Professional Documents
Culture Documents
Internal Audit Slides
Internal Audit Slides
Internal Audit Slides
The Content
SESSION 9: INTRODUCTION TO ISO 19011:
2018
Auditing Management Systems ISO 19011: 2018
Session 9
ISO 19011: 2018 Structure
Scope
Normative references
Terms and definitions
Principles of auditing
Managing an audit program
Audit activities
Competence and evaluation of auditors
Session 9
Audit
Audit is a systematic, independent and documented
process
Establishing criteria is one of the important aspects of
the audit process
During the audit process objective evidences are
obtained by the individuals who are managing audit
process or program
Audit evidence are evaluated against audit criteria
objectively to determine the extent to which the audit
criteria are fulfilled
Session 9
Audit Types
Internal Audits/First-party Audits
When an organization prefers to do its own audit either using their own auditors or
external auditors to perform their internal audits
External Audit/Second-party Audits
Suppliers audit, either performed by the auditors of the organization directly or by
hiring external auditors
External audit/Third-party Audits
These audits are performed by independent auditing organization, like registrar or
regulators
Session 9
Audit Evidence
A verifiable document (records, statement of
fact or other information), which is
qualitatively or quantitatively relevant to the
audit criteria
A pressure test report, NCR, CAR,
management review records, customer
complaints, customer satisfaction record, data
analysis record, metrics
Is subject to some degree of verification
Session 9
Audit Criteria
Audit criteria is established during audit process
A set of requirements used as a reference against
which the objective evidence is compared
Auditable standards, company policies, objectives,
plans, strategies, structure, system (processes,
procedures, practices), Legal requirements, technical
standards & codes, customer specifications, etc.
Session 9
Audit Evaluation
Session 9
Audit Finding
Session 9
Audit Outcomes
The outcomes of an audit after consideration of the audit objectives and all the
audit findings
A set of all the audit findings after consideration of audit objectives
A review of these findings will determine the suitability, adequacy, effectiveness
and efficiency of the management system. This auditor's final opinion about the
management system or legal requirements or technical requirements or policies
or objectives or procedures or good practices or strategies
Session 9
Audit Team
Group of auditors
Group of sector experts/Technical experts/
Consultants/Advisors
Observers (those who only monitors the
audit process)
Guide appointed by auditee to facilitate
auditors during audit process
If required for support, a group of sector
experts/Technical experts/Consultants/Advisors
who work as directed by audit team leader
Session 9
Audit Scope
Width and depth of the audit
Width of the audit determines the description of
physical location and boundaries where audit is to
be performed and covering organizational units
(Organization may have more than one unit)
Depth of the audit will determine the extent of the
audit, how far the auditor has investigated the
management system, processes, activities, tasks
The width and depth of the audit will determine
the time period required to complete the audit
Session 9
Audit Program
Session 9
Audit Plan
Session 9
Principles of Auditing
Integrity
Fair presentation
Due professional care
Confidentiality
Independence if practicable
Evidence-based approach
Risk-based approach
Session 9
ISO 19011: 2018 (Clause 6) Performing an Audit
6.2 Initiating the Audit
Session 9
Desired Personality Attributes
SN Characteristics Description
1 Ethical Fair, honest
2 Open-minded Willing to listen to others
3 Diplomatic Tactful in dealing with people
4 Observant Actively monitoring surroundings
5 Versatile Adaptable to different situations
6 Tenacious Persistent
7 Decisive Reaching to conclusion quickly
8 Self-reliant Able to function independently (considering practicability)
9 Acting with fortitude Acting responsibly
10 Open to improvement Willing to learn
11 Collaborative Effectively interacting with others
Session 9
S ES S I O N 1 0
The Content
Initiating the Audit
Establishing Initial Contact with the Auditee
Responsibility: Lead Auditor
Purpose:
Initiate communication channels with auditee person responsible for audit.
Confirm the authority to conduct audit
Provide information with respect to objectives, scope, methodology, audit team, including technical
expert and guides, translators
Request access to relevant documented information and records for audit planning
Determine applicable laws, contractual requirements
Agree with the audit extent of disclosure of documented information and confidentiality issues
Ask for any specific requirements, area of concerns, access requirements, guides, interpreters and
observers
Determine any areas of interest, concerns or risks to the auditee in relation to a specific audit
Session 10
Determine Feasibility of the Audit
Responsibility: Lead auditor, to ensure that audit
objectives will be achieved
Take into consideration:
Sufficient and appropriate information is
available for planning and conducting the audit
Adequate cooperation throughout the audit life
cycle
Adequate time to perform the audit
Availability of adequate resources to perform
the audit
Session 10
Review of Documented Information
Responsibility: Program Manager/Audit Team
Purpose:
To gather information to prepare, audit plan, checklist, and to make an assessment on how effectively
MSS has been developed, implemented, monitored and improved
Documentation relevant to planning.
Procedures
Documented information like last audit report, internal audit report, suppliers audit report,
management review report, and others as appropriate
Review of documented information should take into account the context of the organization, size,
nature, complexity, risk & opportunities of the auditee’s management system and organization,
objectives and scope
Session 10
Review of Documented Information- Why
Documented information covers the scope of
work and provides detailed information on how
the management system is designed and
developed
It supports the audit objectives
It can provide an indication of the document
control system of the organization or auditee
It will provide information about the maturity of
the management system
It will provide risk associated with product,
service and processes during the life cycle of the
product and service
Session 10
Review of Documented Information- What to Consider
Session 10
Preparing Audit Plan
Responsibility: Audit Team leader
Purpose:
It is a mutually agreed document between audit
client, audit team and auditee
It facilitates efficient scheduling and coordination
While audit planning takes into consideration:
Sampling technique
Composition of the audit team and their
cumulative knowledge
The risk associated to the organization
(contamination, accident)
Session 10
Preparing Audit Plan
Audit plan contents:
Audit objectives.
Audit scope with clear identification of organizational and
functional units and processes
Audit criteria
Location, date and time
Audit methodology/techniques including sampling.
Auditee representative
Communication arrangements
Confidentiality
Roles and responsibilities of audit team, auditee including,
experts, interpreters and guides
Follow up
Session 10
Selecting Audit Team
Session 10
Audit Team Members’ Roles
Team leader
Team members
Sector Experts
Observers
Interpreters
Session 10
Lead Auditor Responsibilities
Prepare the audit plan
Assign team roles
Brief the team
Review working documented information to ensure adequacy
Chair the closing meeting
Report nonconformities
Report any major obstacles encountered during the audit
Make final decisions for all phases of the audit
Submit the audit report
Manage risk
Deal with internal and external issues
Understanding the auditee’s context and business activities
Session 10
Team Members’ Responsibilities
Session 10
Preparing Documented Information for Audit
Responsibility: Audit team
Purpose:
Reference documented information
Recording evidence
Documented information to be prepared:
Checklist
Sampling plan
CAR form
Attendance sheet
Audit report format
Session 10
Audit Checklist
A systematic sequential set of audit
questions extracted from the
documented information review during
pre-audit activity.
Checklist is based on
• Processes
• Relevant Procedures
• Documented information in use
• Requirements of ISO 50001
Session 10
Advantages of Checklist
Session 10
Limitations of Checklist
Session 10