Auditpak 2008 2 Day - Legal

AUDITPAK 2008
ISO 9001
INTERNAL AUDITOR TRAINING COURSE
IMPORTANT
This course is based upon ISO 9001 and associated standards
and guidance notes. Whilst every effort is made to ensure the
contents of this course are accurate, no responsibility will be
accepted by Atlantic Consultants or its employees and
associates for any action taken as a result of information
presented in this course.
AUDITPAK 2008 Licensed to Atlantic Consultants Licence No. 030205

Purpose of course
To provide delegates with a thorough grounding in the
requirements of ISO 9001 and the techniques of internal auditing
to enable them to perform effective audits of their management
processes.
© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

COURSE CONTENT
Auditing vocabulary
Principles of management systems
ISO 9001 in detail
Audit planning
Performing the audit
Audit reporting and follow-up

ISO 9000 family of standards
ISO 9000:2000 Quality Management Systems comprises of the
following:
ISO 9000:2005 – Fundamentals and vocabulary

ISO 9001:2008 – Requirements
ISO 9004:2000 – Guidelines for performance improvements
ISO 9001 sets the requirements for quality management systems

and is the standard against which they are audited.

AUDITPAK-2000
AUDITING VOCABULARY

Auditing Vocabulary
ISO 9000 contains definitions of the main terms used in quality
Some of these terms have specific meanings and applications as
opposed to the generic definitions found in most dictionaries
Correct use and understanding of these terms eliminates the
possibility of confusion.

KEY TERMS
AUDITOR
Person qualified and competent to conduct audits.
AUDIT
A systematic, independent and documented process for
obtaining audit evidence and evaluating it objectively to
determine the extent to which audit criteria are fulfilled

KEY TERMS (Cont.)
AUDIT EVIDENCE
The records, statements of fact or other information which are
relevant to the audit criteria and verifiable
AUDIT CRITERIA
Set of policies, procedures or requirements

KEY TERMS (Cont.)
NONCONFORMITY
The non-fulfilment of a requirement
CORRECTIVE ACTION
Action taken to eliminate the cause of a detected nonconformity
or other undesirable situation.
PREVENTIVE ACTION
Action taken to eliminate the cause of a potential nonconformity
or other undesirable situation.

AUDITPAK-2000
PRINCIPLES OF PROCESS-BASED
MANAGEMENT SYSTEMS

WHAT IS PROCESS MANAGEMENT
What is a management system?
A framework of business processes working together to achieve the stated
business objectives, and customer and other stakeholder needs.
What is a process?
Set of interrelated or interacting activities which transform inputs into outputs
What is process management?

The effective control of a series of activities that converts inputs into outputs
whilst both adding value and continually improving performance.

Example management system
Understand
stakeholder and
market needs
Improving our Developing our
performance business objectives
Managing our
finances
Measuring and Generate and win

Developing our business
evaluating our
staff
performance
Provide advice
Manage
transactions
Represent Clients

SIMPLE PROCESS MODEL
Specification Personnel Equipment

Design Systems Methods
INPUTS
PROCESS
OUTPUT
Product or service
THE QUALITY OF THE OUTPUT RELIES

ON THE QUALITY OF THE INPUTS
PDCA CYCLE (Continuous improvement)
Plan: establish the objectives and

processes necessary to deliver
results in accordance with
customer requirements and the
organization's policies.
Do: implement the processes.
Check: monitor and measure
processes and product against
policies, objectives and
requirements for the product and
report the results.

Act: take actions to continually

improve process performance.

PDCA can be applied to any

process within an organisation.
Where PDCA can be used
PDCA is a methodology that can be applied to any process.
It can be applied at all levels of an organisation – from high-level
strategic processes to simple routine operational activities.
PDCA is not a one-off event. It is a dynamic iterative
methodology.
Most organisations will already have some PDCA-type
methodologies in place for some processes.

Policy, objectives and processes
POLICY Contains the “Mission Statement” for

the Management System
Specify the goals to be achieved in

OBJECTIVES order for the Mission to be fulfilled
PROCESSES Activities within the organisation whose

effectiveness can be measures by the
degree to which they contribute to the
fulfilment of the objectives.

AUDITPAK-2000
OVERVIEW OF ISO 9001

ISO 9000 family of standards
ISO 9000 “family” comprises of the following:
ISO 9000:2005 – Fundamentals and vocabulary

ISO 9001:2008 – Requirements
ISO 9004:2000 – Guidelines for performance improvements
ISO 9001 sets the requirements for quality management systems

and is the standard against which they are audited.

Supporting Standards
There are some supporting standards that may be relevant to some
organisations:
ISO 19011 – Guidelines on Quality Management Systems Auditing
ISO 10005 – Guidelines for Quality Plans
ISO 10006 – Guidelines to quality in project management
ISO 10007 – Guidelines for configuration management
ISO 10012 – Quality assurance requirements for measuring equipment
ISO 10013 – Guidelines for developing quality manuals
ISO 10014 – Guidelines for managing the economics of quality
ISO 10015 – Guidelines for training

Scope of ISO 9001
ISO 9001 specifies requirements for a quality management system where an
organisation needs to demonstrate its ability to provide products and services
that consistently fulfil customer and applicable regulatory requirements
ISO 9001 provides a framework to enhance customer satisfaction through the
effective application of the system, including processes for continual
improvement of the system and the assurance of conformity to customer and
applicable regulatory requirements
ISO 9001 provides the auditable criteria for use by all parties to determine the
overall effectiveness of the quality management system.
ISO 9001 DOES NOT provide any product performance criteria. This must be
obtained elsewhere.

Quality Management Principles
ISO 9000:2005 is based upon 8 quality management principles
These principles have been chosen because they can be used to
improve organisational performance and achieve success
The principles can therefore be used by senior management as a
framework to guide their organisations towards improved
performance.

1 – Customer Focus
WHAT IT SAYS
Organisations depend on their customers and therefore should
understand current and future customer needs and strive to
exceed customer expectations
WHAT IT MEANS
Understanding what customers need and expect from the
organisation as a whole and not just from an individual request or
order.

2 - Leadership
WHAT IT SAYS
Leaders establish unity of purpose and direction of the
organisation. They should create and maintain the internal
environment in which people can become fully involved in
achieving the organisation’s objectives
WHAT IT MEANS
Management (anyone responsible for the activity of others) at all
levels creating and maintaining an environment aimed at
achieving the business objectives in which others can operate

3 – Involvement of people
WHAT IT SAYS
People at all levels are the essence of an organisation and their
full involvement enables their abilities to be used for the
organisation’s benefit.
WHAT IS MEANS
Ensuring that all are involved in order that their abilities can be
used and enhanced to maximum benefit for themselves and the
organization.

4 – Process Approach
WHAT IT SAYS
A desired result is achieved more efficiently when activities and
related resources are managed as a process
WHAT IT MEANS
Objectives are more likely to be achieved when activities are
seen, understood and managed through processes and
resources aligned accordingly.

5 – System Approach to Management
WHAT IS SAYS
Identifying, understanding and managing interrelated processes
as a system contributes to the organisation’s effectiveness and
efficiency in achieving its objectives
WHAT IT MEANS
Identifying the individual business processes and ordering them
so that they deliver objectives efficiently and effectively

6 – Continual Improvement
WHAT IT SAYS
Continual improvement of the organisation’s overall performance
should be a permanent objective of the organisation
WHAT IT MEANS
Improving business performance should be the objective of any
organisation – it must improve and change over time

7 – Factual approach to decision making
WHAT IT SAYS
Effective decisions are based on the analysis of data and
information
WHAT IT MEANS
Effective decisions are based on information that has been
analysed and not purely on a feeling of what needs to be done.

8 – Mutually beneficial supplier relationships
WHAT IS SAYS
An organisation and its suppliers are interdependent and a
mutually beneficial relationship enhances the ability of both to
create value.
WHAT IT MEANS
Enhanced value is created by working closely with suppliers that
can affect your deliverables and not against them – it really is a
case of 1 + 1 = 3!!

ISO 9001 – Process model
CONTINUAL IMPROVEMENT OF THE QUALITY MANAGEMENT SYSTEM
Management
Responsibility
Measurement,
Resource Client
analysis &
CLIENT management
improvement
satisfaction
CLIENT
Requirements Service
Service
realisation
Information flow Value-adding activities

ISO 9001 - Requirements
The standard contains 5 clauses which specify requirements:
4.0 Quality management system

5.0 Management responsibility
6.0 Resource Management
7.0 Product realisation
8.0 Measurement, analysis and improvement
Within the 5 clauses are 52 sub-clauses with which an organisation must comply.
There are however a few permitted exceptions…….

ISO 9001 – Permitted exclusions
Organisations are permitted to exclude parts of clause 7 only:
IF
the requirements of the standard cannot be applied due to the
nature of the organisation or the product.
AND
such exclusions do not affect the organisation’s ability, or
responsibility, to provide product that meets customer and
applicable regulatory requirements

AUDITPAK-2000
SUMMARY OF ISO 9001 CLAUSES

4.0 Quality Management System
There are 2 sections within the clause which have to be addressed
by all organisations:
4.1 General requirements

4.2 Documentation requirements
4.2.1 General
4.2.2 Quality Manual
4.2.3 Control of documents
4.2.4 Control of records

4.1 General requirements
A documented quality system must be established. It must:
Be geared towards continual improvement
Identify processes in terms of their sequence and interaction
Define methods of monitoring and controlling processes.
Ensure the results of data analysis are used for continual
improvement

4.2 Documentation requirements
The Quality Management System documentation must include the
following:
Quality Policy and Quality Objectives statements
A quality manual
Documented procedures addressing document control, quality
records, internal audit,nonconforming product, corrective action,
preventive action
Additional documentation needed for effective planning and
control of processes
Records to demonstrate product conformance and the effective
operation of the quality system

What is a document?
ISO 9000 gives three purposes for a document:
For communication of information
For evidence of conformity
Knowledge sharing
Documents may be in any form or type of medium including:

Paper
Magnetic
Electronic or optical computer disc
Photograph
Master sample

4.2.3 Control of documents
All documentation that needs to be kept up-to-date should
be identified and controlled.
Control system should cover the following

Approval of documents
Regular review and updating of documents
Change status of documents
Availability of relevant documents at point of use.
Obsolete documents removed from use
Identification and control of external documentation

4.2.4 Quality records
Quality records are those which demonstrate achievement of
the required quality and effective operation of the quality
system
Quality records must be:-

Accessible
Identifiable
Suitably stored and protected
Kept for a defined period of time
Disposed of in a controlled manner
Don’t forget Computer Records

5.0 Management responsibility
There are 6 elements in this clause which have to be addressed:
5.1 Management commitment
5.2 Customer focus
5.3 Quality Policy
5.4 Planning
5.5 Responsibility and authority
5.6 Management Review

5.1 Management commitment
Top management are required to demonstrate commitment to the
quality system. In particular the are required to undertake the
following:
Establish the quality policy

Ensure quality objectives are established
Conduct management reviews
Ensure necessary resources are made available
Communicate to the organisation the importance of meeting
customer needs

5.2 Customer focus
The standard requires that “enhancing customer satisfaction” is
the main objective when dealing with customer requirements
Top management must ensure the policy and operating controls

are geared towards this objective

5.3 Quality Policy
Top management must establish a quality policy which:
Is appropriate to the organisation
Commits the organisation to meet all customer and statutory
requirements and continually improve the effectiveness of the
quality system
Provides a framework for establishing and reviewing quality
objectives
Is communicated and understood throughout the organisation
Is reviewed on a regular basis

5.4 Planning
Quality objectives must be established for the quality system
Development of the quality system must be planned to ensure
the quality objectives are met
When changes are introduced the integrity of the quality system
must be maintained.
Basically…..some thought must be given to the development of the

quality system

5.5 Responsibility, authority and communication
Responsibilities and authorities within the organisation must be

defined and communicated
A Management Representative responsible for the maintenance
of the quality system must be appointed.
Communication processes must be established throughout the
organisation with regard to the quality system

5.6 Management Review
Top management must perform regular reviews of the quality
system to:
Evaluate the effectiveness and efficiency of the quality system
Review the suitability of quality policy and objectives
Identify and review improvement opportunities
Determine future changes and management strategy
ISO 9001 lists specific inputs to the Management Review

6.0 Resource management
Clause 6 deals with a range of resource related issues. They
include both people and organisational issues in the following
broad categories:
The provision of general resources

Human resources
Competence and training
Infrastructure
The work environment

6.1 Provision of resources
There is a general requirement to provide adequate resources to:
Maintain the quality system and improve its effectiveness.

Enhance customer satisfaction by meeting customer
requirements
This clause applies to any resource, tangible or intangible, which

the organisation should provide.

6.2 Human resources
People performing work affecting product quality have to be
competent.
Organisations shall assess the competence of people to perform
their allocated tasks
Provide necessary training or other forms of development
Review the effectiveness of training
Maintain records of education, training, skills and experience
Ensure people are aware of the importance of their role in
respect of the quality system

6.3 Infrastructure
Organisations are required to provide the infrastructure
necessary to ensure product quality. “Infrastructure” includes:
buildings, workspace and associated utilities,

process equipment (both hardware and software),
supporting services (such as transport or communications).

6.4 Work environment
Organisations are required to determine and maintain the work
environment necessary to ensure conformity to product
requirements

7.0 Product Realisation
This clause brings together all the “processes necessary or
needed for product realisation”. Product realisation embraces the
following processes:
Planning of product realisation
Determination and review of product-related requirements
Customer communication
Design and development
Purchasing
Production and service provision
Control of monitoring and measuring devices

7.1 Planning for product realisation
Organisations are required to undertake appropriate planning for
product realisation. This can include:
Definition of quality objectives and requirements
Establishment of appropriate processes and documentation
Establishment of appropriate review activities
Definition of records required to demonstrate service and process
conformance

7.2 Client-related processes
The organisation must determine the requirements of the Client,
including delivery, post-delivery and statutory requirements.
The organisation must review clientr requirements to ensure that:
They are unambiguously defined
Any differences with previously-stated requirements are
resolved
The organisation has the capability to meet the requirements
Effective arrangements for communicating with customers at all
stages of the process should be implemented

7.3 Design and development
Over-riding requirement is to ensure the specifications and
requirements of the client are met.
7.3.1 DESIGN & DEVELOPMENT PLANNING

Design and checking activities must be planned and assigned to
suitably qualified personnel.
The interfaces between different design groups must be defined
and a regular interchange of information be carried out and
documented.

7.3 Design and development (cont.)
7.3.2 DESIGN AND DEVELOPMENT INPUTS
All design input requirements (customer spec’s design calcs,
legislative requirements etc.) must be identified and considered
for adequacy
There must be no ambiguous conflicting or incomplete
requirements

7.3.3 DESIGN AND DEVELOPMENT OUTPUTS
The design requirements, calculations and analyses must be

addressed and documented
Design output requirements must:-
Meet design input requirements
Reference acceptance criteria
Cover any legal requirements
Cover any safety requirements

7.3.4 DESIGN REVIEWS
Formal documented reviews of the design results must be
planned and held.
Design review must involve representatives of all functions
concerned with the design stage being reviewed

7.3.5 DESIGN VERIFICATION
Design verification needs to take place to ensure the design outputs
meet the design input requirements. Suggested ways of doing so
include:-
Design Review meetings

Performing alternative calculations
Using test rigs or computer simulation
By comparison with similar designs

7.3.6 DESIGN VALIDATION
Design validation needs to be performed to ensure the
product conforms to defined user needs or requirements.
Design validation follows successful design verification

Validation is normally performed on the final product under
defined operating conditions

7.3.7 DESIGN CHANGES
A system of identifying, initiating, documenting and reviewing
design changes must be in place.

7.4 Purchasing
EVALUATION OF SUPPLIERS
Suppliers must be evaluated on their ability to supply goods or
services of the required quality.
The type and extent of control exercised over suppliers must be
defined.
Records of supplier evaluation must be maintained.
The type and extent of control exercised over suppliers shall be
dependent upon the effect of the purchased product on the final
product / service

7.4 Purchasing (cont)
Purchasing information shall describe the product to be
purchased, including any applicable conformance requirements.
Appropriate arrangements will be made to verify purchased
product.

7.5 Production and service provision
All service processes need to be identified, planned and
performed under controlled conditions. Controlled conditions
include, where applicable:
The availability of work instructions where their absence would
have an adverse effect on quality.
The use of suitable equipment
The implementation of review and measurement
The implementation of final review, delivery and follow-up
activities.

7.5 Production and service provision
Not normally relevant to legal work

7.5.3 Identification & traceability
Documentation, files etc must be clearly identified at all stages of

the process. Suitable means of achieving this include:-
Documentation
Tags
Colour coding
There should be clear identification of who has worked on a file

or document, and the changes that have been made.

7.5.4 Customer property
Where property (inc. intellectual property, documentation,
personal data etc.) is supplied by the client, steps must be
taken to ensure that:-
The property is stored and maintained in good condition

Any loss or damage of the product is recorded and reported to
the customer

7.5.5 Preservation of product
Ensure that appropriate measures are taken to prevent any
damage or deterioration occurring to documentation and
records.
E.g..
Provide suitable storage areas
Have appropriate archiving arrangements
Ensure adequate methods of handling document packages exist
Pack documentation adequately when being transported
Ensure appropriate controls over the storage and transmission of
electronic documentation

7.6 Control of monitoring and measuring
equipment
Not normally relevant to legal work

8.0 Measurement, analysis &
improvement
ISO 9001 requires that organisations measure, analyse and
improve processes to:
Demonstrate conformity of service to Client requirements

Ensure conformity to the quality system
Continually improve the effectiveness of the quality system

8.2 Monitoring and measuring
ISO 9001 requires organisations to monitor and measure various
aspects of the quality system. These include:
Customer satisfaction
Internal audits
Process characteristics
Service characteristics
The methods of measurement and the measures used can be

determined by the organisation.

8.2.1 Customer Satisfaction
As one of the measures of the performance of the quality system
the organisation shall monitor information relating to client’s
perception as to whether the organisation has met client
requirements

8.2.2 Internal Audit
Quality activities need regular auditing to determine the
effectiveness of the quality system.
The standard requires the following:-

An Internal Audit Schedule is established
Auditors are trained and are independent of the function to be
audited
The results of the audit are documented
Timely corrective action is taken

8.2.4 Monitoring and measurement of product
The primary way of monitoring and measuring the quality of

our service is through review. This may be performed
Prior to acceptance of a case
During a case
Following completion of a case
The purpose of review is to ensure the service provided

conforms to specified requirements
Records of review must be maintained

8.3 Control of non-conforming product
If a service or piece of work does not conform to the required
standards it must be:-
Identified
Protected from being inadvertently used
Documented
All non-conformances must be reviewed and the action to be
taken determined by an authorised person
Customer complaints are a form of non-conformance and
have the same requirements.

8.4 Analysis of data
ISO 9001 requires the collection and analysing of
APPROPRIATE data to demonstrate the effectiveness of the
quality system and identify areas for improvement. The data
must address the following areas:
Customer satisfaction
Conformity to service requirements
Trend data for services and processes
Suppliers

8.5 Improvement
ISO 9001 requires the organisation to continually improve the
effectiveness of the quality system. It identifies two types of
action that are required to support this objective.
Corrective action – to eliminate the causes of nonconformities to

prevent recurrence
Preventive action – To eliminate potential causes of
nonconformity
In each case the action taken must be documented, reviewed for

effectiveness, and in accordance with a documented procedure.

AUDITPAK-2000
INTERNAL AUDITING

Overview of the audit process

Principles of auditing
ISO 19011 sets out 5 principles of auditing
ETHICAL CONDUCT – the foundation of professionalism
FAIR PRESENTATION – the obligation to report truthfully and
accurately
DUE PROFESSIONAL CARE – the application of diligence
and judgement in auditing
INDEPENDENCE – the basis for the impartiality of the audit
and objectivity of the audit conclusions
EVIDENCE-BASED APPROACH – the rational method for
reaching reliable and reproducible audit conclusions

Characteristics of effective auditors
Ethical Versatile
Open-minded Tenacious
Diplomatic Decisive
Observant Self-reliant
Perceptive
Above all, auditors must be
OBJECTIVE
REQUIRED KNOWLEDGE AND SKILLS
Audit procedures and techniques
Management system and reference documents
Organisational situations
Applicable laws, regulations and other requirements relevant to
the discipline

Purpose of Internal Audits
2 main purposes
To ensure the documented management system is being
complied with in practice
To identify areas where improvements in the management
system could be implemented
Internal audits should be

CONSTRUCTIVE not DESTRUCTIVE

Planning of Audits
Audits should be based upon the business processes of the
organisation
A schedule of audits should be prepared, cross-referencing
applicable sections of the standard
All relevant people need to be informed of their involvement in
the audit – An audit plan is useful.
Prior to commencing an audit:-
Familiarise yourself with the system documentation
Prepare an audit checklist
Check that all key staff are going to be available on the day of the
audit.

Auditor Tool 1
Purpose of the
process
Improve Process objectives

and targets
Monitor The process

performance itself
Key performance
process measures
TEST EVERY ONE OF THE BOXES IN EACH PROCESS YOU AUDIT

Auditor Tool 2
Competence Knowledge Risk

Resources Budget
OUTPUTS
INPUTS
ACTIVITY ACTIVITY ACTIVITY ACTIVITY
Measure
Improve Monitor
Procedures
Work Instructions

Questioning
Questions should address each of the boxes in the auditor tools
Questions need to cover process effectiveness and compliance
to specified requirements
When devising questions bear in mind:

The objectives of the audit
The part of the process you are trying to test
The maturity of the system
The role and responsibilities of the person you are addressing

Appropriate questioning
Auditors have to manage

this dynamic How do you…..?
Explain to me how…..?
Who do you…..?
Directors
Managers
Show me how….?
Employees Tell me how……?

AUDITPAK-2000
AUDIT CHECKLISTS

Audit checklists
The purpose of a checklist is:-

Ensure all required questions / areas are covered
To act as a focal point for the audit – keeps you on track and on
time.
Allows you to record notes against specific questions
Assists in the compilation of the audit report
A checklist is an “aide-memoire” and should not be followed
blindly and dogmatically
A checklist is the servant, not the master

Alternatives to face-to-face interviews
Interview people in groups
Use a questionnaire
Use e-mail to ask questions and gather evidence
Use the telephone to interview people
Consider using video conferencing to eliminate the need to travel
to remote sites

AUDITPAK-2000
PERFORMANCE OF THE AUDIT

Items to take on an audit
Audit plan/checklist
Copies of QA manual, procedures, work instructions etc.
Copy of standard (i.e. ISO 9001 or ISO 9004)
Notepad and pencil
Audit report forms

Performance of the audit
Auditing is concerned with the collection and assessment

of OBJECTIVE EVIDENCE.
OBJECTIVE EVIDENCE is:
Evidence that exists
Is uninfluenced by emotion or prejudice
Can be qualitative or quantitative
Can be documented or undocumented
Can be verified

Objective evidence
Examples of documented objective evidence

Review Records
Delivery note
Audit report
Examples of non-documented objective evidence
Process owner knowing the current performance of the
process
Management and staff both being able to identify who the
customer is and what their requirements are.
A successful improvement initiative

Obtaining objective evidence
Amongst the methods used to collect objective evidence will
be:-
Questioning
Reviewing process documentation
Examination of records and documents
Confirm what the process is and its objectives first before

launching into detailed questions. YOU may have mis-
understood the process!!

Interview Guidelines
Interviews should be held with appropriate people
Interviews should take place during normal working hours and at
the workplace, where practicable
People should be put at ease
The purpose of the interview should be explained
Any note taking should be explained
Start by asking them to describe their work
Summarise and review the results of the interview with the
interviewed person
Thank them for their help and co-operation

Questioning techniques
STOP TALKING - LISTEN
Do not ask closed questions
Maintain a 20% talking : 80% listening ratio
USE THE SIX HONEST SERVING MEN
“I keep six honest serving men
They taught me all I knew
Their names were WHAT and WHY and WHEN
And HOW and WHERE and WHO”
(The Elephant Child - Kipling)
SHOW ME

Questioning techniques
Other things to consider:-
Environment - Needs to be conducive to interviewing
Extent of knowledge – Ask appropriate questions
Complexity of question - Simple questions are better
Body language - Adopt a non-threatening attitude
Emotive topics - handle with care
Silence - Use silence to elicit more information

AUDITPAK-2000
AUDITOR CONDUCT

Auditor conduct
THE INDEPENDENCE OF THE AUDITOR
AUDITORS SHOULD BE SELECTED TO BE FREE FROM

BIAS AND INDEPENDENT OF THE OPERATION UNDER
AUDIT. THEY SHOULD BE FREE FROM PREJUDICE OR
PARTIALITY THAT COULD AFFECT OBJECTIVITY

Auditor conduct
WHAT AN AUDITOR SHOULD DO

Prepare Listen
Learn Obtain
Control Be polite
Assist Be concise
Observe Be punctual

Auditor Conduct
AN AUDITOR SHOULD NOT
Be critical Be sarcastic
Be side-tracked Compare
Argue Pass opinions
Swear Apportion blame
Be late

AUDITPAK-2000
REPORTING

Recording non-conformances
Non-conformances are often defined as MAJOR or MINOR
A MAJOR non-conformance is defined as:-
“The total absence of a procedure or the total breakdown of a system”
E.g. No management review meetings held
No effective system of document control
A MINOR non-conformance is defined as:-

“A single observed lapse in a procedure”
IF YOU CANNOT EXPRESS THE PROBLEM IN THE WORDS OF THE
PROCEDURE OR STANDARD THEN YOU DO NOT HAVE A NON-
CONFORMANCE

Recording non-conformances
Non-conformances should be:-
Concise
Specify the non-conformance, quoting Job Nos, Reference
Nos. etc.
Express the non-conformance in terms of the sample size,
thus indicating whether it is an isolated incident or not.
In writing up non-conformances it is good practice to write up

the non-conformances at the end of the audit, not during it.
This gives the opportunity to combine several non-
conformances with the same root cause into one.

Observations
Auditors may choose to report OBSERVATIONS to
cover the following situations:-
Where something is obviously wrong but cannot be
recorded as a non-conformance because it does not
contravene the words of the procedure
Where the situation does not justify a non-conformance,
but is likely to deteriorate if no action is taken
An opportunity for improvement is identified
It is good practice to raise corrective actions on

observations as well as non-conformances

AUDITPAK-2000
AUDIT FOLLOW UP

The closing meeting
It is common practise to hold a meeting with the organisation
being audited at the end of the audit. The purpose of the meeting
is to:
Present the audit findings
Confirm details of the non-conformances and observations
raised.
Respond to any queries regarding the audit findings.
Confirm any arrangements for follow-up audits.
Remember, you are there to present factual objective evidence,
not to argue about the merits of the findings

Corrective action
The objective of CORRECTIVE ACTION is to ensure there is no

recurrence of the deficiency.
CORRECTIVE ACTION should be:-
Timely
Sufficient
Effective
The definition and implementation of corrective action is the
responsibility of management. not the Auditor.
All corrective actions must be verified to ensure they are
adequate and effective in preventing recurrence of the original
deficiency.

Auditpak 2008 2 Day - Legal

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Auditpak 2008 2 Day - Legal

Uploaded by

Copyright:

Available Formats

AUDITPAK 2008

AUDITPAK 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

ISO 9000:2005 – Fundamentals and vocabulary

ISO 9001 sets the requirements for quality management systems

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

What is process management?

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

Measuring and Generate and win

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

Specification Personnel Equipment

THE QUALITY OF THE OUTPUT RELIES

Plan: establish the objectives and

Act: take actions to continually

PDCA can be applied to any

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

POLICY Contains the “Mission Statement” for

Specify the goals to be achieved in

PROCESSES Activities within the organisation whose

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

OVERVIEW OF ISO 9001

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

ISO 9000:2005 – Fundamentals and vocabulary

ISO 9001 sets the requirements for quality management systems

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

Information flow Value-adding activities

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

4.0 Quality management system

There are however a few permitted exceptions…….

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

SUMMARY OF ISO 9001 CLAUSES

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

4.1 General requirements

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

Documents may be in any form or type of medium including:

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

Control system should cover the following

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

Quality records must be:-

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

© Adrian Austin 2008 Licensed to Atlantic Consultants Licence No. 030205

Establish the quality policy