asqinternal audit training guidance
TRANSCRIPT
QAD 2006 © 2005 Whittington & Associates, LLC Slide 1
Requirements and Guidance for
Internal AuditsLearning from Industry Sources
Whittington & Associates, LLC636 Gunby Road, Marietta, GA 30067
www.WhittingtonAssociates.com
800-404-7585 or 770-955-7585
QAD 2006 © 2005 Whittington & Associates, LLC Slide 2
Audit References
REQUIREMENTS (No additional audit requirements in TL 9000:2001 or ISO 13485:2003)
ISO 9001:2000 Quality Management Systems (QMS) - Requirements
AS9100B:2004 Quality Systems - Aerospace - Requirements
ISO/TS 16949: 2002 QMS - Automotive Suppliers - Requirements for the Application of ISO 9001:2000
ISO 14001: 2004 Environmental Management Systems (EMS) - Requirements with Guidance for Use
GUIDANCE (No additional audit guidance in AS9106:2003)
ISO 9004:2000 Quality Management Systems - Guidelines for Performance Improvement
ISO/TS 16949:2002 Implementation Guide
ISO 14004: 2004 EMS - General Guidelines on Principles, Systems, and Supporting Techniques
ISO 90003:2004 Guidelines for the Application of ISO 9001:2000 to Computer Software
ISO 19011: 2002 Guidelines for Quality and/or Environmental Management Systems Auditing
QE19011S: 2004 Guidelines for QMS and/or EMS Auditing: US Version with Supplemental Guidance
WWW.ISO.ORG ISO 9001:2000 Interpretations Service
WWW.ISO.ORG ISO 9001:2000 Auditing Kit
Speaker Handout Audit Worksheet (Turtle Diagram) from Whittington & Associates
Speaker Handout Audit Quick Reference from Whittington & Associates, LLC
QAD 2006 © 2005 Whittington & Associates, LLC Slide 3
Audit Definition
Systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which agreed criteria are fulfilled.
ISO 9000:2000 - Clause 3.9.1Fundamentals and Vocabulary
QAD 2006 © 2005 Whittington & Associates, LLC Slide 4
Requirements - ISO 9001:2000
Clause 8.2.2 Documented procedure for internal audits Verification of conformity and effectiveness Planned on status; importance; prior audits Auditors selected for impartiality; objectivity Results reported and records maintained Corrective action taken without undue delay Follow-up audit to verify corrective action
QAD 2006 © 2005 Whittington & Associates, LLC Slide 5
Audit Guidance - ISO 9004:2000
Clause 8.2.1.3: Establish effective and efficient internal audits Assess strengths and weaknesses of the QMS Use as management tool for independent view Obtain objective evidence that requirements met Judge effectiveness and efficiency of
organization
QAD 2006 © 2005 Whittington & Associates, LLC Slide 6
Audit Guidance - ISO 9004:2000
Clause 8.2.1.3: Ensure improvement actions are taken on results Establish flexible audit plans for internal audits Permit changes in emphasis based on evidence Develop plans with input from areas to be audited Consider planning input from interested parties
QAD 2006 © 2005 Whittington & Associates, LLC Slide 7
Audit Subjects - ISO 9004:2000
Clause 8.2.1.3: Effective and efficient process implementation Opportunities for continual improvement Capability of processes Effective and efficient use of statistical
techniques Use of information technology Analysis of quality cost data Effective and efficient use of resources Process and product performance results
QAD 2006 © 2005 Whittington & Associates, LLC Slide 8
Audit Subjects - ISO 9004:2000
Clause 8.2.1.3: Performance measurements:
– Adequacy – Accuracy
Improvement activities Relationships with interested parties
Internal Audit Reporting: Share evidence of excellent performance Provide opportunities for recognition Motivate people
QAD 2006 © 2005 Whittington & Associates, LLC Slide 9
Requirements - AS9100B:2004
Develop detailed audit tools and techniques, e.g., Checksheets, Process flowcharts, or Similar methods
to support audits of the QMS requirements.
Measure acceptability of audit tools against: Effectiveness of internal audit process Performance of overall organization
Assess contract and/or regulatory requirements.
QAD 2006 © 2005 Whittington & Associates, LLC Slide 10
Requirements - ISO/TS 16949
8.2.2.1 Quality Management System Audit Audit the QMS to verify compliance with ISO/TS 16949 and
any additional quality management system requirements.
8.2.2.2 Manufacturing Process Audit Audit the effectiveness of each manufacturing process.
8.2.2.3 Product Audit Audit products at appropriate stages of production and
delivery to verify conformance to all specified requirements, such as product dimensions, functionality, packaging, and labeling at a defined frequency.
QAD 2006 © 2005 Whittington & Associates, LLC Slide 11
Requirements - ISO/TS 16949
8.2.2.4 Internal Audit Plans Cover all quality management related processes,
activities, and shifts Schedule according to an annual plan. Increase audit frequency when internal or external
nonconformities or customer complaints occur
(Note: Specific checklists should be used for each audit)
8.2.2.5 Internal Auditor Qualification Use internal auditors who are qualified to audit the
requirements of ISO/TS 16949
QAD 2006 © 2005 Whittington & Associates, LLC Slide 12
Guidance - ISO/TS 16949:2002
(ISO/TS 16949 Implementation Guide)
Quality Management System Audit• Use the process approach to monitor natural work flow
Manufacturing Process Audit• Focus on a process within quality management system
Product Audit• Focus on the product characteristics• Verify product requirements are met
Use Turtle Diagram to analyze an audited process.
(See Handout: “Audit Worksheet”)
QAD 2006 © 2005 Whittington & Associates, LLC Slide 13
Turtle Diagram - ISO/TS 16949
PROCESS
REQUIREMENTS
REQUIREMENTS
ResourcesWho?
ResourcesWhat?
MethodsHow Done?
MeasuresWhat Results?
OUTPUTDeliver what?
INPUTReceive What?
QAD 2006 © 2005 Whittington & Associates, LLC Slide 14
Requirements - ISO 14001:2004
Clause 4.5.5 is similar to ISO 9001:2000, except:
ISO 9001:2000Organization must conduct internal audits.
ISO 14001:2004Organization must ensure they are conducted.
ISO 9001:2000Determine if QMS has been effectively implemented.
ISO 14001:2004Determine if EMS has been properly implemented.
QAD 2006 © 2005 Whittington & Associates, LLC Slide 15
Requirements - ISO 14001:2004
Missing direct coverage of these ISO 9001:2000 requirements:
ISO 9001:2000 - Management responsible for area being audited must ensure actions are taken without undue delay to eliminate detected nonconformities and their causes.
ISO 14001:2004 - Not included.
ISO 9001:2000 - Follow-up activities must include verification of actions taken and the reporting of verification results.
ISO 14001:2004 - Not included.
Addressed indirectly by ISO 14001:2004, clause 4.5.3, on Nonconformity, Corrective Action, and Preventive Action.
QAD 2006 © 2005 Whittington & Associates, LLC Slide 16
Audit Guidance - ISO 14001:2004
Guidance on Use from Annex A.5.5 Perform internal audits by personnel from within
the organization or by external persons selected by the organization, working on its behalf
Ensure persons conducting audit are competent and in position to do so impartially and objectively
Demonstrate auditor independence in smaller organizations by the auditor being free from responsibility for the activity being audited
QAD 2006 © 2005 Whittington & Associates, LLC Slide 17
Audit Guidance - ISO 14004:2004
Perform internal audits to identify opportunities for improvement in environmental system
Establish an audit program to direct the planning and conduct of audits and identify the audits needed to meet the program's objectives
Base program on the nature of operations, in terms of its environmental aspects and potential impacts, the results of past audits, and other relevant factors
QAD 2006 © 2005 Whittington & Associates, LLC Slide 18
Audit Guidance - ISO 14004:2004
Each internal audit need not cover entire system, so long as audit program ensures all organizational units and functions, system elements, and full scope of the EMS are audited periodically
Plan and conduct audits by objective and impartial auditors, aided by technical experts, as appropriate, selected from within organization or from external sources
QAD 2006 © 2005 Whittington & Associates, LLC Slide 19
Audit Guidance - ISO 14004:2004
Collective competence of auditors should be sufficient to meet objectives and scope of the particular audit and provide confidence as to the degree of reliability that can be placed on results
Results of an internal EMS audit can be provided in the form of a report and used to:
– Correct or prevent specific nonconformities
– Fulfill one or more objectives of the audit program
– Provide input to the management review
QAD 2006 © 2005 Whittington & Associates, LLC Slide 20
Audit Guidance - ISO 90003:2004
When software organizations separate their work into projects, internal audit planning should:
Define a selection of projects Cover all stages and all processes Assess compliance of project quality plan to QMS Assess project compliance to project quality plan
QAD 2006 © 2005 Whittington & Associates, LLC Slide 21
Audit Guidance - ISO 90003:2004
Audit various projects at different stages of product development life cycle, or
Audit a single project as it progresses through various stages.
If intended project changes its timescale, review internal audit schedule to:
1. Change timing of the audit, or
2. Consider a different project.
QAD 2006 © 2005 Whittington & Associates, LLC Slide 22
Audit Guidance - ISO 19011:2002
Guidelines for QMS and EMS Auditing
• Understanding principles of auditing
• Identifying needed auditor competence
• Selecting audit teams
• Conducting internal and external audits
• Managing audit programs
• Evaluating auditor performance
QAD 2006 © 2005 Whittington & Associates, LLC Slide 23
Audit Activities - ISO 19011:2002
1. Initiation Define audit objectives.
2. Review Examine the documents.
3. Preparation Plan for onsite activities.
4. Execution Audit the quality system.
5. Reporting Report the audit results.
6. Completion Complete the audit plan.
7. Follow-Up Conduct follow-up audit.
(See Handout: “Audit Quick Reference”)
QAD 2006 © 2005 Whittington & Associates, LLC Slide 24
Audit Guidance - QE19011S:2004
ISO 19011 provides guidance and examples US decided additional guidance was neededPublished ANSI/ISO/ASQ QE19011S:2004 QE19011S includes ISO 19011 guidanceQE19011S adds guidance and examples for:
– First-party (internal) audits – Second-party (external) audits– Small organizations
QAD 2006 © 2005 Whittington & Associates, LLC Slide 25
Audit Guidance - QE19011S:2004
6.5.7 Conducting a Closing Meeting(Verbatim ISO 19011:2002 Text)
S6.5.7.1 First Party AuditsMay need only auditor and managers of audited areas.
S6.5.7.2 Second Party AuditsShould include supplier’s management team and personnel that will address the audit findings.
S6.5.7.3 Use by Small OrganizationsAuditor may be most qualified to provide recommendations for correcting nonconformities.
QAD 2006 © 2005 Whittington & Associates, LLC Slide 26
ISO 9001:2000 Interpretations
Go to: http://www.tc176.org/interpre.asp
Request: (RFI-036 for Clause 8.2.2) Clause 8.2.2: “An audit program shall be planned, taking into consideration the status and importance of the processes and areas to be audited, ...”.
Is it a requirement of this clause that the criteria to determine the status and the importance of the processes and areas to be audited have to be documented?
Background: There is divergence with the auditor regarding a requirement for documentation of “status and importance criteria” despite the fact that evidence was provided that the planning of the audit program has taken the status and importance of the processes and areas to be audited into consideration.
Interpretation: No.
QAD 2006 © 2005 Whittington & Associates, LLC Slide 27
ISO 9001:2000 Auditing Kit
http://www.iso.org/tc176/ISO9001AuditingPracticesGroup The need for a 2-stage approach to auditing Measuring QMS effectiveness and improvements Identification of processes Understanding the process approach Determination of the “where appropriate” processes Auditing the “where appropriate” requirements Demonstrating conformity to the standard Linking audit of a task, activity or process to overall system Auditing continual improvement Auditing a QMS which has minimum documentation
QAD 2006 © 2005 Whittington & Associates, LLC Slide 28
ISO 9001:2000 Auditing Kit
How to audit top management processes The role and value of the audit checklist Scope of ISO 9001, QMS, and certification How to add value during the audit process Auditing competence and effectiveness of actions taken Auditing statutory and regulatory requirements Auditing the quality policy and quality objectives Auditing 7.6 Control of monitoring and measuring devices Making effective use of ISO 19011 Auditing customer feedback processes
QAD 2006 © 2005 Whittington & Associates, LLC Slide 29
ISO 9001:2000 Auditing Kit
Documenting a nonconformity Guidance for reviewing and closing nonconformities Auditing internal communications Auditing preventive action Auditing service organizations Third party auditor impartiality and conflict of interest Auditing the effectiveness of the internal audit Auditing electronic-based management systems Auditing the management of resources Auditing customer communications
QAD 2006 © 2005 Whittington & Associates, LLC Slide 30
Remaining Questions?
Audit Requirements? Audit Guidance?ISO 9001:2000 ISO 9004:2000
AS9100B:2004 ISO/TS 16949 Guide
ISO/TS 16949:2002 ISO 14004:2004
ISO 14001:2004 ISO 90003:2004
Handouts? ISO 19011:2002
Audit Worksheet QE19011S:2004
Audit Quick Reference www.iso.org