Professional Documents
Culture Documents
Webinar 3 Management Systems Auditing Best Practice Vs Reality
Webinar 3 Management Systems Auditing Best Practice Vs Reality
Reality
Ali AL-Zubaidi
Integrated Management Systems Associates (IMSA)
ali_al-zubaidi@imsainternational.com
WhatApp.:00447771793340
Inspection Audit
Focuses mainly on the process final Focuses on all aspects of the process,
product or during realisation of the although the final product will be of
product paramount importance
Processes
Performance (KPI’s)
Processes Customers
Feedback Review
Technical
Inspections
(Process) Audits
Risk - based
Approach
Due
Evidence based
Confidentiality Professional
Approach
Care
Process Approach
Procedure Approach
This is where we
should start auditing
Stakeholders
Customer Satisfaction
Requirements
KPI’s
Increasing Formality
1 Organisation Organisation
Party Improvement Improvement Corporate Audit
Combined Audit
An audit whereby more than one management system (not a
standard) is being audited; should be now referred to as
“Integrated Audit”.
Joint Audit
An audit whereby more than one party contribute to the
construction of the audit team.
Risk-based
Audit
Programme
Planning
Phase Plan
Act
Follow- Risk-based
up Audit Execution
Phase
Phase Programme
Check /
Verify Reporting Do
Phase
Audits
Programme
Audit Plan,
Schedule & Audit Objectives,
Checklist Planning Phase Scope & Criteria
Audits Findings
Closure Follow-up Phase
Lessons Learned
Audit Audit
Objectives Criteria
Audit
Scope
(ISO 19011)
Audit Objectives
Purpose for conducting the audit
Audit Scope
Business sites, processes and activities that should be covered by
the audit, including duration of the audit
Audit Criteria
Requirements representing the reference against which the audit
is being conducted; not just requirements from standards (MS).
Depending on type of the audit and its Objectives, it can include
requirements from many other sources.
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 30
Audit Process Phases 21
Audit Planning
• Establishing Audit Objectives, Scope & Criteria
• Communication with Concerned Parties (Audit Client, Auditee & Team)
• Agreeing Composition of Team & Allocation of Tasks
• Perform Document Review
• Establish Audit Plan & Audit Schedule
• Establish Audit Checklists
Audit Execution
• Collect Information to Establish Body of Evidence
• Arriving at Audit Findings
Audit Reporting
• Creating Audit Reports, documentation of Audit Findings & Conclusions
Audit Follow-up
• Verify Effectiveness of Actions taken by Auditee, as a response to Audit Findings
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 31
20
Audit Evidence
1.Should the information collected be relevant and to what?
It should be relevant to the agreed Audit Criteria.
2. Should the information collected be sufficient to demonstrate
the point?
Yes, it should be. Otherwise, we have to try to obtain more
evidence.
3. Should the evidence be seen to be “valid” rather than seen to
be lacking validity (lacking credibility)?
Yes, it should be. Otherwise, we have to deal with it very
carefully. We have to try and verify all collected information).
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 32
20
Audit Evidence
Audit Findings
1. How do we arrive at an Audit Finding?
❖ By comparing Evidence against Criteria
2.Is a finding necessarily a non-conformity?
❖ No. It can easily be a positive or negative in
nature.
3.What are the different types of findings we
are likely to have?
❖ Positive, Negative or in-between.
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 34
20
Audit Findings
Capture relevant, sufficient & verified audit evidence
Audit Findings
▪ Evidence evaluated against audit criteria
▪ Can be positive or negative
▪ Should be documented with supporting evidence
▪ Non-conformities reviewed with auditee for clear
understanding & acknowledgement that audit
evidence is accurate
▪ Diverging opinions should be resolved and if necessary
recorded
Audit Findings
Opportunity Non-
Positive
for Observation
Practice conformity
Improvement
Audit Finding
Nonconformity
Evidence
Of a sample of 25 purchase orders sent out over the last 3 months, 17
deliveries were subsequently rejected for incorrect parts or wrong grade
material. In 15 of these instances there was inadequate information
specified on the purchase orders, necessary to ensure that the correct
material would be supplied. Examples are: Purchase Orders Nos.
000645, 000732, 000766 and 000786.
Criteria
This is a non-conformity against ISO 9001: 2015
Evidence
▪ Reasonable, but maybe it needs to be more precise
and focused.
Requirement
▪ Not good at all, which clause in the standard?
▪ Then, which requirement (shall)?
Evidence
▪ Reasonable, but maybe it needs to be more precise
and focused.
Requirement
▪ Not good at all, which clause in the standard?
▪ Then, which requirement (shall)?
Requirement
▪ No requirement (shall) has been identified or stated?
▪ Requirement (unspecified), so it is not clear whether
the evidence is linked to any requirement in clause 9.2.
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 45
Nonconformity No. 2
(Lessons Learned)
Evidence
▪ It is not clear, on its own, whether it is a relevant as
far as this finding is concerned.
▪ Auditor is giving orders. NO, NO, NO
Requirement
▪ No requirement (shall) has been identified or stated?
▪ Requirement (unspecified), so it is not clear whether
the evidence is linked to any requirement in clause 9.2.
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 46
Nonconformity No. 3
(Competency)
Evidence
At the time of the audit, there was no evidence that an evaluation of
the effectiveness of training had been carried out for J. Smith and F.
Jones in respect of ‘Internal Audit’ training conducted on 12/13th
November 2020.
Requirement
ISO 9001: 2015 clause 7.2 requires that, “the organisation shall ensure
that relevant persons are competent on the basis of appropriate
education, training or experience. The standard also requires that the
organsiation shall evaluate the effectiveness of actions taken with
respect to acquiring the necessary competence.
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 47
Nonconformity No. 3
(Lessons Learned)
Evidence
❖What is the “concern” that the evidence indicates?
❖Audit is based on the “Evidence”, so how can we
arrive at a Finding, when there is “no Evidence”.
Requirement
❖More than one requirement (shall) is specified. It is
unlikely, that the evidence does support linkage to both.
❖This leads to weaking the finding and diffuse focus.
❖Choose a specific requirement, based on the evidence.
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 48
Nonconformity No. 3
(Lessons Learned)
Evidence
❖What is the “concern” that the evidence indicates?
❖Audit is based on the “Evidence”, so how can we
arrive at a Finding, when there is “no Evidence”.
Requirement
❖More than one requirement (shall) is specified. It is
unlikely, that the evidence does support linkage to both.
❖This leads to weaking the finding and diffuse focus.
❖Choose a specific requirement, based on the evidence.
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 49
Nonconformity No. 4
(Evaluation of Sub-Contractors)
Evidence
The organization did not consider the risks associated with Contractors
and Suppliers when they evaluated them, prior to their engagement.
Requirements
The organization quality management system stated that all Contractors
and Suppliers should be evaluated, prior to their engagement, based on
the risks associated with them.
Evidence
The organization did not consider the risks associated with Contractors
and Suppliers when they evaluated them, prior to their engagement.
Requirements
The organization quality management system stated that all Contractors
and Suppliers should be evaluated, prior to their engagement, based on
the risks associated with them.
Corrective Action
“Action to eliminate the cause of a nonconformity and to
prevent recurrence.”
Preventive Action
“Action to eliminate the cause of a potential nonconformity
or other potential undesirable situation.”
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 56
Audit Follow-up
▪ Findings of audit may indicate, as applicable, need for:
➢ Correction
➢ Corrective actions
➢ Preventive actions
➢ Improvement actions (including promotion of best practice)
▪ Following root cause investigations, actions are formulated,
implemented and verified by the auditee within agreed
timeframe
▪ Auditee should keep audit client & auditor informed of status of
these actions and results of their internal verification
Integrated Management Systems Associates Limited / Webinar No. 3 / 2021 57
Audit Follow-up
▪ Both
Why?
5
Original Problem
4
Why?
WhatsApp:00447771793340