Professional Documents
Culture Documents
Effective Internal Quality Auditing (Regional Centers)
Effective Internal Quality Auditing (Regional Centers)
Effective Internal Quality Auditing (Regional Centers)
Effective Internal
Quality Auditing
based on ISO 19011:2018 –
Guidelines for Auditing Management Systems
Objectives
For the participants to gain basic knowledge and
skills in conducting Internal Audits, specifically in:
• Planning and preparing for internal audit;
• Conducting internal audit;
• Reporting audit results; and
• Conducting follow-up audits
Modules
1. Basics and Phases of QMS Audit
2. Creating Effective QMS Audit Checklist
3. Documenting Audit Findings
1
05/10/2022
Workshops
1. Creating an Audit Checklist
2. Live Audit Exercise
3. Documenting Audit Findings
Module 1
2
05/10/2022
Types of Audit
• Only one party involved in the audit process
(Internal Audit)
• Purpose: ensure that only suppliers of known accepted capability are used.
CB – You – AB
Audit)
3
05/10/2022
10
Principles of Auditing
in ISO 19011:2018
11
Principles of Auditing
in ISO 19011:2018
INTEGRITY
• The foundation of professionalism.
• Replaces and expands the previous principle of Ethical
conduct.
• Auditors should perform work with honesty, diligence
and responsibility.
• Perform work in an impartial manner i.e. remain fair and
unbiased in all their dealings.
• Sensitive to any influences that may be exerted on their
judgment while carrying out an audit.
12
4
05/10/2022
Principles of Auditing
in ISO 19011:2018
FAIR PRESENTATION
• The obligation to report truthfully and accurately.
• The communication should be truthful, accurate,
objective, timely, clear and complete.
• Audit findings, audit conclusions and audit reports
should reflect truthfully and accurately the audit
activities.
• Significant obstacles encountered during the audit and
unresolved diverging opinions between the audit team
and the auditee should be reported.
13
Principles of Auditing
in ISO 19011:2018
14
Principles of Auditing
in ISO 19011:2018
CONFIDENTIALITY
• The security of information.
• The need for auditors to exercise discretion in the use
and protection of information acquired during audits
(inappropriate use of information for personal gain or in
a manner detrimental to the legitimate interests of the
auditee is prohibited)
15
5
05/10/2022
Principles of Auditing
in ISO 19011:2018
INDEPENDENCE
• The impartiality of the audit and objectivity of the
audit conclusions.
• Auditors should be independent of the activity being
audited wherever practicable, free from bias and conflict
of interest.
• Auditors should maintain objectivity throughout the
audit process to ensure that the audit findings and
conclusions are based only on audit evidence.
16
Principles of Auditing
in ISO 19011:2018
EVIDENCE-BASED
APPROACH
• The rational method for reaching reliable and
reproducible audit conclusions in a systematic audit
process.
• Audit evidence should be verifiable.
• It should in general be based on samples of the
information available during the audit.
17
Principles of Auditing
in ISO 19011:2018
RISK-BASED APPROACH
• Conduct audit in consideration of risks and opportunities.
• Auditors should analyze the risks and opportunities
associated to every audit and plan/implement controls to
mitigate the risks but enhance the likelihood of
opportunities.
18
6
05/10/2022
19
20
21
7
05/10/2022
22
23
24
8
05/10/2022
25
26
27
9
05/10/2022
28
Module 2
Creating Effective
Audit Checklists
29
Audit Checklists
• Ensure systematic, structured and uniform approach
• Guide in remembering key points to ensure thorough
coverage of scope
• Aids in time management
• Serves as valuable record of what was audited and the
results
• Useful in:
⁻ Taking notes (objective evidence)
⁻ Doing follow-up
⁻ Writing details of audit findings
30
10
05/10/2022
Audit Checklists
What must be included in the audit checklists?
• Requirements of the Standards
• Processes taking place, associated risks and
opportunities and appropriate action plans
• Availability of procedures and records being generated
• Deficiencies from previous audits, if any
• Customer complaints, changes, emergencies, if any
31
Audit Checklists
How to Prepare Audit Checklists?
• Based on the identified process, identify applicable clauses
and determine specific requirements
• Establish audit trail taking into account:
⁻ Understanding of the quality policy and contexts of the organization
⁻ Relevant objectives and targets, if any
⁻ Specifications and MMAE requirements for the process (source-
inputs-process-outputs-customer)
⁻ Associated risks and opportunities and planned actions
⁻ Availability of procedures and records being generated
⁻ Deficiencies from previous audits, customer complaints, changes
32
Workshop 1
Prepare audit checklist
• For 1 hour
• Ensuring objectivity and impartiality, organize audit
teams
• Assign responsibilities
• Use the standard as criteria and documented
information as reference document
33
11
05/10/2022
Audit Evidences
34
Audit Evidences
• People: Interview auditee to determine understanding/
familiarity
- Competence to perform what needs to happen/ what had happened –
understanding, knowledge, statements
35
Interview Techniques
• Be courteous at all times (never act superior)
• Appropriate language for questioning (tone or level)
• Ask auditee to explain what he/ she does with respect to
selected situations
• Listen carefully to what is said. Allow time for auditee to
think
• Match questions to levels of responsibility
⁻ Management – about policy, leadership and commitment, structure,
support, progress against objectives, challenges, etc.
⁻ Process owners – about areas of operation, specific controls, tasks
36
12
05/10/2022
Interview Techniques
• Use open-ended questions. Avoid closed, direct or leading
questions
• Follow a “trail or questioning”
• Use the “silent question” where appropriate
• Check, cross check and validate
• Remember alternative situations (what happens if)
• Be systematic (summarize to show understanding to ensure
that both you and Auditee understand each other fully)
• Thank Auditee for his cooperation and feedback results
37
Physical inspection
• Observe the activities within a defined process
• Observe condition of facility and equipment
• Time observation/ inspection to verify compliance
- Observe sampling and monitoring procedure
38
Sampling
• Audit is done on a sampling basis
• No sampling plans nor statistical methods suitable
• Based on subjective judgment of the auditor
• Auditor must have skills to understand:
- What the evidence is demonstrating
- Consistency of records/ evidence
- Where evidence is leading to
- Areas of special interest
39
13
05/10/2022
Sampling Guide
• Criticality of the process/ area under review
• Results of previous audits and where applicable
complaints
• Training and understanding of the personnel
40
41
Workshop 2
Live Audit Exercise
• Use the checklist that you prepared
• Work with your assigned group mates
• Conduct actual audit (as assigned)
42
14
05/10/2022
Module 3
Documenting Audit
Findings
43
44
45
15
05/10/2022
46
47
NONCONFORMITY
Major Nonconformity - (System Breakdown) total failure to
fulfil a specified requirement of the standard and/or own
management system
• Absence of documented information (document or record) to
demonstrate conformity to a process/ requirement of the standard or
own management system
• Failure to report legal noncompliance where required to do so by a
license condition, authorization, etc.
• Immediate threat of delivering defective products
• Aggregation of minor nonconformities
• Consistently repeating or widespread failure to implement requirement
of the standards (escalation)
48
16
05/10/2022
NONCONFORMITY
Minor Nonconformity - lapse in the process/ system that has
limited effect on the integrity of the management system or to
the company’s QMS performance
• Inconsistency in the implementation of a process/ procedure/ plan
• Non-implementation of some requirements of a process/ procedure/ plan
• Some missing documents, records, signature, incomplete data, etc.
49
NONCONFORMITY
Types of Nonconformity
• Nonconforming output (against defined criteria/
requirements i.e. QCP, Procedure, WI, etc.)
• Complaints from customers
• Complaints from relevant interested parties
• Objectives that are not met
• Non-fulfillment of compliance obligations
• Nonconformities detected during audits
50
Clear Concise
Supported by Evidence
Based on Facts
51
17
05/10/2022
Finding Statement
Positive Finding
• The level of awareness of the QMS and its requirements is very
high
Example:
Quality Policy is documented, communicated and understood at
all levels. It has been translated in the vernacular for the farm
workers to understand and appreciate, printed in small sizes and
distributed to all staff, inserted in their ID jackets.
52
Finding Statement
Opportunity for Improvement (OFI)
Example:
1. Consider preparing a documented
procedure for evaluating performance of
external providers to ensure continuity and
consistency of the process.
2. There are initiatives that are unique to the
Center and can potentially generate best
practices when replicated. Documentation
of such is therefore recommended.
53
Finding Statement
Potential Problem
Example:
1. The identification and evaluation of risks and opportunities
can be further improved to avoid subjectivity in
determining what need to be addressed in the management
system.
2. There is a need to update the Section’s ROA to include
nonconforming outputs identified in their Quality Control
Plan as risks in order to assess if there are necessary
interventions/ controls to be put in place.
3. Orientation among new entrants need to be done to ensure
that they are aware of the Center’s Quality Policy and
Objectives and know how they can contribute to its
achievement.
54
18
05/10/2022
Finding Statement
Nonconformity
• The process on (system required by the standard/ management system) is not
fully implemented, as evidenced by the following:
Example:
The procedure for control of records was not consistently implemented, as
evidenced by the following:
- Entries of releases in the stock card for lactating concentrate must have
corresponding withdrawal slip. However, withdrawal slips for the whole
months of August and September were not available during the audit despite
releases of lactating concentrates made for said months.
- There are two forms maintained to record ingredients used for each dairy
product, the Ingredients Utilization and Supplies Inventory and Logbook of
Mixture of Ingredients. Both forms are intended to keep records of
ingredients used for all dairy products but they contain different volume of
ingredients for the same product.
55
Finding Statement
Nonconformity
Example:
The process on corrective action is not fully (not
consistently) implemented as evidenced by the
following:
- Root causes of SIRs issued in the last internal audit
have not been identified and/ or analyzed
- SIR was not initiated for targets that were not
achieved last year
56
Finding Statement
Nonconformity
Example:
Quality Policy was claimed to have been communicated
to the staff of the Centers through various meetings e.g.
target setting sessions and others. However, no
documented evidence was present to prove that the
activity has indeed occurred.
The documented Quality Policy also needs to be signed
by the top management to signify her commitment to its
achievement.
57
19
05/10/2022
Workshop 3
For 1 hour:
▪ Work with your group
▪ Using the checklist that was earlier prepared and
the previous results of your live audit exercise,
write at least 1 audit finding with appropriate
clause(s) and audit classification
58
59
60
20
05/10/2022
61
62
Module 4
Analysis, Reporting
& Verification of
Audit Results
63
21
05/10/2022
Analysis of Results
Clause 9.2.2 states that:
“The organization shall plan, establish, implement
and maintain an audit programme(s) including the
frequency, methods, responsibilities, planning
requirements and reporting, which shall take into
consideration the importance of the processes
concerned, changes affecting the organization,
and the results of previous audits.”
64
Analysis of Results
Factors to be considered in the Analysis
• Importance of the processes
- Satisfying customer requirements
- Meeting product/ service specifications
• Results of previous audits
- Problematic areas need to be audited more frequently or
interview
• Changes in the organization
- New product/ service may be audited early and/ or more
frequently
- Organizational changes
65
Analysis of Results
Sample Weight Assignment to Audit Findings
NC - 6 points
Frequency of Audit
PP - 3 points Points Frequency
OFI - 1 point >30 3 x a year
15 - 30 2 x a year
<15 1 x a year
66
22
05/10/2022
67
68
69
23
05/10/2022
70
Module 5
Competence and
Characteristics of
Auditors
71
72
24
05/10/2022
73
74
75
25
05/10/2022
76
77
26