ISO 9001-2008 QMS INTERNAL AUDITOR REFRESHER COURSE

1
ISO 90012008 QMS Internal Auditor Refresher
Course

• Delivered by
• Kobe K. Motlhatlhedi

Gaborone International Convention Centre February
5th 6th 2014
2
Introductions

• Name
• Department/Function
• Job Title
• Duration of Employment
• QMS Audit Experience (Duration)

3

• General Information about the Course

4
What the Course will Cover

• Overview of ISO 90012008
• Principles of Management System Auditing
• Importance of Internal QMS auditors and their
  Responsibilities
• Conducting an Effective QMS Audit
• Corrective action
• Verifying the effectiveness of CA
• Characteristics/skills/traits of Auditors
• Examination
• Review of the Examination

5
Over view of ISO 90012008
6
Principles of Management System Auditing

• Why Audit is essential?
• A management tool for monitoring and verifying
  the effective implementation of an organizations
  Quality Management System
• To identify areas of conformity and nonconformity
  against customer requirements, applicable
  statutory and regulatory requirements, and
  established planned arrangements in the QMS
• To provide a systematic discipline for corrective
  or preventive actions if actual or potential
  nonconformities are found

7
Principles of Management System Auditing

• Why Audit is essential?
• To provide information on which an organization
  can act to improve its performance (identify
  opportunities for continual improvements)
• It is an essential part of conformity assessment
  activities such as 3rd party certification

8
Principles of Management System Auditing

• Internal Quality Audits are essential
• to determine, by an unbiased means and through
  factual information on quality performance,
  whether the quality system is effective in
  maintaining control by checking that prescribed
  quality objectives are being achieved and the
  resultant products and services meet specified
  customer and regulatory requirements.

9
Principles of Management System Auditing

• Likely effects on QMS of a weak IQA System
• Inadequate review of the Quality Management
  System vs. the requirements
• Conclusions not reliable basis for Top Management
  to evaluate the effectiveness of QMS
  implementation
• Diminished peoples full support to the Quality
  Management System.

10
Principles of Management System Auditing

• Important terms and definitions
• Audit
• A systematic, independent and documented process
  for obtaining audit evidence and evaluating it
  objectively to determine the extent to which
  audit criteria are fulfilled.

11
Principles of Management System Auditing

• Audit Criteria Set of policies, procedures or
  requirements used as a reference against which
  audit evidence is compared.
• Audit Evidence Records, statements of fact or
  other information, which are relevant to the
  audit criteria and verifiable.

12
Principles of Management System Auditing

• Audit findings results of the evaluation of the
  collected audit evidence against audit criteria
• Audit Conclusion outcome of an audit provided
  by an audit team after consideration of the audit
  objectives and all audit findings
• Auditor person with competence to conduct an
  audit

13
Principles of Management System Auditing

• Audit Scope extent and boundaries of an audit
  generally includes a description of the physical
  locations, organizational units, activities and
  processes, as well as the time period covered.
• Audit Program set of one or more audits,
  planned for a specific timeframe and directed
  towards a specific purpose.

14
Principles of Management System Auditing

• Audit Plan description of the activities and
  arrangements for an audit
• Auditee organization being audited
• Audit client organization or person requesting
  an audit
• Competence demonstrated personal attributes and
  demonstrated ability to apply knowledge and
  skills

15
Refresher Break
16
Exercises 1 and 2
17
General Auditor Responsibilities

• Dedicate time to preparing for audit assignments,
  including researching information re
  process/area to be audited and preparing an audit
  checklist
• Communicate effectively with all levels and
  associates within your organization
• Summarize audit information in an objective
  manner
• Adapt to auditing situations

18
Auditors

• Managements mirror for observing the business
• Objective
• Prepared
• Professional
• Ethical
• Honest
• Inquisitive

19
Auditor Responsibilities

• Conduct audits per audit schedule
• Contact appropriate personnel in the area being
  audited to establish specific date/time and
  agenda for audit
• Review information related to the area being
  audited
• Prepare a checklist of questions to guide the
  audit process
• Collect objective evidence to support audit
  findings
• Report the results of the audit in a timely
  manner
• Organize verification of corrective actions to
  audit non-conformances

20
End of Day 1
21
Day 2
22
Conducting the Audit

• Audit Plan
• Develop Checklists
• Opening Meeting
• Gather Evidence
• Record Results
• Closing Meeting
• Audit Report

23
Audit Planning

• Objectives scope
• Collect documents
• standard, procedure, work instructions, forms
• desk top review
• History

24
Developing Checklists

• Guidelines
• Review documents
• identify important aspects of the activity
• list in logical order
• set of questions

25
Opening Meeting

• Who ?
• auditor/audit team
• auditee
• any staff from area to be audited that may be
  interviewed
• What ?
• Scope
• expected duration

26
Gathering Evidence about Compliance

• Interviews
• ask questions about system and its implementation
• who, what, when, how, where, why ?
• other questions
• direct
• hypothetical
• clarifying

27
Gathering Evidence about Compliance

• Examine documents
• procedures, work instructions, forms, quality
  manual
• copies controlled ?
• available ?
• correct issue status ?
• used in manner intended ?
• Quality Records
• stored correctly ?
• used as objective evidence
• many forms

28
Gathering Evidence about Compliance

• Observe activities
• what is said or written may not reflect practice
• show me
• Examine facilities
• as travel through laboratory/offices
• examine
• equipment
• standard of housekeeping
• size and layout of working area
• environment e.g. temperature in lab

29
Record Results

• Record on checklists
• activities which do not adhere to quality system
• may be classified
• major non-conformance
• minor non-conformance
• areas for improvement

30
Closing Meeting(s)

• Audit team meeting
• discuss audit results
• Closing meeting
• discuss corrective actions
• determine resolution dates
• Identify corrective actions
• use corrective action forms

31
Audit Report

• Audit details
• Summary of findings
• corrective actions
• numbered
• objective evidence
• reference the document
• observations
• Distribute

32
What is an audit non-conformance?

• Identifies situation where quality management
  system, as documented, is not being followed
• Reactive opportunity to improve the quality
  management system
• Audit non-conformance report provides record of
  current condition to allow comparison after
  action is taken

33
Writing a Non-conformance

• Purpose - to get effective corrective action!
• Helps people understand the problem.
• Acts as starting point for problem solving

34
Formula for documenting Non conformances

• Concern what condition was identified during
  audit recognizes what is
• Requirement per your organizations QMS
  documentation (and ISO 90012008) defines what
  should be
• Evidence supports non-fulfilment of
  requirement usually collected during audit when
  concern is initially identified

35
Exercise 3
36
Corrective Action Auditees Responsibility

• Find problem
• Fix problem
• Identify root cause of problem
• Implement solutions that control or eliminate
  root cause of problem
• Implement system to evaluate effectiveness of
  corrective action
• Respond with action plan in a timely manner
• Should not be a defence of status quo
• Should not only address specific deficiency
  without addressing underlying root cause

37
Corrective Action

• Actions taken to eliminate the causes of a
  detected non conformance to prevent recurrence.
• Manager of the area where non conformance was
  identified is responsible for these actions

• Fix it, (correction)
• Investigate why it happened, (root cause
  analysis)
• Implement actions to prevent it from happening
  again, (corrective action)
• Evaluate results and verify that actions taken do
  prevent nonconformance from happening again,
  (effectiveness)

38
Who is involved in corrective action?

• Effort normally led by supervisor or department
  manager
• Any employee may be involved in identifying the
  cause of the problem as well as potential
  solutions
• Some solutions may lead to change in existing
  system
• The internal auditor may participate in the
  corrective action at the request of the
  department/area, but is not responsible for
  correcting or implementing corrective actions for
  the nonconforming condition
• Involve other departments/areas who may
  experience the same problem

39
How do I know if the corrective action worked?

• The problem does not occur again.
• Your department/area determines how to verify the
  corrective action taken to evaluate if the
  problem has been fixed, (measures of
  effectiveness)
• Your corrective action will also be independently
  evaluated by an auditor after projected
  completion date noted on the non conformance
  report.

40
Refresher Break
41
Exercise 4
42
Verification of Corrective Action

• Detailed objective evidence to confirm that
  corrective action taken to correct a non
  conformance is implemented and effective
• Based on Auditee's written corrective action,
  (plan)
• Determine if stated corrective actions have been
  taken
• Determine if corrective actions taken have
  effectively eliminated the cause of non
  conformance
• Develop set of questions specific to corrective
  action using the corrective action report as the
  audit criteria
• Look for evidence that problem has not repeated
  since solution was implemented

43
How Verification Audits are Performed

• Auditor reviews corrective action information
  prepared by auditee
• Auditor prepares checklist of questions based on
  corrective action information, (fix it actions,
  how root cause was identified, actions taken to
  address cause, how results of actions were
  evaluated, etc.)
• Auditor performs audit to identify evidence which
  supports that each step of corrective action has
  been completed and that implemented actions have
  eliminated/controlled the causes to prevent
  recurrence of the non conformance
• Auditor also reviews information collected
  demonstrating results of implemented actions and
  data reflecting whether the non conformance has
  recurred

44
What are the Measured Results of the Actions
Taken? (Effectiveness)

• Measure the results of implemented actions to
  determine if non conformance and its causes have
  been eliminated
• Monitor the effect that implemented actions have
  on processes
• Monitor to see if the non conformance or its
  related causes happen again
• Also note any unexpected results of the
  implemented actions, (positive and negative)
• The desired result is that the non conformance
  and its associated causes do not repeat
• Time and data collection may be required to
  complete this step in the corrective action
  process

45
Results of Verification

• Record results of verification audit formal
  audit report not required when only reporting
  results of verification audit
• If results of verification audit demonstrate that
  corrective action is not complete or not
  effective, communicate this to manager of area
  and Management Representative the corrective
  action can not be closed until specified actions
  have been taken and data exists to demonstrate
  corrective action was effective in preventing
  recurrence of the non conformance
• These results also represent an audit of the
  effectiveness of the corrective action process
• Verification audits should also be performed for
  preventive and improvement actions same process
  except no fix it actions would be required

46
Desirable Auditor Characteristics

• Sound Judgment
• Patience
• Tenacity
• Professional Attitude
• Integrity
• Discipline
• Can be the Bad Guy

• Good Planner
• Diplomatic
• Analytical
• Inquisitive
• Good Communicator
• Good Listener

47
Undesirable Auditor Characteristics

• Inflexible
• Opinionated
• Argumentative
• Jumps to Conclusions
• Un-Professional
• Non-communicative

• Nice Person
• Easy to Influence
• Believes Everything
• Poor Planner
• Lazy - Doesnt Want to Dig In

48
Types of Auditors

• Know it All
• Desk Type
• Nice Person
• Cocktail

• What can you do for me?
• Out of auditors field
• The Professional

49
Desirable Traits

• Good outward impression
• Intelligent
• Emotionally stable
• Good character
• Good attitude

50
Undesirable Traits

• Poor outward impression
• Lacks intelligence
• Emotionally unstable
• Bad character
• Poor attitude

51
Skills and Abilities

• Communication
• Planning and Control
• Leadership
• Decision making
• Administration
• Independent
• Ability to adapt to change

52

• Not only must the auditor know his business,
  but he must be
  the right sort of person and
  above all be professional

53

• Examination

54

• Review of the Examination

55

• Course Evaluation

56
  Consulting, Training, Documenting Auditing
Business Management Systems Safety Health
Environment Laboratory Quality Food Risk
Business Continuity OHSAS 18001 ISO 14001
ISO/IEC 17025 ISO 9001 ISO 22000 ISO 31000
ISO 22301  P. O. Box 1889 AAD, Poso House,
Gaborone, BotswanaTel 267 7269 7531 E-mail
kobe_at_botsnet.bw or kobe2901_at_hotmail.comWebsite
www.facebook.com/KobsonsBusinessManagementServices
LinkedIn www.linkedin.com/in/kobson2901
End of Course
Any Questions?