Training Course

on
Auditing Management System
 Contents

1 Introduction

2 Principles of Auditing

3 The Auditor

4 Managing the Audit Program

Module 1

1 Introduction
 ISO 9000 Core Standards

• ISO 9000:2015 Fundamentals and Vocabulary

• ISO 9001:2015 QMS Requirements
• ISO 9004:2009 Managing for the Sustained Success of
an Organization - A Quality Management Approach

• ISO 19011:2011
Guidelines on Auditing Management Systems
 Terms and Definitions
Audit
Systematic, independent, and documented process for
obtaining audit evidence and evaluating it objectively to
determine the extent to which the audit criteria are fulfilled.

Note:
Combined Audit - when two or more management systems of different disciplines (e.g.
quality, environmental, occupational health and safety) are audited together
Joint Audit - when two or more auditing organizations cooperate to audit a single auditee

Audit Criteria
Set of policies, procedures or
requirements used as reference against
which audit evidence is compared

“What should be happening”

 Terms and Definitions

Audit Evidence
Records, statements of facts or other information which are
relevant to the audit criteria and verifiable
“What is really happening”

Audit Findings
Results of the evaluation of the collected audit evidence against
audit criteria
Note:
Can either be conformity or non-conformity
 Terms and Definitions
Conformity
Refers to the fulfillment of a requirement

Nonconformity
Refers to the non fulfillment of a requirement

Opportunity for Improvement (OFI)

Refers to recommendations
for improvement

Note:
If the audit criteria are selected from legal (statutory or regulatory)
requirements, the audit finding is termed as compliance or non-compliance.
 Terms and Definitions

Audit Conclusion
Outcome of an audit after consideration of the audit objectives
and all audit findings.

Audit Client
Organization or person requesting an audit
 Terms and Definitions
Auditee
Organization/ person being audited
Auditor
Person with the competence to conduct an audit
Competence
Ability to apply knowledge and skills to achieve intended
results
Audit Team
One or more auditors conducting an audit, supported,
if needed by technical experts
Note:
1. One auditor of the audit team is appointed as the audit team leader
2. The audit team may include Auditors-in-training.
3. A technical expert is a person who provides specific knowledge or expertise to the audit
team
 Terms and Definitions
Audit Programme
Arrangements for a set of one or more audits planned for a
specific time frame and directed towards a specific
purpose.

Audit Scope
The extent and boundaries of an audit
Note :
Generally includes a description of the physical locations, organizational units,
activities and processes, as well as the time period covered.

Audit Plan
Description of the activities and arrangement for an audit.
 Terms and Definitions

Certification
The process of certifying an organization’s QMS to meet a
set criteria such as ISO 9001:2015

Registration
Refers to the certification bodies’ process of maintaining a
register of the organizations that have successfully passed
certification
 Interpreting the Standard

“ISO 9001 specifies WHAT the organization must

do but does not say HOW they must do it.”
 This results in organizations satisfying the
requirements with different systems and approach
therefore the auditor is required to:
– understand the auditee’s systems and approach.
– adapt to the auditee’s situation.
– evaluate the auditees’ own interpretation against the
intentions of the standard.
 Interpreting the Standard

Use of “shall”, “should”, note, and “such as”

 The word “shall” indicates a requirement.
 The word “should” indicates a recommendation.
 Paragraphs marked “NOTE” are for guidance on
understanding and clarifying the associated requirement.
 Where the term “such as” is used, any suggestions given
are for guidance only.
 Interpreting the Standard

Use of subjective phrases

 For phrases such as:
 “where applicable”; “as applicable”
 “where necessary”; “as necessary”
 “where appropriate”; “as appropriate”

 It’s for to the organization to determine

“applicability”, “necessity” and “appropriateness”
 Interpreting the Standard

Interpreting subjective phrases

 The job of an auditor is to evaluate by asking himself/herself:
“Would the absence of the “as necessary, as applicable or as
appropriate” put the organization at risk of not meeting the
customer or applicable statutory and regulatory requirements?”

 A “YES” answer supported with objective evidence will establish

the “applicability”, “necessity” and “appropriateness”.
 Contents of the ISO 9001 Standards

1 Scope

2 Normative Reference

3 Terms and Definitions

Contents of ISO 9001:2015
 Contents of ISO 9001:2015

Section 9 – Performance Evaluation

9.2 Internal audit

 Must conduct internal audits at planned intervals conforming to

organization’s own requirements for its quality management system
and its effective implementation and maintenance including audit
programme, criteria and scope, and select auditors.
 Evidence of internal audits and results must be documented.

NOTE:
See ISO 19011 for guidance
 Contents of ISO 9001:2015

Criteria as per ISO 9001 clause 9.2.1

The organization shall conduct internal audits at
planned intervals to provide information on whether
the quality management system conforms to:

1. the organization’s own requirements for its quality management

system; HOWs
HOWs
2. the requirements of this International Standard;

WHATs
 Contents of ISO 9001:2015

Typically, criteria will include

 The statements of “HOW” within the organization’s
documented information (e.g. quality manual,
documented procedures, company
policy/rules/regulation, checklist, etc.)
 The requirements of ISO 9001 clauses (i.e. “WHAT”)
 Relevant requirements of the interested parties that are
relevant to the QMS (see 4.2)
 Contents of ISO 9001:2015

ISO 9001’s WHAT AGENCY’s HOW

Control of documented information… Implementation of the Records Disposition
retention and disposition Schedule

The quality policy shall… be communicated, Uploading of the QP to the website,

understood and applied within the issuance of ID-sized QPs, recital of QP, QP
organization supported by KPIs

Top management shall review the Conduct of the monthly ManCom meetings
organization’s QMS at planned intervals

Determine the knowledge necessary for the Orientation on existing SOPs; maintaining
operation of its processes instruction manuals

The output of this planning shall be suitable Curriculum/syllabus, project workplan,

for the organization’s operations control plan, master schedule
Module 2

2 Principles of Auditing
 Principles of Auditing

 Integrity Pertains
 Fair presentation to auditor
 Due professional care

 Confidentiality Pertains
 Independence to audits
 Evidence based approach
 Integrity

 The foundation of professionalism

 Meets legal requirements and Code of Moral Values
 Truthfulness, sincerity, honesty, uprightness,
diligence
 Courtesy, business-like behaviour
 Completeness, unimpaired by coercion, threat,
intimidation
 Fair Presentation

 The obligation to report truthfully and accurately

 Objective, un-biased, non-opinionated, non-
generalized
 Audit obstacles noted
 Due Professional Care

 The application of judgement and diligence in

auditing
 Makes reasoned judgments in all audit situations
 Take due care in their auditing task
 Confidentiality

 Security of information
 Discretion in use and protection of information
 Information not used for personal gain of auditor or
audit client
 Independence

 The basis for the impartiality of the audit and

objectivity of the audit conclusion
 Independent of activity being audited
 Free from bias and conflict of interest
 Free from operating managers of function audited

Note:
May be difficult for small organizations, but remove bias and encourage objectivity.
 Evidence-based approach

 The rational method for reaching reliable and

reproducible audit conclusions in a systematic
audit process
 Verifiable evidence
 Appropriate use of sampling
Module 3

3 The Auditor
 Exercise 1

Profiling the
Internal Quality Auditor

Duration: 5 minutes
 The Auditor

What an Internal
Auditor knows?

What an Internal Auditor

can do? What an Internal Auditor
believes in or
values (attitudes)?

What an Internal
Auditor is responsible To whom an Internal
for? Auditor
is responsible for?
 Auditor’s Roles and Responsibilities

a. Conform with the applicable audit requirements

b. Communicate and clarify audit requirements

c. Plan and carry-out the assigned task objectively, effectively,

and efficiently within scope of the audit

d. Collect and analyze relevant and sufficient audit evidence

to determine audit findings and arrive at conclusions
 Auditor’s Roles and Responsibilities

e. Prepare documents and records as directed by the Team

Leader

f. Document audit findings

g. Safeguard documents and records pertaining to the audit

and return such documents and records as required.
 Auditor Competence

Quality Generic Environmental/

Specific knowledge knowledge Food Safety
and skills and skills)
Specific knowledge and
skills

Work Auditor Audit

Education
Experience Training Experience

Personal Attributes
Concept of Competence Reference:
ISO 19011:2015
 Auditor Competence

Generic Knowledge and Skills

 Audit principles, procedures, and methods
 Management system and reference documents
 ISO standard documentation requirements, procedures, system
tools and methodologies
 Risk management principles, methods and techniques
 Organizational context
 Types, governance, size, structure, functions and relationships
 Cultural and social aspects of the auditee
 Language and terminology
 Sector specific requirements
 Laws, regulations, and other requirements
 Auditor Competence

Quality specific knowledge and skills

 Quality methods and techniques
 Quality terminology
 Quality management tools and their application
 Processes and products/services being audited
 Auditor Competence

Personal Attributes

1. Ethical 8. Decisive
2. Open-minded 9. Self-reliant
3. Diplomatic 10. Acting with fortitude
4. Observant 11. Open to improvement
5. Perceptive 12. Culturally sensitive
6. Versatile 13. Collaborative
7. Tenacious
 Exercise 2

Personal Attributes

• Choose two (2) attributes, 1 strength,

1 weakness
• Write each attribute in a metacard.
• Post

Duration: 5 minutes
 Selecting the Audit Team

An audit team should be selected, taking into

account the competence needed to achieve the
objectives of the individual audit within the
defined scope.
 Selecting the Audit Team

Considerations on the size and composition of the audit team for the
specific audit:

1. Overall competence of the audit team needed to achieve audit

objectives, taking into account audit scope and criteria
2. Complexity of the audit and if audit is a joint or combined audit.
3. The audit methods.
4. Legal and contractual requirements and
other requirements to which the organization
is committed.
 Selecting the Audit Team
Considerations on the size and composition of the audit
team:
5. Independence of the audit team, avoiding conflict of
interest
6. Ability of the audit team members to interact effectively with
the representatives of the auditee and to work together.
7. Language of the audit and the auditee’s social and cultural
characteristics.

Note:
Auditors-in-training may be included in the audit team, but should
participate under the direction and guidance of an auditor.
 Sample Auditor Competency Requirements

1. Knowledge of management systems requirements (standard)

2. Knowledge of established agency’s management system
3. Knowledge of basic (discipline) management principles and
application
4. Knowledge of auditing process, principles, methods
5. Skills in auditing process (planning, conducting audit, writing
finding reports, etc.)
6. Skills in root cause analysis and verification
7. Skills in Correction and Corrective Action
8. Skills in handling difficult situations
 Auditor Evaluation

• Confidence in the audit process and the ability to

achieve its objectives depends on the
competence of those individuals who are involved
in planning and conducting audits.
• Competence should be evaluated through a
process that considers personal behaviour and
the ability to apply the knowledge and skills
gained through education, work experience,
auditor training and audit experience.
 Auditor Evaluation

The evaluation of auditor competence should be planned,

implemented and documented in accordance with the audit
programme, including its procedures to provide an outcome
that is objective, consistent, fair and reliable. The evaluation
process should include four main steps, as follows:
a) determine the competence requirements
b) establish the evaluation criteria
c) select the appropriate evaluation method
d) conduct the evaluation
 Auditor Evaluation
Possible Evaluation Methods
 Maintenance and Improvement of Competence

Continual professional development

 Maintenance and improvement of knowledge, skills and
personal attributes
• Can be achieved through additional work experience, training,
private study, coaching, attendance at meetings, seminars and
conferences or other relevant activities

• Should take account changes in the needs of the individual and

the organization, the practice of auditing, standards and other
requirements
Module 4

4 Managing the
Audit Program
 Benefits of Auditing

Audits can provide the organization with

opportunities to continually improve the
effectiveness of its QMS
 Benefits of Auditing

 Audits help tell top management how effective their

managements systems are
 Audits tell top management what is really happening in
the organization
 Audits are vital in making decisions for improvement
 Audits need to be planned and managed well
 Audit Program or Procedure plays a key role

Management Auditor Auditee

 Audit Programme

 An audit programme shall be planned, taking into

consideration the status and importance of the
processes to be audited, as well as the results of
previous audits.

 Top management should ensure that audit programme

objectives are established and assign one or more
competent persons to manage it.
 Audit Programme

The audit objectives may include:

• Determination of the extent of conformity with the

defined criteria
• Evaluation of capability of QMS to ensure
compliance to legal requirements
• Evaluation of effectiveness of the QMS to meet its
objectives
• Identification of areas for improvement
 Audit Programme

The audit programme may include:

• Objectives of individual audits;

• Schedule of the audits;
• Audit programme procedures;
• Criteria and methods;
• Selection of audit teams;
• Necessary resources, including travel and
accommodation (if any);
• Processes for handling confidentiality
 Audit Programme

The Audit Programme should take into

consideration the following:

1. The status and criticality of the processes and areas to

be audited
2. The results of the previous audits (internal & external)
3. Corrective Actions – Status, results and impacts
4. Changes to systems elements
 Audit Programme

5. Introduction to new methods and technology

6. Organizational and personnel changes

7. Risk to quality if audit frequency is reduced

8. Availability and competence of audit team members

 Audit Programme

9. Management concerns
a. Specific areas relevant to the
achievement of customer satisfaction
b. Changes to the QMS
c. Results of audits

Note:
“All elements, areas, and processes of the management system
shall be audited at least once in a 12-month period.”
Review the Audit Procedure
 Implementing the Audit Programme
Performing an Audit CHECK ACT
PLAN Initiating Conducting
the audit document review

Conducting on- Preparing for

site activities on-site activities

Preparing, approving
and distributing
Completing
audit report the audit

Conducting
audit follow-upDO

Typical audit activities

1 Initiating the Audit
 Audit Plan/Programme

The audit plan should cover or reference the following:

a. the audit objectives

b. the audit scope, including identification of organizational and
functional units, as well as processes to be audited
c. the audit criteria and any reference documents
d. the roles and responsibilities of the audit team members
e. the dates and approximate duration of each audit stage
f. allocation of appropriate resources
 Audit Plan/Programme
The audit plan may also cover the following, as appropriate:
Identification of the auditee’s representative for the audit
Working and reporting language of the audit
Audit report topics
Logistics and communications arrangements
Matters relating to confidentiality
Any audit follow-up actions
Confidentiality and information security requirements
Audit report distribution and issue date
 Sample Audit Plan

© DAP 2017
ISO 9001 QMS Internal 62
 Sample Audit Plan

© DAP 2017
ISO 9001 QMS Internal 63
 Workshop 1
Objective:
For the auditors to learn how to prepare an Audit Plan or
Programme
Instruction:
1. In 4 groups, prepare an audit plan for the following processes:
Group 1: (Security 1)
Group 2: (Security 2)
Group 3: (Reformation)
Group 4: (Admin & Management)
2. Time: 20 minutes
3. Present your outputs
 Audit Preparation

DOCUMENT REVIEW
To familiarize the auditor with the area to be
audited and to have an idea on the documents that
should be found there
To enable the auditor to appreciate the area to be
audited
To establish an overview of the extent of the
system documentation to detect possible gaps
Documentation should include, as applicable,
relevant QMS documents and records, as well as
previous audit reports
 Audit Preparation

Document Review

CONTROLS
 Identify audit scope and process(es)
within scope
 Identify applicable factors (inputs,
outputs, measures, resources, etc.)
 Actions to address risks and
opportunities INPUT PROCESS OUTPUT
 Use these points and other TRANSFORMATION
requirements
(ISO 9001:2015 system documentation,
etc.) to:

RESOURCES
1. PLAN WHAT TO LOOK AT
2. PLAN WHAT TO LOOK FOR (AUDIT
EVIDENCE)
3. PREPARE CHECKLIST Process Transformation Map
 Audit Preparation
Performance Indicators
Document Review • Quality
PLANS • Cost
• Delivery
Actions to address risks and opportunities

Activity
1. Canvas
INPUT 2. Selection of suppliers OUTPUT
3. Bidding/Awarding
4. P.O. preparation
Purchase Request 5. Approval Delivery Receipt
6. Monitoring of delivery Inspection Report

Man: Purchasing personnel

Method: Procedure, Law
RESOURCES Material: Specifications, Forms
Machine: Business machines
Procurement Process Flow
 Audit Preparation

68
 Audit Preparation
Risk-Based Thinking on Checklist Preparation
An auditor has to be able to, both in preparation of checklists
and in the actual audit performance, “stand back” and
understand:

• What is expected from the activity?

• What, typically, are the risks that should be managed from
this activity?
• What, typically, are the basic controls that should be
applied?
• Are they effective and consistent?
 Audit Preparation

Risk-Based Thinking on Checklist Preparation

70
 Audit Preparation
Checklist Structure
In designing your checklist, consider the need to evaluate the
Evidence against the Criteria.

Area/Process: ______________
Requirement Source Evidence Notes
ISO 9001:2008 Clause or What to “LOOK AT” What to “LOOK
other requirement
FOR”

Audit Criteria Audit Evidence

 Audit Preparation

Process-based Checklist

a. The checklist should include questions

on the inputs, outputs, plans, personnel,
measurements and monitoring of the
processes
b. A checklist could ensure uniformity in the
performance of the auditors. However, auditors
should spend their time on auditing, not on filling-out
checklists or taking notes.

72
 Workshop 2
OBJECTIVE: For the auditors to learn how to
prepare an Internal Audit Itinerary.

Instruction:
1. In respective groups, prepare an audit
schedule for your auditees
2. Present your outputs.

Time: 20 mins.

ISO 9001 QMS Internal 73

Sample Audit itinerary

ISO 9001 QMS Internal 74

Sample Audit itinerary

ISO 9001 QMS Internal 75

 Workshop 3
Objective:
For the auditors to learn how to prepare an Audit Checklist
Instruction:
1. Using the audit checklist form, prepare an audit checklist for your
assigned process (refer to manual, procedures, ISO 9001 standard):
3 questions each for input and output
5 questions for the process transformation
5 questions for the resources
3 questions for the controls
2. Time: 30 minutes
3. Present your outputs
2.a Audit Proper
 Audit Proper
• Opening Meeting
• Verification Process
1 Site Audit (collecting and verifying
information), audit findings,
communicating findings,
closing meeting.

• audit report preparation

2 Audit Reporting • report review, approval
and distribution
• retention of documents

• confirmation of completion
3 Audit Completion as per audit plan
 On-site Audit

The Opening Meeting

With Top Management, or where appropriate, those responsible for the
functions or processes to be audited

The purpose of the opening meeting is:

a. to confirm the audit plan
b. to provide short summary of how audit activities will be
undertaken
c. to confirm communication channels
d. to provide an opportunity for the auditees
to ask question.
 On-site Audit

The Opening Meeting

• Come prepared! Bring an opening meeting agenda
• Choose a suitable meeting place.
• Be punctual. (Come on time or ahead of auditees)
• Be efficient! (If possible, do not exceed 15 mins.)
• Explain carefully the audit flow and objective.
• Be professional. Observe courtesy at all times.
• Create a positive atmosphere for the audit – emphasize the
partnership between the auditor and the auditee in seeking
conformity and continual improvement
 Exercise 3

Objective:
To guide the participants on how to properly conduct an opening
meeting.

Instruction:

1. The 4 groups will prepare an opening meeting agenda

2. Time: 10 minutes
3. Present your outputs
 Conducting the Audit

Process-based audit
Set of interrelated or interacting activities, which transforms inputs into outputs.

PROCEDURE
“Specified way to carry out an activity or
a process” - may be documented or not
EFFECTIVENESS
“Ability to achieve desired
results”
PROCESS Output
Input
set of interrelated or interacting
activities PRODUCT/SERVICE
(Includes (Result of
resources) A process)

EFFICIENCY
“Resultsachieved
“Results achieved vs.
vs. Resourcesused”
Resources used”
Monitoring and Measurement
(before, during and after process)
 Process Approach

The process approach emphasizes the

CONTROLS
importance of:

1. Understanding and meeting

requirements
2. Looking at processes in terms of
added value
3. Obtaining results of process INPUT PROCESS OUTPUT
performance TRANSFORMATION
4. Continual improvement of process

RESOURCES
 What to look for in a process?

Useful questions:

1) What are goals/objectives of the process/operations?

2) What are the associated risks and opportunities in this process?
3) Can you explain your operations/functions?
4) How do you know if you’ve done your job correctly?
5) How do you monitor the achievement/fulfilment of your job?
6) What information/resources do you
need to start your work?
6) Who provides the information/resources?
 The Process Input

Auditors should review the following:

a. Completeness, accuracy, clarity, and availability of needed
information, requirements, specifications, documents,
materials, etc. for processing.

b. Evaluation criteria for monitoring and measurement input

items.

c. Previous issues attributed to acceptance of discrepant inputs

that resulted to process nonconformities.
 The Process Output

OUTPUT – planned/expected/desired results

Auditors should review the following:
Purpose of the process
Output criteria and characteristics
Requirement of the next process
Feedback on performance by the next process
 Conducting the Audit

Applicable Audit Methods

Extent of INVOLVEMENT between Location of the Auditor
the auditor and the auditee
On-site Remote

Human Interaction Conducting interviews Via Interactive communication

Completing checklists and means:
questionnaires with auditee • conducting interviews
participation • completing checklists and
Conducting document review questionnaires
• conducting document review
with auditee participation
No Human Interaction Conducting on-site visit Observing work performed via
Observation of work performed surveillance means, considering
Completing checklists social and legal requirements
Sampling Analyzing data
 Conducting the Audit
Applicable Audit Methods

INTERVIEW

EXAMINE QUESTION
VERIFY

OBSERVE
 Conducting the Audit

Techniques to Obtain Audit Evidence

 Interview:
 Personnel that manage,
perform, and verify activities
 Also ensure they are
responsible for the activity
being audited
 Listen carefully to responses

 Observe:
 Identity, status, condition,
processes, equipment,
activities, environment, and
people
 Collecting and Verifying Information

a. Verify the information collected as to:

Relevance to the audit objectives, scope and criteria

relation to interfaces between functions, activities and
processes
Only information that is verifiable may be considered an audit
evidence

b. Audit evidence should be recorded based on samples of the

available information
 Audit Evidence: The 3Ps
Audit evidence can be classified as falling into one or three main
categories:

Records, policies, procedures, instructions,

P aper standards, etc. described as being necessary within
the Audit Criteria

P ractice Physical activities described as being necessary

within the Audit Criteria

P eople Levels of knowledge and understanding described

as being necessary within the Audit Criteria
 Audit Evidence: The 3Ps
Audit evidence must be reviewed, observed and interviewed to verify
that:

Paper demonstrates that the operation being recorded

conforms with the Audit Criteria

P ractice are being carried out as described by the Audit

Criteria and that the performance is logical and
effective

P eople do understand the methods of work and control

as described in the Audit Criteria
 Audit Evidence: The Past-Present-Future

The auditor must be able to see the past “prepared evidence” and must put
together a complete picture.

The records show effective implementation that

PAST matches the PAPER

current activities, follow the audit

PRESENT criteria, and are supported by the PRACTICE

FUTURE knowledge and understanding of the personnel involved PEOPLE

demonstrate the continued fulfillment of the audit
criteria.
 Audit Evidence: Cross-Check-Verify
Nothing happens within an organization in isolation

Paper Paper
Practice Practice
People People
ORGANIZATION

Paper Paper
Practice Practice
People People

When an auditor reviews audit evidence in one area, there should be

supportive evidence in other areas that the action being reviewed has
been effective in sponsoring correct reaction in those other areas.
Questioning Techniques
 Open Question
 Using why, who, what, where, when,
or how gets more than a yes or no
answer
 Expansive Question
 Further elaborates the current point
 Opinion Question
 Asks opinion about current point
 Non-verbal
 Uses body language, for example:
raise eye-brow to elicit further
information
 Questioning Techniques

 Repetitive Question
 Hypothetical
Repeats back Question
response in form of a  Uses what if,
question suppose that, etc.

 Closed Question  Silence

 Gets yes or no answer
 Draws more
 Avoid using too often
information
 Used for confirmation
 Auditor’s Seven (7) Friends

WHY? To understand the intention…

WHAT? To check applicability..

WHO? To identify the people responsible…

WHEN? To establish time and frequency…

WHERE? To know the location…

HOW? To understand the process…

SHOW ME.To confirm by demonstration…
 Establishing Rapport

Establishing rapport means establishing an

atmosphere of mutual trust and understanding.

 The interviewee might not like the

audit, or the fact that you’re there,
but you are perceived as fair and
professional.
 If you’re trusted, you’re more likely
to get sensitive or closely held
information.
 Establishing Rapport

 Establish rapport by following business norms

 appropriate dress – little formal, should be neutral
 good eye contact,
 firm handshake,
 on time, etc.
 Make small amount of small talk
 weather, traffic, latest news
 Hint: look for pictures (kids, pets, hobbies)
 establish commonality if you can do so genuinely
 Make the audit a conversation not an interrogation
 Listening Skills

 Auditor - Etymology from Latin ‘a

hearer’ or ‘listener’
 Active listening is more than just paying
attention.
 Active listening is a communication skill
that draws information from the other
person.

The sign of a good auditor is someone who can make the minimum
amount of noise and extract the maximum amount of information.
 Interview Basics

NEVER…
Be Rude
Become Impatient
Get Angry
Express Your Opinions
Get Involved In Arguments

ALWAYS…
Tell The Auditee What You Are Doing
Record Objective Evidence
Ask Open-Ended Questions
Treat The Auditee As Your Equal
Thank The Auditee For Their Help
 Auditor’s Tools
Auditor’s L-A-D-D-E-R
L ook at the person speaking to you
A sk open-ended questions
D o not interrupt
D o not get involved
E mpathize
R espond verbally and non-verbally

Look – Listen – Ask Questions – Silence – Empathy - Rapport

 Handling Difficult Situations

Volunteered Diversionary Inter-

information tactics departmental or

Cannot find
personality
document
Uncooperative conflicts
Noisy

environment

EXAMPLES
Unprepared Language

Called away
Long
Constant
telephone
interruptions Long-winded
calls
Provocation auditees Boastful
 Note Taking

 Notes could be used as reference

for:
 Immediate investigation
 Investigation later
 Use by a colleague
 Subsequent audits
 Notes taken during an audit are a
record of:
 The audit sample taken
 What was reported
 What was observed
 Notes may be referenced by
subsequent auditor
 Communication during the Audit

Audit team should confer periodically to:

a. exchange information
b. assess audit progress
c. reassign work between audit team members
as needed
 Audit Guide
Provision of guides and observers
Their responsibilities include:
a. establishing contacts and timing for interviews
b. arranging visits to specific parts of the site or organization
c. ensuring the rules concerning site safety and security procedures
are known and respected by the audit team members
d. witnessing the audit on behalf of the auditee
e. providing clarification of assisting in collecting information

Note:
a. may accompany the audit team but are not part of it
b. should not influence or interfere with the conduct of the audit
2.b Completing the Audit
Preparing Audit Conclusions

The team should confer prior to the

closing meeting
a. To review the audit findings
b. To agree on audit conclusions
c. Prepare recommendations
d. To discuss audit follow-up
 Audit Reporting

An audit finding is defined as:

 “results of the evaluation of the collected audit evidence

against audit criteria.”

Note 1:
Audit findings can indicate either conformity or nonconformity

Note 2:
Audit findings can lead to the identification of opportunities for
improvement or recording good practices
 Audit Reporting

Nonconformity means "non-fulfillment of a requirement“

Clause 3.6.9 of ISO 9000:2015

Auditors should maintain a positive approach and look for the

facts, not faults.

However, when the audit evidence determines that there is a

nonconformity, then it is important that the nonconformity is
documented correctly.
 Documenting a Nonconformity
The statement of nonconformity drives the cause analysis, correction and
corrective action by the auditee, so it should always ensure that the following
points are addressed:

1. First Requirement : Evidence

 You must write down your evidence.
 What you observed, what you heard, what you read.

2. Second Requirement : Requirement

 Evidence, but what is it in violation of?
 You must include the actual requirement, which will typically be the
an internal requirement, external requirement or an exact clause of
ISO 9001 that is in violation.

3. Third Requirement : Rationale

 The last requirement is a brief, one-sentence statement as to why the
evidence violates the requirements. Don't assume that this notion is
clear, instead CLEARLY STATE the problem.
 Sample Nonconformity Statement
CORRECTIVE ACTION REQUEST
CPAR No.: CARA-15-0001
Function: Physics Department Date: February 5, 2017
Subject: Instructional Material Development Classification: NC

Detail of Nonconformance: Criteria

The Instructional Material Development Procedure specifies that
syllabi must be done in two (2) working weeks.
However, the syllabus made for Applied Physics was only approved by
the Curriculum Committee on July 11, 2016 which was started by the
Course Director on March 3, 2016.
Initiator: Tony Stark
Evidence
 Documenting a Nonconformity

Do we have to find an ISO Clause to raise an NC?

It is very well possible that a nonconformity can be set

against an internal requirement without the need to
refer to an item in the standard (see 9.2)
 Fact-finding vs. Fault-finding

“The laboratory test “The examiner didn’t

reports were not fill out the laboratory
completed in test reports
accordance with the correctly”
specified requirements.”

One points the finger and says “That person screwed up.” The
second sentence simply says that both sides of the balance sheet
don’t match.
 Workshop 4
Writing Nonconformity Statement

Objective:
To guide the participants on the proper writing
of NC.
Writing a Nonconformity Statement

Based on what you have learned on reporting

of nonconformity findings

Why are these statements poorly written and

how you would have written them.
 Writing a Nonconformity

1. In the Storage Room, stocks of registration forms were found to be

contaminated by ink from container ducts that were not sealed.

2. A written instruction requires the Admissions Office to perform

inspection prior to release of enrolment form. The temporary
personnel assigned to release the item said he is not conducting it.

3. No internal audit had been carried out on Human Resources,

Maintenance, and Registrar. The Quality Manual states that audits
will be carried out on all departments on a six-month basis as a
minimum.

4. There are deliveries from the warehouse that were accepted with
incomplete requirements.
 Closing Meeting

The main purpose of this meeting is to

present audit findings to the auditee/s
to obtain his/her clear understanding
and acknowledgement of the factual
basis of the audit findings
Chaired by the Internal Audit Team
Leader

Disagreements should be resolved, if possible before a formal report is issued.

Final decisions on the significance and description of the audit findings rest
with the Internal Audit Team Leader.
 Closing Meeting

a. For small organizations, closing meeting may include of just

communicating the audit findings and conclusions

b. Other situations, meetings are formal with minutes, including

attendance

c. Diverging opinions regarding the audit findings and conclusions are

discussed, resolved if possible, if not resolved, opinions should be
recorded

d. Recommendations for improvement should

be presented
Preparing, Approving, and Distributing the Audit Report

The Audit Report should contain enough information to

enable management to assess the effectiveness of the
quality system in the area audited
The summary report, therefore, should not only contain
information about nonconformities but also the
satisfactory aspects/strengths of the system
 Completing the Audit

AUDIT IS COMPLETED WHEN:

a. Audit plan have been carried out

b. Audit report is distributed

If disclosure of documents and other information during the audit is

required, Auditee should be informed
3 Post-Audit Activities
 Conducting Audit Follow-up

The Auditor needs to ensure that there is objective evidence

(including supporting documentation) to demonstrate that
the described corrective action has been fully implemented
and is effective in preventing the nonconformity from
reoccurring. The nonconformity should be “closed” if the
situation proved to be satisfactory.
 Conducting Audit Follow-up

Completion and effectiveness of the

corrective action should be verified

Verification may be part of a subsequent audit and

may form part of the audit plan
 Audit: System and Continual Improvement

The system, not the people

 One of the best ways to understand the
system and its EFFECTIVENESS is
through people:

an Audit
must always
satisfy customers
focus on the
produce goods and deliver services
SYSTEM
itself CARRY OUT INSTRUCTIONS
how they receive and interpret information
 Audit: System and Continual Improvement
Human side of auditing
Quality is a Way of Life.

pursuit of quality can be perceived as the

road less traveled because of its
requirements.
systems and procedures in any institution
are meant to put ORDER and HARMONY

•BE MORE HAPPY,

• MORE PRODUCTIVE,
• MORE PROFITABLE
• FRUITFUL
 Audit: System and Continual Improvement
Auditing brings out the positive in YOU
 Offering another UD IT IS NOT
A
opportunity to implement
“PROGRESS THROUGH
SHARING.”
 Learning new INSIGHTS
from audit exchange.
 Instilling a DESIRE to
IMPROVE
G
STIFLIN