DELEGATE

COURSE NOTES

ISO 9001
LEAD AUDITOR
TRAINING
COURSE STRUCTURE

QMS/LA/v1.0 2

PROGRAM OBJECTIVES

OBJECTIVES

Quality Management Systems Certification Program

has been developed to:
• Assist organizations to select qualified QMS
auditors
• Enhance the professional recognition of QMS
auditors
• Built in liaison with industry representatives in
accordance with ISO 19011:2018
• Provides individuals with proof of their
competence to effectively manage quality issues.

QMS/LA/v1.0 3

ASSESSMENT

CONTINUOUS ASSESSMENT FINAL ASSESSMENT

• Contribution • Written Examination

• Questioning • Criteria 70% Min for successful
• Communication completion certificate else
• Participation in team work Attendance certificate
• Personal Attributes for suitability as
auditor and punctuality

Need minimum 70% score in each of the

Course Exercises & 100% Attendance
for being eligible to sit for Examination.

QMS/LA/v1.0 4

1
CERTIFIED AUDITOR

WHY BECOME A CERTIFIED AUDITOR?

• Get prepared to audits for a certification process / body

• A formal recognition of competencies
• Improve your career prospects
• Be able to earn higher
• Pave way for continued professional development

QMS/LA/v1.0 5

ACTIVITY:
DELEGATE
INTRODUCTION
Time : 15 minutes

QMS/LA/v1.0 6

CLASS ACTIVITY 1

‘GET TO KNOW’ – DELEGATE INTRODUCTION

DURATION: 15 minutes

 Personal details of your peer covering, name, qualification, brief

background, hobbies, etc.
 Your Peer’s knowledge on QMS based on interview.
 Your Peer’s Knowledge on auditing (1st, 2nd or 3rd party)
 Experience on ISO 9001 standard and ISO 9000 family
 Your Peer’s expectation from the training

QMS/LA/v1.0 7

2
 Quality Management
Systems Auditing

QMS/LA/v1.0 8

ISO
FUNDAMENTALS

QMS/LA/v1.0 9

ISO FUNDAMENTALS

WHAT IS ISO ?

• A network of national standardization

bodies from over 160 countries
• The outcome of work done by ISO is
published as International Standards
• Since 1947 ISO has released almost
20000 standards on a big range of
topics

QMS/LA/v1.0 10

3
ISO FUNDAMENTALS

Equal Representation – 1 Vote for each member country

DEVELOPMENT
BASICS OF ISO

Voluntary Membership – No Compulsion for adoption

STANDARDS

Business Orientation – Standards developed are to meet market needs

Consensus Approach – Focuses on consensus of stake holders

International Cooperation – More than 160 countries and liaison bodies

involved

QMS/LA/v1.0 11

ISO FUNDAMENTALS
SEVEN PRINCIPLES OF ISO MANAGEMENT SYSTEM

1. Customer focus
2. Leadership
3. Engagement of people
4. Process approach
5. Improvement
6. Evidence based decision making
7. Relationship management

QMS/LA/v1.0 12

ANNEX SL

WHAT IS ANNEX SL ?

Annex SL defines the framework for

various Management System Standards
(MSS) which is intended for

• Development of new management

system standards

• Revisions of existing management

system standards

QMS/LA/v1.0 13

4
ANNEX SL
HIGH LEVEL STRUCTURE OF MSS

CLAUSE 1 SCOPE
CLAUSE 2 NORMATIVE REFERENCES
CLAUSE 3 TERMS AND DEFINITIONS
CLAUSE 4 CONTEXT OF THE ORGANIZATION
CLAUSE 5 LEADERSHIP
CLAUSE 6 PLANNING
CLAUSE 7 SUPPORT
CLAUSE 8 OPERATION
CLAUSE 9 PERFORMANCE EVALUATION
CLAUSE 10 IMPROVEMENT

14
QMS/LA/v1.0

QMS
BACKGROUND

QMS/LA/v1.0 15

QMS PURPOSE & BENEFITS

 Consistency in the provision of product / service

 Ease of regulatory compliance
 Transparent system
 Paves way for enhancement of customer satisfaction
 Enables identification of risks and opportunities
 Business advantage
 Enhance overall performance
 Minimize waste, scrap and rework
 Compete globally
 Increase customer confidence

QMS/LA/v1.0 16

5
QMS BACKGROUND
EVOLUTION OF QUALITY

Decision to accept or reject by way of inspection

EARLY AGE TO TODAY

Application of statistical approaches

Control Chart Approach

Problem Solving approaches

Quality Management

Total Quality Management

QMS/LA/v1.0 17

QMS BACKGROUND
EVOLUTION OF QUALITY

LEVELS OF CUSTOMER REQUIREMENTS

• Expecters
• Spoken
• Unspoken
 Didn’t remember to tell
 Didn’t want to tell
 Didn’t know
• Exciters
……………………………………………………………………………………………………………......……………………

COST OF QUALITY
• The costs incurred to ensure quality.
• The cost of quality includes quality planning, quality control, quality assurance, and
rework.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 18

QMS BACKGROUND
EVOLUTION OF QUALITY

QUALITY
Degree To Which A Set Of Inherent Characteristic Fulfills Requirements
……………………………………………………………………………………………………………......……………………

CHARACTERISTICS
Distinguishing feature and can be qualitative or quantitative
• Physical ( Mechanical, electrical, chemical or biological)
• Sensory ( related to smell, touch, taste, sight, hearing)
• Behavioural ( courtesy, honesty, veracity)
• Temporal ( punctuality, reliability, availability)
• Ergonomic ( physiological or related to human safety)
• Functional (maximum speed of an aircraft)
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 19

6
QMS BACKGROUND
EVOLUTION OF QUALITY

COMMON ELEMENTS
• Cost of Conformance
• Cost of Nonconformance
• Cost of Lost opportunity Cost of Lost Cost of
opportunity Conformance

Cost of Non-
conformance

QMS/LA/v1.0 20

QMS BACKGROUND
EVOLUTION OF QUALITY

QUALITY MANAGEMENT SYSTEMS

System to establish quality policy and objectives and to achieve those objectives through
appropriate processes and resources .
……………………………………………………………………………………………………………......……………………

QUALITY CONTROL
Part of quality management, focused on fulfilling quality requirements
……………………………………………………………………………………………………………......……………………

QUALITY ASSURANCE
Part Of quality management, focused on providing confidence that quality requirements will be Fulfilled
……………………………………………………………………………………………………………......……………………

QUALITY IMPROVEMENT
Part of quality management focused on increasing the ability to fulfil quality requirements
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 21

QMS BACKGROUND
EVOLUTION OF QUALITY

PROCESSES NEEDS TO
• Monitored
• Measured
• Analysed
• Evaluated
• Reviewed
• Improved continually
……………………………………………………………………………………………………………......……………………

AUDITOR HAS A GREAT ROLE TO EVALUATE

• Adequacy of process
• Effectiveness of process
• Relevance of monitoring / measurement / analysis and evaluation
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 22

7
ISO 9001:2015
REQUIREMENTS

QMS/LA/v1.0 23

DEMING’S PDCA CYCLE

Enables Process Enables Process

Improvement Definition
ACT PLAN

CHECK DO

Enables Process Enables Process

Assessment Execution

QMS/LA/v1.0 24

DEMING’S PDCA CYCLE

ACT
PLAN
IMPROVEMENT

CHECK
ACT DO
PLAN
STANDARD

CHECK
DO

STANDARD

TIME
QMS/LA/v1.0 25

8
QMS BACKGROUND
PROCESS MODEL

QMS/LA/v1.0 26

QMS BACKGROUND
PROCESS MODEL

QMS/LA/v1.0 27

EXERCISE 01
INTERACTION BETWEEN PDCA CYCLE & QMS
PROCESS
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 28

9
 TERMS &
DEFINITIONS

QMS/LA/v1.0 29

TERMS AND DEFINITIONS

3.1 MANAGEMENT SYSTEM

Set of interrelated or interacting elements of an organization to establish policies and
objectives and processes to achieve those objectives
……………………………………………………………………………………………………………......……………………

3.2 AUDIT
A Systematic, independent and documented process for obtaining “audit evidence” and
evaluating it objectively to determine the extent to which “audit criteria” are fulfilled.
……………………………………………………………………………………………………………......……………………

3.3 CONTINUAL IMPROVEMENT

Recurring process of enhancing the OH&S management system in order to achieve
improvements in overall OH&S performance consistent with the organization’s OH&S policy.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 30

TERMS AND DEFINITIONS

3.4 CORRECTIVE ACTION

Action to eliminate the cause of a detected nonconformity or other undesirable situation
……………………………………………………………………………………………………………......……………………

3.5 DOCUMENT
Information and its supporting medium
……………………………………………………………………………………………………………......……………………

3.6 CONTEXT OF THE ORGANIZATION

Combination of internal and external issues that can have an effect on an organization’s
approach to developing and achieving its objectives
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 31

10
TERMS AND DEFINITIONS

3.7 INTERESTED PARTY

Person or organization that can affect, be affected by, or perceive itself to be affected by a
decision or activity
……………………………………………………………………………………………………………......……………………

3.8 QUALITY PLANNING

Part of quality management focused on setting quality objectives and specifying necessary
operational processes , and related resources to achieve the quality objectives
……………………………………………………………………………………………………………......……………………

3.9 QUALITY ASSURANCE

Part of quality management focused on providing confidence that quality requirements
will be fulfilled
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 32

TERMS AND DEFINITIONS

3.10 QUALITY CONTROL

Part of quality management focused on fulfilling quality requirements
……………………………………………………………………………………………………………......……………………

3.11 QUALITY IMPROVEMENT

Part of quality management focused on increasing the ability to fulfil quality requirements
……………………………………………………………………………………………………………......……………………

3.12 METROLOGICAL CONFIRMATION

Set of operations required to ensure that measuring equipment conforms to the
requirements for its intended use
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 33

EXERCISE 02
UNDERSTADING OF QMS
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 34

11
 ISO 9001:2015
QUALITY
MANAGEMENT SYSTEM
–THE REQUIREMENTS

QMS/LA/v1.0 35

ISO 9001:2015 STANDARD

TABLE OF CONTENT
Section 1 Scope
Section 2 Normative references
Section 3 Terms and definitions
Section 4 Context of the organization
Section 5 Leadership
Section 6 Planning
Section 7 Support
Section 8 Operation
Section 9 Performance evalution
Section 10 Improvement
Annex A Clarification of new structure, terminology and concepts
Other International standards on quality management and quality
Annex B
management systems developed by ISO/TC 176

QMS/LA/v1.0 36

ISO 9001:2015 STANDARD

RISK BASED THINKING

WHAT IS RISK BASED THINKING

• Risk-based thinking is what people regularly do to make

decisions.
• Organizations face external and internal risks that
endanger the possibility of achieving their goals and
objectives. This is why in ISO 9001:2015 the concept of
risk is built into the entire management system.
• The risk-based thinking is more explicit in the new
version of the standard, whereas risk concepts were only
implicit in the 2008 version.
• In ISO 9001:2015 risk will be considered throughout the
entire process approach

QMS/LA/v1.0 37

12
CONTEXT
UNDERSTANDING THE ORGANIZATION AND ITS CONTEXT

• Identify and understand your organization's context.

• Identify and understand your organization's context before you establish its quality
management system (QMS).
• Consider the external issues that are relevant to your organization's purpose and strategic
direction and think about the influence these issues could have on its QMS and the results it
intends to achieve.
• Consider the internal issues that are relevant to your organization's purpose and strategic
direction and think about the influence these issues could have on its QMS and the results it
intends to achieve.
• Monitor information about your organization's context.
• Consider the impact changes in context could have on your organization's quality
management system (QMS).
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 38

CONTEXT
CLARIFY THE NEEDS AND EXPECTATIONS OF INTERESTED PARTIES

• Identify the parties who affect or could affect your QMS.

• Consider how interested parties affect or could affect your ability to provide products and
services that meet customer requirements.

• Consider how interested parties could affect your ability to provide products and services
that meet statutory and regulatory requirements.

• Clarify and understand their unique needs and expectations.

• Monitor and review information about your interested parties.

……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 39

AUDITING SCOPE OF QMS

DETERMINING THE SCOPE OF QMS

• Clarify boundaries and think about what your QMS should apply to.
• Use boundary and applicability information to define your scope.
• Consider your organization's context when you define your scope.
• Document the scope of your quality management system (QMS).
• Use your scope document to describe the boundaries of your organization's QMS and to
explain what it applies to.
• Use your scope document to identify the types of products and services that will be included
in your organization's QMS.
• Use your scope document to explain that every ISO 9001 requirement must be applied
unless you can explain why it does not apply.
• Maintain the document that defines the scope of your QMS.
• Control your organization's QMS scope document.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 40

13
 EXERCISE 03
AUDITING SCOPE
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 41

LEADERSHIP

QMS/LA/v1.0 42

LEADERSHIP
LEADERSHIP AND COMMITMENT

LEADERSHIP AND COMMITMENT

Top management is required to:
• be accountable for the effectiveness of the QMS
• promote awareness for process approach
• ensure integration of the QMS with organization’s business processes
• ensure the QMS objectives are achieved
• lead and support those contributing to the QMS effectiveness
• promote continual improvement
……………………………………………………………………………………………………………......……………………
CUSTOMER FOCUS
• customer and applicable statutory and regulatory requirements are determined,
understood and consistently met;
• the risks and opportunities that can affect conformity of products and services and the
ability to enhance customer satisfaction are determined and addressed,
• the focus on enhancing customer satisfaction is maintained.
43
QMS/LA/v1.0

14
LEADERSHIP
QUALITY POLICY

QUALITY POLICY
• Top management shall establish, implement and maintain a quality policy that is
appropriate to the purpose and context of the organization and supports its strategic
direction, provides a framework for setting quality objectives, includes a commitment to
satisfy applicable requirements, includes a commitment to continual improvement of the
quality management system.
• The quality policy shall be available and be maintained as documented information, be
communicated, understood and applied within the organization, be available to relevant
interested parties, as appropriate.
……………………………………………………………………………………………………………......……………………

44
QMS/LA/v1.0

LEADERSHIP
ORGANIZATIONAL ROLES, RESPONSIBILITIES AND AUTHORITIES

1.
There is no explicit requirement in ISO 9001:2015 to
assigning a “management representative”, yet the
responsibilities and authorities still remain.

2.
ISO 9001:2015 requires that the functions, roles and
responsibilities to cover the workload are properly defined.

3.
In addition, the quality management system roles,
responsibilities, and authorities should be assigned and
communicated.

QMS/LA/v1.0 45

EXERCISE 04
AUDITING QUALITY POLICY
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 46

15
 PLANNING

QMS/LA/v1.0 47

PLANNING
ACTIONS TO ADDRESS RISK & OPPORTUNITIES

1. One of the key changes in the ISO 9001:2015 standard is establish a

systematic approach to risk.

2. By preventing or reducing the undesired effects, the organization

becomes proactive. Preventive action is automatic in risk-based approach
system.

3. Instead of being only part of the preventive action procedure, risk is

considered throughout the quality management system.

QMS/LA/v1.0 48

PLANNING
ACTIONS TO ADDRESS RISK & OPPORTUNITIES
When planning for the quality management system, the organization shall consider the issues
referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities
that need to be addressed to:
a) give assurance that the quality management system can achieve its intended result(s);
b) enhance desirable effects;
c) prevent, or reduce, undesired effects;
d) achieve improvement.
……………………………………………………………………………………………………………......……………………

QUALITY OBJECTIVES AND PLANNING TO ACHIEVE THEM

……………………………………………………………………………………………………………......……………………

PLANNING OF CHANGES
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 49

16
 EXERCISE 05
AUDITING RISK – OPPORTUNITY
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 50

SUPPORT

QMS/LA/v1.0 51

SUPPORT
RESOURCES AND COMPETENCE
RESOURCES
• Determine and provide the resources needed for the establishment, implementation,
maintenance and continual improvement of the quality management system
• Determine and provide the persons necessary for the effective implementation of its quality
management system and for the operation and control of its processes.
• Determine, provide and maintain the infrastructure necessary for the operation of its
processes and to achieve conformity of products and services
……………………………………………………………………………………………………………......……………………

COMPETENCE
• Determine the necessary competence of person(s) doing work under its control that affects
the performance and effectiveness of the quality management system;
• Where applicable, take actions to acquire the necessary competence, and evaluate the
effectiveness of the actions taken;
• Retain appropriate documented information as evidence of competence..

QMS/LA/v1.0 52

17
SUPPORT
AWARENESS AND COMMUNICATION
AWARENESS
The organization shall ensure that persons doing work under the organization’s control are
aware of he the quality policy, relevant quality objectives, their contribution to the
effectiveness of the quality management system, including the benefits of improved
performance and the implications of not conforming with the quality management system
requirements.
……………………………………………………………………………………………………………......……………………

COMMUNICATION
The organization shall determine the internal and external communications relevant to the
quality management system, including:
• on what it will communicate;
• when to communicate;
• with whom to communicate;
• how to communicate;
• who communicates.
QMS/LA/v1.0 53

SUPPORT
DOCUMENTED INFORMATION

THE ORGANIZATION SHALL:

• Documented information required by this International Standard;
• Documented information determined by the organization as being necessary for the
effectiveness of the quality management system.
• Ensure appropriate identification and description (e.g. a title, date, author, or reference
number); format (e.g. language, software version, graphics) and media (e.g. paper,
electronic); review and approval for suitability and adequacy.
• Ensure it is available and suitable for use, where and when it is needed and it is
adequately protected
• For the control of documented information, the organization shall address the following
• activities, as applicable:
• distribution, access, retrieval and use;
• storage and preservation, including preservation of legibility;
• control of changes (e.g. version control);
• retention and disposition

QMS/LA/v1.0 54

EXERCISE 06
AUDITING SUPPORT
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 55

18
 OPERATION
PLANNING
AND CONTROL

QMS/LA/v1.0 56

AUDITING OPERATION PLANNING AND CONTROL

OPERATION PLANNING AND CONTROL

REQUIREMENTS FOR PRODUCTS AND SERVICES

DESIGN AND DEVELOPMENT OF PRODUCTS AND SERVICES

CONTROL OF EXTERNALLY PROVIDED PROCESSES, PRODUCTS AND SERVICES

PRODUCTION AND SERVICE PROVISION

RELEASE OF PRODUCT AND SERVICES

CONTROL OF NONCONFORMING OUTPUTS

QMS/LA/v1.0 57

EXERCISE 07
AUDITING OPERATION PLANNING
AND CONTROL
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 58

19
 AUDITING
PERFORMANCE
EVALUATION

QMS/LA/v1.0 59

AUDITING PERFORMANCE EVALUATION

MONITORING, MEASUREMENT, ANALYSIS AND EVALUATION
• Determine what needs to be monitored and measured, the methods for monitoring,
measurement, analysis and evaluation needed to ensure valid results; when the
monitoring and measuring shall be performed and when the results from monitoring and
measurement shall be analysed and evaluated.
• Monitor customers’ perceptions of the degree to which their needs and expectations have
been fulfilled.
• Analyse and evaluate appropriate data and information arising from monitoring and
measurement.
……………………………………………………………………………………………………………......……………………

COMMUNICATION
• Conduct internal audits at planned intervals to provide information on whether the quality
management system:
o Conforms to the organization’s own requirements for its quality management system and
the requirements of this international standard
o Is effectively implemented and maintained
QMS/LA/v1.0 60

AUDITING PERFORMANCE EVALUATION

MANAGEMENT REVIEW
MANAGEMENT REVIEW INPUTS
The management review shall be planned and carried out taking into consideration:
• The status of actions from previous management reviews
• Changes in external and internal issues that are relevant to the quality management system
• Information on the performance and effectiveness of the quality management system
• The adequacy of resources
• The effectiveness of actions taken to address risks and opportunities
• Opportunities for improvement.
……………………………………………………………………………………………………………......……………………

MANAGEMENT REVIEW OUTUTS

The outputs of the management review shall include decisions and actions related to:
• Opportunities for improvement
• Any need for changes to the quality management system
• Resource needs

QMS/LA/v1.0 61

20
 AUDITING
IMPROVEMENT

QMS/LA/v1.0 62

AUDITING IMPROVEMENT

NONCONFORMITY AND CORRECTIVE ACTION

When a nonconformity occurs, the organization shall:
• React to the nonconformity and, as applicable:
• Evaluate the need for action to eliminate the causes of the nonconformity, in order that it does
not recur or occur elsewhere
• Implement any action needed
• Review the effectiveness of any corrective action taken
• Update risks and opportunities determined during planning, if necessary
• make changes to the quality management system, if necessary
Corrective actions shall be appropriate to the significance of the effects of the nonconformities
Encountered.
……………………………………………………………………………………………………………......……………………

CONTINUAL IMPROVEMENT
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 63

EXERCISE 08
AUDITING PERFORMANCE EVALUATION &
IMPROVEMENT
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 64

21
 SUM-UP &
REFLECTIONS

QMS/LA/v1.0 65

Management Systems
Auditing

QMS/LA/v1.0 66

INTRODUCTION
TO AUDITING

QMS/LA/v1.0 67

22
AUDIT & AUDITING

PURPOSE
• To examine the system for improvements
• To determine compliance or non-compliance with the
requirements of the standard and/or applicable legal
requirements
• To make a certification decision

QMS/LA/v1.0 68

TERMS AND DEFINITIONS

AUDIT OBJECTIVE
The aim or purpose of an audit
• Determination of the conformity of the client’s management system, or parts of it with audit criteria
• Evaluation of the ability of the management system to ensure the organization meets applicable
statutory, regulatory and contractual requirements
• Evaluation of the effectiveness of the management system to ensure the client organization is
continually meeting its specified objectives
• As applicable, identification of areas for potential improvement of the management system.
……………………………………………………………………………………………………………......……………………

AUDIT SCOPE
Extent and boundaries of an audit
……………………………………………………………………………………………………………......……………………

AUDIT CRITERIA
Set of requirements used as a reference against which objective evidence is compared

QMS/LA/v1.0 69

TERMS AND DEFINITIONS

COMBINED AUDIT
Audit carried out together at a single auditee on two or more management systems.
……………………………………………………………………………………………………………......……………………

JOINT AUDIT
Audit carried out at a single auditee by two or more auditing organizations
……………………………………………………………………………………………………………......……………………

OBJECTIVE EVIDENCE
Data supporting the existence or verify of something
……………………………………………………………………………………………………………......……………………

REQUIREMENT
Need or expectation that is stated, generally implied or obligatory
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 70

23
TERMS AND DEFINITIONS

PROCESS
Set of interrelated or interacting activities that use inputs to deliver an intended result
……………………………………………………………………………………………………………......……………………

PERFORMANCE
Measurable result
……………………………………………………………………………………………………………......……………………

EFFECTIVENESS
Extent to which planned activities are realized and planned result achieved
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 71

INTRODUCTION TO AUDITING
TERMS AND DEFINITIONS

FIRST PARTY AUDIT

• Internal audit is called first party audit,
• Independent and objective activity
• Gives assurance on the level of control within organization
……………………………………………………………………………………………………………......……………………

SECOND PARTY AUDIT

• Usually the customer conducting an audit as a part of supplier-evaluation and selection
process and as ongoing surveillance
……………………………………………………………………………………………………………......……………………

THIRD PARTY AUDIT

• Audit conducted by a neutral third part usually for the purpose of grant of registration /
certification of management system
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 72

INTRODUCTION TO AUDITING
AUDITING TYPES

The ISO 19011 is intended to provide useful guidance in:

Internal Auditing External Auditing

Supplier Auditing THIRD PARTY AUDITING

Sometimes called FIRST Sometimes called SECOND For legal, regulatory and similar
PARTY AUDIT PARTY AUDIT purposes with reference to :

ISO/IEC 17021(2):2016 Conformity

assessment requirements for bodies
providing audit and certification of
management system

QMS/LA/v1.0 73

24
AUDIT & AUDITING
AUDITING TYPES
TYPES OF AUDIT
S. NO. DISTINGUISHING FEATURES
FIRST PARTY SECOND PARTY THIRD PARTY
Two/Three – Independent
Two (customer Audits, Supplier or third party certifying body
1 Number of parties/ entities involved One (Organisation audit itself)
potential supplier) audits, Organization or
Audit client (optional)
2 Nature of Audit Internal External External
3 Mutual Interest (Auditor, Auditee) Exists Exists No mutual Interest
To evaluate the supplier's (or
To assess whether the QMS is To evaluate compliance
potential suppliers) ability to provide
effectively implemented and to with the management
4 Purpose goods, equipment, services as per
identify areas of potential system requirements for
the requirements & control elated to
improvement the purpose of certification
QMS
• Voluntary
Yes, as per clause 9.2 of ISO Yes, as per clause 8.4.2 of ISO • Reduces/ eliminates
5 Is it a requirement?
9001:2015 9001:2015 the needs of second
party audits
• As per QMS
6 Audit requirement/ criteria As per QMS • Specific requirement of the As per QMS
customer

QMS/LA/v1.0 74

INTRODUCTION TO AUDITING
AUDITING METHODS
ON-SITE AUDIT
• Full site tour
• Normally interaction with auditee members
• Conducting interviews
• Covering the pre-established check list based on the criteria
• Verifying / reviewing documents with auditee
• Sampling based on criteria
• Observe tasks being carried out
……………………………………………………………………………………………………………......……………………

REMOTE AUDIT
• Conducting interviews through interactive communication channels
• Observing the work being done through surveillance means
• Obtaining data relevant to audit criteria and analyze the same
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 75

INTRODUCTION TO AUDITING
AUDITING METHODS
Extent of involvement between the Location of Auditor
auditor and auditor
On-site Remote
Human Interaction Conducting Interviews Via interactive communication means:
Completing checklist and questionnaire Conducting Interviews
with auditee participation Completing checklist and questionnaire
Conducting document review with auditee Conducting document review with
participation auditee participation
Sampling
No human interaction Conducting document review (e.g. Conducting document review (e.g.
records, data analysis) records, data analysis)
Observation of work performed Observation of work performed
Conducting on-site visits Analyzing data
Completing checklist
Sampling (e.g. products)
On-site audit activities are performed at the location of auditee. Remote audit activities are performed at any place other then
the location of auditee, regardless of the distance.
Interactive audit activities involve interaction between the auditee’s personnel and audit team. Non- audit activities involve no
human interaction with persons representing the auditee but do involve interaction with equipment,
facilities and documentation.

QMS/LA/v1.0 76

25
INTRODUCTION TO AUDITING
PRINCIPLES OF AUDITING

1. INTEGRITY • Integrity is the foundation of professionalism

2. FAIR • The obligation to report truthfully and

PRESENTATION accurately

3. DUE PROFESSIONAL • The application of diligence and judgment in

CARE auditing

QMS/LA/v1.0 77

INTRODUCTION TO AUDITING
PRINCIPLES OF AUDITING

4. CONFIDENTIALITY • Security of information

5. INDEPENDENCE • The basis for the impartiality of the audit and

objectivity of the audit conclusions

6. EVIDENCE-BASED • The rational method for reaching reliable and

reproducible audit conclusions in a systematic
APPROACH audit process
7. RISK- BASED • An audit approach that considers risks and
APPROACH opportunities

QMS/LA/v1.0 78

CLASS ACTIVITY 2 (15 MINUTES)

QUIZ TIME!!

 What are the three common purposes of an audit?

 Second party audit is also known as internal audit (True /False)
 What is the purpose of a second party audit?
 What do you understand by ‘audit scope’?
 Name any three established principles of auditing.
 What is meant by ‘risk-based approach’ as one of the principles of
auditing?

QMS/LA/v1.0 79

26
 INITIATING THE
AUDIT (PRE
AUDIT ACTIVITIES)

QMS/LA/v1.0 80

TYPICAL AUDIT
ACTIVITIES

QMS/LA/v1.0 81

INITIATING THE AUDIT

ESTABLISHING CONTACT WITH THE AUDITEE

DETERMINING:
• Audit objectives
• Audit scope
• Audit criteria
……………………………………………………………………………………………………………......……………………

DETERMINE APPLICABLE LEGAL AND CONTRACTUAL REQUIREMENTS AND OTHER

REQUIREMENTS RELEVANT TO THE ACTIVITIES ND PRODUCTS OF THE AUDITEE;
……………………………………………………………………………………………………………......……………………

CONFIRM THE AGREEMENT WITH THE AUDITEE REGARDING THE EXTENT OF THE
DISCLOSURE AND THE TREATMENT OF CONFIDENTIAL INFORMATION;
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 82

27
INITIATING THE AUDIT
ESTABLISHING CONTACT WITH THE AUDITEE

DETERMINING AUDIT TIME

The relevant factors are :
a) The requirements of the applicable e) Results of prior audits (if any);
standard; f) Multi-site considerations;
b) Size and complexity of operations; g) Risks associated with the
c) Technological and regulatory products/processes;
context; h) Combined, joint or integrated audits.
d) Outsourced processes;
……………………………………………………………………………………………………………......……………………

ESTABLISH COMMUNICATIONS WITH THE AUDITEE’ S REPRESENTATIVES;

• Client organization to confirm audit dates and audit team composition
• request access to relevant documents and records for planning purposes;
• any location-specific requirements for access, security, health and safety or other;
• agree on attendance of observers and the need for guides for the audit team;
……………………………………………………………………………………………………………......……………………

83
QMS/LA/v1.0

INITIATING THE AUDIT

ESTABLISHING CONTACT WITH THE AUDITEE

MULTI-SITE SAMPLING
• Develop appropriate sampling programme.
• Document rationale for sampling plan.
……………………………………………………………………………………………………………......……………………

AUDIT TEAM SELECTION AND ASSIGNMENTS

Size and composition of audit team depends on:
a) Objective, scope, criteria and estimated time of audit;
b) Type of audit.
c) Competence needed;
d) Certification requirements;
e) Language and culture.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 84

INITIATING THE AUDIT

CONSIDERATIONS FOR AUDITOR SELECTION

 The team to have auditor with QMS knowledge with adequate auditing experience
 Sector specific exposure is mandatory
 Auditor to have the first hand knowledge on the legislations pertaining to the land
 Exceptional cases technical expert to take over
 An Auditor can be coded on the basis of
• Personal working experiences or qualifications;
• Consultancy activities;
• Audit carried out together with an already coded Auditor or Technical Expert
• Other requirements stated by the CB

QMS/LA/v1.0 85

28
INITIATING THE AUDIT
DETERMINING THE FEASIBILITY OF THE AUDIT

DETERMINATION OF FEASIBILITY SHOULD TAKE INTO CONSIDERATION

FACTORS AS:
• Sufficient and appropriate information for planning and conducting the audit;
• Adequate cooperation from the auditee
• Adequate time and resources for conducting the audit.

Where the audit is not feasible, an alternative should be proposed to the audit client, in
agreement with the
auditee.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 86

AUDIT PROGRAMME

WHAT IS AUDIT PROGRAMME

• One or more audits, depending on the size, nature

and complexity of the organization to be audited.
These audits may have a variety of objectives and
may also include joint or combined audits
• All activities necessary for planning and
• organizing the types and number of audits, and for
providing resources to conduct them effectively
and efficiently within the specified time frames

QMS/LA/v1.0 87

AUDIT PROGRAMME

DETECTION RISK
Risk that an auditor is not able to detect a significant
defect during an audit

CONTROL RISK
Risk that a significant defect not be prevented nor
detected by an internal control of the organization

INHERENT RISK
Risk related to industry sector irrespective of process /
procedures

QMS/LA/v1.0 88

29
PROCESS
FLOW FOR
THE
MANAGEMENT
OF AN AUDIT
PROGRAMME

QMS/LA/v1.0 89

CLASS ACTIVITY 3 – QUIZ TIME!

 Post-audit activities  Initial contact with the  Pre-audit activities include:

cover: auditee facilitates: a. initial contact with
a. issue of audit report a. determining audit auditee organization
b. review of corrective objectives b. scheduling stage I audit
action b. finalizing audit scope c. document review
c. closure of c. establishing audit d. planning for stage 2
nonconformities criteria audit
d. all the above d. all the above e. all the above
e. none of the above e. none of the above f. none of the above

QMS/LA/v1.0 90

CLASS ACTIVITY 3 – QUIZ TIME!

 Audit scope includes a  Audit criteria includes:

description of: a. requirements of the
a. physical locations applicable standard
b. organizational units b. requirements
c. activities and contained in the
processes applicable
documented
d. all the above
management system
e. none of the above
c. all the above
d. none of the above

QMS/LA/v1.0 91

30
 AUDITOR: ROLES,
RESPONSIBILITIES
AND COMPETENCE

QMS/LA/v1.0 92

AUDITING : ROLES AND RESPONSIBILITIES

MAIN PLAYERS IN THE AUDITING SCENARIO

1. AUDIT TEAM LEADER (TL)

2. AUDITORS (AUDIT TEAM MEMBERS)
3. TECHNICAL EXPERT (TE)
4. GUIDES
5. AUDITOR-IN-TRAINING
6. OBSERVERS
7. AUDITEE

93
QMS/LA/v1.0

AUDITING : ROLES AND RESPONSIBILITIES

1. AUDIT TEAM MEMBER (AUDITOR)

• Arrive on time (appropriately dressed)
• Attend opening meeting
• Carry out site tour
• Carry out audit as per audit plan
• Ensure time management
• Perform document review (while auditing)
• Communicating during audit
• Collecting and verifying information
• Maintain confidentiality
• Follow-up actions during audit
• Finalizing audit findings/conclusions (as a team)
• Attend closing meeting
• Assist TL, as called for
• Handover all audit documents to TL
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 94

31
AUDITING : ROLES AND RESPONSIBILITIES

2. TECHNICAL EXPERT (TE)

• Provides specific knowledge or expertise to the audit team.
• Knowledge or expertise relating to the organization, the processes or activity, language or
culture.
• Does not act as an auditor.
……………………………………………………………………………………………………………......……………………

3. GUIDES
Each auditor is accompanied by a guide - Facilitates auditing, by
• Establishing contact and timing for interview
• Arranging visits
• Ensuring observance of safety/security rules
• Witnessing the audit on behalf of the auditee
• Providing clarification or information
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 95

AUDITING : ROLES AND RESPONSIBILITIES

4. AUDITOR-IN-TRAINING
• May be included in audit team for exposure to auditing practice.
• Gains practical experience by observing.
• May participate in auditing under the supervision of an auditor.
……………………………………………………………………………………………………………......……………………

5. OBSERVERS
• Accompanies the audit team
• Not a part of the audit team
• Does not audit
• Does not influence or interfere with the conduct of the audit
• Can represent auditee, regulators, accreditation body, or other interested party, such as
consultants.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 96

AUDITING : ROLES AND RESPONSIBILITIES

6. AUDITEE ORGANIZATION
• Assign responsibilities
• Facility personnel briefing, dates, availability
• Venue and arrangements for opening meeting and closing meeting
• Safety and security
• Organization
• Receipt of report
• Acting upon nonconformance
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 97

32
 AUDITOR COMPETENCE

QMS/LA/v1.0 98

EXERCISE 09
AUDIT ROLES & RESPONSIBILITIES
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 99

INITIAL
CERTIFICATION
AUDIT – STAGE I

QMS/LA/v1.0 100

33
INITIAL CERTIFICATION AUDIT
CERTIFICATION AUDIT STAGES

Initial 1st Year 2nd Year 3rd Year

Stage I Audit Surveillance Surveillance Recertification
Stage II Audit Audit Audit Audit

INITIAL CERTIFICATION AUDIT IS

CARRIED OUT IN 2 STAGES:
a) Stage 1 audit
b) Stage 2 audit

QMS/LA/v1.0 101

AUDITING : INITIAL CERTIFICATION AUDIT

STAGE I AUDIT

• At least a part of the stage 1 audit need to be

carried out at the client’s premises
• Document audit findings and communicate to the
client
• Client to resolve areas of concern
• Certification body may need to revise arrangements
for the next stage of audit (i.e. stage 2 audit).

QMS/LA/v1.0 102

INITIAL CERTIFICATION AUDIT- STAGE I AUDIT

OBJECTIVES OF STAGE I AUDIT

EVALUATE CLIENT’S LOCATION AND SITE-SPECIFIC CONDITIONS

To evaluate the client’s location and site specific conditions and to undertake discussion
with the client’s personnel to determine the preparedness for the stage 2 audit.
……………………………………………………………………………………………………………......……………………

REVIEW OF CLIENT’S UNDERSTANDING ON SYSTEM-REQUIREMENTS

To review the client’s status and understanding regarding requirements of the standard, in
particular with respect to the identification of key performance or significant aspects,
processes, objectives and operation of the management system.
……………………………………………………………………………………………………………......……………………

COLLECT NECESSARY INFORMATION RELATING TO SCOPE, PROCESSES

AND LOCATION(S) OF THE CLIENT, RELATED STATUTORY AND REGULATED
ASPECTS AND COMPLIANCE.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 103

34
INITIAL CERTIFICATION AUDIT- STAGE I AUDIT
OBJECTIVES OF STAGE I AUDIT

REVIEW ALLOCATION OF RESOURCES FOR STAGE 2 AUDIT AND FINALIZE

To review the allocation of resources for stage 2 audit and agree with the client on the details
of the stage2 audit
……………………………………………………………………………………………………………......……………………
PROVIDE A FOCUS FOR PLANNING THE STAGE 2 AUDIT
To provide a focus for planning the stage 2 audit and agree with the client’s management
system and site operations.
……………………………………………………………………………………………………………......……………………
EVALUATE PERFORMANCE OF:
• Internal audits • Implementation,
• Management review. • Readiness for stage 2 audit.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 104

INITIAL CERTIFICATION AUDIT- STAGE I AUDIT

REQUIREMENTS OF STAGE I AUDIT

PERFORMING DOCUMENT REVIEW

The relevant management system documentation of the auditee should be reviewed in order to:
• gather information to prepare audit activities and applicable work documents (see 6.3.4), e.g.
on processes, functions;
• establish an overview of the extent of the system documentation to detect possible gaps.
……………………………………………………………………………………………………………......……………………

PREPARING THE AUDIT PLAN

In preparing the audit plan, the audit team leader should be aware of the following:
• the appropriate sampling techniques;
• the composition of the audit team and its collective competence;
• the risks to the organization created by the audit.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 105

INITIAL CERTIFICATION AUDIT- STAGE I AUDIT

REQUIREMENTS OF STAGE I AUDIT

ASSIGNING WORK TO THE AUDIT TEAM

The audit team leader, in consultation with the audit team, should assign to each team member
responsibility for auditing specific processes, activities, functions or locations.
……………………………………………………………………………………………………………......……………………

PREPARING WORK DOCUMENTS

The audit team members should collect and review the information relevant to their audit
assignments and prepare work documents, as necessary
• checklists;
• audit sampling plans;
• forms for recording information, such as supporting evidence, audit findings and records of
meetings.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 106

35
INITIAL CERTIFICATION AUDIT – STAGE I
SITE VISIT AND ITS SIGNIFICANCE

 To evaluate the client's location and site-specific conditions and to undertake discussions with
the client's personnel to determine the preparedness for the stage 2 audit;
 To collect necessary information regarding the scope of the management system, processes
and location(s) of the client, and related statutory and regulatory aspects and compliance
(e.g. environmental, legal aspects of the client's operation, associated risks, etc.);
 To obtain a birds eye view on environmentally critical processes
 To review the allocation of resources for stage 2 audit and agree with the client on the details
of the stage 2 audit;
 To provide a focus for planning the stage 2 audit by gaining a sufficient understanding of the
client's management system and site operations in the context of possible significant aspects;
 To evaluate if the internal audits and management review are being planned and performed,
and that the level of implementation of the management system substantiates that the client is
ready for the stage 2 audit.

QMS/LA/v1.0 107

INITIAL
CERTIFICATION
AUDIT – STAGE I
(DOCUMENT REVIEW)

QMS/LA/v1.0 108

INITIAL CERTIFICATION AUDIT

DOCUMENT REVIEW COVERAGE

AUDITING MANAGEMENT SYSTEM DOCUMENTATION

(CONDUCTING DOCUMENT REVIEW)
The main objectives of the documents review are:
1.General understanding of the functioning of the management system: To understand
how each process audited integrates with the general activities of the organization, the
auditor should first have a general understanding of general processes of the organization
.

2.Evaluation of the design of the management system as well as the processes: The
auditor should ensure that the processes were designed to comply with the requirements of
the standard.
3.Verify that internal audits and management reviews were conducted: the conduct of an
internal audit and a management review are mandatory requirements in the conduct of a
certification audit. The auditor must ensure that these activities were carried out adequately.

QMS/LA/v1.0 109

36
INITIAL CERTIFICATION AUDIT
DOCUMENT REVIEW COVERAGE

AUDITING MANAGEMENT SYSTEM DOCUMENTATION

(CONDUCTING DOCUMENT REVIEW)
During the document review, the audit team must ensure that the information contained in the
documentation (ISO 19011, Appendix B.3: Conducting document review) is:
a) To check if information-contents of the documents are :
 Complete,
 Correct
 Consistent
 Current.
b) Documents cover the audit scope
c) Use of appropriate information.
d) Understanding the operation of management System
e) Availability of necessary documented information.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 110

INITIAL CERTIFICATION AUDIT

DOCUMENT REVIEW COVERAGE

APEX
Level - I DOCUMENT

PROCEDURES
Level - II

WORK
Level - III
INSTRUCTIONS

FORMATS
Level - IV
REGISTERS

Dept. 1 Dept. 2 Dept. 3 Dept. 4 Dept. 5 Dept. 6

QMS/LA/v1.0 111

EXERCISE 10
DOCUMENT REVIEW
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 112

37
 INITIAL
CERTIFICATION
AUDIT – STAGE I
(AUDIT PLAN)

QMS/LA/v1.0 113

AUDITING : INITIAL CERTIFICATION AUDIT

AUDIT PLAN - CONTENT

 Risk- based approach to planning

 Objectives of audit
 Parts of system to be audited
 Include audit trails to follow
 Documents / records required
 Personnel you want to see e.g. key Managers, typical cross section of staff
 Time table Events
114
QMS/LA/v1.0

AUDITING : INITIAL CERTIFICATION AUDIT

RISK- BASED APPROACH TO AUDIT PLAN
In planning the audit, the audit team leader should consider the following:

 Competence of audit team and its overall competence;

 The appropriate sampling technique;
 Opportunities to improve the effectiveness and efficiency of the audit activities;
 The risk to achieving audit objectives created by ineffective audit planning;
 The risk to the auditee created by performing the audit;

115
QMS/LA/v1.0

38
AUDITING : INITIAL CERTIFICATION AUDIT
AUDIT PLAN - CONTENT
The audit plan may also cover the following, as appropriate:

 identification of the auditee’ s representative for the audit;

 the working and reporting language of the audit where this is different from the
language of the auditor or the auditee or both; the audit report topics;

 logistics and communications arrangements, including specific arrangements for the

locations to be audited;

 any specific measures to be taken to address the effect of uncertainty on achieving the
audit objectives;

 matters related to confidentiality and information security;

116
QMS/LA/v1.0

AUDITING : INITIAL CERTIFICATION AUDIT

AUDIT PLAN - ADVANTAGES

 Clarifies purpose of Audit

 Use time more effectively
 Ensures Everything is covered
 Shows open Approach
 Gives structures to audit
 Gives professional Approach

117
QMS/LA/v1.0

EXERCISE 11
AUDIT PLANNING
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 118

39
 INITIAL
CERTIFICATION
AUDIT – STAGE I
(AUDIT CHECKLIST)

QMS/LA/v1.0 119

AUDITING : INITIAL CERTIFICATION AUDIT

AUDIT CHECKLIST

REQUIREMENTS OF AUDIT CHECKLIST

• To act as an Aide Memoir and an audit trace record
• To ensure that all elements and relevant requirements contained in the standard are
covered and nothing is omitted
• To reference each question to the relevant clauses of the standard
• Are an invaluable aid when writing the audit report.
• Space should be left on the checklist so that answers to the questions can be noted for
later use.
• Are compiled from the results of a detailed study of the process descriptions, procedures
and the standard
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 120

AUDITING : INITIAL CERTIFICATION AUDIT

ADVANATGES AND DISADVANTAGES OF CHECKLIST

ADVANATGES OF AUDIT CHECKLIST

• Promote planning for the audit
• Ensure a consistent audit approach
• Act as a sampling plan and time manager
• Serve as a memory aid
• Provide a repository for notes collected during the audit process
• Checklist can provide the structure & continuity to the audit & ensure that the audit scope is
being followed
• Checklist can provide a means of communication & a place to record data for use for future
reference
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 121

40
AUDITING : INITIAL CERTIFICATION AUDIT
ADVANATGES AND DISADVANTAGES OF CHECKLIST

DISADVANTAGES OF AUDIT CHECKLIST

• Checklists are developed with limited information
• Can lead to use of standardized check lists that stifle initiative and analysis of processes
• Can prevent the auditor investigating significant problem areas simply because they were
not on the check list
• A checklist used by an inexperienced auditor may not be able to clearly communicate
what the auditor is looking for
• Generic checklist, which do not reflect the specific organizational management system,
may not add any value and may interfere with the audit
• Narrow focused checklist minimize unique assessment questions/approach
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 122

EXERCISE 12
PREPARATION OF AUDIT CHECKLIST
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 123

INITIAL
CERTIFICATION
AUDIT – STAGE 2

QMS/LA/v1.0 124

41
AUDITING : INITIAL CERTIFICATION AUDIT
STAGE II AUDIT

PURPOSE

• The purpose is to evaluate the

implementation (including effectiveness
thereof) of the client’s QMS

QMS/LA/v1.0 125

AUDITING : INITIAL CERTIFICATION AUDIT

REQUIREMENTS OF STAGE II AUDIT

The audit at least includes the following:

a) Information and evidence about conformity to the
requirements of applicable standard or other
normative document
b) Performance monitoring, measuring, reporting and reviewing
against key performance objectives and targets
c) Reviewing performance relating to legal compliance
d) Operational control of the processes
e) Internal auditing and management review
f) Management responsibility for the client’s policies
g) Links between the normative requirements, policy, performance objectives
and targets, legal requirements, responsibilities, competence, operations,
procedures, performance data, internal audit findings and conclusions.

QMS/LA/v1.0 126

AUDITING : INITIAL CERTIFICATION AUDIT

SEQUENCE OF STAGE II AUDIT
ASSIGNING ROLES
AND AUDIT INFORMATION
CONDUCTING COMMUNICATING
RESPONSIBILTIES AVAILABILITY AND
OPENING MEETING DURING THE AUDIT
OF GUIDES AND ACCESS
OBSERVERS

REVIEWING
COLLECTING AND
DOCUMENTED GENERATING AUDIT DETERMINING AUDIT
VERIFYING
INFORMATION WHILE FINDINGS CONCLUSIONS
INFORMATION
CONDUCTING AUDIT

CONDUCTING
CLOSING MEETING

QMS/LA/v1.0 127

42
 INITIAL
CERTIFICATION
AUDIT (STAGE II)
- OPENING MEETING

QMS/LA/v1.0 128

OPENING MEETING – STAGE II AUDIT

OBJECTIVES

 To introduce the audit team.

 To confirm the audit plan.
 To briefly explain the way the audit activities will be conducted.
 To confirm the communication channels.
 To allow the auditee to ask questions.
 To identify the potential audit problems..

QMS/LA/v1.0 129

OPENING MEETING – STAGE II AUDIT

POINTS TO BE CONSIDERED

1. Introduction of the participants, roles; 11. Reporting and grading of audit findings;
2. Scope of certification; 12. Sampling; (Disclaimer, limitations)
3. Audit plan (including type, scope of audit, 13. Language to be used;
objectives and criteria, date and time for 14. Ongoing feedback during audit;
the closing meeting and interim meetings); 15. Conditions that may lead to termination
4. Audit methodology of audit;
5. Communication channel; 16. Appeal/complaint process;
6. Availability of resources, facilities; 17. Request for cooperation and facilities
7. Confidentiality; (office facilities, working lunch)
8. Safety, security and emergency norms; 18. Site-tour by audit team;
9. Availability of guides; 19. Clarifications needed, if any;
10. Reporting and grading of audit findings; 20. Thanks

QMS/LA/v1.0 130

43
 EXERCISE 13
OPENING MEETING
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 131

COMMUNICATING
DURING
THE AUDIT

QMS/LA/v1.0 132

EFFECTIVE COMMUNICATION

WHAT ARE THE BARRIERS OF COMMUNICATION

• What is spoken may not be heard

• What is heard may not be understood
• What is understood may not be accepted

133
QMS/LA/v1.0

44
EFFECTIVE COMMUNICATION

SPOKEN WORDS ARE ONLY A PART OF THE OVERALL COMMUNICATION

PROCESS; OTHERS ARE :
• Body posture and movement
• Facial expression
• Gestures
• Vocal characteristics
• Interpersonal distance
……………………………………………………………………………………………………………......……………………
TECHNIQUES OF EFFECTIVE COMMUNICATION
• Put the auditee at ease
• PLAN – structure thoughts into questions
• Explain clearly (to the point) what is required
• Listen carefully to responses
• Avoid making personal judgement
……………………………………………………………………………………………………………......……………………

134
QMS/LA/v1.0

EFFECTIVE COMMUNICATION
COMMON TYPES OF QUESTIONS

1. OPEN QUESTIONS
2. CLOSED QUESTIONS
3. CLARIFYING QUESTIONS
4. LEADING QUESTIONS
5. ANTAGONISTIC QUESTIONS
6. SILENCE

135
QMS/LA/v1.0

EFFECTIVE COMMUNICATION
COMMON TYPES OF QUESTIONS

OPEN QUESTIONS CLOSED QUESTIONS

USED TO: USED TO:

• Obtain information passively • Obtain specific information
• Obtain explanation, detailed information • Ensure understanding of the question
• Give opportunity to someone to express being asked
their views freely, in one’s own way. • Probe and uncover

EXAMPLES EXAMPLES
• What is your job in organization ? • Do you have a Work Instruction for this
• What corrective action do you take when operation?
the product is unacceptable? • Has this batch been tested?

136
QMS/LA/v1.0

45
EFFECTIVE COMMUNICATION
COMMON TYPES OF QUESTIONS

CLARIFYING QUESTIONS LEADING QUESTIONS

USED TO: USED TO:

• Ensure understanding • Suggest expected answer
• Eliminate ambiguity. • Put words in the audile's mouth

EXAMPLES EXAMPLES
• Can you please explain what do you • You always check calibration status
mean by that ? before using an instrument?
• Just to confirm that I have understood, • It is routine to check each hour that the
does it mean ………? emissions are within specification?

137
QMS/LA/v1.0

EFFECTIVE COMMUNICATION
COMMON TYPES OF QUESTIONS

ANTAGONISTIC QUESTIONS SILENCE

• Not in good taste USED TO:

• Against the desirable personal characteristics • DRAW INFORMATION !
of an auditor.
• Arouse emotions VOCAL CHARACTERISTICS
• Tend to vitiate audit situation. Tone and emphasis Consider :
SO, AVOID !!!
• Who authorized that ?
EXAMPLES • Who authorized that ?
• Why does this department never complete its • Who authorized that ?
reports on time? Rephrase: • Who authorized that ?
• What problems this department face in
completing reports?

138
QMS/LA/v1.0

EFFECTIVE COMMUNICATION

WHAT ARE SOME KEY INDICATORS OF EFFECTIVE COMMUNICATION

EFFORTS AND ACTIVITIES?
• Conducting candid, open and sometimes difficult discussions
• Paying attention to body language, tone of voice, and choice of words
• Asking board members for feedback and suggestions
• Focusing on “quality over quantity” of communications
……………………………………………………………………………………………………………......……………………

THINGS TO NOTE IN AUDIT COMMUNICATION

• identify the appropriate persons within the entity’s governance structure with whom
to communicate;
• communicate required matters with auditee on a timely basis;
• take appropriate steps to achieve effective two-way communication;
• establish and evaluate the adequacy of the communication process for the purpose
of the audit

139
QMS/LA/v1.0

46
EFFECTIVE COMMUNICATION

AUDIT TEAM COMMUNICATION

• The Audit team will meet frequently throughout the Audit to exchange information
and gauge the Audit’s progress.
• The Audit Team Leader should assemble the Audit team at the beginning and end
of each day to discuss findings, exchange information, determine Audit follow-up
trails and strategies, and note areas that need attention.
……………………………………………………………………………………………………………......……………………

DAILY WRAP UP MEETING

• Findings should be summarized and discussed daily in an informal session with the
auditee’s management representative(s).
• This is needed to prevent “surprises” at the closing meeting and to give Auditee
management the opportunity to provide evidence or information that the Auditor
may have overlooked.
……………………………………………………………………………………………………………......……………………

140
QMS/LA/v1.0

EFFECTIVE COMMUNICATION

AGENDA OF DAILY WRAP UP MEETINGS

• Discuss any “Priority” findings, including need for immediate correction or
containment of ones that constitute imminent danger to life.
• Make the Auditee aware of any issue where the Audit team needs additional
information in order to make a determination of conformance.
• Encourage the Auditee to present/prepare additional evidence as well as
alternative approaches to compliance/conformance with the Audit criteria and legal
requirements.
……………………………………………………………………………………………………………......……………………

141
QMS/LA/v1.0

AUDITOR CONFIDENTIALITY
AUDITOR MUST ENSURE
During opening meeting, and confirm it during closing meeting, that strict confidentiality will
be maintained in managing all the data information gained in the course of the audit :

• Company know-how
• Company personnel
• Company clients

It is one of the most important characteristics composing the Auditor professionalism to no

disclose to anybody these information. With this aim, the Auditor should protect and
safeguard paperwork and electronic documents from lost or unauthorized access.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 142

47
 COLLECTING &
VERIFYING
INFORMATION

QMS/LA/v1.0 143

COLLECTING AND VERIFYING INFORMATION

METHODS OF COLLECTING INFORMATION

• All Areas of the Facility

1. OBSERVATION • Working Areas
• Welfare facilities

• Company Records
2. EXAMINING
• Safety Equipment
RECORDS, TESTING,
• Statutory Inspections (Chains, Ropes, Lifting, Tackle,
CROSS-CHECKING Pressure Vessels)

• Top Management & Executives

3. INTERACTIONS, • Workers and contractors
ENQUIRY • Any other personnel with environmental or health and
safety responsibilities

QMS/LA/v1.0 144

COLLECTING AND VERIFYING INFORMATION

PROCESS

1 • SOURCE OF INFORMATION

2 • COLLECTING BY MEANS OF APPROPRIATE SAMPLING

3 • AUDIT EVIDENCE

4 • EVALUATING AGAINST AUDIT CRITERIA

5 • AUDIT FINDINGS

6 • REVIEWING

7 • AUDIT CONCLUSIONS

QMS/LA/v1.0 145

48
COLLECTING AND VERIFYING INFORMATION
METHODS OF COLLECTING INFORMATION – SITE TOUR

DURING SITE TOUR, AUDITORS ARE EXPECTED TO:

• Keep their eyes and ears open and keep the mouth mostly closed (i.e. asking very less questions and
not getting involved in prolonged QA sessions).
• Look for evidences of adequacy of resource allocations;
• Observe operations and adherence to identified risk-control measures.
• Checking/monitoring activities etc. to formulate auditing strategy
• Ensure permission and access (if needed);
• Obtain necessary briefing on security, health, safety and cultural norms (including PPE);
• Do not touch or manipulate any equipment;
• Ask for authorization before taking photographs or video materials;
……………………………………………………………………………………………………………......……………………

STAGE 2 AUDIT : POST-TOUR

• Results of site tour may give rise to a review of observations by audit team to modify audit plan.
• Thereafter, audits can commence as per the (revised) audit plan.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 146

COLLECTING AND VERIFYING INFORMATION

SAMPLING TECHNIQUE

WHY Because Auditor Cannot Verify Everything

WHAT Selection Of Sample

By Using Adequate And Appropriate Method

HOW
Relevant To Audit

QMS/LA/v1.0 147

COLLECTING AND VERIFYING INFORMATION

SAMPLING TECHNIQUE

GENERAL
• Do not ask auditee to select the sample
• Select a random sample
……………………………………………………………………………………………………………......……………………

BENEFITS OF SAMPLING
• Reduced number of items tested
• Reduce more risk of reaching a false conclusion
……………………………………………………………………………………………………………......……………………

LIMITATION OF SAMPLING
• Can result in uncertainty in audit findings.
• Number of samples depends on risk level, size and scale of organization, Criticality of
business process.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 148

49
COLLECTING AND VERIFYING INFORMATION
SAMPLING APPROACH

METHOD OF SAMPLE
ADVANTAGES DISADVANTAGE USE
SAMPLING SELECTION
Statistically more Data in information
RANDOM Based on Chance Longer to perform
reliable system
SYSTEMATIC Based on Fixed Simple to execute & Time consuming to Most often
RANDOM Interval statistically reliable execute favoured
Each Subset is May lead to false In case of different
STRATIFIED By Subset Group
represented conclusions subsets
BLOCK Block of Elements Whole population Difficult to decide
Simple and faster
SELECTION as Population not represented population
BASED ON By Experience Simple and very
Statistically invalid Purely on intuition
JUDGEMENT and knowledge faster

QMS/LA/v1.0 149

COLLECTING AND VERIFYING INFORMATION

GATHERING AUDIT EVIDENCE

1. PHYSICAL
TYPES OF EVIDENCE

2. DOCUMENTARY

3. CIRCUMSTANTIAL

4. TESTIMONIAL

QMS/LA/v1.0 150

COLLECTING AND VERIFYING INFORMATION

AUDITOR’S APPROACH

• Be alert and responsive • Use a soft, friendly voice

• Clarify when unsure • Maintain a business-like, non-
• Summarize to ensure accuracy judgmental attitude
• Be calm, objective and • Do not enter into a debate
detached • Ask for suggestions for
• Be courteous, alert and improvements
responsive • Collect dates, facts, etc.
• Do not jump to conclusions or • Be friendly and empathetic
make assumptions • Be non-judgmental

QMS/LA/v1.0 151

50
 GENERATING
AUDIT FINDINGS

QMS/LA/v1.0 152

GENERATING AUDIT FINDINGS

GRADING OF AUDIT FINDINGS

GRADING OF AUDIT
FINDINGS

NONCONFORMANCE OPPORTUNITY FOR IMPROVEMENT

(NC) (OFI) / OBSERVATION

MAJOR MINOR

QMS/LA/v1.0 153

GENERATING AUDIT FINDINGS

NON CONFORMANCE

MAJOR NONCONFORMANCE
Includes :
a) Legal noncompliance;
b) Nonfulfillment of the requirements of one (or more) clause/s of the standard;
c) Accumulation of a number of minor non-conformances in one area/topic.
……………………………………………………………………………………………………………......……………………

MINOR NONCONFORMANCE
If it is an NC and it is NOT a major NC, it has to be a minor NC. Includes :
a) Occasional failures in the various areas, e.g. documentation, records, segregation, labeling etc.
……………………………………………………………………………………………………………......……………………

OBSERVATION/ OPPORTUNITY FOR IMPROVEMENT (OFI) :

Includes :
• All identified areas of potential improvements.
• An OFI is NOT an NC.
• It’s a suggestion for improvement &doesn’t call for compulsory action.

QMS/LA/v1.0 154

51
WRITING A NONCONFORMITY REPORT (NCR)
THREE ELEMENTS OF NCR

• Identify the specific requirement of the QMS that has not been fulfilled
• Identify the clause of the standard that specifies the unfulfilled requirement
• The requirement may have been specified in other system documentation (e.g.
procedure, work instruction etc.)

• The three elements of a NCR are:

a) Statement of nonconformity (NC)
Express the problem in the words of the ‘requirement’.
Remember, if you cannot express the problem in the words of the
standard, procedure or contract, then you have no nonconformance !!
b) Evidence of NC
c) System-requirement (which is not fulfilled).

QMS/LA/v1.0 155

WRITING A NONCONFORMITY REPORT (NCR)

THREE ELEMENTS OF NCR

• Identify the specific requirement of the QMS that has not been fulfilled
• Identify the clause of the standard that specifies the unfulfilled requirement
• The requirement may have been specified in other system documentation (e.g.
procedure, work instruction etc.)

• The three elements of a NCR are:

a) Statement of nonconformity (NC)
Express the problem in the words of the ‘requirement’.
Remember, if you cannot express the problem in the words of the
standard, procedure or contract, then you have no nonconformance !!
b) Evidence of NC
c) System-requirement (which is not fulfilled).

QMS/LA/v1.0 156

WRITING A NONCONFORMITY REPORT (NCR)

EXAMPLE

AUDIT SCENARIO
During review of QMS policy in the MR’s office, it is seen that the policy does not include
a commitment to continual improvement.

A. STATEMENT OF NC
The QMS policy does not include a commitment to continual improvements.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 157

52
WRITING A NONCONFORMITY REPORT (NCR)
EXAMPLE

B. EVIDENCE OF NONCONFORMITY
The QMS policy, documented in page 9 of the QMS Manual, Doc. No. MCIL/QMS/01, Issue
No. 01, dated 03 Dec 2015, does not include a commitment to comply with continual
improvement etc...
Acceptable alternative
“The QMS policy (page 9 of QMS refers) does not include a commitment to comply with
continual improvement.” (clause 5.2.1d of the standard).
……………………………………………………………………………………………………………......……………………

C. REQUIREMENT : CLAUSE 5.2.1(d) OF ISO 9001:2015

“(QMS policy) includes a commitment to continual improvement of the quality management
system.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 158

WRITING A NONCONFORMITY REPORT (NCR)

OBSERVATION - HOW TO DEAL?

Auditor Observes that the training evaluation addresses the trainer ability and how much the
employee enjoyed the training while verifying a training on Customer relations given for
marketing team on 14th January as seen in the training record

1. What is the process for training Evaluation (Cl 4.4.1)

2. How the competence requirements for sales team identified (Cl 7.2a)
3. Has the required competence for the marketing team been ensured (Cl 7.2b)
4. Who is responsible for doing evaluation of training (Cl 5.3)
5. Does organization use any other method for training evaluation (CI 7.2c)
6. Is there any evidence of complaint from customer or other failure on account of the
marketing team performance (Cl 10.2)
7. Etc.…….
Investigate to understand the impact of situation

QMS/LA/v1.0 159

EXERCISE 14
IDENTIFICATION AND GRADING
OF AUDIT FINDINGS
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 160

53
 AUDIT
ROLE PLAY

QMS/LA/v1.0 161

AUDIT ROLE PLAY

THINGS TO CONSIDER
INTERVIEW STEPS
a) Be alert and responsive
b) Control interview in a relaxed way
c) Stick to relevant questions
d) Clarify when unsure
e) Summarize to ensure accuracy
f) Request a brief overview of the interviewee’s job
g) Gather detailed information
h) Ask only those questions which invite the interviewee’s full participation (who, what, why,
when, where and how) - open ended questions
i) Ask only one question at a time
j) Take relevant notes
k) Do not use tape recorders
l) Treat the interviewee as an equal
m) Use language the interviewee can understand
n) Arrange the meeting at the interviewee’s convenience

QMS/LA/v1.0 162

AUDIT ROLE PLAY

THINGS TO CONSIDER
• Repeat key words as a prompt • Be courteous, alert and responsive
• Be friendly and empathetic • Use a soft, friendly voice
• Be non-judgmental • Maintain eye contact
• Do not enter into a debate • Keep the right distance
• Ask for suggestions for improvements • Do not jump to conclusions or make
• Collect dates, facts, etc. assumptions
• Go to the interviewee’s work area • Tolerate silence
• Try to keep it on a ‘one to one’ footing • Mirror the interviewee’s body movements
• Maintain a business-like, non-judgmental • Take an open stance
attitude • Use NVC(Non Verbal Communication) to
• Shake hands or use other appropriate encourage interviewee to talk
greeting • Use encouraging paralinguistic
• Try to minimise distractions • Use NVC which is congruent with VC of
• Be calm, objective and detached yours as well interviewees

QMS/LA/v1.0 163

54
 EXERCISE 15
AUDIT ROLE PLAY – CONDUCTING AUDIT
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 164

AUDIT
CONCLUSIONS &
CLOSING MEETING

QMS/LA/v1.0 165

PREPARING AUDIT CONCLUSIONS

THE AUDIT TEAM SHOULD CONFER PRIOR TO THE CLOSING MEETING IN

ORDER TO:
a) review the audit findings, and any other appropriate information collected during the audit,
against the
b) audit objectives;
c) agree on the audit conclusions, taking into account the uncertainty inherent in the audit
process;
d) prepare recommendations, if specified by the audit plan;
e) discuss audit follow-up, as applicable.

If specified by the audit plan, audit conclusions can lead to recommendations for improvement,
or future auditing activities.
……………………………………………………………………………………………………………......……………………

166
QMS/LA/v1.0

55
CLOSING MEETING
PRESENTING AUDIT-OUTCOME TO AUDITEE

AUDITOR AUDITEE

1. Audit Findings 2. Additional Info / Confirmation

of Facts
3. Audit Conclusion / 4. Comments
Recommendation ON-SITE AUDIT

5. Closing Meeting 6. Appeal or Acceptance

FOLLOW UP
8. Evaluation & Action Plans 7 Action Plans
(NEED BASED)

9. Corrective / Preventive
10. Surveillance Audit SURVEILLANCE
Measures

QMS/LA/v1.0 167

CLOSING MEETING
POINTS TO BE CONSIDERED

1. Greetings 9. Disclaimer (limitations of

2. Thanks for assistance sampling)
3. Attendance record 10. Recommendations
4. Audit objective 11. Follow-up actions, as
5. Audit scope appropriate
6. Audit criteria 12. Unresolved issues, if any
7. Confidentiality 13. Clarifications, if any
8. Audit findings 14. Thanks for time
 NCs (major, minor)
 OFIs/Observation
 Areas of concern

QMS/LA/v1.0 168

EXERCISE 16
CLOSING MEETING
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 169

56
 Leading Management System
Audit Teams

QMS/LA/v1.0 170

LEAD AUDITOR : ROLES AND RESPONSIBILITIES

1. AUDIT TEAM LEADER (TL)

• Conducting opening meeting
• Site tour and team briefing
• Coordinating and managing the audit
• Spokesperson for the team and channel of communication.
• Final say in audit conclusions
• Endorsing audit findings of auditors
• Periodical feedback to auditee
• Conduct closing meeting
• Submission of Audit Report
• Follow-up actions, as necessary
• Carry out audits as per audit plan (as a member of the audit team)
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 171

RESPONSIBILITIES OF THE LEAD AUDITOR IN

MANAGING THE AUDIT AND THE AUDIT TEAM

LEAD AUDITOR IS RESPONSIBLE FOR:

• Lead/manage the Team Members in order to allow them to perform cross check activity
effectively and in time
• Collect all the evidences gained by the Team
• Evaluate the evidences ensuring that they will completely justify the Audit findings
• Solve any difference of opinion, within the Team, prior to the closing meeting with the
Client
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 172

57
 ACCREDITATION
AND
CERTIFICATION

QMS/LA/v1.0 173

ACCREDITATION AND CERTIFICATION

ACCREDITATION CERTIFICATION

• Procedure by which an authoritative body • Procedure by which a third-party

gives formal recognition that a body or (certification body) gives a written
person (signatory) is competent to carry assurance that a product, process or
out specific tasks service (of an organization) conforms to
specified requirements
• Governed by Standards such as ISO
17011 / 17021 / 17024 • Provided based on ISO 9001 / 14001 /
22000 etc..

QMS/LA/v1.0 174

ACCREDITATION AND CERTIFICATION

ACCREDITATION BODIES
(UKAS / ANAB /JAS ANZ / etc.)
ACCREDITS

CERTIFICATION BODIES CERTIFICATION BODIES FOR

(SGS / BVQI / BSI / etc.) PERSONS (CQI-IRCA/EXEMPLAR
CERTIFY ORGANIZATIONS GLOBAL)
CERTIFY TRAINING ORGANIZATIONS

AUDITEE APPROVED TRAINING PARTNERS

TRAIN AUDITORS

AUDIT THE AUDITEES

AUDITORS

QMS/LA/v1.0 175

58
ACCREDITATION GUIDELINE

ISO/IEC 17011 - Conformity assessment -- General requirements for accreditation bodies

accrediting conformity assessment bodies

ISO 17021 - Conformity assessment -- Requirements for bodies providing audit and
certification of management systems

ISO/IEC 17024 - Conformity assessment -- General requirements for bodies operating

certification of persons

QMS/LA/v1.0 176

ISO 19011:2018 Vs. ISO 17021(2):2016

ISO 19011:2018 ISO 17021(2):2016 (As applicable)

Auditing Guidelines Third Party Audit Requirements
• This International Standard specifies
Requirements of the management system requirements for certification bodies.
standard • Aims to ensure that certification bodies
Provides guidance on operate management system certification in
• the management of an audit a competent, consistent and impartial
programme, manner.
• the planning and conducting of an • This International Standard serves as a
audit of the management system, foundation for facilitating the recognition of
• the competence and evaluation of an management system certification in the
auditor and an audit team interests of international trade.

QMS/LA/v1.0 177

INTERNATIONAL ACCREDITATION FORUM

ABOUT

 Accreditation is the independent evaluation of conformity assessment bodies against

recognised standards to ensure their impartiality and competence. Through the
application of national and international standards, government, procurers and
consumers can have confidence in the calibration and test results, inspection reports
and certifications provided.

 Accreditation bodies are established in many countries with the primary purpose of
ensuring that conformity assessment bodies are subject to oversight by an authoritative
body

 Accreditation bodies, which have been evaluated by peers as competent, sign

arrangements that enhance the acceptance of products and services across national
borders, thereby creating a framework to support international trade through the removal
of technical barriers.

QMS/LA/v1.0 178

59
INTERNATIONAL ACCREDITATION FORUM
ROLE

 The primary purpose of IAF is two-fold.

• Firstly, to ensure that its accreditation body members only accredit bodies that are
competent to do the work they undertake and are not subject to conflicts of interest.
• The second purpose of the IAF is to establish mutual recognition arrangements, known as
Multilateral Recognition Arrangements (MLA), between its accreditation body members
which reduces risk to business and its customers by ensuring that an accredited certificate
may be relied upon anywhere in the world.
 The MLA contributes to the freedom of world trade by eliminating technical barriers to trade.
IAF works to find the most effective way of achieving a single system that will allow companies
with an accredited conformity assessment certificate in one part of the world, to have that
certificate recognised else where in the world. The objective of the MLA is that it will cover all
accreditation bodies in all countries in the world, thus eliminating the need for suppliers of
products or services to be certified in each country where they sell their products or services.
Certified once - accepted everywhere.

QMS/LA/v1.0 179

INTERNATIONAL ACCREDITATION FORUM

BENEFITS OF USING AN ACCREDITED CERTIFICATION BODY

 De-risk your procurement by taking the guesswork out of choosing a certification body
by giving you confidence that you will get the service that closely meets your
requirements;
 Win new business particularly since the use of accredited conformity assessment
services is increasingly a stipulation of specifiers in both the public and private sector;
 Gain access to overseas markets since certificates issued by bodies that are accredited
by an IAF MLA signatory are recognised and accepted throughout the world;
 Help to identify best practice since the certification body is required to have appropriate
knowledge of your business sector;
 Control costs with the help of knowledge transfer since accredited certification bodies
can be a good source of impartial advice;
 Offer market differentiation and leadership by showing to others credible evidence of
good practice;

QMS/LA/v1.0 180

INTERNATIONAL ACCREDITATION FORUM

BENEFITS OF USING AN ACCREDITED CERTIFICATION BODY

 Demonstrate due diligence in the event of legal action;

 Reduce paperwork and increase efficiency by reducing the necessity to re-audit your
business.
 Consumer confidence can be gained from goods or services that bear a mark or carry a
certificate of conformity. The IAF MLA ensures that such goods and services placed on
the market, from which ever country of origin, meet standards of quality and safety
 Accreditation bodies around the world, which have been evaluated by peers as
competent, have signed an arrangement that enhances the acceptance of products and
services across national borders
 Having products assessed and certified as conforming to a particular standard allows
manufacturers and service providers to distinguish themselves from less reputable
suppliers, thereby creating a competitive advantage.

QMS/LA/v1.0 181

60
INTERNATIONAL ACCREDITATION FORUM
SOME OF THE REFERENCE PUBLICATIONS
 IAF MD 1:2007 Certification of Multiple Sites Based on Sampling
 IAF MD 2:2007 Transfer of Accredited Certification of Management Systems
 IAF MD 3:2008 Advanced Surveillance and Recertification Procedures (ASRP)
 IAF MD 4:2008 Use of Computer Assisted Auditing Techniques ("CAAT") for Accredited Certification of
Management Systems
 IAF MD 5:2015 Determination of Audit Time of Quality and Environmental Management Systems
 IAF MD 5:2013 IAF Mandatory Document for Duration of QMS and EMS Audits
 IAF MD6:2014 Application of ISO 14065:2013
 IAF MD 11:2013 IAF Mandatory Document for Application of ISO/IEC 17021 for Audits of Integrated
Management Systems (IMS)
 IAF MD 17:2015 Witnessing Activities for the Accreditation of Management Systems Certification Bodies
 IAF MD 17:2015 Witnessing Activities for the Accreditation of Management Systems Certification Bodies
 IAF MD 19:2016 IAF Mandatory Document For The Audit and Certification of a Management System operated
by a Multi-Site Organization (where application of site sampling is not appropriate)

QMS/LA/v1.0 182

PREPARING AND
DISTRIBUTING THE
AUDIT REPORT

QMS/LA/v1.0 183

AUDIT REPORTING
MEANING

WHAT IS AUDIT REPORT ?

• Audit team leader to ensure

preparation of audit report and he is
responsible for the content
• Report provides an accurate, concise
and clear record of audit
• Enables informed certification
decision

QMS/LA/v1.0 184

61
AUDIT REPORTING
AUDIT REPORT - PREPARATION

AUDIT REPORT SHALL INCLUDE OR REFER TO THE FOLLOWING:

a) Identification of the certification body
b) Name and address of the client and the MR
c) Type of audit
d) Audit criteria
e) Audit objectives
f) Audit scope
g) Audit team leader, audit team members, any accompanying persons
h) The dates and places of audit
i) Audit findings, evidences and conclusions
j) Any unresolved issues
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 185

AUDIT REPORTING
AUDIT REPORT - APPROVING AND DISTRIBUTION

FOLLOWING POINTS SHOULD BE CONSIDERED:

a) Audit report should be issued within the agreed time period, or delays communicated
to the audit client and a new date agreed
b) Audit report should be dated, reviewed and approved in accordance with audit
programme procedures
c) Approved audit report should then be distributed to recipients designated by the audit
client
d) The audit report is the property of the audit client; confidentiality of the report should be
respected
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 186

COMPLETING THE AUDIT

BELOW POINTS TO NOTE WHILE AUDIT COMPLETION:

a) The audit is completed when all activities described in the audit plan have been carried
out and the approved audit report has been distributed
b) Documents pertaining to the audit should be retained or destroyed by agreement
between the participating parties and in accordance with
• audit programme procedures
• applicable statutory regulatory requirements, if any
• contractual requirements
c) If disclosure of the contents of an audit report document is required, the audit client and
auditee should be informed as soon as possible
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 187

62
 EXERCISE 17
AUDIT REPORTING
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 188

CONDUCTING
AUDIT FOLLOW-UP

QMS/LA/v1.0 189

CONDUCTING AUDIT FOLLOW-UP

a) Depends on audit objective and audit

conclusion
b) Can require correction, or corrective, preventive
or improvement actions
c) The auditee arrives at corrective action plan; agreed
to by auditor
d) The auditee completes action within agreed timeframe
e) Auditor verifies completion and effectiveness of action
f) Verification of corrective action for OFIs and minor NCs
g) Verification of corrective action for major NCs.

QMS/LA/v1.0 190

63
 EXERCISE 18
REVIEW OF CORRECTIVE
ACTION
KNOWLEDGE INDEX
01

COURSE PROGRESS QMS/LA/v1.0 191

SURVEILLANCE &
RECERTIFICATION
AUDITS

QMS/LA/v1.0 192

SURVEILLANCE AUDIT
AUDIT STAGES

Initial 1st Year 2nd Year 3rd Year

Stage I Audit Surveillance Surveillance Recertification
Stage II Audit Audit Audit Audit

QMS/LA/v1.0 193

64
SURVEILLANCE AUDIT

PURPOSE
• To monitor, on a regular basis, the representative areas
and functions, covered by the scope, to verify continued
conformity.
• To take into account the changes to the management
system.
• Shall include on-site audit.

QMS/LA/v1.0 194

SURVEILLANCE AUDIT

OTHER SURVEILLANCE ACTIVITIES MAY INCLUDE

a) Enquiries from the CB on aspects of certification;
b) Reviewing client’s statements (e.g. promotional material);
c) Requests to provide documents/records;
d) Other means of monitoring performance.
……………………………………………………………………………………………………………......……………………
ON-SITE SURVEILLANCE AUDIT SHALL INCLUDE AT LEAST :
a) Internal audits and management review;
b) A review of actions taken on NCs of previous audit;
c) Treatment of complaints;
d) Effectiveness of management system;
e) Progress of planned activities aimed at continual improvement;
f) Continuing operational control.
g) Review of any changes;
h) Use of marks and/or any other reference to certification.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 195

RECERTIFICATION AUDIT
AUDIT STAGES

Initial 1st Year 2nd Year 3rd Year

Stage I Audit Surveillance Surveillance Recertification
Stage II Audit Audit Audit Audit

QMS/LA/v1.0 196

65
RECERTIFICATION AUDIT

OVERVIEW & PURPOSE

OVERVIEW
• The certification of management systems is valid for three
years.
• For continuing validity, system is required to be recertified
before expiry of current certification, through successful
recertification audit.
PURPOSE
• To confirm the continued conformity and effectiveness of
the management system as a whole.
• To confirm the continued relevance and applicability for
the scope of certification

QMS/LA/v1.0 197

RECERTIFICATION AUDIT
PLANNING

I. Planned to evaluate the continued fulfilment of:

 all of the requirements of the management system standard, and
 all the requirements stipulated in the system-documentation.
II. Planning to consider
 the performance of the management system, and
 results of the previous surveillance audits.
III. Planning may need to include a stage 1 audit.
IV. Planning to ensure adequate on-site audit coverage.

QMS/LA/v1.0 198

RECERTIFICATION AUDIT
ON-SITE AUDIT

RECERTIFICATION SHALL INCLUDE AN ON-SITE AUDIT THAT ADDRESSES:

a) Effectiveness of the management system;
b) Applicability and relevance of scope;
c) Demonstrated commitment to maintain effectiveness;
d) Demonstrated commitment to improvement of the management system;
e) Contribution of the management system to achieve objectives and
implementation of policy.
f) Complaints received from users of certification;
g) Implementation of corrections and corrective actions for NCs raised during
recertification audit, prior to expiration of certification.
……………………………………………………………………………………………………………......……………………

QMS/LA/v1.0 199

66
 SUM UP
AND
REFLECTIONS

QMS/LA/v1.0 200

FINAL
EXAMINATION

QMS/LA/v1.0 201

67