Webinar 3 Management Systems Auditing Best Practice Vs Reality

Management Systems Auditing – Best Practice vs.
Reality
Ali AL-Zubaidi
Integrated Management Systems Associates (IMSA)
ali_al-zubaidi@imsainternational.com
WhatApp.:00447771793340
Integrated Management Systems Associates Limited / Webinar No. 3/ 2021 1

Education & Experience
Education Work Experience

• Secondary School (Baghdad College) ▪ Senior Project Manager (Ministry of
Electricity & Water, Kuwait)
• Associate of City & Guilds Institute
(ACGI), Imperial College, UK ▪ 1990 – 1996: Operations Manager (SGS, UK)
• BSc Engineering (Imperial College, ▪ 1995 – 2000: International Executive &
London University, UK) Trainer (SGS, Geneva)
• PhD in Materials Engineering (Brunel ▪ 2000 – Present: Managing Director -
University, UK) Integrated Management Systems Associates
(IMSA)
Integrated Management Systems Associates Limited / No. 3 / 2021 2

Professional Membership
▪ Eur. Ing. (European Engineer - European Federation of Engineers)

▪ C. Eng. (Chartered Engineer - Engineering Council of Great Britain)
▪ CQP (Chartered Quality Professional, Chartered Quality Institute, UK)
▪ FCQI (Fellow of the Chartered Quality Institute, UK)
▪ MIChemE (Member of Institution of Chemical Engineers, UK)
??????/
▪ Safety & Loss Prevention Subject Group - IChemE, UK
▪ Oil & Natural Gas Subject Group - IChemE, UK
▪ “Expert” Member of JTCG TF 14 (revision of Annex SL)
▪ “Expert” Member of ISO Oil & Gas Technical Committee (TC/67)
▪ “Expert” Member of ISO Risk Management Technical Committee (TC/262)
▪ “Expert” Member of BSI Mirror ISO Committees on Quality Management Systems,
Risk Management, Food Safety & Sustainable Development
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021

3
Disclaimer
Views expressed here do not necessarily

??????/
reflect those of any organisation referred to
directly or indirectly
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 4

Special Note
▪It is very likely that some topics coverage during
webinar might differ from your current understandings
and the way that were explained during your previous
training courses.
??????/
▪You do not need to agree, but do have an open mind
and let us have a good debate.
▪Normally, these events are of a very “interactive”
nature. However, the current “conditions”, force us to
do it in a different manner.
House Keeping
▪ You should not lose connection; if you do, re-enter again
▪ Programme
➢ Session 1 – Tutorial (120 minutes)
➢ Break (10 minutes)
??????/
➢ Session 2 – Questions & Answers (open); formulate your
questions and comments as we go along
What)
▪ Communication
➢ Teams Chat Room
▪ Please mute (your microphone, unless asked to unmute)
▪ Language (mainly English slides with Arabic Commentary)
Why this webinar?
Many reasons, including
▪ Stress the importance of the concept of Auditing with respect to
management systems
▪ Traditionary, audits generally did not add real value; was seen as a
policing action and not as tool for improvement
▪ World
??????/ had agreed a number of international standards (ISO 19011 &
ISO 17021), with the aim of enhancing adding value delivered
through the process of auditing
▪ Worldwide (including in our region) poor practices when performing
different types of auditing
▪ Unfocussed training programmes, even those that are provided by
IRCA Approved Providers (ATP’s)
Topics Covered in Webinar
Main topics that will be covered in the webinar include:

▪ What is Auditing?
▪ Role of Auditing in Management Systems
▪ Principles of Auditing
▪ Types of Audits
▪ Audit Programmes
▪ What do we audit?
▪ Audit Process and its Phases
▪ Audit Findings
▪ Roles of Auditor & Auditee
▪ Auditor Certification
Auditing Related Standards
ISO 19011:2018
Guidelines (should) for auditing management systems
ISO/IEC 17021:2015
Conformity assessment — Requirements (shall) for bodies providing
audit and certification of management systems
▪Many parts, relative to each type of Management System, has been
published since
ISO/IEC 17011:2017
Conformity assessment — Requirements (shall) for accreditation bodies
accrediting conformity assessment bodies
ISO 19011 Standard (guidance)
▪ Originally we had 6 separate auditing standards (3 linked to ISO 9001 and 3 linked
to ISO 14001)
▪ These were merged into one standard (ISO 19011) in 2002 for the auditing of QMS
& EMS
▪ In 2011, ISO 19011 standard was extended to auditing of all management systems,
such as OHSMS, etc
▪ Last updated in 2018, with the view to reflect the impacts of process approach,
risk based thinking and continual improvement
▪ ISO 19011 is a “guidance” standard providing Auditing “best practice”, but
▪ Provides important information about different aspects of auditing, including the
competency of auditors
▪ Not all auditors follow this best practice

Role of Audits in Management Systems
Policies &
Information Leadership &
Objectives
Management Commitment
Reviews & Continual
Improvement Stakeholders
Management
Correction, Communication Organisational
Corrective & Structure
Preventive Actions
Process
Verification & Management
Validation Activities
Planning & Risk
Implementation of Management
Integrated Management Systems AssociatesOperational Controls
Limited / No. 3 / 2021 11
What is an Audit?
(Various ISO Definitions ?!!)
Systematic, independent, documented process for obtaining

records, statements of fact, or other relevant information and
assessing them objectively to determine the extent to which
specified requirements are fulfilled
??????/
ISO/IEC 17000
Systematic, independent and documented process for

obtaining audit evidence and evaluating it objectively to
determine the extent to which audit criteria are fulfilled
ISO 9000 & ISO 19011
Verification Activities
Audit
Systematic, independent, documented process for obtaining records,
statements of fact, or other relevant information and assessing them
objectively to determine the extent to which specified requirements are
fulfilled
Inspection
Conformity evaluation by observation and judgement accompanied as
appropriate by measurement, testing or gauging
Review
Activity undertaken to determine the suitability, adequacy and
effectiveness of the subject matter to achieve established objectives
Verification Activities
Inspection Audit
Focuses mainly on the process final Focuses on all aspects of the process,
product or during realisation of the although the final product will be of
product paramount importance
A tool of conformance / compliance and

A tool of conformance / compliance
also importantly improvement
Should it be? Systematic approach

Should it be? Independent
No, but we have the concept of risk-
Best practice standardised (ISO Standards)
based inspection
Processes (System) Review
Processes
Performance (KPI’s)
Processes Customers
Feedback Review
Technical
Inspections
(Process) Audits

What do we Audit? 13
▪We do not audit “standards”, per say, but “management

systems” based on standards.
▪We audit systems (and constituents processes); not just
procedures!
▪We do not audit just to confirm conformance / compliance
but also to help generate improvements.
▪We can only audit against requirements (shall); we cannot
audit against guidance (should) or anything else like (may) or
(can).

Management Systems Auditing Principles
(ISO 19011:2018)
Integrity Independence Fair

Presentation
Risk - based
Approach
Due
Evidence based
Confidentiality Professional
Approach
Care

What do we audit; Processes or Procedures? 21
Process Approach
We audit “Processes” and their outputs,

including “Procedures” and interfaces
between Processes?
Procedure Approach

Auditing a Process 47
This is where we
should start auditing
Stakeholders
Customer Satisfaction
Requirements
KPI’s

Audit Types
Number of Cost
Type Organisations
Objective Audit Client
(incurred)
Outcomes Examples
First Conformance & Assurance & Internal Audit
Increasing Formality
1 Organisation Organisation
Party Improvement Improvement Corporate Audit
2 (actual or Capability of Contractor

Second potential Delivering
Customer
Customer
Actual or
Potential
Assessment /
Party commercial Contractual (typically)
Contract
Supplier
relationship) Requirements Approval
MS
2 Certification Certification /
Conformance
Third (independent;
no
with Standard
Body /
Regulatory
Organisation
being
Certification /
Law
Accreditation
Audit
Party commercial
Requirements &
Authority Audited Compliance (Recommendation)
MS Regulatory Audit
relationship) Management
Effectiveness
Combined & Joint Audits
Combined Audit
An audit whereby more than one management system (not a
standard) is being audited; should be now referred to as
“Integrated Audit”.
Joint Audit
An audit whereby more than one party contribute to the
construction of the audit team.

Audit Process 15
Risk-based
Audit
Programme

‫)‪Audit Requirements (ISO 9001; minimum‬‬
‫‪ 9.2‬التدقيق الداخلي )‪(Internal audit‬‬
‫‪ 9.2.1‬يجب على المنظمة إجراء عمليات التدقيق الداخلي على نمط مخطط له لتزويد معلومات عن ما إذا كان نظام إدارة الجودة‪:‬‬
‫أ) يتطابق مع متطلبات المنظمة في ما يخص‪:‬‬
‫‪Conformance‬‬ ‫‪ )1‬نظام إدارة الجودة‪.‬‬
‫‪ )2‬متطلبات هذه المواصفة‪.‬‬
‫‪Improvement‬‬ ‫ب) ان نظام ادارة الجودة ينفذ بطريقة فعالة ويتم المحافظة عليه‪.‬‬
‫‪ 9.2.2‬يجب على المنظمة أن‪:‬‬

‫أ) تخطط‪ ،‬وتنفيذ وتديم برامج التدقيق (التدقيقات) بما في ذلك التكرار‪ ،‬وطرق‪ ،‬مسؤوليات ومتطلبات التخطيط وإعداد التقارير‪ ،‬والتي‬
‫المنظمة‪ ،‬والتغيرات التي حصلت على تلك العمليات‪ ،‬ونتائج التدقيقات السابقة؛‬ ‫يجب أن تأخذ باالعتبار أهمية عمليات‬
‫ب) تحدد معايير ومجال كل تدقيق؛‬
‫ج) تختار المدققين وتنفذ التدقيقات للتاكد من الموضوعية ونزاهة عملية التدقيق؛‬
‫د) تضمن أن نتائج عمليات التدقيق ترفع إلى اإلدارة ذات الصلة؛‬
‫ه) تتخذ التصحيح ذو الصلة واإلجراءات التصحيحية دون تأخير ال داعي له؛ و‬
‫و) االحتفاظ واالستبقاء على المعلومات الموثقة كدليل على تنفيذ برنامج التدقيق و نتائج التدقيق‪.‬‬
‫مالحظة‪ :‬راجع المواصفة الدولية ‪ ISO 19011‬لالسترشاد بها‪.‬‬
‫‪Integrated Management Systems Associates Limited / Webinar No. 3 / 2021‬‬ ‫‪23‬‬

20
Risk-based Audit Programme

1.Criticality of the system processes
2.Nature & complexity of the system processes
3.Risks associated with the system processes
4.Feedback from previous audits
5.Feedback from other sources (internal & external)
6.Previous incidents investigation results (including both
Accidents & near-misses)
7.Business strategic and operational objectives
8.Other factors (as relevant)
Audit Process Phases 15
Planning
Phase Plan
Act
Follow- Risk-based
up Audit Execution
Phase
Phase Programme
Check /
Verify Reporting Do
Phase

Continual Improvement
Improvement can be realised through the PDCA Cycle

Managing “Audit Process” 15

Risk-based 21
Audits
Programme
Audit Plan,
Schedule & Audit Objectives,
Checklist Planning Phase Scope & Criteria
Audit Execution Phase

Reporting
Audit Findings &
Actions Database
Reporting Phase
Audits Findings
Closure Follow-up Phase
Lessons Learned
Management Review Analysis & ABC Organisation

Process Improvement Learning Sharing
Process Process
Audit Fundamentals 20
Audit Audit
Objectives Criteria
Audit
Scope

Audit Fundamentals 20
(ISO 19011)
Audit Objectives
Purpose for conducting the audit
Audit Scope
Business sites, processes and activities that should be covered by
the audit, including duration of the audit
Audit Criteria
Requirements representing the reference against which the audit
is being conducted; not just requirements from standards (MS).
Depending on type of the audit and its Objectives, it can include
requirements from many other sources.
Audit Process Phases 21
Audit Planning
• Establishing Audit Objectives, Scope & Criteria
• Communication with Concerned Parties (Audit Client, Auditee & Team)
• Agreeing Composition of Team & Allocation of Tasks
• Perform Document Review
• Establish Audit Plan & Audit Schedule
• Establish Audit Checklists
Audit Execution
• Collect Information to Establish Body of Evidence
• Arriving at Audit Findings
Audit Reporting
• Creating Audit Reports, documentation of Audit Findings & Conclusions
Audit Follow-up
• Verify Effectiveness of Actions taken by Auditee, as a response to Audit Findings
20
Audit Evidence
1.Should the information collected be relevant and to what?
It should be relevant to the agreed Audit Criteria.
2. Should the information collected be sufficient to demonstrate
the point?
Yes, it should be. Otherwise, we have to try to obtain more
evidence.
3. Should the evidence be seen to be “valid” rather than seen to
be lacking validity (lacking credibility)?
Yes, it should be. Otherwise, we have to deal with it very
carefully. We have to try and verify all collected information).
20
Audit Evidence
▪ All collected information must be relevant to audit

criteria and has been verified, in order to be used as
evidence
▪ Very important that Information collected need to be

Relevant, Sufficient & Valid

20
Audit Findings
1. How do we arrive at an Audit Finding?
❖ By comparing Evidence against Criteria
2.Is a finding necessarily a non-conformity?
❖ No. It can easily be a positive or negative in
nature.
3.What are the different types of findings we
are likely to have?
❖ Positive, Negative or in-between.
20
Audit Findings
Capture relevant, sufficient & verified audit evidence
Evaluate against requirements from audit criteria
Determine type of audit finding
Categorise Non-conformity (Critical, Major, Minor), if applicable
Document Audit Finding

20
Audit Findings
▪ Evidence evaluated against audit criteria
▪ Can be positive or negative
▪ Should be documented with supporting evidence
▪ Non-conformities reviewed with auditee for clear
understanding & acknowledgement that audit
evidence is accurate
▪ Diverging opinions should be resolved and if necessary
recorded

20
Audit Findings
Opportunity Non-
Positive
for Observation
Practice conformity
Improvement
Audit Finding

20
Nonconformity
▪ Definition: Non-fulfilment of a requirement
▪ Utilised “Requirement” must be included in the audit

criteria
▪ Non-fulfilment must be demonstrated by the cited

evidence (relevant, sufficient and valid)

Nonconformity Case Studies
▪ Defined as non-fulfilment of a requirement not a clause or a
standard Linked &
▪ Should contain: indicating a Gap
➢ Details of evidence derived from information, which is relevant to
audit criteria, sufficient & valid
➢ Specific requirement (only 1 shall) from audit criteria, which is
relevant to the evidence
▪ Should provide clear indication of concern being raised
▪ Provide clarifications but try not to be drawn into a long debate
or suggest required response actions
▪ Make auditee management aware of findings throuout the audit
Nonconformity No. 1
(Adequacy of Purchasing Information)
Evidence
Of a sample of 25 purchase orders sent out over the last 3 months, 17
deliveries were subsequently rejected for incorrect parts or wrong grade
material. In 15 of these instances there was inadequate information
specified on the purchase orders, necessary to ensure that the correct
material would be supplied. Examples are: Purchase Orders Nos.
000645, 000732, 000766 and 000786.
Criteria
This is a non-conformity against ISO 9001: 2015

Nonconformity No. 1
(Lessons Learned)
Evidence
▪ Reasonable, but maybe it needs to be more precise
and focused.
Requirement
▪ Not good at all, which clause in the standard?
▪ Then, which requirement (shall)?

Nonconformity No. 1
(Lessons Learned)
Evidence
▪ Reasonable, but maybe it needs to be more precise
and focused.
Requirement
▪ Not good at all, which clause in the standard?
▪ Then, which requirement (shall)?

Nonconformity No. 2
(Internal Audit)
Evidence
Although the company had undertaken 12 internal audits during
2020, they were not using a standard form of checklist.
A total of 3 auditors had conducted the internal audits, but only one
of these had been trained on a registered internal auditor course. The
company must send all its auditors on an auditor training course.
Criteria
ISO 9001:2015, Clause 9.2: Internal Audit
‫)‪Audit Requirements (ISO 9001; minimum‬‬
‫‪ 9.2‬التدقيق الداخلي )‪(Internal audit‬‬
‫‪ 9.2.1‬يجب على المنظمة إجراء عمليات التدقيق الداخلي على نمط مخطط له لتزويد معلومات عن ما إذا كان نظام إدارة الجودة‪:‬‬
‫أ) يتطابق مع متطلبات المنظمة في ما يخص‪:‬‬
‫‪ )1‬نظام إدارة الجودة‪.‬‬
‫‪ )2‬متطلبات هذه المواصفة‪.‬‬
‫ب) ان نظام ادارة الجودة ينفذ بطريقة فعالة ويتم المحافظة عليه‪.‬‬
‫‪ 9.2.2‬يجب على المنظمة أن‪:‬‬

‫أ) تخطط‪ ،‬وتنفيذ وتديم برامج التدقيق (التدقيقات) بما في ذلك التكرار‪ ،‬وطرق‪ ،‬مسؤوليات ومتطلبات التخطيط وإعداد التقارير‪ ،‬والتي يجب‬
‫أن تأخذ باالعتبار أهمية عمليات المنظمة‪ ،‬والتغيرات التي حصلت على تلك العمليات‪ ،‬ونتائج التدقيقات السابقة؛‬
‫ب) تحدد معايير ومجال كل تدقيق؛‬
‫ج) تختار المدققين وتنفذ التدقيقات للتاكد من الموضوعية ونزاهة عملية التدقيق؛‬
‫د) تضمن أن نتائج عمليات التدقيق ترفع إلى اإلدارة ذات الصلة؛‬
‫ه) تتخذ التصحيح ذو الصلة واإلجراءات التصحيحية دون تأخير ال داعي له؛ و‬
‫و) االحتفاظ واالستبقاء على المعلومات الموثقة كدليل على تنفيذ برنامج التدقيق و نتائج التدقيق‪.‬‬
‫مالحظة‪ :‬راجع المواصفة الدولية ‪ ISO 19011‬لالسترشاد بها‪.‬‬
‫‪Integrated Management Systems Associates Limited / Webinar No. 3 / 2021‬‬ ‫‪44‬‬

Nonconformity No. 2
(Lessons Learned)
Evidence
▪ It is not clear, on its own, whether it is a relevant as
far as this finding is concerned.
▪ Auditor is giving orders. NO, NO, NO
Requirement
▪ No requirement (shall) has been identified or stated?
▪ Requirement (unspecified), so it is not clear whether
the evidence is linked to any requirement in clause 9.2.
Nonconformity No. 2
(Lessons Learned)
Evidence
▪ It is not clear, on its own, whether it is a relevant as
far as this finding is concerned.
▪ Auditor is giving orders. NO, NO, NO
Requirement
▪ No requirement (shall) has been identified or stated?
▪ Requirement (unspecified), so it is not clear whether
the evidence is linked to any requirement in clause 9.2.
Nonconformity No. 3
(Competency)
Evidence
At the time of the audit, there was no evidence that an evaluation of
the effectiveness of training had been carried out for J. Smith and F.
Jones in respect of ‘Internal Audit’ training conducted on 12/13th
November 2020.
Requirement
ISO 9001: 2015 clause 7.2 requires that, “the organisation shall ensure
that relevant persons are competent on the basis of appropriate
education, training or experience. The standard also requires that the
organsiation shall evaluate the effectiveness of actions taken with
respect to acquiring the necessary competence.
Nonconformity No. 3
(Lessons Learned)
Evidence
❖What is the “concern” that the evidence indicates?
❖Audit is based on the “Evidence”, so how can we
arrive at a Finding, when there is “no Evidence”.
Requirement
❖More than one requirement (shall) is specified. It is
unlikely, that the evidence does support linkage to both.
❖This leads to weaking the finding and diffuse focus.
❖Choose a specific requirement, based on the evidence.
Nonconformity No. 3
(Lessons Learned)
Evidence
❖What is the “concern” that the evidence indicates?
❖Audit is based on the “Evidence”, so how can we
arrive at a Finding, when there is “no Evidence”.
Requirement
❖More than one requirement (shall) is specified. It is
unlikely, that the evidence does support linkage to both.
❖This leads to weaking the finding and diffuse focus.
❖Choose a specific requirement, based on the evidence.
Nonconformity No. 4
(Evaluation of Sub-Contractors)
Evidence
The organization did not consider the risks associated with Contractors
and Suppliers when they evaluated them, prior to their engagement.
Requirements
The organization quality management system stated that all Contractors
and Suppliers should be evaluated, prior to their engagement, based on
the risks associated with them.

Nonconformity No. 4
(Lessons Learned)
Evidence
The organization did not consider the risks associated with Contractors
and Suppliers when they evaluated them, prior to their engagement.
Requirements
The organization quality management system stated that all Contractors
and Suppliers should be evaluated, prior to their engagement, based on
the risks associated with them.

Nonconformity No. 5
(Review of Product Requirements / Improvement)
During the audit it was noted that the process of the review of requirements related to the
product (ISO 9001: 2015, 8.2.3) had failed on seven occasions in the last six months to
accurately record the results of the review. On each occasion this had resulted in the wrong
items or incorrect quantities being shipped to the customer (example orders SEP 0020401 and
AED 004102).
However, it was also noted that this type of error had been identified in a Pareto analysis of
the order review process carried out 4 months ago and that corrective action (report
CAR04/054) had been carried out yet, 2 of the failures had occurred after the corrective
action had been implemented. At the time of the audit no evidence was available to show
that the Pareto analysis or corrective action information had been carried forward into any
continual improvement activity as required by clause 10.3 of the standard, which states
“The organization shall continually improve the suitability, adequacy and effectiveness of the
quality management system by considering the results of analysis and evaluation and
management review.
Nonconformity No. 5
(Lessons Learned)
During the audit it was noted that the process of the review of requirements related to the
product (ISO 9001: 2015, 8.2.3) had failed on seven occasions in the last six months to
accurately record the results of the review. On each occasion this had resulted in the wrong
items or incorrect quantities being shipped to the customer (example orders SEP 0020401 and
AED 004102).
However, it was also noted that this type of error had been identified in a Pareto analysis of
the order review process carried out 4 months ago and that corrective action (report
CAR04/054) had been carried out yet, 2 of the failures had occurred after the corrective
action had been implemented. At the time of the audit no evidence was available to show
that the Pareto analysis or corrective action information had been carried forward into any
continual improvement activity as required by clause 10.3 of the standard, which states
“The organization shall continually improve the suitability, adequacy and effectiveness of the
quality management system by considering the results of analysis and evaluation and
management review.
Follow-up Phase 20
Agreeing response actions timeframe

Both
Root causes investigation
Formulation of relevant response actions

Auditee
Implementation of required actions
Auditee verification of implemented actions
Auditor Findings close-out

39

5
Continual Improvement Actions
Correction
“Action to eliminate a detected nonconformity.”
Corrective Action
“Action to eliminate the cause of a nonconformity and to
prevent recurrence.”
Preventive Action
“Action to eliminate the cause of a potential nonconformity
or other potential undesirable situation.”
Audit Follow-up
▪ Findings of audit may indicate, as applicable, need for:
➢ Correction
➢ Corrective actions
➢ Preventive actions
➢ Improvement actions (including promotion of best practice)
▪ Following root cause investigations, actions are formulated,
implemented and verified by the auditee within agreed
timeframe
▪ Auditee should keep audit client & auditor informed of status of
these actions and results of their internal verification
Audit Follow-up
Verification of effectiveness can be undertaken by the auditor

through:
▪ Review of documentary evidence of corrective action by the
most suitable team member (usually the team leader), or
▪ On-site verification by a previously planned follow-up on-site

audit, or
▪ Both

Root Causes Investigation Tools
Why – Why Technique
• Also referred to as “tree diagrams”
• “Why Why” Analysis provides guidance on the likely
cause of a problem
• Used with structured brainstorming and analytical
discussion
• Sometimes referred to as ‘5 Whys’ – reflecting the 5
rounds of vertical and not horizontal questioning

Why?
Why? 3
Why?
5
Original Problem
4
Why?
Most Strongly Scored Why? 1

“likely” root cause
is now taken further
Why? 2


Cause & Effect Analysis
(Fishbone or Ishikawa Diagrams)

Best Practice Auditing
•Are audits just a tool of compliance or both compliance and improvement?
•If you agree that it is about ensuring improvement in the system, is it just
the auditor who contribute to improvement realization?
•Can you see the issuance of NCR as adding value or just a reflection of non-
conformance / non-compliance?
•What are the responsibilities of the auditor when determining and
documenting a non-conformity with respect to the following:
➢ Evidence (relevant, sufficient & valid information) collected and
properly documented
➢ Requirement from the audit criteria? If so, should the Auditor refer to a
clause or a specific requirement (shall)? How many?
➢ What should become clear when the reader compares the evidence
against the requirement (specific shall)?

Best Practice Auditing
•What kind of actions are required in response and by whom?

•What is the role of the auditor when closing a non-conformity?
•Can we remind ourselves of the differences between the following
actions:
•correction
•corrective action
•preventive action
•To arrive at corrective actions, do we need to identify root causes?
•Can we determine root causes without conducting required root
causes investigations?
Auditor Recognition
• Competency of auditor is best judged by people who interface with

him / her
• Attending a training course does not make one an effective
auditor; it is the added value they provide in practice
• International Register of Certificated Auditor (IRCA) have a
“Registration” Scheme, which includes:
➢Successfully completing Approved Training Course or equivalent, and
➢Practical assessed auditing experience during the following 3 years
➢Continuing Personal Development (CPD)
• To perform audits you do not have to be registered with IRCA.
Auditing Challenges
• Absence of effective training courses (IRCA Approved or otherwise)

with respect to training material and delivery
➢ Be very selective about attending any training courses. Only attend face to face courses
(online courses not really recommended). Check the quality of material and the
competency of the Tutors.
• Wrong culture (auditing as a policing action)
➢ We must work hard and change the culture. The onus is mainly on the Auditors; this can
be achieved by effective training programmes and the Audit process adding value.
• Lack of engagement between Auditor and Auditee
➢ For all effective audits, the auditee must play their active role. This can be achieved by
the Auditor actually delivering vale and appreciating the importance of the Auditee
playing their part.

Auditing Challenges
• Wrong belief that it is all about conformance to procedures
➢ That is not the case; Auditors must be trained and perform audits on processes and
systems and try their best to add value.
• Lack of Top Management understanding and commitment
➢ They must be educated to understand the role of effective audits and what they add to the
organization’s management systems and the performance of the organization.
• Lack of belief in management systems (not adding value)
➢ This will only be encountered by effective and focused audits by competent auditors.
• Failure to deliver on the improvement front in preventing
reoccurrence
➢ As part of the Follow-up Phase, Audits can play an important role in ensuring proper &
effective corrective actions are implemented.

Webinars Topics
1. Effective Implementation of Quality
Management Systems & Role of International
Standards
2. Process Management – Role in Quality Management
Systems
3. Management Systems Auding – Best Practice vs. Reality
4. Integrated Management Systems – Concept, Structure
& Proper Implementation

Questions & Answers

Shukran
For further contact

ali_al-zubaidi@imsainternational.com
WhatsApp:00447771793340

Webinar 3 Management Systems Auditing Best Practice Vs Reality

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Webinar 3 Management Systems Auditing Best Practice Vs Reality

Uploaded by

Copyright:

Available Formats

Management Systems Auditing – Best Practice vs.

Integrated Management Systems Associates Limited / Webinar No. 3/ 2021 1

Education Work Experience

Integrated Management Systems Associates Limited / No. 3 / 2021 2

▪ Eur. Ing. (European Engineer - European Federation of Engineers)

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021

Views expressed here do not necessarily

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 4

Main topics that will be covered in the webinar include:

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 10

Systematic, independent, documented process for obtaining

Systematic, independent and documented process for

A tool of conformance / compliance and

Should it be? Systematic approach

Integrated Management Systems Associates Limited / No. 3 / 2021 15

▪We do not audit “standards”, per say, but “management

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 16

Integrity Independence Fair

Integrated Management Systems Associates Limited / No. 3 / 2021 17

We audit “Processes” and their outputs,

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 18

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 19

First Conformance & Assurance & Internal Audit

2 (actual or Capability of Contractor

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 21

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 22

‫‪ 9.2.2‬يجب على المنظمة أن‪:‬‬

‫‪Integrated Management Systems Associates Limited / Webinar No. 3 / 2021‬‬ ‫‪23‬‬

Risk-based Audit Programme

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 25

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 26

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 27

Audit Execution Phase

Management Review Analysis & ABC Organisation

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 29

▪ All collected information must be relevant to audit

▪ Very important that Information collected need to be

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 33

Evaluate against requirements from audit criteria

Determine type of audit finding

Categorise Non-conformity (Critical, Major, Minor), if applicable

Document Audit Finding

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 35

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 36

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 37

▪ Definition: Non-fulfilment of a requirement

▪ Utilised “Requirement” must be included in the audit

▪ Non-fulfilment must be demonstrated by the cited

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 38

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 40

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 41

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 42

‫‪ 9.2.2‬يجب على المنظمة أن‪:‬‬

‫‪Integrated Management Systems Associates Limited / Webinar No. 3 / 2021‬‬ ‫‪44‬‬

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 50

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 51

Agreeing response actions timeframe

Root causes investigation

Formulation of relevant response actions

Implementation of required actions

Auditee verification of implemented actions

Auditor Findings close-out

Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 54