ISO 9001: 2015/19011: 2018

QUALITY
MANAGEMENT SYSTEM
INTERNAL AUDITOR
COURSE
PREPARED BY
ALOKE GANGULY
 Agenda
 Some Definitions
 Why Audits?
 Types of Audit
 Audit Process
 Auditor's Skills
 Recording Non-Conformances
DEFINITIONS
 AUDIT
A systematic and independent
examination to determine whether
activities and related results comply
with planned arrangements and
whether these arrangements are
implemented effectively and are
suitable to achieve objectives.
 AUDIT
 The definition emphasizes:
• The importance of keeping the
objectives in mind, and
• The value of auditing in the
development of the quality system.

 Independent audit is more objective &

impartial
 AUDIT - ALTERNATE
DEFINITIONS
 An independent documented activity
 In accordance with written checklists
and procedures
 To verify, by examination and
evaluation of objective evidence
 That applicable elements of a quality
system have been developed,
documented and effectively
implemented.
 OBJECTIVE EVIDENCE

 Qualitative or Quantitative
information,records, statements of
fact pertaining to the quality of an
item/service which is based on
observation, measurement or test
and which can be verified.
 NON-CONFORMITY

 The non fulfillment of specified

requirements.
 OBSERVATION

 A statement of facts made during

an audit and substantiated by
objective evidence.
 ASSESSMENT

 A third party evaluation of a

system to qualify supplier’s
compliance to a laid down system

 Conclusion of the exercise results

in approval/certification
 AUDIT Vs ASSESSMENT

 Audit is generally synonymous with

assessment.
CERTIFICATION AUDIT

 Audit carried out by a third

party agency (CAB) to
evaluate compliance to any
system
 ACCREDITATION

 Accreditation is awarded to certification

body(CAB) by an independent National
board/Council against recognized standard
like EN 45000 series.
 CERTIFICATION

 Certification is awarded on successful

completion of assessment by an
independent third party certification
body against requirements of ISO
9000 series
 SURVEILLANCE

 Method of periodic monitoring of

certified company by third party
certification body for their continued
compliance to ISO 9000 systems.
 AUDITOR
 Checks extent of compliance with
planned arrangements or documented
systems.

 Reports the Non Compliance to

Management for action
TYPES OF AUDITS
 TYPES OF AUDIT
 First Party: An Audit by an organization on
its own systems and procedures.

 Second Party:An Audit by one organization,

working on its own behalf, on another.

 An audit by the Organization on its suppliers and

sub-contractors
 TYPES OF AUDIT
Third Party : An Audit by an
independent organization on a supplier.

An audit by a body which is commercially

and contractually independent of the
Organization to a quality system standard .
 TYPES OF AUDIT

ADEQUACY AUDIT

 Exercise to determine the extent to which

the documented system represented by the
Manual and the Associated Procedures
adequately meets the requirements to the
standard.
 TYPES OF AUDITS

COMPLIANCE AUDIT

 An audit to establish the extent to

which the documented system is
implemented. i.e.., Are the people
complying with the system ?
 ADEQUACY AUDIT
 Work through the standard, clause by clause and
find the part of documented system which applies
 Work through the documented system clause by
clause and see which part of the standard applies
 Check for inter links between various levels of
documents
 Ensure that the documents are understandable,
unambiguous
 Raising Non-Conformance reports.
WHY AUDITS???
 WHY AUDITS ?
Audits are necessary because they indicate

• Health of the unit w.r.t. Quality

• Extent of compliance of systems in
operations
• Commitment to Quality
• Identify/Prioritize areas for
improvement
• Readiness for External Audit
 WHY AUDITS?
 Audits are carried out to verify that the
management system:

Exists and is complete

Operates correctly

Is effective
PHASES OF AN AUDIT
 Planning
 Preparation
 Performance
 Reporting and Follow-up

Remember: [ 6 P’s]

Proper planning and preparation prevent

poor performance
AUDIT PLANNING
 AUDIT PLANNING
In planning each audit of any type, the
following must be determined:

Frequency/ Timing
Responsibility
Criteria
Scope
Duration
 AUDIT PLANNING
PLANNING FIRST PARTY AUDIT
 Frequency/timing is based on:
 Previous Performance
 Criticality, Complexity
 Change
 Responsibility -Qualified Auditor
 Criteria -ISO 9001/ Organization's own
Procedures/ Standards
 Scope-Usually a Procedure or a department
 Duration -Usually a day or less
 AUDIT PLANNING
PLANNING SECOND PARTY AUDIT
 Frequency/ timing - As agreed/ required
 Responsibility - Qualified Auditor
 Criteria - as specified by contract
or Purchase Conditions
 Scope - Usually activities directly
affecting products or
service quality, delivery etc
 Duration - typically one day
 AUDIT PLANNING
PLANNING THIRD PARTY AUDIT

 Frequency/timing - As agreed/ required

 Responsibility - Registered Lead Auditor
 Criteria - ISO 9001: 2015
 Scope - As specified by the client in
terms of processes,
products, services,sites.
 Duration -Affected by many variables
 AUDIT PLANNING
 Plan for audits
 Total commitment from Top
management
 Prepare the Auditees’ by
explaining audit objectives
 Train and prepare auditors
 Creation of corrective action teams
to implement permanent solutions
 AUDIT PLAN
 List of the organizational units to be
audited.
 Month/Date of the audit.
 Listing the reference documents,
such as quality system standards,
quality system procedure,
department etc to be audited
 AUDIT
PREPARATION
AUDIT PREPARATION
 Preparation for audit

 Documentation review

 Audit Itinerary

 Audit Checklist
 AUDIT PREPARATION
Preparation for the audit include:
 Obtaining as adequate brief on the
purpose and scope of the audit.
 Ensure availability of latest applicable
procedures in areas of audit.
 Desk Study
 Travel Arrangements [for multi site
locations].
 Reviewing previous audit reports
 AUDIT PREPARATION
AUDIT ITINERARY
 Date of the audit.
 Departments to be audited and planned
time frame.
 Auditor and Auditee’s Name.
 Reference documents [Procedures,
department etc to be audited.
 Location - in case of multi site
 AUDIT PREPARATION
AUDIT CHECKLIST

 The checklist is a valuable aid to

auditing and is used as:

Working document
A record
 CHECKLIST
 Questions the auditor should ask
 Should ensure that the ‘scope’ is
covered in the time available
What To Audit?
– Documentation
– Materials
– People
– Products
 AUDIT PREPARATION
 Auditor to consider the following in
preparing the checklist:

the processes which are taking place:

the relevant procedures:
the documents and records which are being used:
the requirements of the Standard.

 Details on a checklist will depend on the

experience of the auditor
AUDIT CHECKLIST
Audit Audit Date Auditee Auditor Department
No
xx XX/ YY/ZZ Purchase

Reference: QSP for Puchase

Sl Check List Compliance Objective Remarks
No Y/N/NA Evidence

1 Have all purchase orders been verified Y PO - AAA

and authorised by the head of purchase To BBB seen
department?

2 Is an up to date Approved Vendors list Y Seen

available in purchase department?

3 Are all purchase made from the Y Above PO's

approved vendors list? checked against
AVL

4 Have all purchase orders been N PO. DDD do

completed in full? not show
delivery dated.
Signature of Auditor :
MR RESPONSIBILITIES
– Manage Audit program
– Plan and Schedule
– Organize Execution
– Collect and Collate Audit reports
– Organize Audit Non conformance
closures
– Arrange follow up audit
 AUDIT
PERFORMANCE
AUDIT PERFORMANCE
PHASES OF AN AUDIT
 Opening meeting
 Conduct of the actual Audit
 Auditors Review
 Final or closing meeting
 Follow up, if necessary
 OPENING MEETING
 Opening meeting is the first step in the
audit process and prepares the way for:

 Good communications
 Co-operation
 Openness
 OPENING MEETING
Formal opening meeting shall be for:
 Introduction
 Explaining the objectives of the audit
 Informing the scope of the audit
 Explanation of audit method/sampling
 Explanation of non-compliances and
classifications
 Confirmation of timetable/itinerary
 Nature of report and follow-up
 Confidentiality
CONDUCTING THE AUDIT

Auditor should adopt a:

 Positive,
 Professional and
 Constructive approach
 CONDUCTING THE AUDIT

The auditor should obtain a co-operative,

open and honest approach from the
auditee by:
 Explaining the purpose of the visit
 Be calm, polite and reassuring
 Never talk down, never act superior
 Speak clearly and carefully
CONDUCTING THE AUDIT
 Auditor should be open minded while
carrying out the audit and should:

• Ask open ended questions

• Examine objective evidence
• Refer checklists
• Make notes
 QUESTIONS
 OPEN --The auditor’s seven friends:
– What ?
– When ?
– How ?
– Where ?
– Who ?
– Why ? (with caution)
and
– Show me
 FEW EXAMPLES
 Show me what you do:
 Where is that kept?
 How is that carried out?
 When would you do this?
 What happens after this is completed?
 Who will do that?
CLOSED QUESTIONS
Avoid leading questions such as:

“ I see that, once your job is

completed you file the record in the
file, am I right?

This will get a “Yes” , “No” or

“Nodded” response.
CONDUCTING THE AUDIT
 Auditor should examine and establish
extent of non conformance and its
nature and cause.
 Evidence will include:
 Documents, records
 Physical evidence
 Environmental conditions
(where applicable)
CONTROLLING THE AUDIT

 Auditor must control the audit.

DO NOT
Be side tracked;
Be led or misled;
Let the auditee dictate the place of the audit;
Make assumptions or presumptions.
CONTROLLING THE AUDIT
DO
Be prepared;
Be punctual;
Insist on the person being questioned
answer for themselves;
As little talking as possible;
Avoid misunderstandings;
Be polite and calm;
Give compliments
CONTROLLING THE AUDIT
AUDITOR MUST BE PREPARED FOR
aggressive auditees;
timid auditees;
missing people;
missing documents;
pre-prepared samples [always
choose your own]
emotional blackmail.
 AUDIT REVIEW

On completion of audits, auditor/team

must conduct a review of the findings
for:
Study of notes and/or comparison of
notes with team members;
Listing of non compliances.
 NON COMPLIANCE
Non compliance may be a failure to:

 Comply with the standard applicable to

the organisation.
 Implement quality system procedures,
work instructions, flowcharts,
inspection plans etc as documented in
the organisation
 Implement statutory requirements,
regulations etc
NON-CONFORMANCE REPORT

Should comprise of:

– The observation;
– The attribution;
– The explanation;
– Corrective action applied;
– Corrective action completed and
checked;
NON CONFORMANCE REPORT

Should also comprise of:

– The applicable procedure;

– Area/ department or function;
– Standard and clause number or
document reference number;
CLASSIFICATION OF NON
CONFORMANCES

 MAJOR NON CONFORMANCE

 MINOR NON CONFORMANCE

 OBSERVATION
 MAJOR NON - CONFORMANCE
Raised when:
 There is a total breakdown of a procedure or
work instruction critical to product quality , or in
the operation of the organization
 One’s Management System.
 There is a total absence of a procedure required
by the Management system standard in the
organization’s Quality System.
 MAJOR NON - CONFORMANCE

 There are number of minor lapses in the

procedure, which when added together,
collectively suggest a total or important
breakdown in the system.
 The non compliance is likely to result in an
immediate hazard to the quality of the
product or service being provided.
 MINOR NON - CONFORMANCE
Raised when:

 There is a deficiency (or deficiencies)

that have been identified in a
procedure or W.I’s or in the operation
of the organization’s management
System, but which are less severe than
that warrants a Major Non-
Conformance.
 OBSERVATIONS
Observations may include:

 Good practices which could benefit other

areas of the organization;
 Areas of concern which are not yet serious
enough to warrant non conformance;
 Deficiencies for which the auditor is
prepared to give the “benefit of doubt”;
 Suggestions for action.
 CLOSING MEETING
During the closing meeting Auditor/ Team
Leader must:-.
 Explain all findings and evidence carefully and
precisely;
 Be prepared to support and justify findings;
 Avoid being drawn into an argument;
 Apologize if an error transpires and alter or
withdraw the non conformance if necessary;
 Avoid giving consultative recommendations.
 FOLLOW UP AUDIT

 Follow up audits shall be

carried out to determine
whether the corrective action
has been implemented .
AUDIT SKILLS
 AUDITING SKILLS

 Time Management

 Fact Finding

 Reporting
 FACT FINDING
 Reading
 Observing
 Listening
 Questioning
 To and fro checking
 Observing body language
 Use of unasked question
 Establish rapport with auditee
 LISTENING
Barriers in listening to be eliminated:
–considering the subject to be uninteresting
–evaluating the speaker
–becoming emotionally involved
–listening for facts, not ideas
–taking copious notes
–faking attention
–failing to capitalize on ‘thought speed’
To be seen to be listening is in itself a
powerful communicator.
TRAITS OF A GOOD AUDITOR
DiplomaticPatient
A good judge Self disciplined
Good listener Open minded
Analytical Inquiring
Professional Honest
Good communicator Unbiased
Interested
TRAINED
TRAITS OF A POOR AUDITOR

Opinionated Unprofessional
A Quitter Undisciplined
A nit picker Argumentative
Anxious to please Lazy
Desire to be liked Timid
Impatient Arrogant

UNTRAINED
 Auditor should not:
 Be sarcastic;
 Swear;
 Discuss company policy or
personalities;
 Argue;
 Compare the auditee with others.
 THE WASTERS

 Introductions and
presentations.
 A walk round - the long way.
 Coffee, tea, lunch.
REPORTING
 AUDIT REPORT
 Contains
– Conformity Statements

– Non Conformity Statements

– Effectiveness of management Systems

– Conclusions and Recommendations

– Publicity
 NON CONFORMANCE REPORT

 Should comprise of
– The observation
– The attribution
– The explanation
– Corrective action applied
– Corrective action completed and
checked
REPORT WRITING
SKILLS
NON COMPLIANCE STATEMENTS

 WHY - the requirements(if not obvious)

HOWEVER
 Where
 What The facts to negate the
 Who requirements
 When

Select the most appropriate ISO clause

NON COMPLIANCE STATEMENT

 It seems that
 Generally speaking
 The company has failed to implement
 There is no commitment
 Bill the plumber said
 EXAMPLES
What is wrong with these non compliance
statement ?
1. The quality manual (Section 7) states
that all design changes must be signed
by the R&D Manager. However change
forms 23 and 25 which the design
executive have already implemented
were not signed as required.
 EXAMPLES
2. QAP1 requires that the Technical Director
attends at least four quality meeting for
each department on a one year period.
However, Mr. Akshay Kumar was not at
the quality meeting between Jan and April
1995, as shown in the minutes of meeting.
3. Product not traceable in the shop
floor(knives).
 EXAMPLES
4. Minutes of Management Review not
maintained and this shows that
management is not committed at all.
5. Electrical wiring drawing no. CE-ECK-
051 dt. 20.12.96 has been changed without
proper authorization. Drawing XXX-ECK-
050 DT.11.3.97 against CE-FCK-051 does
not take into account all changes
incorporated during assembly.
 EXAMPLES
6. Crimping tools used have not been
calibrated. (as per master list crimping
tools do not require calibration, nor
requirement specified by design)
7. Design input , output and other
requirements of design are carried out for
project ABC Ltd. However design stages
such as design input reviews, design
output , input review and verification of
records not available for all parameters.