INTERNAL AUDIT CONCEPT,

APPROACH, PLANNING &

CONDUCTING

© DQS Group
Definition

▪ “Systematic, independent and documented process for

obtaining audit evidence and evaluation it objectively to
determine the extent to which the audit criteria are
fulfilled”
ISO 19011:2018
 Quality Management System Terminology and Definitions:
Degree to which a set of inherent characteristics fulfils
QUALITY
requirements
Operational techniques and activities that are used to
QUALITY CONTROL
fulfill requirements for quality
All the planned and systematic activities implemented within the
quality system and demonstrated as needed to provide adequate
QUALITY ASSURANCE
confidence that an entity fulfill the quality requirements

All activities of the overall management function that

determine the quality policy, objectives and implement them by
QUALITY MANAGEMENT SYSTEM quality planning, quality control, quality assurance and quality
improvement within the quality system.
Over all intention and direction of Organization related to Quality is
QUALITY POLICY
formally expressed by Top Management
A systematic, independent and documented process for obtaining
AUDIT audit evidence and evaluating it objectively to determine which
agreed criteria are fulfilled.
Unbiased, factual data supporting the existence or
verity of something. Objective evidence may be obtained
through observation, measurement, test, or other means.
OBJECTIVE EVIDENCE Data supporting the existence or verity of
 Quality Management System Terminology and Definitions
Contd
A person who has the competence to conduct Quality
AUDITOR
Management System Audit
Set of one or more audits planned for a specific time frame (
AUDIT PROGRAMME Example- 3 years) and directed towards a specific purpose

Set of policies, procedures or requirements used as a

reference. Audit criteria are used to development statements
AUDIT CRITERIA of nonconformity. The AS 9100 clauses are the requirements in
which audit evidence is compared determine conformity or
nonconformity.
Records, statements of fact or other information
AUDIT EVIDENCE which are relevant to the audit criteria and
verifiable
Fulfillment of specified requirements by an item or a service
CONFORMITY

Total break-down, or absence of a system or system element

to meet the requirements of the standard.
MAJOR NON-CONFORMANCE
Quality Management System Terminology and Definitions
Contd
MINOR NON-CONFORMANCE
Nonconformity Report
Containment
Key Performance Indicator ( KPI)
Online Aerospace Supplier
Information System (OASIS)
Planned Activities
Planned Results
Can be a single system failure or lapse in conformity to meet a 9100-series standard requirement,
customer QMS requirement, or documented information defined by the organization
A document stating results and providing objective evidence of nonconformity against audit criteria,
including the following information: Containment, Correction, root cause, corrective action
implementation and closure
Action to control and mitigate the impact of a nonconformity and protect the customer’s operation ( stop
the problem from getting worse) ; includes correction, immediate corrective action, immediate
communication, and verification that the nonconforming situation does not further degrade
Measures associated with goals or targets showing how well an organization is achieving its objectives or
critical success factors for a particular project.KPIs are used to objectively define a quantifiable and
measurable indication of the organization’s progress toward achieving its goals
Web-based IAQG database containing information on participating IAQG member companies, National
Aerospace Industry Associations (NAIA), National Accreditation Bodies (NAB), accredited CBs,
authenticated Aerospace Experience Auditors (AEAs), Aerospace Auditors (AAs) certified suppliers,
certificates, and audit results.
The means, methods, and internal requirements by which the organization intends to achieve planned
results of a given process to meet customer requirements. Planned activities include conformity to
process requirements and maintained documented information.
The intended performance of a process as determined and measured by the organization. Planned
results include product and service conformity and On-time Delivery (OTD) to meet customer
requirements, and may include other elements related to the process, as defined by the organization.
 Quality Management System Terminology and Definitions
Contd
A combination of people, material, machines, tools,
environment, and methods that produce a product or
Process
service. Set of interrelated or interacting activities which
transforms inputs into outputs.
confirmation, through the provision of objective
Verification evidence, that specified requirements have been
fulfilled

Action to eliminate the cause of a potential

Preventive Action nonconformity or other undesirable potential situation

Action to eliminate the cause of detected

Corrective Action
nonconformity or other undesirable situation
Correction Action to eliminate a detected non-conformity
The non-fulfilment of a requirement that is stated,
generally implied, or obligatory. A specific occurrence
NON CONFORMITY of
a condition that does not conform to a specification
 Quality Management System Terminology and Definitions
Contd
A document stating process evaluation results; providing evidence of conformity to requirements
Process Effectiveness Assessment
and process effectiveness.
Report (PEAR)

The audit process consists of the following phases:

a. Pre-audit activities ;
b. Stage 1 audit ;
c. Stage 2 audit;
Audit Process d. Surveillance audit ;
e. Recertification audit .
Pre-audit activities and Stage 1/Stage 2 audits are applicable for initial certification. A Stage 1 audit
can also be utilized for recertification audits and during CB transfer.

1 Application: The CB shall require the organization to provide the following:

Pre-Audit Activities
a.percentage of revenue for aviation, space, and defense industry business, as a proportion of
the organization's total revenue;
b.number of employees associated to aviation, space, and defense business (i.e., full time, part
time, temporary) and percentage of the total workforce; and
c. identification of the key (e.g., top five) aviation, space, and defense customers.
2 Application Review
3 Before scheduling the Stage 1 audit, the audit team leader shall:
a. determine if information received during the pre-audit phase is sufficient to proceed to the
Stage 1 audit; and b. verify the audit duration for the Stage 1 and Stage 2 audits.
Quality Management System Terminology and Definitions Contd

Special audits shall be conducted, during the

certification cycle, in response to one of the
following situations:
a.an organization's request to revise their existing
certification scope, certification structure, number
of site(s) and/or location(s); and
Special Audit b.transferring certification from one CB to another
(see 9104/1 clause 8.8).
NOTE: A special audit can also be conducted in
response to a customer or other relevant interest
party request, when a serious issue (supported by
objective evidence) has been identified.
 INTRODUCTION TO AUDITING
What is Audit?

Systematic, Independent and documented

process for obtaining “audit evidence” and
evaluating it objectively to determine the
extent to which “audit criteria” are fulfilled.
 Process Auditing Approach

When auditing each process identified by the organization, there are basic questions
that should be asked, for example:

• Is the process identified and appropriately defined?

• Is the process identified and appropriately defined (inputs, outputs, resources &
controls)?
• Are responsibilities of process owner and process performers assigned?
• Is the process implemented and maintained?
• Is the process effective in achieving the desired results?
 Process Auditing Approach
Other questions could include the following:
• What is the process? What is it trying to achieve?
• Who is the customer of the process?
• Does the process address applicable customer specific requirements?
• Are competencies identified?
• Is the process operating, as defined?
• What is the desired level of performance?
• Does it reflect specified customer targets / performance requirements?
• What are the measures (key performance indicators, etc.)?
• What is the current level of performance?
• Is the process performance regularly reviewed by Top management?
•Where performance is not being achieved, are improvement plans in
place?
 Documented Information
• When implementing a Quality Management System (QMS),
especially in the aerospace industry, it is easy to find yourself
unnecessarily documenting everything in the belief that this will
improve your QMS, or that it is a requirement of the AS9100
standard.
• In fact, AS9100 Rev D has become even more lenient when it
comes to the number of documented procedures required by the
standard, leaving many of the decisions regarding what is
important for you to document in the hands of your company.
• AS9100 uses the term “documented information,” but it is helpful
to separate this into two categories: mandatory documents, and
mandatory records.
 Documents & Records
Documents and records may sound alike but there is a
big difference between the two.
Documents are created by planning what needs to be done
and records are created when something is done and record the
event.
Documents can be revised and changed, where as records don't
(must not) change.
 What are the required documents and records?
Mandatory Documents AS9100 Rev D Clause
Scope of the Quality Management System 4.3
List of relevant interested parties (Can be included in the quality 4.4.2
manual.)
QMS scope including boundaries and applicability (Can be included in
4.4.2
the quality manual.)
Description of QMS processes and application (Can be included in the 4.4.2
quality manual.)
Sequence and interaction of QMS processes (Can be included in the 4.4.2
quality manual.)
Responsibilities and authorities for QMS processes (Can be included in the
quality manual.) 4.4.2
Quality Policy 5.2
Quality Objectives and Plans to achieve them 6.2
Procedures for control of Externally Provided Processes, Products and
8.4.1
Services (outsourced processes)
Process for control of nonconforming products and services 8.7.1
Process for Nonconformity and Corrective Action Management 10.2.1, 10.2.2
 What are the required documents and records?
Mandatory Records AS9100 Rev D Clause
Evidence that QMS Processes are carried out as planned 4.4.2
Records of Maintenance and Calibration of Monitoring and Measuring Equipment
7.1.5.2
Competence Records 7.2
Product/Service Requirements Review Records 8.2.3.2

Record of New Requirements for Products and Services 8.2.2, 8.2.3

Design and Development Inputs Records 8.3.3
Records of Design and Development Controls 8.3.4
Design and Development Output Records 8.3.5
Record of Design and Development Changes 8.3.6
Records of Product/Service Characteristics 8.5.1
Record of results of Production Process Validation 8.5.1
Record necessary to enable traceability (when required) 8.5.2
Records of activities for Lost, Damaged or Unusable Customer Property 8.5.3
Record of Changes in Production and Service Provision 8.5.6
Evidence of Product and Service Conformity & Release 8.6
Record of Nonconformity 8.7 & 10.2.2
Monitoring Performance Information 9.1.3
Internal Audit Program and Records 9.2.2
Management Review Records 9.3
Nonconformities and Corrective Action Records 10.2.2
 Documented Information

• While these are the documents and records that

AS9100 Rev D has identified as mandatory
documented information, it is important for the
proper function of your Quality Management
System to also maintain any documents and records
that you have identified as necessary to enable you
to implement, function, maintain, and improve your
QMS over time.
Non-Mandatory Documents AS9100 Rev D Clause
Process for determining Context of the Organization and
4.1 & 4.2
Interested Parties

Quality Manual 4.4.2

Procedure for Addressing Risks and Opportunities 6.1
Competence, Training and Awareness Procedure 7.2 & 7.3
Procedure for Control of Documents and Records 7.5
Operational Risk Management Procedure 8.1.1

Configuration Management Procedure 8.1.2

Sales Procedure 8.2
Procedure for Design and Development 8.3
Procedure for Production and Service Provision 8.5
Warehousing Procedure 8.5.4
Procedure for Measuring Customer Satisfaction 9.1.2
Procedure for Internal Audit 9.2
Procedure for Management Review 9.3
Types of Audit

▪ First Party Audit

▪ Internal Audits

▪ Second Party Audit

▪ Customer Audit / Supplier Audit / Regulatory Audit

▪ Third Party Audit

▪ Independent Audit
 INTRODUCTION TO AUDITING
Type of Audits
Internal or First Party Audit

• Companies
effectiveness
performance
• To identify deficiencies and
inaccuracies within the system
 Internal Audit – 9.2

The organization shall conduct internal audits at planned interval to

determine whether the quality management system
a) Conforms to the planned arrangements, to the requirements of this
International Standard and to the quality management system

requirements established by the organization, and

b) Is effectively implemented and maintained.
InternalAudit-ProcessFlow

Release Audit Schedule and Plan

Contact Auditees to reconfirm schedule and scope of audit Select auditors

and collect information on previous audit status

Review and Prepare for the audit

Conduct Audit

➢ Brief the audit findings

• Prepare Nonconformance Report, if any
➢ Note the Observations

Corrective action by Auditee Follow-up and

Review

Close NCR
Why Internal Audit?

▪ Provides objective, unbiased information

▪ Communication Channel
▪ Management Confidence
▪ Identification of Training needs
▪ Provides status of processes / equipment
▪ Input to management review
▪ Customer and regulatory requirement
▪ Improvement of QMS

22
Audit Programme

“arrangements for a set of one or more audits planned for

a specific time frame and directed towards a specific
purpose”
ISO 19011:2018

23
PDCA in Audit Program

Authority for audit program

Defining audit program |

-objectives/extent |
| |
-responsibilities
| Plan
-resources
| |
-procedures
| |
| |
| Competence of
Implementing audit program |
| auditors
Improving audit -evaluating auditors |
Act -assigning audit teams |
| program
-directing audit activities Do
| -recording |
Audit activities
| |
| |
| |
| Monitoring and reviewing
|
| audit program
|
-identifying opportunities for
|
improvement
|
Check
|
|
|
Audit Program

▪ Objectives of Internal Audit Program

▪ Quality Standard Requirement
▪ Improvement
▪ Extent
▪ Dependent on size and complexity
▪ Scope of activities
▪ Status and importance
▪ Previous audit results
▪ Consideration to changes
▪ Covers all processes, activities & shifts
▪ Consideration to “Customer and Regulatory
Requirements”
Managing an Internal Audit Program

Resources considerations
▪ Financial resources
▪ Auditing techniques
▪ Availability of trained auditors
▪ Customer specific auditor qualification requirements
▪ Complexity of processes
▪ Availability of process auditors / experts
▪ Scope and duration of audit
Managing an Internal Audit Program

Procedure should include:

▪ Planning and scheduling audits
▪ Selecting appropriate audit teams and assigning roles
▪ Conducting audits - customer and regulatory
requirements
▪ Conducting applicable follow-up
▪ Maintaining audit program records
▪ Monitoring the performance and effectiveness of audit
program
▪ Reporting mechanism to top management
Managing an Internal Audit Program

▪ Implementation
▪ Review the feasibility of the audit
▪ Appointing the audit team & leader. Consider audit
objectives, scope & criteria, independence / conflict of
interest, team dynamics & comfort level of auditee,
language / social & cultural issues
▪ Provide necessary resources to audit teams
▪ Communicating the audit program, coordinating and
scheduling audits
▪ Ensuring conduct of audit in accordance to audit
program
Managing an Internal Audit Program

▪ Implementation
▪ Establishing and maintaining a process for auditor
evaluation
▪ Review / approval and distribution of audit reports
▪ Ensuring follow up
Evaluation of Auditor Competence

Personal attributes
▪ Ethical
▪ Perceptive
▪ Open minded
▪ Versatile
▪ Diplomatic
▪ Decisive
▪ Observant
▪ Self reliant
▪ Non argumentative
▪ Comprehensive
Evaluation of Auditor Competence

Quality specific Generic Knowledge

Knowledge and skills and skills

Education Work Auditor Audit

experience training experience

Personal attributes
Typical Internal Audit Program

Process / Month Jan Feb Mar Apr

Sales
Product Design
Production
Purchasing
 Audit Evidence

“Records, statement of fact or other information which are

relevant to the audit criteria and verifiable”
Internal Audit

▪ Off-site preparation
▪ Quality manual / Procedures review
▪ Establish process responsibilities
▪ Audit objectives, scope, criteria and reference
documents
▪ Responsibilities of team members
▪ Assignment of team responsibilities
Internal Audit

▪ Auditor should establish process inputs and outputs

▪ Process customers and regulatory requirements
▪ Process outsourcing and control techniques
▪ Process interactions
▪ Criteria for operating and controlling the process
▪ May include quality plans, process maps,
procedures, training, etc.
▪ Resources and information required to support the
process
▪ Preparation work documents
▪ Checklists and audit sampling plans
▪ Forms for recording information (evidence, findings
etc.)
Internal Audit

▪ Opening meeting
▪ Collecting and verifying information
▪ Do a “Process Audit”, interviews
▪ Begin each interview with management
▪ Follow the process – not the clause
▪ Follow the process – not the documentation
▪ Apply PDCA to process investigation
▪ Flowcharting / process mapping helpful
▪ Communication techniques
▪ Icebreaker ,open questions, closed questions,
leading questions, multiple questions, silent
questions
Internal Audit

▪ Listen, summarize, confirm, clarify

▪ Record - objective information
▪ Sample size & reference
▪ Document reference
▪ Positive compliance
▪ Deviations
▪ Evidence of system effectiveness / efficiency
▪ Observation of activities
▪ Review of documents
▪ Reporting of findings
Audit Conduct & Conclusion

▪ Conduct audit & establish process implementation in

accordance with planned arrangements
▪ Verify through process observation, interviews, review
of records etc.
▪ Check process monitoring, measurement and
analysis methods used
▪ Check if the results indicate process effectiveness or
ineffectiveness / efficiency
▪ Check if the results relate to the quality policy,
objectives and requirements for the product
▪ See how the results of monitoring and measure and
analysis are used
Audit Conduct & Conclusion

▪ Establish if actions were taken for processes not achieving

planned results
▪ Establish the effective implementation of those actions
▪ Establish if continual improvement can be demonstrated
▪ Audit conclusions
▪ Look at the “Small” picture & “Big” picture
▪ “Big” Picture - auditor should verify that QMS processes
result in:
▪ Achievement of the Quality Policy and objectives
▪ Achievement of the planned arrangements
▪ Achievement of customer satisfaction
▪ Achievement of continual improvement
Recording - consider using “Turtle Map”

With What?
(Materials, Who ?
Infrastructure, (Competent
Work Personnel)
Environment)

Out put / product

REQUIRMENTS
Input: Output:
Customer Customer
who has a Process who has a
need need
fulfilled
How ? With Which?
(Procedures,Method Key Process and
s Instructions) Product Measures
 INTRODUCTION TO AUDITING
• External or Second Party Audit

• The Second party audit is generally known as the vendor quality assuranceaudit

• Objectives
1. Qualification of vendors
2. Customer’s requirement shall audit their vendors
3. Improve their quality system
4. Resolve quality problems / issues
 INTRODUCTION TO AUDITING
• External Third Party Audit
• Third party audits are conducted by an
independent body (certification body)
and can either be voluntary, as in the
case of a certification audit, or
compulsory, as required by laws and
regulations.
 INTRODUCTION TO AUDITING
• Stage 1 Audit

• To evaluate the quality system is in compliance with a

standard
❖ Document review

• Stage 2 Audit

• To evaluate the implementation, including effectiveness, of the

client’s management system.
 INTRODUCTION TO AUDITING
• Follow-up Audit

– Any major non conformities require

– a follow up audit

• Re-Certification Audit

– The Re-Certification audit includes an onsite audit

❖ Verify the full management system
❖ Demonstrate commitment
❖ Enhance overall performance
❖ Achievement of the organization’s polic
 INTRODUCTION TO AUDITING
• Additional Audits
❖ An additional full audit
❖ To verify effective correction and

• Surveillance Audit
❖ Surveillance audits are on-site audits
❖ Certified management system continues to fulfil
requirements

• Extensions to Scope
❖ May be conducted in conjunction with a
surveillance audit
 INTRODUCTION TO AUDITING
• Short-notice Audits
investigate complaints
❖ In response to changes
❖ As follow up on suspended clients

. Multi-site Audits
❖ Client’s management system covering the
same activity in various locations
❖ A sampling programme
 INTRODUCTION TO AUDITING
• Audit Trails
❖ Step by step with sequential process from
beginning to the end
❖ Reviewing again by various cross – references
procedures/Documents
❖ Forward and backward direction of process
sequence
❖ Audit follows a trail through the business from
origination to completion.
 Introduction to AS9100:2016 Audit
Trails
• Each on-site audit, except for nonconformity follow-up and special audits shall include the
following, as applicable:
a. a review of the changes to the QMS, since the last audit (including certification structure);
b.a review of requirements from new aviation, space, and defense customers, since the last
audit;
c. a review of customer satisfaction information and requested corrective actions and associated
responses;

d. an interview with top management;

e.an audit of the organization's processes, including their performance and effectiveness, as
identified in the audit plan

f. an audit of the continual improvement of the QMS;

g. an audit of follow-up actions from previous audits; and

h. an audit of the purchasing process .

NOTE: If there is more than one surveillance audit during a year (e.g., every six months), some
activities (e.g., interview with top management) may be spread over these audits.
 INTRODUCTION TO AUDITING

• Auditing statutory and Regulatory regulatory

requirements
❖ The statutory and regulatory requirements
❖ Auditors need to be aware
❖ Updating all applicable statutory and regulatory
requirements
 ACCREDITATION AND CERTIFICATION
1. Accreditation Body- Definition

• Third-party attestation related to a conformity assessment body

conveying formal demonstration of its competence to carry out
specific conformity assessment tasks
2. Accreditation Process
 ICOP Scheme

We shall learn learn about:

The Industry Controlled Other Party (ICOP) Scheme
The IAQG Other Party Management Team (OPMT)
The Online Aerospace Supplier Information System (OASIS)
The Sector Management Structure (SMS)
The Certification Structure Oversight Committee (CSOC )
Responsibilities within the ICOP process for:
IAQG member companies
OPMT
SMS
CSOC
Other Party Assessor
Different ways of viewing and understanding the ICOP scheme
 What Is ICOP?
• ICOP is a globally harmonized Aviation, Space & Defense Quality
Management System (AQMS) Certification process defined by the
IAQG
– Industry Controlled:
» The IAQG through each Sector provides direct oversight of all AQMS certification
activities
– Other Party:
» Certification activities are conducted by accredited Certification Bodies (CB) and
Authenticated Aerospace Experienced Auditors (AEA) that are recognized through the
ICOP process
• ICOP process is managed by the IAQG Other Party Management Team
(OPMT)
• Provides AQMS certification for 9100, 9110 and 9120
 What Is ICOP?

• Benefits
– Globally harmonized certification scheme that is recognized by major
Aviation, Space and Defense companies
– Supports supplier approval activities with a recognized quality
management system certification
– Process approach to conformance assessment
– Focus on exceeding customer expectations

• Risks
– Does not prevent procurement from poor performing suppliers
– It is not certification of product
 OPMT - Sector Management Structure
• Sector Management Structure (SMS)
– The organization established in an IAQG sector that
manages the application and oversight of the ICOP
scheme as defined by this standard.
– Each sector may use a different name for this
organization
» i.e., Registration Management Committee (RMC) in the
Americas and Asia/Pacific,

» EAQG OPMT and national CBMCs in Europe.

Section 3.24)
(Reference: 9104-001
Industry Controlled Other Party

• Our Aviation, Space & Defense sector certification scheme

utilizes:
– ISO for basic requirements, and
– supplements ISO with Aviation, Space and Defense (AS&D) unique
requirements.
– e.g. ISO 9001 as supplemented by 9100

• Certification Criteria are linked to ISO/IEC 17021 and

International Accreditation Forum (IAF) Documents
 IAQG OPMT

Mission:
Management and oversight of the 9100 series Aviation, Space and Defense
Quality Management System certification program.

Strategic Objectives:
Continually improve the globally harmonized Industry Control Other Party
quality management system certification program to be efficient,
recognized, and bring measurable benefits to stakeholders.

Enhance the competency of Auditors, Other Party (OP) Assessors and

stakeholders that are engaged in ICOP activities.
 IAQG OPMT Structure:
++ IAQG-OPMT Chair Giuseppe Leoni
+ IAQG-OPMT V-Chair Ian Folland OASIS Systems Manager.
* Sector OPMT Leader IAQG OPMT Support IAQG OPMT Bryan Blunt
OASIS Technical Support

Americas Asia Pacific Europe

Eric Jefferies * Katsuji Fukumoto * Marie-Laurence Petit +*
Bell Helicopter - Textron KHI Airbus
Tim Lee Pilgyu Choi Pete Cracknell
Boeing Korean Air BAE Systems
Susie Neal ++ Yuta Kumada Hubert Kern
IAF Focal: Collins Aerospace MHI FACC
Alternates: Alternates: Alternates:
Dale Gordon Brian Geer Lockheed Martin Jung Woo Lee KAI André LaCroix ArianeGroup
ANAB (Interim) Barrie Hicklin Honeywell Masayuki Kogusuri IHI Eric Saillard Thales
Brian Geer R Darrell Taylor Raytheon Cristiano Tesini Leonardo
Lockheed Martin

Dale Gordon Kunihiro Tanabe Mark Rogers

AB Focals: ANAB JAB UKAS

Jeanette Preston Yoshitsugu Kanno Brendon Hill

CB Focals: Smithers Quality Assessments BSK British Standards Institution

Ind. Assoc. & Becky Lemon Takayoshi Maehata Ian Folland

OASIS Focals: SAE SJAC EAQG

Structure as of February 21, 2019

ACCREDITATION AND CERTIFICATION
ACCREDITATION AND CERTIFICATION
ACCREDITATION AND CERTIFICATION

Accreditation
Process IAW AS
9101 F:2016 and
AS 9104/1 for
CB(CRB) provide
certification for
AS 9100 AS 9110
AS 9120
ACCREDITATION AND CERTIFICATION

3. Certification Body

• The certification body will certify the clients on different

standards make its services accessible to all applicants
based on the requirements of the applicant client
ACCREDITATION AND CERTIFICATION
Certification Process
Three steps to complete
Application

Document Review
& Contract
Agreements

Audit and
Certification
ACCREDITATION AND CERTIFICATION
ACCREDITATION AND CERTIFICATION contd..
ACCREDITATION AND CERTIFICATION

benefits of AS9100 certification for globally-minded businesses include:

– Operational Efficiency: The focus on process management and improvement means that
implementing AS9100 in your business can help improve your organization's efficiency.
Find new ways to save money by producing more product at a lower cost.
– Stakeholder Relationships: If you want to improve your company's image in the eyes of
your staff, customers and suppliers, demonstrating compliance with a respected industry
standard is a good place to start.
– Minimize Operational Risk: Risk-based thinking like that required by AS9100 helps your
organization develop and implement the best practices for the aerospace industry,
improving process quality and product traceability to help reduce risk and improve
product safety.
ACCREDITATION AND CERTIFICATION

– Focus on Customer Satisfaction: Improve your relationships with your

customers by offering products that consistently meet or exceed their
quality expectations and are delivered promptly.
– Improve Business Opportunities: Access a wider range of global
markets by obtaining an internationally recognized certification. Many
aerospace manufacturers refuse to do business with anyone without
an AS9100 certification, so obtaining one gives you access to those big
names while simultaneously improving your marketability.
– Protect Organizational Knowledge: Knowledge is one of the most
important resources to aerospace businesses, so protecting it is key.
Using the requirements and guidance of AS9100, you can better
safeguard your organization from information losses and
simultaneously improve your organization's use of knowledge.
MANAGEMENT OF AUDIT PROGRAMME
• In order to understand the context of the auditee, the audit
programme should take into account then auditee’s

❑ organizational objectives

❑ relevant external and internal issues

❑ the needs and expectations of relevant interested parties

❑ information security and confidentiality requirements

MANAGEMENT OF AUDIT PROGRAMME
• The audit programme should include information and identify resources to enable the
audits to be conducted effectively and efficiently within the specified time frames. The
information should include
❑ objectives for the audit programme

❑ risks and opportunities associated with the audit programme (see 5.3) and the actions to address
them

❑ scope (extent, boundaries, locations) of each audit within the audit programme

❑ schedule (number/duration/frequency) of the audits

❑ audit types, such as internal or external

Sample Internal Audit Planning
 Role of an Internal Auditor
❑ Internal auditing is an organizational function, established by top
management to monitor the organization’s risk management and control
processes.
❑ By review of the critical control systems and risk management processes,
the internal auditor can provide important assistance to organizational
management.
 Role of an Internal Auditor
❑ Being a risk champion
❑ Offering education and guidance
❑Providing formal recommendations that promote risk-based
controls
❑ Being a centre of research and best practice
❑ Coordinating risk management efforts across the organization
❑ Providing objective assurances on the state of risk management
❑ Regularly disclosing operational risk levels during and after
specific audits
❑Driving a change program that seeks to tackle resisters and helps
drive risk-smart practices
❑ Facilitating a program of risk workshops throughout the business
❑ Developing suitable standards and practical tools
 Judgement

Audit Evidences Audit Criteria

 Principles of Auditing
❑ Integrity
❑ Fair Presentation
❑ Due Professional Care
❑ Confidentiality
❑ Independence
❑ Evidence based approach
Principles of Auditing
❑ Integrity
❑perform their work with honesty, diligence, and responsibility;
❑observe and comply with any applicable legal requirements;
❑demonstrate their competence while performing their work;
❑perform their work in an impartial manner, i.e. remain fair and unbiased in all
their dealings;
❑be sensitive to any influences that may be exerted on their judgement while
carrying out an audit.
Principles of Auditing
❑ Fair Presentation
❑Audit findings, audit conclusions and audit reports should reflect truthfully and
accurately the audit activities.
❑Significant obstacles encountered during the audit and unresolved diverging
opinions between the audit team and the auditee should be reported.
❑The communication should be truthful, accurate, objective, timely, clear and
complete.
 Principles of Auditing
❑ Due Professional Care
❑Auditors should exercise due care in accordance with the importance of the task
they perform and the confidence placed in them by the audit client and other
interested parties.
❑An important factor in carrying out their work with due professional care is
having the ability to make reasoned judgements in all audit situations.

76
 Principles of Auditing
❑ Confidentiality
❑Auditors should exercise discretion in the use and protection of information
acquired in the course of their duties.
❑Audit information should not be used inappropriately for personal gain by the
auditor or the audit client, or in a manner detrimental to the legitimate interests
of the auditee.
❑This concept includes the proper handling of sensitive or confidential
information.
 Principles of Auditing
❑ Independence
❑Auditors should be independent of the activity being audited wherever
practicable, and should in all cases act in a manner that is free from bias and
conflict of interest.
❑For internal audits, auditors should be independent from the operating
managers of the function being audited.
❑Auditors should maintain objectivity throughout the audit process to ensure that
the audit findings and conclusions are based only on the audit evidence.
Principles of Auditing
❑ Evidence based approach
❑ Audit evidence should be verifiable.
❑ It will in general be based on samples of the information available, since an
audit is conducted during a finite period of time and with finite resources.
❑ An appropriate use of sampling should be applied, since this is closely related to
the confidence that can be placed in the audit conclusions.
 Personal Behaviour
❑ Ethical- fair, truthful, sincere, honest and discreet
❑Open-minded, i.e. willing to consider alternative ideas or points of
view
❑ Diplomatic, i.e. tactful in dealing with people
❑ Observant, i.e. actively observing physical surroundings and
activities
❑ Perceptive, i.e. aware of and able to understand situations
 Personal Behaviour
❑ Versatile, i.e. able to readily adapt to different situations
❑ Tenacious, i.e. persistent and focused on achieving objectives
❑Decisive, i.e. able to reach timely conclusions based on logical
reasoning and analysis
❑ Self-reliant, i.e. able to act and function independently whilst
interacting effectively with others;

81
 Personal Behaviour
❑Acting with fortitude, respon and ethical even
though these actions may not always be popular and may sometimes
result in disagreement or confrontation;
❑Open to improvement, i.e. willing to learn from situations, and
striving for better audit results;
❑Culturally sensitive, i.e. observant and respectful to the culture of
the auditee;
❑Collaborative, i.e. effectively interacting with others, including audit
team members and the auditee’s personn
 Negative Traits of Auditors

▪ Impose their own opinions

▪ Write findings that are not supported with objective evidence
▪ Blindly tick items off checklists, with no thought for what matters
▪ Believe the paperwork and ignore what’s actually happening on the ground
▪ Allow their own prejudices to blind them to what is actually happening
▪ Audit against “best practice”; a moving target that’s often the auditor’s
personal opinion
 Auditor’s code of conduct
❑Act professionally
❑Keep increasing the skill and competency level
❑Groom Subordinates
❑Avoid any role or activity that may cause conflict of interest
❑Disclose conflict of interest
❑Say no to bribes / costly gifts
❑Be truthful, Accurate, fair and responsible
❑Do not communicate false and misleading information
❑Maintain confidentiality
❑Support organization’s /Registrar’s reputation

84
 AUDITOR RESPONSIBILITIES
1. The Roles and Responsibility of the TeamLeader

• Ensure the audit scope

• Select the audit team

• Direct the audit team members

• Planning the audit & make effective use of resources

• Represent the audit team

• Manage the audit team

• The preparation of the report

 AUDITOR RESPONSIBILITIES
• 2. The Role of the Auditor
auditor is responsible to the Lead Auditor for an allocated segment of the audit programme. This includes:

• Communicating audit requirements to the auditee

• Auditing in accordance with the relevant checklists

• Where time permits, examining discovered areas of concern

• Documenting observations

• Recording evidence

• Verifying the effectiveness of the Quality Management system

 AUDITOR RESPONSIBILITIES
3. The Role of the Auditee and Audit Client
• Auditee: Organization being audited
• Audit Client: Organization requesting the audit.

a. Before the audit activity begins

b.During the pre-audit visit or through other means of
communication
c. During the Audit
d. Post – Audit
Internal Audit Plan:
Internal Audit plan will be done annually. It shall be done based on the STATUS and
IMPORTANCE of the activity.

STATUS:

➢ The confidence in that particular area

➢ Status of the previous year Internal Audit Reports (If any)
➢ Present status of that particular function / processes

IMPORTANCE:

➢ How the department / function contributes to the overall performance of the

organization.
➢ How critical that area is to the quality of what is produced / serviced.
➢ Each audit has a specific Objective. Audit Scope is decided as per the defined
objective.
Audit Scope:

a. Review of previous audit points which includes Observations' or/and non conformity points.
b. Cover all the clauses as per the audit schedule for the department/Organization.
c. Note and discuss general observation and could be potential non conformity.
d. Suggestions' for Improvement.

Audit Objective:
a. Management priorities.
b. Commercial requirements
c. Management system requirements
d. Statuary, Regulatory and contractual requirements
e. Customer requirements
f. Risk Mitigation
Audit Scheduling:

Audit scheduling is a schedule prepared for that / any particular audit. This is
prepared based on the audit plan.

Considerations:
➢ Based on the frequency of the audit
➢ Based on the previous Audit results (Internal / External)
➢ Based on the customer complaints
➢ Changes to the quality System
➢ Scope of audit department involved
➢ Auditee availability
Audit Checklist:

The purpose of an audit is:

"To collect audit evidence to permit an informed judgment about the status of the selected aspects of the
quality system of the organization"
Audit is sample check. In order to come to that informed judgment while doing a sample check, auditor
must decide the salient elements of the system which would be verified during audit and also the depth of
the verification of these elements. Check lists enable the auditor to take judicious decision in this regard.
The checklists are prepared by the auditor for the audit of the assigned areas.

Benefits of Check List:

➢ Keeps audit objective clear

➢ Evidence of planning
➢ Maintains audit pace and continuity
➢ Reduces auditor's bias
➢ Reduces work load during audit
➢ Records audit sample
 Checklist Drawbacks
However most existing processes rely on paper based checklists, which
brings five major issues:
1.They don't help staff do their jobs. ...
2.They hit productivity. ...
3. They cannot be trusted. ...
4. They don't give real-time visibility. ...
5. Valuable data is left unused.
 Four Phases of Audit Cycle
1. Audit planning and preparation: Audit preparation consists of planning everything that is done in
advance by interested parties, such as the auditor, the lead auditor, the client, and the audit program
manager, to ensure that the audit complies with the client’s objective. This stage of an audit begins with
the decision to conduct the audit and ends when the audit itself begins.

2 Audit execution: The execution phase of an audit is often called the fieldwork. It is the data-gathering
portion of the audit and covers the time period from arrival at the audit location up to the exit meeting. It
consists of multiple activities including on-site audit management, meeting with the auditee, understanding
the process and system controls and verifying that these controls work, communicating among team
members, and communicating with the auditee.

3Audit reporting: The purpose of the audit report is to communicate the results of the investigation. The
report should provide correct and clear data that will be effective as a management aid in addressing
important organizational issues. The audit process may end when the report is issued by the lead auditor or
after follow-up actions are completed.

4 Audit follow-up and closure: According to ISO 19011, clause 6.6, "The audit is completed when all the
planned audit activities have been carried out, or otherwise agreed with the audit client." Clause 6.7 of ISO
19011 continues by stating that verification of follow-up actions may be part of a subsequent audit
Audit reports : Internal Audit Vs External Audit
Internal Audit reports
1 Opportunities for Improvement ( OFI ) , if applicable
2 Non- Conformity Report ( NCR), if applicable
External Audit reports ( Certification Body)
1 Form 1 ( Stage 1 Audit report)
2Form 2 QMS Process Matrix report
3 Form 3 PEAR Report
4 Form 4- Non-Conformity Report NCR
5Form5 – Audit report (Stage2, Surveillance, Re-certification)
6 Supplemental Audit report ( Optional)
 Types of Audit reports

Form 1 – Stage 1 Audit Report

Form 2 – QMS Process Matrix
Form 3 – PEAR ( Process Effectiveness Assessment
Report)
Form 4 – Non-Conformity Report ( NCR)
Form 5 – Audit Report
Form 6 – Supplemental Audit Report (The Supplemental
Audit Report shall be used to record results for individual
sites, if the Audit Report (see Form 5) does not include
audit details of the individual sites.
 AUDIT FINDINGS

Non Conformity
In order words, a specified requirement is not being met.
This may be categorized as Major, Minor-Non Conformity

AS 9101F:2016 updated to include same

definition as ISO 17021-1:2105
Form 4 is used to report the NCR
 AUDIT FINDINGS
a. Minor Nonconformity

Minor Nonconformity would be the failure to conform

to a requirement that in the auditor‘s judgment and
experience is not likely to result in a failure of the
Quality management system..
 AUDIT FINDINGS
b. Major Nonconformity

Major Nonconformity would be the total breakdown of the

Quality management system or one of its processes, or the
failure to address a key AS 9100D:2016 requirement.

It would be a nonconformity that in the auditor‘s judgment

and experience would likely result in the system failure or
materially reduce its ability to assure controlled processes.
AUDIT FINDINGS
AUDIT FINDINGS
AUDIT FINDINGS
 AUDIT CONCLUSIONS AND CLOSING MEETING

Closing Meeting
▪ review the audit findings and any other appropriate
information collected during the audit, against the audit
objectives
▪ agree on the audit conclusions, taking into account the
uncertainty inherent in the audit process
▪ prepare recommendations, if specified by the audit plan
▪ discuss audit follow-up, as applicable
 AUDIT CONCLUSIONS AND CLOSING MEETING

Content of audit conclusions

Audit conclusions should address issues such as the following:
the extent of conformity with the audit criteria and robustness of the
management system, including the effectiveness of the management
system in meeting the intended outcomes, the identification of risks and
effectiveness of actions taken by the auditee to address risks

the effective implementation, maintenance and improvement of the

management system
AUDIT CONCLUSIONS AND CLOSING MEETING

Conducting closing meeting

A closing meeting should be held to present the audit findings
and conclusions.
The closing meeting should be chaired by the audit team leader
and attended by the management of the auditee and include,
as applicable
Preparing the Audit Report