings
It is recommended that positive findings (good practice etc.) are covered first, then
rC
nonconformities (if any) are communicated, one after the other, until they have all been
to
presented, although it might be necessary to give a summary.

di
Au
In some cases the auditee representatives will have copies of the nonconformities if some
ad
were agreed earlier. There are different schools of thought about giving copies of the
nonconformities to the auditees at the time of the closing meeting. Generally there are few
Le
disadvantages, and it is recommended here as good practice. There is then no need for
auditees to try to make notes. It is also recommended that the nonconformities are read out
from the report, rather than trying to describe them. This limits the tendency to add
unnecessary words and comments, which should not be necessary if the nonconformity
statement is complete in all respects.
Reading the statements also encourages perhaps less experienced auditors to present the
nonconformities in a clear, firm voice not in an apologetic manner.
Any diverging opinions should be discussed and, if possible, resolved. If not resolved, this
should be recorded. If specified by the audit objectives, recommendations for improvements
may be presented. It should be emphasized that recommendations are not binding.
The degree of detail should take into account consideration of its context and risks and
opportunities.
Summarize
The team leader is responsible for presenting the conclusion that the audit results have led
the team to reach. This is the ‘informed judgement' of the auditors and must consider the
seriousness of any nonconformity, and whether they indicate a departmental or organization
wide breakdown of systems. They must be balanced with positive findings made during the
audit.
Agreement
Each of the nonconformities presented was raised on the basis of the facts being agreed with
a departmental representative at the time. Having reached agreement at the time, the
wording of the nonconformity is unlikely to have been at its most complete and concise. Either
D
at review meetings, or at the closing meeting, these nonconformities are sometimes signed by
I-I
the auditee to acknowledge receipt and understanding of the content.
BS
Clarification
5-
The auditee must have an opportunity to ask questions about the nonconformities, or the
01
summary, and it would normally come at this point. The facts as stated should not be in
:2
dispute. Assuming all the nonconformities or the audit report are accepted by the auditee, the
01
auditor may be asked what response is necessary by the auditee to the points raised. The
90
auditors would expect the auditees to propose some corrective action in a given time. The
closing meeting is not the place to discuss any actual corrective actions necessary. That
O
IS
should be given very careful consideration by the auditee. The team leader should therefore
state that a response in writing is necessary within a number of days or weeks after receipt of
e
rs
the report, with a proposed plan of corrective action. However, if the recommendation is for a
ou
full re-audit then it will not be necessary to submit a corrective action plan.
rC
Departure
to
Having presented the findings and discussed them to the auditee's satisfaction, the audit team
di
can depart, once again thanking the auditee for their time etc.
Au
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Audit report
Contents
D
I-I
58
BS
5-
The audit report should provide a complete, accurate, concise and clear record of
01
the audit and should include or refer to the following:
:2
• The audit objectives, scope and criteria
• Identification of the audit client 01
90
• Audit team and auditee’s participants
• Dates and locations where conducted
O
• Audit findings and evidence

IS
• Audit conclusions
e
• Statement to which the criteria have been fulfilled

rs
ou
Please note: Preparing the audit report should also include, or refer to the fact, that audits by
rC
nature are a sampling exercise; as such there is a risk that the audit evidence examined is not
to
representative. Any unresolved diverging opinions between the audit team and the auditee
di
should also be referred to.

Au
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Audit report
Recognizing possible additional content
D
I-I
59
BS
5-
The report ‘may’ also include or refer to the following, as appropriate:
01
• Audit plan
:2
• Summary of the audit process including any obstacles
• Confirmation that the audit objectives have been achieved in accordance with the audit 01
90
plan
• Areas within scope not covered
O
• Summary of audit conclusions and main findings

IS
• Good practices identified

e
• Agreed follow-up plans

rs
• Statement of confidentiality
ou
• Implications for the audit programme or subsequent audits

rC
• Distribution list
to
di
Please note: Preparing the audit report can also include or refer to any issues of availability of
Au
evidence, and resources or confidentiality, with related justifications.

ad
(See ISO 19011 6.5.1 – page 27)

Le
Additional notes
As the audit moves towards the concluding stages the auditors could be gradually building up
a picture of areas of systems exhibiting conformance, or the most failures. This is the
composite picture the auditors are required to present at the closing meeting and in their
written report. The team leader has the responsibility for generating this composite picture as
their informed judgement of the degree to which working systems comply with stated systems
(and the standard). The information to provide this comes from the audit findings, but it is
necessary to ‘sort' these, so that a reasonable conclusion can be thus sought (assuming
nonconformities have been found).
Based on this, a picture emerges of the types of failure found, relative frequency, where they
were found in the organization, and the management system requirement, (clause of the
standard), which is weakest.
If auditors find information which indicates a distinct lack of management support for the
QMS, then they should say so in their report. Their task is to collate the evidence as fairly and
objectively as they can, and to highlight areas where greatest risk and least assurance lie.
The audit report must also reflect what effect the results of the audit will have on the future
relationship between the two organizations. If it is a second-party audit, the auditors will have
to make recommendations to their own organization about conducting business with the
auditee. The auditors are often limited in what they are allowed to say to the auditee. For
example, few auditors actually make the purchasing decision. However, they should leave the
auditees with a clear idea of where they stand.
D
I-I
As with any record, audit reports should be retained on file for a prescribed time. All the other
BS
records from the audit should also be retained, e.g. checklists, which are useful for re-audits,
and the auditor's own notes made during the audit investigation. As corrective action is taken
5-
the documented information of this will be kept to satisfy the ‘close out’ requirements of each
01
nonconformity.
:2
01
……………………………………………………………………………………………………………………………
90
O
……………………………………………………………………………………………………………………………
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
……………………………………………………………………………………………………………………………
rC
to
……………………………………………………………………………………………………………………………
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Audit report
AUDIT REPORT RELEASE
DATE:
REVIEW:
APPROVAL:
D
I-I
61
BS
5-
The audit report should be issued within an agreed period of time. If it is delayed, the
01
reasons should be communicated to the auditee and the person managing the audit
programme.
:2
01
The audit report should be dated, reviewed and approved, as appropriate, in accordance
90
with audit programme procedures.
O
IS
The audit report should then be distributed to the recipients, as defined in the audit
processes, audit plan or closing meeting.
e
rs
ou
Please note: When distributing the audit report, appropriate measures should be considered
rC
to ensure confidentiality.
to
Completing audit: When completing the audit, lessons learned from the audit can identify
di
risks and opportunities for the audit programme and the auditee.
Au
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 11
Audit follow-up
10 minutes
Click here to start
D
I-I
62
BS
5-
Activity 11: Audit follow-up
01
Purpose:
:2
To recognize the purpose of audit follow-up, and the activities involved. 01
90
Duration:
O
IS

e
rs
ou
Directions:
rC
Individually, please refer to ISO 19011 Clause 6.7 and decide what the purpose of this phase
is, and what you would do/check, as the audit team leader.
to
di
Au
……………………………………………………………………………………………………………………………
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Enabling objectives (continued)
Knowledge
D
I-I
63
BS
5-
In order for delegates to achieve the overall learning objectives, you will need to acquire and
01
develop specific knowledge and skills. These are specified as ‘enabling objectives’ and can be
considered as steps to the achievement of learning objectives.
:2
01
We will now continue with the ‘knowledge’ elements.
90
O
……………………………………………………………………………………………………………………………
IS
……………………………………………………………………………………………………………………………
e
rs
ou
……………………………………………………………………………………………………………………………
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 12
Start of day 2 – quiz
20 minutes
Click here to start
D
I-I
64
BS
5-
Activity 12: Start of day 2 quiz
01
Purpose:
:2
To review and revise the 7 Quality Management Principles (QMP’s). 01
90
Duration:
O
IS

e
rs
ou
Directions:
rC
In groups, lay out the 7 QMP flash cards (red) in front of you. For each of the 7 QMP’s there
are ‘benefit’ cards (blue), and ‘how to apply cards’ (yellow). Please match the benefits, and
to
the how to apply cards, to the appropriate QMP.

di
Au
When you have completed the activity please refer to the references section for activity 12,
ad
and compare answers.

Le
Get ready to feedback any differences found, and your conclusions to the rest of the class.
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Purpose and organizational benefits
The purpose and benefits of a quality

management system
D
I-I
65
BS
5-
Purpose
01
It can help an organization to improve its overall performance and forms an integral
component of sustainable development initiatives. It can be used by internal and external
:2
parties to assess the organization’s ability to consistently meet customer, statutory and 01
regulatory requirements applicable to the product and services it provides, the organizations
90
own requirements, and its aim to enhance customer satisfaction.
O
IS
It specifies requirements aimed primarily at giving confidence in the products and services
provided by an organization and thereby improving customer satisfaction.
e
rs
ou
It can be used for demonstrating an organization’s ability to consistently provide products and
rC
services that meet customer and applicable statutory and regulatory requirements, and aims
to enhance customer satisfaction through the effective application of the system, including
to
processes for improvement of the system and the assurance of conformity to customer and
di
applicable statutory and regulatory requirements.

Au
ad
Organizational benefits
(0.1) The potential benefits to an organization of implementing a quality management system
Le
based on this International Standard are:
a) The ability to consistently provide products and services that meet customer and applicable
statutory and regulatory requirements
b) Facilitating opportunities to enhance customer satisfaction
c) Addressing risks and opportunities associated with its context and objectives
d) The ability to demonstrate conformity to specified quality management system
requirements
Terminology
There are three generic product categories in ISO 9000
Goods
PROCESSED
SERVICE SOFTWARE HARDWARE
MATERIALS
PRODUCTS
D
I-I
66
BS
5-
01
ISO 9000 describes the fundamentals and vocabulary of quality management systems.
:2
Terms relating to ‘Service’ and ‘Products’:
01
90
Service is defined as: An ‘output of an organization with at least one activity necessarily
O
IS
performed between the organization and the customer’.

e
rs
A service is usually experienced by the customer, with its dominant elements being generally
ou
intangible.
rC
Product is defined as: An ‘output of an organization that can be produced without any
to
transaction taking place between the organization and the customer’. The dominant elements
di
of a product are generally tangible.

Au
There are three generic product categories, as follows:

ad
Le
1. Software (e.g. computer program, dictionary content: Consists of information)

2. Hardware (e.g. engine mechanical part: Generally tangible and its amount is a countable
characteristic)
3. Processed materials (e.g. lubricant: Generally tangible and their amount is a continuous
characteristic)
Hardware and processed materials are often referred to as goods.
Many products comprise of elements belonging to different generic product categories.

Whether the product is then called software, hardware or processed material depends on the
dominant element.
Activity 13
Terminology
10 minutes
Click here to start
D
I-I
67
BS
5-
Activity 13: Terminology
01
Purpose:
:2
To explain the terminology used in ISO 9001. 01
90
Duration:
O
IS

e
rs
ou
Directions:
rC
Individually, please match the ISO 9001 term up with its correct definition: Place the definition
letter next to the term it describes. Once you have done this, compare and discuss any
to
differences with your neighbour. Please feedback to the class any differences found.
di
Au
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Term Ans Definition

1. Competence A Set of interrelated or interacting elements of an
organization to establish policies and objectives and
processes to achieve those objectives
2. Continual Improvement B Person or group of people that has its own functions
with responsibilities, authorities and relationships to
achieve its objectives
3. Corrective Action C Person or group of people who directs and controls

an organization at the highest level
4. Documented Information D Result to be achieved
D
I-I
5. Process E Ability to apply knowledge and skills to achieve
BS
intended results
5-
01
6. Interested Party F Action to eliminate the cause of a nonconformity and
to prevent recurrence
:2
7. Management System
01
G Effect of uncertainty
90
8. Measurement H Make an arrangement where an external organization

O
performs part of an organization’s function or process

IS
e
9. Monitoring I Measurable result

rs
ou
10. Objective J Need or expectation that is stated, generally implied

rC
or obligatory
to
11. Organization K Information required to be controlled and maintained

di
by an organization and the medium on which it is

Au
contained
ad
12. Outsource L Recurring activity to enhance performance

Le
13. Performance M Determining the status of a system, a process, a

product, a service, or an activity
14. Requirement N Process to determine a value
15. Risk O Set of interrelated or interacting activities that use

inputs to deliver an intended result
16. Top Management P Person or organization that can affect, be affected
by, or perceive itself to be affected by a decision or
activity
Plan-Do-Check-Act framework
Explanation
ACT PLAN


 CHECK
DO
D
I-I
69
BS
5-
The clauses of ISO 9001 broadly follow the Plan-Do-Check-Act (PDCA) cycle.
01
PDCA can be applied to all processes, and to the quality management system as a
:2
whole. The cycle can be briefly described as follows. 01
90
Plan: Establish the objectives of the system and its processes, and the resources needed to
O
deliver results in accordance with customers’ requirements and the organization’s policies.
IS
Extent of planning will depend on risk.

e
Do: Implement what was planned.

rs
ou
Check: Monitor and (where applicable) measure processes and the resulting products and
services against policies, objectives and requirements and report the results.
rC
Act: Take actions to improve performance, as necessary.

to
di
Au
Typical processes could be:

• How documents are controlled
ad
Le
• Risk and opportunity determination

• Quality management planning
• Internal communications
• Management review process
• Competence process
• Etc.
Taking the last process (competence):

Plan – determine the necessary competence of person(s) doing work under its control that
affects the performance and effectiveness of the quality management system
Do – where applicable, take actions to acquire the necessary competence
Check – evaluate the effectiveness of the actions taken
Act – Continue to determine and provide the competence OR re-evaluate the methods of
training or other action to ensure it is now effective.
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
D
……………………………………………………………………………………………………………………………
I-I
BS
……………………………………………………………………………………………………………………………
5-
……………………………………………………………………………………………………………………………
01
……………………………………………………………………………………………………………………………
:2
……………………………………………………………………………………………………………………………
01
90
……………………………………………………………………………………………………………………………
O
IS
……………………………………………………………………………………………………………………………
e
……………………………………………………………………………………………………………………………
rs
ou
……………………………………………………………………………………………………………………………
rC
……………………………………………………………………………………………………………………………
to
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
QMS processes
Significance
for auditors
QMS
context
D
I-I
71
BS
5-
Auditors should understand that auditing a management system is auditing an organization’s
01
processes and their interactions in relation to one or more management system standard(s),
and NOT auditing a management system standard (i.e. clauses of the standard) in relation to
:2
an organization’s processes. 01
90
Auditors should recognize that ISO 9001 promotes the adoption of a process approach, and
O
hence rather than taking a piecemeal approach to auditing processes and work instructions
IS
etc. (in isolation), the auditor should take a more holistic approach to testing a ‘coherent
system’ and follow how the product/service is realized throughout the organization. This might
e
rs
contrast to a more risk based management system, like: OH&S or Environmental etc. In these
ou
systems the auditor focuses in the main where risk is, and not necessarily following a
rC
coherent system of process to achieve a defined product/service etc.

to
However, the design and implementation of an organization’s quality management system is

di
influenced by its organizational context (issues and requirements), changes in that context,
Au
and the risks/opportunities arising within that context.

ad
An auditor, therefore, may take the approach of following the defined process, but where
Le
risks/opportunities are encountered: The auditor may wish to spend much longer in that part
of the process – perhaps by reviewing processes, competence and documented information
etc. Once conformity has been established: To then continue in the process.
ISO 19011 - 7.2.3.2 c) Refers to the auditor comprehending the auditee’s structure, purpose
and management practices, and should cover the following: Needs and expectations of
interested parties that impact the management system; types of organization, governance,
size, structure, functions and relationships; general business and management concepts,
processes and related terminology, including planning, budgeting and management of
individuals; cultural and social aspects of the auditee.
Don’t forget also: The processes are there to achieve the intended result(s) of its quality
management system – which introduces you to the next activity…
Activity 14
QMS elements and interactions
10 minutes
Click here to start
D
I-I
72
BS
5-
Activity 14: QMS elements and interactions
01
Purpose:
:2
To outline the processes involved in establishing, implementing, operating, monitoring, 01
reviewing, maintaining and improving a quality management system.
90
O
Duration:
IS
10 minutes in pairs
e
rs

ou
rC
Directions:
In pairs, please try and create a logical flow of activities from the items listed overleaf, by
to
populating the diagram. Various entries have been added to assist you.
di
Au
There is no absolute right/wrong answer here…but a logical interrelationship is expected.

ad
Then, locate the respective clauses from ISO 9001 for each activity, and write these into the
Le
diagram.
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
QMS intended
result(s) Customer focus
QMS Scope
Management review
Internal audit Objectives and planning to

achieve them
D
I-I
BS
5-
01
Determine and provide competent
:2
resources
01
90
O
Operation
IS
e
rs
ou
rC
to
di
1. Awareness/Communications/Documented information
Au
2. Control of nonconforming outputs

3. Context of the organization
ad
4. Monitor, measure, analyse and evaluate

Le
5. Roles, responsibilities and authorities

6. N/C and corrective action
7. Actions to address risk and opportunities
8. Demonstrate leadership and commitment
Role of the Auditor in assessing:
An organization’s ability to meet:
• Customer
• Statutory and
regulatory
• Organization’s own
requirements
D
I-I
74
BS
5-
The Auditor's Role
01
A summary of certain points is fitting here. The major duty of auditors is to look at an
organization’s processes, and the controls on their external providers/ outputs.
:2
This is so they can determine conformance and effectiveness with the organization’s intended 01
result(s), the Standard, and perhaps specific contract requirements.
90
O
With regard to the product or service it provides, ISO 9001 also requires an organization to
IS
demonstrate the ability to meet applicable statutory and regulatory requirements (which
can be expressed as legal requirements). For example 8.2.2 a) – applicable to the
e
rs
product and service, and 8.3.3 c) – design and development inputs etc. Also ISO
ou
17021 9.1.2.2 Determining audit objectives, scope and criteria, specifically 9.1.2.2.2, states
rC
‘The audit objectives shall describe what is to be accomplished by the audit and shall include
the following.... b) evaluation of the ability of the management system to ensure the client
to
organization meets applicable statutory, regulatory and contractual requirements; NOTE: A

di
management system certification audit is not a legal compliance audit’.

Au
ad
Auditing legal requirements might in some cases require a level of knowledge e.g. possibly CE
Marking, Technical files etc. perhaps even a legal expert or specialist in the area. Other
Le
management systems require also an ‘evaluation of compliance’ with its compliance

obligations (including statutory and regulatory requirements) i.e. 14001, 45001 etc. ISO 9001
requires an audit programme to be planned, taking into consideration ‘changes affecting the
organization’ – which might imply auditing for evaluation of compliance. The organization may
choose to use the same auditor to evaluate all statutory and regulatory requirements relating
to the product, service, health and safety, environmental etc.
ISO 19011 - 7.2.3.2 d) The auditor should be aware of, and work within, the organization’s
legal and contractual requirements. Knowledge and skills should cover the following: Laws
and regulations and their governing agencies; basic legal terminology; and, contracting and
liability.
The major requirement though is to only use objective evidence: Unsubstantiated information
is not admissible, and it is the management system that is being audited and not a legal
compliance audit.
Please see additional guidance on evaluating legal compliance in your references

section.
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
D
……………………………………………………………………………………………………………………………
I-I
……………………………………………………………………………………………………………………………
BS
5-
……………………………………………………………………………………………………………………………
01
……………………………………………………………………………………………………………………………
:2
…………………………………………………………………………………………………………………………… 01
90
……………………………………………………………………………………………………………………………
O
……………………………………………………………………………………………………………………………
IS
e
……………………………………………………………………………………………………………………………
rs
ou
……………………………………………………………………………………………………………………………
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
QMS documentation
Documented information
Establish Document Make use of Maintain

and retain
D
I-I
76
BS
5-
Documented information is defined as:
01
‘Information required to be controlled and maintained by an organization and the medium on
which it is contained’.
:2
01
Documented information can be in any format and media and from any source, and can refer
90
to: The quality management system, including related processes; information created in order
O
for the organization to operate (documentation); or evidence of results achieved (records).

IS
[SOURCE: ISO 9000]

e
rs
As part of the alignment with other management system standards a common clause on
ou
'Documented Information' has been used within the standard.

rC
The terms ‘documented procedure’ and ‘record’ have both been replaced throughout the
to
requirements text by ‘documented information’.

di
Au
Where ISO 9001:2008 would have referred to documented procedures (e.g. to define, control
ad
or support a process) this is now expressed as a requirement to maintain documented

information.
Le
Where ISO 9001:2008 would have referred to records this is now expressed as a requirement
to retain documented information.
Clause 8.1 also refers now to ‘determining, maintaining and retaining documented
information’.
Documentation requirements
Requirements for QMS

documentation
D
I-I
BS
77
5-
01
Requirements for QMS documentation:
:2
ISO 9001
01
Documented Information Requirements
90
Clause:
O
4.1
IS
4.2
e
rs
ou
4.3 Maintained scope

rC
Maintained documented information to the extent necessary to support the

to
operation of processes, and retained documented information to the extent

di
4.4
necessary to have confidence that the processes are being carried out as
Au
planned
ad
5.1
Le
5.2 Maintained quality policy (5.2.2)
5.3
6.1
6.2 Maintained quality objectives (6.2.1)
6.3
Retained evidence of fitness for its purpose, as a monitoring and
measurement resource (7.1.5.1)
7.1
Where no such standard exists (measurement standards), the basis used for
calibration or verification (7.1.5.2 a) – retained
ISO 9001
Clause:
7.2 Retained appropriate evidence of competence
7.3
7.4
Required by this International Standard (7.5.1 a)

Determined by the organization as being necessary for the effectiveness of
7.5 the QMS (7.5.1 b)
Documented information of external origin determined by the organization to
be necessary for the planning and operation of the QMS (7.5.3.2)
Determining, maintaining and retaining documented information to the extent
D
I-I
necessary to have confidence that the processes have been carried out as
8.1
BS
planned, and to demonstrate conformity of products and services to
requirements (8.1 e)
5-
01
Retained the results of the review, including any new requirements for the
:2
8.2 products and services, relevant amended documented information
(8.2.3.2/8.2.4)
01
90
Demonstrate that design and development requirements have been met

O
(8.3.2 j)
IS
Retained documented information on design and development inputs (8.3.3)

e
rs
Design and development control activities – retained (8.3.4 f)

8.3
ou
Retained documented information on design and development outputs

rC
(8.3.5)
to
Design and development changes, results of reviews, authorizations and

di
actions taken (8.3.6)

Au
Retained documented information of the evaluation, selection, monitoring, re-

ad
8.4
evaluations of external providers, and any necessary actions (8.4.1)
Le
Availability - defining the characteristics of the products and services, or the

activities to be performed (8.5.1 a) 1))
Availability – defining the results to be achieved, (8.5.1 a) 2))
Retained to maintain traceability (where traceability is a requirement) (8.5.2)

8.5
Customer, or external providers property (lost, damaged etc.) on what has
occurred (8.5.3)
Retained description of the results of the review of changes, the persons
authorizing the change, and any necessary actions (8.5.6)
Retained evidence of conformity with the acceptance criteria

8.6
Traceability to the person(s) authorizing release of products and services
ISO 9001
Clause:
Describing the: nonconformity, actions taken, concessions obtained, and on
8.7 the authority that decided the action in respect of the nonconformity –
retained (8.7.2)
Retained evidence of the results of monitoring, measurement, analysis and
9.1
evaluation activities (9.1.1)
Audit programme (9.2.2)
9.2
Retained evidence of the implementation of the audit programme and the
audit results (9.2.2 f)
9.3 Retained evidence of the results of management reviews (9.3.3)
D
10.1
I-I
Retained evidence of the nature of the nonconformities and any subsequent
BS
10.2
actions taken and the results of any corrective action (10.2.2)
5-
10.3
01
:2
01
*** The underlined text forms the key decisions to be taken ***
90
O
……………………………………………………………………………………………………………………………
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Enabling objectives
Skills
D
I-I
80
BS
5-
In order for delegates to achieve the overall learning objectives, you will now need to acquire
01
and develop specific skills; by practising and testing the knowledge gained in real/simulated
audit situations. These are also specified as ‘enabling objectives’, and can be considered as
:2
steps to the achievement of learning objectives. 01
90
We will now look at the ‘skills’ elements.
O
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
……………………………………………………………………………………………………………………………
rC
……………………………………………………………………………………………………………………………
to
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 15
Initiating the audit
15 minutes
Click here to start
D
I-I
81
BS
5-
Activity 15: Initiating the audit
01
Purpose:
:2
To practise and test the skills for initiating an audit. 01
90
Duration:
O
15 minutes whole class

IS
10 minutes classroom discussion/review

e
rs
ou
Directions:
rC
You are currently working for a renowned manufacturing supplier that makes plastic panels
for the car industry. This involves plastic injection moulding equipment which utilizes high
to
pressures and heavy presses. Your organization is called ‘Plastico’.

di
Au
Whole class, please ask the tutor questions to complete this stage. This includes speaking to
ad
your audit client (Purchasing Director), your programme manager (Quality Manager) and then
the auditee’s management.
Le
Please note: Initial contact with the auditee should also include requesting access to
information on the risks and opportunities the organization has identified, and how these are
addressed; also the determination of any areas of risk to the auditee, in relation to the specific
audit. Resolution of any issues regarding the composition of the audit team, with the auditee
or audit client, will also be necessary.
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 16
Document review
60 minutes
Click here to start
D
I-I
82
BS
5-
Activity 16: Document review
01
Purpose:
:2
To practise and test the skills for carrying out a document review, in preparation for an audit.
01
90
Duration:
O
60 minutes groups
IS

e
rs
ou
Directions:
rC
In groups, please now perform a document review of the case study organization. Please also
include in your desktop review an audit of their Quality Policy, Scope and gain a basic
to
understanding of their business processes. Be prepared to feedback your findings to the other
di
groups. Use the template that follows.

Au
ad
Please note: Delegates might wish to either allocate sections of the complete documented
information to each group member, or limit reading to the Managing Director’s introduction to
Le
LLL and the organization’s ‘Quality Management System Overview – QM001’. As long as a
sufficient document review is carried out in preparation for your audit.
Please note: Performing review of documented information should take into account the
context of the auditee’s organization, and its related risks and opportunities.
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
ISO 9001 - Minimum documentation COVERED IN THE: Case Study

requirements: documentation?
4.1
4.2
4.3 - Maintained scope
4.4 - Maintained documented information to the

extent necessary to support the operation
of processes, and retained documented
information to the extent necessary to
D
I-I
have confidence that the processes are
BS
being carried out as planned
5-
01
5.1
:2
01
90
5.2 - Maintained quality policy (5.2.2)
O
IS
5.3
e
rs
6.1
ou
rC
6.2 - Maintained quality objectives (6.2.1)

to
di
Au
6.3
ad
7.1 - Retained evidence of fitness for its

Le
purpose, as a monitoring and

measurement resource (7.1.5.1)
Where no such standard exists
(measurement standards), the basis used
for calibration or verification (7.1.5.2 a) -
retained
7.2 - Retained appropriate evidence of

competence
7.3
7.4

7.5 - Required by this International Standard

(7.5.1 a)
Determined by the organization as being

necessary for the effectiveness of the QMS
(7.5.1 b)
Documented information of external origin

determined by the organization to be
necessary for the planning and operation
of the QMS (7.5.3.2)
D
I-I
8.1 – Determining, maintaining and retaining
BS
documented information to the extent
5-
necessary to have confidence that the
01
processes have been carried out as
planned, and to demonstrate conformity
:2
of products and services to requirements 01
(8.1 e)
90
O
8.2 - Retained the results of the review,

IS
including any new requirements for the

e
products and services, relevant amended

rs
documented information (8.2.3.2/8.2.4)

ou
rC
8.3 - Demonstrate that design and development

requirements have been met (8.3.2 j)
to
di
Retained documented information on

Au
design and development inputs (8.3.3)

ad
Design and development control activities

Le
– retained (8.3.4 f)
Retained documented information on
design and development outputs (8.3.5)
Design and development changes, results
of reviews, authorizations and actions
taken (8.3.6)
8.4 - Retained documented information of the

evaluation, selection, monitoring, re-
evaluations of external providers, and any
necessary actions (8.4.1)

8.5 - Availability - defining the characteristics of
the products and services, or the activities
to be performed (8.5.1 a) 1))
Availability – defining the results to be
achieved, (8.5.1 a) 2))
Retained to maintain traceability (where

traceability is a requirement) (8.5.2)
Customer, or external providers property

(lost, damaged etc.) on what has occurred
D
(8.5.3)
I-I
BS
Retained description of the results of the
review of changes, the persons authorizing
5-
the change, and any necessary actions
01
(8.5.6)
:2
01
8.6 - Retained evidence of conformity with the
90
acceptance criteria
O
Traceability to the person(s) authorizing

IS
release of products and services

e
rs
ou
rC
8.7 - Describing the: nonconformity, actions

to
taken, concessions obtained, and on the

di
authority that decided the action in respect

Au
of the nonconformity – retained (8.7.2)

ad
Le
9.1 - Retained evidence of the results of

monitoring, measurement, analysis and
evaluation activities (9.1.1)
9.2 - Audit programme (9.2.2)

Retained evidence of the implementation
of the audit programme and the audit
results (9.2.2 f)

9.3 - Retained evidence of the results of

management reviews (9.3.3)
10.1
10.2 - Retained evidence of the nature of the

nonconformities and any subsequent
actions taken and the results of any
corrective action (10.2.2)
D
10.3
I-I
BS
5-
***The underlined text above forms the key decisions taken by the organization***
01
:2
……………………………………………………………………………………………………………………………
01
……………………………………………………………………………………………………………………………
90
……………………………………………………………………………………………………………………………
O
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
……………………………………………………………………………………………………………………………
rC
……………………………………………………………………………………………………………………………
to
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 17
Audit plan
45 minutes
Click here to start
D
I-I
87
BS
5-
Activity 17: Audit plan
01
Purpose:
:2
To practise and test the skills for preparing an on-site audit plan that is appropriate to the
01
defined objectives, scope, criteria, and the organization’s context and processes.
90
O
Duration:
IS
45 minutes groups
e
rs

ou
rC
Directions:
Working in groups, use the template from Activity 7 to create an audit plan that will achieve
to
the audit objectives, discovered in Activity 15, for LifeLong Learning (LLL).
di
Au
The tutor will provide more help to one group, so that an typical example (from practice) can
ad
be shown to other groups.

Le
The tutor will then invite other groups to critique each group’s answers during feedback, and
then recap the main learning points.
Please note: The audit team leader should take a risk-based approach to planning, based on
the audit programme and the documented information provided. The audit team leader
should also consider opportunities to improve the effectiveness and efficiency of the audit
activities, and the risks to achieving the audit objectives created by ineffective audit planning.
Audit planning should also address or reference: The processes to be audited; the locations
(physical and virtual); the need to familiarise themselves with the auditee’s facilities and
processes; reviewing information and communication technology; allocation of resources
based on risks and opportunities; and follow-up actions (e.g. lessons learned, project
reviews).
Activity 18
Work documents
30 minutes
Click here to start
D
I-I
88
BS
5-
Activity 18: Work documents
01
Purpose:
:2
To practice and test the skills for preparing the necessary work documents: Checklists, sampling
01
plans and forms.
90
O
Duration:
IS
(This will be used for the audit of top management – tested in Activity 21)
e
rs
ou
Directions:
rC
Working in groups, please create checklists for your interview with top management. (You may
wish to split the question topics up for each team member to focus on)
to
di
Audit Criteria – ISO 9001 (Clauses of possible note: 5, 6 (Top level), 9.3, and elements of 4 -
Au
purpose, strategic direction, intended results(s), expectations etc.)

ad
Audit objective and scope as per Activity 15

Auditee representative – Managing Director
Le
Specific documented information in the case study material of possible interest:

Managing Director’s introduction to LLL
Quality Management System Overview:
• Scope of the Quality Management System
• Exclusions
• Quality Policy
• Organization Chart
• Responsibilities and Authorities
• LifeLong Learning Process interrelationships
Management Review, context of the organization and objectives
Activity 19
Opening meeting
30 minutes
Click here to start
D
I-I
89
BS
5-
Activity 19: Opening meeting
01
Purpose:
:2
To practise and test the skills to conduct an opening meeting for a QMS audit. 01
90
Duration:
O
20 minutes whole class workshop

IS
30 minutes in groups plan and carry out an opening meeting

e
rs
Directions:
ou
1. Whole class, your tutor will now talk you through a second party opening meeting from the
rC
point of view of an auditor. Based on the scenarios given what do you think is not correct,
and if you were the lead auditor, what would you consider and do differently.
to
di
2. Then, in groups, plan and carry out an opening meeting, in accordance with your audit
Au
plan for LLL. The tutor will then select one group to carry out the actual opening meeting.
ad
The other group to observe, take notes, and comment as appropriate.

Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 20
Observations
20 minutes
Click here to start
D
I-I
90
BS
5-
Activity 20: Observations
01
Purpose:
:2
To practise and test the skills required for a site tour, and collect evidence through 01
observations.
90
O
Duration:
IS
20 minutes in pairs
e
rs

ou
rC
Directions:
Please refer to Section 3 of your References section. There you will find 22 photographs. The
to
tutor will allocate sections of photos to different groups, so that all photographs can be
di
covered within the time allocated.

Au
ad
Assume you are making these observations as you walk around the organization’s site. Please
record what questions you might ask: In relation to the observations made.
Le
Your tutor will talk through some of the typical observations, for one photograph, to start you
off.
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Auditing ‘top management’
D
I-I
91
BS
5-
Please review the script of an audit with top management
01
In your teams, please identify the following:
:2
01
1. What clauses of the Standard are being audited?
90
2. What are the audit trails you would follow when auditing the organization?
O
3. What is the purpose and the intended result(s) of the management system, and the
IS
relevant external and internal issues, as determined by the organization

4. Who are the relevant interested parties and any relevant requirements that have been
e
rs
determined by the organization

ou
5. What are top management’s priorities for the QMS?

rC
6. What risks are there in relation to the organization's processes?

to
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 21
Auditing ‘top management’
45 minutes
Click here to start
D
I-I
92
BS
5-
Activity 21: Auditing ‘top management’
01
Purpose:
:2
To practice and test the skills required, as an auditor, in a review of top management at an
01
organization.
90
O
Time is normally very limited for this audit with top management – so focus on the important
IS
questions and evidence expected. Assume all your samples are already contained in your case
study documented information.
e
rs
ou
Duration:
rC
45 minutes for audit and with tutor feedback

10 minutes to review/reflect and summarize findings in preparation for Activity 30 (your Audit
to
Report).
di
Au
Directions:
ad
In your allocated teams (using your output from Activity 18), interview the Managing Director
of ‘LifeLong Learning Ltd (LLL)’ who will be played by the tutor. Each group will be allowed to
Le
ask questions in turn. When you are not asking questions please follow the audit and take
notes of evidence provided. These may provide further useful audit trails for yourself.
You should note the information given to you, and be prepared to discuss in class what this is
and how you might use this during the audit.
You and your team should also be prepared to discuss auditor/auditee body language issues
and tone and language used for top management.
Please note: Auditors should also aim to interview top management to confirm that they have
an adequate understanding of the discipline-specific issues relevant to their management
system, together with the context their organization operates within, so that they can ensure
that the management system achieves its intended results. Auditors should not only focus on
leadership at the top management level but should also audit leadership and commitment at
other levels of management, as appropriate.
*An example Quality Policy has been added to Section 4 of your References section.*
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
D
……………………………………………………………………………………………………………………………
I-I
BS
……………………………………………………………………………………………………………………………
5-
……………………………………………………………………………………………………………………………
01
……………………………………………………………………………………………………………………………
:2
01
……………………………………………………………………………………………………………………………
90
……………………………………………………………………………………………………………………………
O
IS
……………………………………………………………………………………………………………………………
e
……………………………………………………………………………………………………………………………
rs
ou
……………………………………………………………………………………………………………………………
rC
……………………………………………………………………………………………………………………………
to
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 22
Auditing ‘context of the

organization’
15 minutes
Click here to start
D
I-I
BS
94
5-
01
Activity 22: Auditing ‘Context of the organization’
:2
01
Purpose:
90
To practice and test the skills required, as an auditor, in a review of the overleaf audit criteria
O
at an organization.
IS
Assume all your samples are already contained in your case study documented information.
e
rs
ou
Duration:
rC
15 minutes work documents preparation

to
10 minutes to review/reflect and summarize findings

di
Au
Directions: (Part A)
ad
In your allocated teams, create work documents for the areas allocated, then start auditing.
Each group will be allowed to ask questions in turn. When you are not asking questions
Le
please follow the audit and take notes of evidence provided. These may provide further
useful audit trails for yourself.
Audit Criteria – The organization’s ‘Context of the organization’ documented information, ISO
9001 Clause 4, and audit trails from the top management interview.
Audit objective and scope as per Activity 15.
Auditee representative(s) – You decide!
Please note: Auditors should have relevant sector-specific knowledge and understanding of
the management tools that organizations can use in order to make a judgement regarding
the effectiveness of the processes used to determine context.
Directions: (Part B)
After the audit, spend 10 minutes reflecting on your audit and summarize the main findings
(good and bad) in preparation for Activity 30 (Audit Report).
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
D
I-I
……………………………………………………………………………………………………………………………
BS
……………………………………………………………………………………………………………………………
5-
01
……………………………………………………………………………………………………………………………
:2
…………………………………………………………………………………………………………………………… 01
90
……………………………………………………………………………………………………………………………
O
……………………………………………………………………………………………………………………………
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 23
Auditing ‘planning for the QMS’
40 minutes
Click here to start
D
I-I
BS
96
5-
01
Activity 23: Auditing ‘Planning for the QMS’
:2
Purpose:
01
90
To practice and test the skills required, as an auditor, in a review of the overleaf audit
criteria at an organization.
O
IS
Assume all your samples are already contained in your case study documented information.
e
rs
ou
Duration:
rC

to

di
Au
In your allocated teams, create work documents for the areas allocated, then start
ad
auditing. Each group will be allowed to ask questions in turn. When you are not asking
Le
questions please follow the audit and take notes of evidence provided. These may provide
further useful audit trails for yourself.
Audit Criteria – Organization’s planning for the QMS processes, ISO 9001 Clause: 6, and
audit trails from your previous audits.
Auditee representative – You decide!
Please note: An audit of an organization’s approach to the determination of risks and

opportunities should not be performed as a stand-alone activity. It should be implicit during
the entire audit of a management system, including when interviewing top management.
The organization’s treatment of its risks and opportunities, including the level of risk it wishes
to accept and how it is controlled, will require the application of professional judgement by the
auditor.
(good and bad) in preparation for Activity 30 (Audit Report)
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
D
I-I
……………………………………………………………………………………………………………………………
BS
……………………………………………………………………………………………………………………………
5-
01
……………………………………………………………………………………………………………………………
:2
…………………………………………………………………………………………………………………………… 01
90
……………………………………………………………………………………………………………………………
O
……………………………………………………………………………………………………………………………
IS
……………………………………………………………………………………………………………………………
e
rs
……………………………………………………………………………………………………………………………
ou
rC
……………………………………………………………………………………………………………………………
to
……………………………………………………………………………………………………………………………
di
……………………………………………………………………………………………………………………………
Au
……………………………………………………………………………………………………………………………
ad
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 24
Risks and opportunities
10 minutes
Click here to start
D
I-I
98
BS
5-
Activity 24: Risks and opportunities
01
:2
Purpose: 01
To consolidate understanding of risks and opportunities.
90
Duration:
O
IS
10 minutes review
e
rs
5 minutes reflection on your own organization

ou
Directions:
rC
Overleaf are 10 statements relating to risks and opportunities. Individually consider whether
to
you believe these statements to be true or false in relation to Clause 6.1, Actions to address
di
risks and opportunities.

Au
ad
Le
Statement T/F
It is a requirement of the standard to retain a risk register
Risk must relate to the strategic direction of the organization
There is a requirement to have a risk manager within your QMS
Using a traffic light system to assess your risks is the best way to
D
keep on top of your issues
I-I
BS
There is no requirement to have a documented risk assessment
5-
process as part of the standard
01
:2
Opportunities may include launching a new service or adopting a
01
new technology
90
O
An organizations’ risks practices Are required to following the

IS
guidance given in ISO 31000

e
rs
ou
Assessing financial return is a way of determining whether to take

advantage of an opportunity
rC
to
Risk acceptance must be determined at management review

di
Au
ad
A method of treating an identified risk is to do nothing more about

Le
it
Process audit preparation
With what? With who?

(resources) (responsibilities,
authorities)
Inputs?
(what, Outputs?
from PROCESS (what,
whom) to whom)
How done? What results?

(criteria, methods/controls (monitoring, measurements,
documentation) performance indicators)
D
I-I
100
BS
5-
Auditors should apply professional judgement during the audit process and avoid
01
concentrating on the specific requirements of each clause of the standard at the expense of
achieving the intended outcome of the management system. Some ISO management system
:2
standard clauses do not readily lend themselves to audit in terms of comparison between a 01
set of criteria and the content of a procedure or work instruction. In these situations, auditors
90
should use their professional judgement to determine whether the intent of the clause has
O
been met. Please remember though: Auditors should be focused on the intended result of the
IS
management system throughout the audit process. While processes and what they achieve
are important, the result of the management system and its performance are what
e
rs
counts.
ou
rC
A process is defined as a: ‘set of interrelated or interacting activities that use inputs to deliver
an intended result’.
to
Identifying the processes that drive an organization’s activities, products and services helps to
di
understand the ‘coherent System’, and thus the risks incurred and the appropriate controls.
Au
Whether you are attempting to audit existing processes or you are auditing new ones, an
ad
important stage is the accurate identification of inputs, outputs, controls and resources. In
order to capture the information, it is useful to construct a diagram to identify all the elements
Le
of a process, as on the slide. Creating the diagram will also help focus attention on the need
for the process in the first place – you may find that it has evolved rather than been designed.
During this sort of analysis, it is sometimes hard to know whether you are auditing a process
or a series of processes, where the output of one process is the input into the next process.
Note, in some processes, some inputs become outputs without any transformation e.g. a
blueprint used in a manufacturing process or a catalyst in a chemical process. A process
where the conformity of the resulting output cannot be readily or economically validated is
frequently referred to as a ‘special process’.
Note that a ‘procedure’ is a ‘specified way to carry out an activity or a process’, which may be
a documented set of instructions, or simply an established way of doing a specific task that
itself forms part of a larger process. In ISO 9001 this might be considered captured, in the
main, by ‘the availability of documented information that defines the activities to be
performed and the results to be achieved’ 8.5.1 a) Control of production and service
provision.
D
I-I
BS
5-
01
:2
01
90
O
IS
e
rs
ou
rC
to
di
Au
ad
Le
QMS04101ENGX v6.0(AD05) Oct 2021 Copyright © 2021 BSI. All rights reserved. ‹#›
**Please now refer to your References section for a template that may assist you when
preparing for the process audits coming up next**
As mentioned previously, there are three main dimensions to auditing:
Assessment of the documented management system (INTENT)

Assessment of the degree of implementation (IMPLEMENTATION)
Assessment of the QMS effectiveness (EFFECTIVENESS)
It is therefore important not to forget about process effectiveness. The definition of

effectiveness, from (Annex SL) is: ‘extent to which planned activities are realized and planned
results achieved’.
‘Planned Activities’ are considered as the means, methods, and internal requirements by which
D
the organization intends to achieve planned results of a given process to meet requirements.
I-I
Planned activities include conformity to process requirements and processes.
BS
Please note, ‘Process Effectiveness’ includes a consideration of both:
5-
Process realization - the extent to which planned activities are realized; and
01
Process results - the extent to which planned results are achieved.
:2
01
(An EXAMPLE therefore, from an auditor’s findings, which has taken into
90
consideration process effectiveness)
O
IS
Process: Tendering
Reviewed documents/evidence:
e
rs
Management’s description of the process (Management Interview)

ou
Documented tendering process ‘TENPROC’ 23rd Jul 2018

………etc.
rC
Planned activities: Have been fully realized.

to
Methods for determining process results are: Returned on time on-going target (98%),
di
……etc.
Au
Results: Weekly review minutes (wk 34, 36 and 40) state on-going sales team’s concern with
the timely completion of tenders (currently 78%), although no investigation/action has yet
ad
been taken…..etc.
Le
Planned results: not achieved and appropriate action is not taken.
There are therefore basically: ‘Five steps to a finding’ here.
Remembering this should help all auditors when structuring their documented evidence, to
include process effectiveness i.e.
1. Objective evidence as bullet point/list

2. Planned activities have been fully realized / not fully realized / not realized
3. Methods for determining process results are:
4. Result:
5. Planned results achieved /not achieved but actions being taken/ not achieved and
appropriate actions not taken.
Activity 25
Auditing the organization’s
processes (1)
20 minutes
Click here to start
D
I-I
102
BS
5-
Activity 25: Auditing the organization’s processes (1)
01
Purpose:
:2
To practice and test the skills required, as an auditor, in a review of the audit criteria below,
01
and specifically practice process auditing skills. Assume all your samples are already contained
90
in your case study documented information.
O
IS
Duration:
e
rs

ou

rC
to
di
Each group will be allowed to ask questions in turn. When you are not asking questions please
Au
follow the audit and take notes of evidence provided. These may provide further useful audit
ad
trails for yourself.

Le
Audit Criteria – Organization’s processes: PD1-3 (and relevant parts of PD7-9), ISO 9001
(Typical clauses that may be applicable include: 7, 8.1, 8.5.1-3, 8.4.1/2, 9.1), and audit trails
from your previous audits.

Activity 26
Auditing the organization’s processes (2)
25 minutes
Click here to start
D
I-I
103
BS
5-
01
Purpose:
:2
To practice and test the skills required, as an auditor, in a review of the audit criteria below, 01
90
O
IS
Duration:
e
rs

ou

rC
to
di
Au
ad

Le
Audit Criteria – Organization’s processes: QPR1 – PD5 (and relevant parts of PD7-9), ISO
9001 (Typical clauses that may be applicable include: 8.2, 8.4.3, 8.5.4, 8.5.6, 8.6, 8.7, 9.1),
and audit trails from your previous audits.

Activity 27
Auditing the organization’s
processes (3)
30 minutes
Click here to start
D
I-I
104
BS
5-
01
Purpose:
:2
To practice and test the skills required, as an auditor, in a review of the audit criteria below,
01
90
O
IS
Duration:
e
rs

ou

rC
to
di
Au
ad

Le
Audit Criteria – Organization’s processes: PD6 and Customer feedback (and relevant parts of
PD8-9), ISO 9001 (Typical clauses that may be applicable include: 8.5.5, 9.1/2, 10), and audit
trails from your previous audits.

Nonconformity (Knowledge)
Minor
Major
D
I-I
105
BS
5-
Nonconformities can be graded depending on the context of the organization and its risks.
01
The grading can be quantitative (e.g. 1-5) and qualitative (e.g. minor, major).
:2
01
Minor nonconformity: Nonconformity that does not affect the capability of the management
90
system to achieve the intended results (ISO/IEC 17021-1:2015 3.13)
O
IS
Example: Nonconformity: Training is not being evaluated for effectiveness as required by ISO
9001. During the audit the personnel manager stated (admissible statement) that monitoring
e
rs
of training effectiveness has not been performed on training activity ‘123’ (required for
ou
necessary competence).
ISO 9001 Clause 7.2.c) requires that training (necessary for competence) is evaluated for
rC
effectiveness.
to
di
Major nonconformity: Nonconformity that affects the capability of the management system
Au
to achieve the intended results (ISO/IEC 17021-1:2015 3.12)

ad
Nonconformities could be classified as major in the following circumstances:

Le
• If there is a significant doubt that effective process control is in place, or that products or
services will meet specified requirements
• A number of minor nonconformities associated with the same requirement or issue could
demonstrate a systemic failure and thus constitute a major nonconformity
Example: Nonconformity: Documented information of the design and development control

activities is not retained. The design manager stated (admissible statement) that designers did
not need to keep any documentation of control activities, and none were identified during the
audit.
ISO 9001 Clause 8.3.4 requires documented information of the design and development
control activities to be retained.
Activity 28
Nonconformities
30 minutes
Click here to start
D
I-I
106
BS
5-
Activity 28: Nonconformities
01
Purpose:
:2
To practise and test the skills required, as an auditor, to recognize nonconformity and 01
write/grade nonconformity reports correctly.
90
O
Duration:
IS
10 minutes classroom discussion
e
rs
ou

rC
Directions:
to
1. Individually, review the scenarios contained in your references section (for this activity) and
di
answer the questions posed.

Au
ad
After a classroom discussion:

Le
2. The tutor will select a nonconformity(ies). In groups, please each write a nonconformance
statement on a flipchart for all groups to then review (groups will assess to ensure the
statement is: Complete, concise and correct). Please use the format covered on the last
slide (examples), and in the specimen exam paper.
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
Activity 29
Closing meeting
45 minutes
Click here to start
D
I-I
107
BS
5-
Activity 29: Closing meeting
01
Purpose:
:2
To practise and test the skills to present audit conclusions and recommendations clearly in a
01
closing meeting.
90
O
Duration:
IS
15 minutes whole class workshop

45 minutes whole class plan and carry out a closing meeting
e
rs

ou
rC
Directions:
1. Whole class, your tutor will now talk you through a second party closing meeting from the
to
point of view of an auditor and your opening meeting workshop from Tuesday. Based on
di
the scenarios given what do you think is not correct, and if you were the lead auditor, what
Au
would you consider and do differently

ad
2. Then, whole class, plan and carry out a closing meeting: Concluding on your recent audit
Le
activities of the case study this week. The tutor will select one delegate to act as the team
leader and all other delegates are then to write one (different) nonconformity statement
out (from your audit of LLL) and be ready to present it during the meeting – as prompted
by your team leader.
Note/ If there are more than 10 delegates your tutor may split the class into two, for the
purpose of ensuring the meeting runs effectively.
Activity 30
Audit report
60 minutes
Click here to start
D
I-I
108
BS
5-
Activity 30: Audit report
01
:2
Purpose:
To practise and test the skills to present audit conclusions and recommendations. 01
90
Duration:
O
60 minutes individually, then a 5 minutes reflection/application to own workplace

IS
e
Directions:
rs
Working individually, prepare an audit summary report - to be given to the tutor for marking.
ou
Please record no more than 2-3 sides of A4 paper please (or equivalent).
rC
Please include:
to
A unique reference number

di
Au
Auditors in team with yourself identified as the Audit Team Leader

Audit Objective, Scope and Criteria
ad
Auditee’s interviewed
Le
Executive summary detailing:

• Total number of minors/major nonconformities/OFI’s/observations
• The main positive encountered during the audit
• The main area of weakness in the system including ISO 9001 clause
• One nonconformity report
• Assessment of intent – paragraph detailing the main area of weakness and strength
• Assessment of implementation – paragraph as above
• Assessment of effectiveness – paragraph as above
• Recommendation/Conclusions
Activity 31
Audit follow-up
30 minutes
Click here to start
D
I-I
109
BS
5-
Activity 31: Audit follow-up
01
Purpose: To practise and test the skills to evaluate proposals for corrective action, and
:2
differentiate between correction and corrective action. 01
90
**Correction – action to eliminate a detected nonconformity
O
IS
**Corrective action – action to eliminate the cause of a nonconformity and to prevent

recurrence
e
rs
ou
Duration:
rC
30 minutes in pairs
to

di
Au
Directions:
ad
Following a recent audit your team conducted, five nonconformities (contained in your
references section for this activity) have been raised.
Le
First, review the nonconformities raised with your neighbour; also the proposed corrective
actions sent to you from the organization. Then, you can accept the actions proposed by the
organization, or if you do not, then note down why it would not be acceptable and what might
be acceptable proposals. This will then be discussed with the tutor.
Activity 32
Specimen exam paper
50 minutes
Click here to start
D
I-I
110
BS
5-
Activity 32: Specimen exam paper
01
Purpose:
:2
To practise and test the skills required (for section 4 of the exam): To analyse audit situations,
01
evaluate audit evidence and apply knowledge of the audit criteria correctly.
90
O
Duration:
IS
e
rs

ou
rC
Directions:
Individually, complete section 4 of the specimen exam paper.
to
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
CQI and IRCA
• QMS Auditor certification scheme

• Code of Conduct
• Content
• Intent
D
I-I
111
BS
5-
CQI and IRCA (Chartered Quality Institute and The International Register of Certificated
01
Auditors) are internationally recognized as a certification body providing auditor registration.
:2
See CQI and IRCA website (www.quality.org), for details of the QMS Auditor scheme 01
requirements and guidance.
90
O
Code of conduct - All CQI and IRCA certified auditors are required to agree in accordance
IS
with, and be bound by, the Code of Conduct found within the ‘CQI professional code of
conduct’ document, available in your References section.
e
rs
ou
rC
to
……………………………………………………………………………………………………………………………
di
Au
……………………………………………………………………………………………………………………………
ad
……………………………………………………………………………………………………………………………
Le
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
……………………………………………………………………………………………………………………………
How to contact CQI and IRCA
CQI and IRCA

2ndFloor, Chancery Exchange
10 Furnival Street, London
EC4A 1AB, UK
+44 (0)20 7245 6722
Website: https: www.quality.org
D
I-I
112
BS
5-
01
:2
………………………………………………………………………………………………………………………… 01
90
…………………………………………………………………………………………………………………………
O
…………………………………………………………………………………………………………………………
IS
e
…………………………………………………………………………………………………………………………
rs
ou
…………………………………………………………………………………………………………………………
rC
…………………………………………………………………………………………………………………………
to
…………………………………………………………………………………………………………………………
di
Au
…………………………………………………………………………………………………………………………
ad
…………………………………………………………………………………………………………………………
Le
…………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………
…………………………………………………………………………………………………………………………
Course review and final questions
?
• Knowledge
?
• Skills
? ? ? ?
?
?
D
I-I
113
BS
5-
COURSE REVIEW
01
Learning objectives describe in outline what delegates will know and be able to do by the
:2
end of the course. 01
90
On completion, successful delegates will have the knowledge and skills to perform first,
O
second and third-party audits of quality management systems against ISO 9001, in
IS
accordance with ISO 19011 and ISO/IEC 17021, as applicable.

e
rs
Knowledge:
ou
Explain the purpose of:

rC
• A QMS
• QMS standards
to
• Management system audit

di
• Third-party certification
Au
• Business benefits
ad
• Explain the role and responsibilities of an auditor to plan, conduct, report and follow-up a
QMS audit in accordance with ISO 19011, and ISO/IEC 17021, as applicable
Le
Skills:
Have the skills to:
• Plan
• Conduct
• Report, and
• Follow-up an audit of a QMS to establish conformity (or otherwise) with ISO 9001 and in
accordance with ISO 19011, and ISO/IEC 17021, as applicable
Contact information
Address: BSI
Telephone:
Fax:
Email: <general training email>@bsigroup.com
Links: http://<local web address>
D
I-I
114
BS
5-
Complaints and appeals
01
Delegates have the right to make a complaint or appeal before the exam and at the time of their
:2
results issue. Your tutor will cover these details with you.
01
BSI has in place procedures and processes to safeguard against malpractice and maladministration
90
by BSI staff, tutors, invigilators and markers. In the event of an issue being identified there are
O
processes to fully and independently correct and investigate to prevent recurrence.

IS
BSI will not tolerate or accept malpractice by delegates. Examples include:

e
rs
• Arranging for someone else to sit a CQI & IRCA examination on his/her behalf
ou
• Impersonation of another delegate

• Being in possession of confidential material in advance of the examination, e.g. examination
rC
question paper, model answer or marking guidance

to
• Being in possession of materials not permitted in the examination room, e.g. notes, books,
di
dictionaries/calculators (when prohibited), blank paper, mobile phones, smart watches. Possession
Au
of such materials will be considered to be malpractice whether or not the delegate uses them, or
the information contained within the materials is relevant to the examination being sat
ad
• Communicating with other delegates in the examination room in breach of CQI & IRCA
Le
examination regulations
• Copying the work of another delegate or knowingly allowing a delegate to copy from his/her own
work
• Working collaboratively with any other delegate(s) by whatever means during examinations:
Including inappropriate, offensive material in examination scripts
• Plagiarism or misrepresentation of delegates work
• Failure to adhere to the published CQI & IRCA examination regulations
• Failure to adhere to instructions given by an examination invigilator in relation to the examination
regulations, e.g. continuing to work beyond the allotted examination time, refusing to hand in the
examination script and/or examination paper when requested, not adhering to warnings relating
to conduct during the examination
• Disrupting the examination venue
• Tampering with, or forgery of, results documentation, including certificates
Any of the above will result in action being taken against the delegate by BSI.

02 Slides - QMS04101ENGX - v6 (AD05) - Oct2021

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

02 Slides - QMS04101ENGX - v6 (AD05) - Oct2021

Uploaded by

Copyright:

Available Formats

CQI and IRCA Certified ISO 9001:2015 Lead Auditor Training Course

management responsibility, policy, objectives, planning, implementation, measurement,

• The fundamental concepts and the seven quality management principles

terms and definitions

their management practices to enhance efficiency and credibility.

organizations to use competent, certified auditors.

accordance with internationally recognized best practice techniques.

In addition, this course will help you:

• Identify the aims and benefits of an ISO 9001 audit

• Interpret ISO 9001 requirements for audit application

other arrangements for their safekeeping.

devices – mobile phones off/silent please.

• Job position or role?

• Experience of quality management, and knowledge of ISO 9001?

• Something interesting about YOU?

Provide knowledge and skills required to perform

Explain the purpose of:

Explain the role and

and case study materials.

be swapped around, to ensure valuable existing knowledge and experience is shared

First, second and third-party audits

First-party: Second-party: External Third-party:

Second-party – External provider audit, or other interested party audit

A second-party audit is that carried out on a current or potential external provider by a

involved due to weaknesses in their Quality Management System.

Third-party – Certification and/or accreditation, or statutory, regulatory and

Differences between first, second

5 minutes reflection/application to own workplace

The tutor will then review your feedback.

International Accreditation Forum Multilateral Recognition Arrangements

Accreditation Body Personal Certification Body

BSI or esteemed Training course,

Certifies (USA, ‘Registers’) Uses

various certification bodies; such as the British Standards Institution (BSI).

Certification bodies are accredited to carry out independent audits of organizations to

determine if they conform to the requirements of a given standard.

Impact of IAF Mandatory Documents on third-party audits (Extracted from: IAF GD

Accreditations granted by accreditation body members of the IAF Multilateral

Third-party accredited certification

Accredited body, Non-accredited body?

Independently Not independently

ISO 17021 compliant. Not ISO 17021 compliant?

accredited by an independent body, i.e. UKAS (United Kingdom Accreditation Service) to

accredited body i.e. UKAS.

Using an accredited certification organization provides a level of independent assurance for

Enhances reputation by demonstrating your organization’s commitment to good quality

• Repeat business and referral

product life cycle, and reputation

INPUTS AUDIT ACTIVITY OUTPUTS

• Assessment of the QMS effectiveness (EFFECTIVENESS)

Conformance with the minimum documented information requirements of the standard; as

processes, policies, protocols etc.

Typical audit activities

10 minutes classroom discussion/review model answers

management system audit. Please resist viewing the forthcoming slides!

CARDS ON YOUR DESK IN THE FINAL ORDER CHOSEN.

Cards cover the below activities: (in no particular order!)

Cards (within headers above):

Establishing contact with auditee

General (sequence may be varied)

Generating audit findings

Preparation for closing meeting

Preparing audit report