----------------------------------------------------------------------------------------------------------------

INTERNAL AUDIT WORKSHOP

COURSE OUTLINE Review of ISO 9000:2000 and ISO 14001:2004 Requirements Audits and the Audit Life Cycle The Role of the Internal Auditor The Audit Plan The Audit Checklist Auditors Skills and Audit Techniques Conducting the Audit Reporting the Audit COURSE OBJECTIVES To provide an understanding of the ISO 9001:2000 and ISO 14001:2004 requirements for internal audit To provide an understanding of the role of an internal auditor in identifying areas for improvement To provide internal quality assessors with skills to enable them to gather and analyze information to assess the effectiveness of their QMS and EMS

DEFINITIONS
REQUIREMENT Need or expectation that is stated, generally implied or obligatory CUSTOMER SATISFACTION Customers perception of the degree to which the requirements have been fulfilled PROCESS Set of interrelated or interacting activities which transforms inputs into outputs SYSTEM Set of interrelated or interacting elements MANAGEMENT SYSTEM System to establish policy and objectives and to achieve those objectives CONTINUAL IMPROVEMENT Recurring activity to increase the ability to fulfill requirements EFFECTIVENESS Extent to which planned activities are realized and planned results achieved EFFICIENCY Relationship between the result achieved and the resources used AUDIT Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled

___________________________________________________________________________

----------------------------------------------------------------------------------------------------------------

AUDIT CRITERIA Set of policies, procedures or requirements used as reference AUDIT EVIDENCE Records, statements of fact or other information which are relevant to the audit criteria and verifiable. AUDIT FINDINGS Results of the evaluation of the collected audit evidence against audit criteria. VALUE-ADDED AUDITING A systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance process

SESSION 1: ISO 9000:2000 and ISO 14001:2004 REQUIREMENTS

MANAGEMENT PRINCIPLES: Customer focus Leadership Involvement of people Process approach System approach to management Continual improvement Factual approach to decision making Mutually beneficial supplier relationship ISO 9001:2000 REQUIREMENTS 4 QUALITY MANAGEMENT SYSTEM 4.1 General Requirements 4.2 Documentation Requirements 5 MANAGEMENT RESPONSIBILITY 5.1 Management Commitment 5.2 Customer Focus 5.3 Quality Policy 5.4 Planning 5.5 Responsibility, Authority and Communication 5.6 Management Review 6 RESOURCE MANAGEMENT 6.1 Provision of Resources 6.2 Human Resources 6.3 Infrastructure 6.4 Work Environment 7 PRODUCT REALIZATION 7.1 Planning of Product Realization 7.2 Customer-Related Processes 7.3 Design and Development 7.4 Purchasing 7.5 Production and Service Provision 7.6 Control of Monitoring and Measuring Devices

___________________________________________________________________________

---------------------------------------------------------------------------------------------------------------8 MEASUREMENT, ANALYSIS AND IMPROVEMENT 8.1 General 8.2 Monitoring and Measurement 8.3 Control of Nonconforming Product 8.4 Analysis of Data 8.5 Improvement

ISO 14001:2004 REQUIREMENTS 4.1 General Requirements 4.2 Environmental Policy 4.3 Planning 4.3.1 Environmental Aspects 4.3.2 Legal and Other Requirements 4.3.3 Objectives, Targets and Programs 4.4 Implementation and Operation 4.4.1 Structure and Responsibility 4.4.2 Training, Awareness, and Competence 4.4.3 Communication 4.4.4 Environmental Management System Documentation 4.4.5 Document Control 4.4.6 Operational Control 4.4.7 Emergency Preparedness and Response 4.5 Checking and Corrective Action 4.5.1 Monitoring and Measurement 4.5.2 Evaluation of Compliance 4.5.3 Nonconformity, Corrective Action and Preventive Action 4.5.4 Records 4.5.5 Environmental Management System Audit 4.6 Management Review

SESSION 2: AUDITS AND THE AUDIT LIFE CYCLE

8.2.2 INTERNAL AUDIT The organization shall conduct internal audits at planned intervals to determine whether the quality management system: a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and b) is effectively implemented and maintained. An audit program shall be planned, taking into consideration the s t a t u s a n d importance of the processes and areas to be audited, as well as the results of previous audits. The a u d i t c r i t e r i a , s c o p e , f r e q u e n c y a n d m e t h o d s s h a l l b e defined. Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work.

___________________________________________________________________________

---------------------------------------------------------------------------------------------------------------The responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records (see 4.2.4) shall be defined in a documented procedure. The management responsible for the area being audited shall ensure that actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and reporting of verification results (see 8.5.2).

4.5.5 INTERNAL AUDIT The organization shall ensure that internal audits of the environmental management system are conducted to a) determine whether the environmental management system, 1. conforms to planned arrangements for environmental management including the requirements of this International Standard; and 2. has been properly implemented and is maintained; and provide information on the results of audits to management.

b)

Audit program(s) shall be planned, established, implemented and maintained by the organization, taking into consideration the environmental importance of the operation(s) concerned and the results of previous audits. Audit procedure(s) shall be established, implemented and maintained that address the responsibilities and requirements for planning and conducting audits, reporting results and retaining associated records, the determination of audit criteria, scope, frequency and methods. Selection of auditors and conduct of audits shall ensure objectivity and the impartiality of the audit process. AUDITNG PRINCIPLES: Ethical conduct Fair presentation Due professional care Independence Evidence-based approach OBJECTIVES OF QUALITY AUDITS Assessing conformance Assessing effectiveness an efficiency Investigating problems Identifying areas for improvement Determining extent of the need for continuing development Approving suppliers/sub-contractors Assessing for certification TO BE A VALUABLE TOOL, AUDITS MUST BE: Conducted at intervals appropriate to needs Conducted against recognized criteria Conducted against recognized methods Conducted by competent personnel

___________________________________________________________________________

---------------------------------------------------------------------------------------------------------------Conducted without bias Reported completely and accurately VALUE-AUDIT VALUES Compliance audits Process audits Internal control assessments Risk assessments Self-assessments Consulting THE AUDIT LIFE CYCLE Planning the Audit Preparing for the Audit Audit

Performing the Audit

Reporting the

PLANNING THE AUDIT Identify Scope Identify Frequency Identify Criteria for Auditor Selection Estimate Time Required Establish Approach to Review Auditors Performance PREPARING THE AUDIT Review MS Documents Prepare Audit Plan CONDUCTING THE AUDIT Hold Opening Meeting Follow Audit Trail REPORTING THE ADIT Identify and Analyze NCs Conduct Follow-Up Actions

Prepare Audit Checklist

Confirm Findings

Prepare Audit Report Conduct Close Out

Conduct Closing Meeting

SESSION 3: ROLE OF THE INTERNAL AUDITOR

AUDITORS REPONSIBILITIES Communicate/clarify audit requirements Document observations Report audit results Verify effectiveness of corrective actions Retain/safeguard audit documents LEAD AUDITORS REPONSIBILI TIES Establishes objectives and scope of the audit Establishes responsibilities and procedures Ensures availability of resources Prepares Audit Plan Briefs audit team Maintains the Audit Report Reports non-conformances Monitors, reviews and improves the audit program AUDITOR COMPTETENCE S Generic knowledge and skills Specific knowledge and skills

___________________________________________________________________________

---------------------------------------------------------------------------------------------------------------Education/work experience/training/audit experience Personal attributes AUDITORS GENERIC KNOWLEDGE & SKILL Audit principles, procedures and techniques Management system and reference documents Organizational situations Applicable laws and regulations Other requirements relevant to the discipline AUDITORS QUALITY -SPECIFIC KNOWLEDGE & SKILL Quality-related methods and techniques Process, products and services Auditors Environmental Specific Knowledge and Skills Environmental science and terminologies Impact of human activities on the environment Interaction of ecosystem Management of natural resources General methods of environmental protection Technical and environmental aspects of organization Environmental aspects and impacts Methods of evaluating significance of aspects Critical characteristics of process and products Monitoring and measurement techniques Terminologies for prevention of pollution AUDITOR QUALITIES S Ethical Open-minded Diplomatic Observant Perceptive Versatile Tenacious Decisive Self-reliant EVALUATION METHODS Employee performance evaluation Review of training records Observation Tests Review of employment records Peer review VALUE-ADDED VALUE Auditors should be able to assess: Operational and quality effectiveness Business risk Business and/or process control

___________________________________________________________________________

---------------------------------------------------------------------------------------------------------------Process and business efficiencies Cost reduction opportunities Waste elimination opportunities Corporate governance effectiveness

SESSION 4: THE AUDIT PLAN

AUDIT PLAN Details who audits what and when Allows concerned heads to know schedules Makes efficient use of time Should be flexible INPUTS TO THE PREPARATION OF THE AUDIT PLAN Independence/authority of auditors Team size and skills Floor plan/layout Requirements of the standards Time available Previous Audit Plans Audit trails TEAM COMPOSITIONS CONSIDERATION Objectives, scope, criteria and duration of the audit Competence of the auditors Independence of auditors Ability to interact effectively with auditees and team members Language, social and cultural factors PREOARING THE AUDIT PLAN Determine the audit dates Determine the audit scope Determine audit team size Determine time allocation Ensure balanced assignments Draft Audit Plan THE AUDIT PLAN Audit objectives Audit scope Audit criteria and reference documents Dates and sites Time and duration Roles and responsibilities Resources Auditees

___________________________________________________________________________

----------------------------------------------------------------------------------------------------------------

SESSION 5: THE AUDIT CHECKLIST

OBJECTIVES OF CHECK LIST Ensure depth and continuity of audit Ensure all relevant aspects are covered Ensure interrelated processes are defined Ensure proper time management Give structure to interview Give a more professional impression CONSIDERATION IN CHECKLIST PREPARATION Must be concise Must use company terms Must be traceable to documents Must be complete -- with answers Must avoid tick sheets Must avoid leading questions Must have one for each process Must not take over the audit

SESSION 6: AUDITORS SKILLS AND AUDIT TECHNIQUES

GOOD COMMUNICATION SKILLS Verbal Body language Style and sound of speech Facial expressions Range of literacy ASSERTIVE BEHAVIOR Standing up for your own rights Not violating the rights of others Expressing your needs, wants, views and feelings Being direct and honest AGGRESSIVE BEHAVIOR Standing up for your own rights Violating rights of others Expressing your needs, wants, views and feelings in inappropriate ways Ignoring, disregarding or discounting needs, wants, views and feelings of others The aim is to win, if necessary at the expense of others PASSIVE BEHAVIOR Failing to stand up for your own rights Failing to express your needs, wants, views and feelings Apologetic The aim is to avoid conflict and to please others

___________________________________________________________________________

---------------------------------------------------------------------------------------------------------------INTRODUCTIONS Consider cultural expectations Put auditee at ease Explain why you are there PUT PEOPLE AT EASE Find the best place for the interview Avoid barriers Maintain same physical level as auditee Be open in speech and manner Use humor - but only if appropriate Be calm, cool and objective FEED BACK BY AUDITOR Nod when appropriate Look interested Occasionally restate what the auditee said Tactfully lead auditee to your trail Reinforce what they said Generate questions READ THEIR SIGNALS Signs of stress Symptoms of lying or conflict Signs of hostility/defense

SESSION 7: CONDUCTING THE AUDIT

AUDITOR TOOLKIT Clipboard Copy of the Standard Checklists Report Forms Audit Plan AGENDA OF THE OPENING MEETING Introduction of the Audit Team Explanation of the audit objectives and scope Explanation of audit method Confirmation of the Audit Plan Confirmation of meeting times Clarifications WHAT TO OBSERVE DURING AUDIT Uncontrolled Quality System documents Staff attitude Poorly stored product Untidy desks Handling and storage of materials/products

___________________________________________________________________________

---------------------------------------------------------------------------------------------------------------TYPICAL INTERVIEW FORMAT Salutations Explanation of objectives Discussions on processes Questioning - probing Checking of facts and recording of findings Thanking Auditee Moving on to the next Auditee

SESSION 8: REPORTING THE AUDIT

INTERNAL AUDITONG BASICS Process appraisal Effectiveness for stated intent OPEN QUESTIONS Encourage auditee to talk freely Warning !! do not allow the auditee to talk too much What, where, who, when, how, why and show me! PROBING QUESTIONS To Follow-up or to focus Designed to search for information in greater depth Cornerstone of audit technique CLOSED QUESTIONS Used to establish specific facts Normally elicits a yes/no answer Objective Evidences Paper Practice People CROSS CHECK AND VERIFY!!

AGREEING NON-CONFORMANCE: Can be done: When they are found At the end of the audit At regular review points OBEJECTIVES OF TEAM REVIEWS Monitor/revise Audit Plan Ensure all areas are covered Ensure all aspects of the standard are addressed Exchange of information Discuss problem areas

___________________________________________________________________________

---------------------------------------------------------------------------------------------------------------TYPES OF NON-CONFORMANCE Product Process Management system NON-CONFORMANCE REPORT MUST: Be factual/objective Be clear and concise Be identifiable by other auditors Be given a unique identifier Be accepted/signed by auditee CONSIDERATION IN CLASSIFYING NON-CONFORMANCE Impact on the quality of product or service Impact on the overall integrity of the QMS and EMS CLASSIFYING NON-CONFORMITIES: MINOR An isolated observed lapse in the fulfillment of specified requirements. No significant impact on the achievement of customer satisfaction. MAJOR - RULE The absence or total breakdown of a system to fulfill a specified requirement of ISO 9001:2000, ISO 14001:2004 or other reference documents. MAJOR GUIDELINES: No corrective/preventive action on a non-conformance that resulted to poor quality product/service provided to customer Consistent, repeating and widespread failure to meet a specified requirement Non-conformance that leads to a non-conformance against regulatory or legal requirements CONTENTS OF NON-CONFORMANCE REPORT Objective evidences Specific requirement the non-conformance was raised against Location/process where the non-conformance was identified Classification of the non-conformance Others: Date of audit Name of auditor Report reference number NON-CONFORMANCE REPORT SHOULD NOT CONTAIN names Confidential information Subjective statements Emotive statements Information not previously raised

___________________________________________________________________________

---------------------------------------------------------------------------------------------------------------AGENDA OF THE CLOSING MEETING Explanation of objectives Appreciation Reconfirmation of: Confidentiality Scope Method used Presentation (and agreement) of findings Explanation of close out routines Conclusions CORRECTIVE ACTION Action to eliminate the cause of a detected nonconformity or other undesirable situation. PREVENTIVE ACTION Action to eliminate the cause of a potential nonconformity or other undesirable potential situation. C ONSIDERATION IN AUDIT PROGRAN REVIEW Results and trends Conformity with procedures Evolving needs and expectation of stakeholders Alternative or new auditing practices Consistency in performance

___________________________________________________________________________