IMS INTERNAL AUDIT

Quality
ISO 9001:2015

Environment
ISO 14001:2015

Health & Safety

ISO 45001:2018

BY: BURHAN NOOR BIN DIN

SIRIM STS SDN BHD

UKNT
 PLEASE TURN YOUR HAND PHONES TO SILENT
MODE

…AND SIT BACK!!

UKNT
 COURSE OBJECTIVES
1. To understand the principle and concept of
internal audit.
2. To understand how to plan an audit.

3. To understand how to prepare audit

checklist based on the process approach.

4. To understand how to perform a process

approach audit.

5. To understand how to write an audit report.

6. To understand how to carry out corrective

action and audit follow up audit effectively.

UKNT
A-1
 At the end of the course,
participants should be able to...

Conduct management systems audit for the organisation

effectively
1. Understand the requirements of ISO 9001, ISO 14001
and OHSAS 18001 pertaining to element Audit;
2. To plan, prepare, perform and prepare audit report
conforming to their own audit procedures and
Standards requirements.

UKNT
 Summary: Sessions
SESSION 1 Introduction to Internal Audit
SESSION 2 Overview on ISO 9001, ISO 14001 and
OHSAS 18001 Requirements
SESSION 3 Review on ISO 9001 Requirements
SESSION 4 Review on ISO 14001 Requirements
SESSION 5 Review on ISO 45001 Requirements
SESSION 6 Audit Tips on ISO 14001 and ISO 45001
Requirements
SESSION 7 Auditor Competency Requirements
SESSION 8 Audit Planning
SESSION 9 Audit Path & Audit Techniques
SESSION 10 Audit Execution
SESSION 11 Audit Reporting
SESSION 12 Corrective Action and Follow-up

UKNT
 SESSION 1

Introduction to Internal Audit

UKNT
A-1
 Why Audits?
1. ISO 9001, ISO 14001 and ISO 45001
requirements
2. To determine the system is effectively
implemented
3. To determine the system is properly
maintained
4. As a control mechanism used by Top
Management
5. A tool for identifying continual improvement
6. To determine a corrective action on Integrated
Management Systems (IMS) deficiencies.

UKNT
 However…
Audit is NOT

1. A police force
2. Inspection of product
3. An interrogation task
force
Audit is an information gathering activity. There should be
no element of a fault finding or blame for problems

UKNT
A-3
 Types of Audits
Customer
2 Party
nd

Customer audit
your organisation 3rd Party
Independent
Audit
External Internal Organisation
1st Party
Audit your own
organisation

2nd Party
You audit
your supplier
Supplier
UKNT
 First Party Audits
First Party (Internal) Audits are
carried out by trained
Internal Auditors against
the organization’s own
management system.

UKNT
 Second Party Audits
Second Party Audits are
carried out by the Customer
on the Organization.
The audit is based on the
requirements of the contract
or potential contract.

UKNT
 Third Party Audits

Third Party Audits are carried

out by an independent
organization against the
requirements of a
recognized standard.

UKNT
 Differences in Types of Audits
Type 1st Party 2nd Party 3rd Party
Criteria

Objective(s) Assessing System Capability/ Ability Conformity to

Effectiveness Internally (e.g. supply) Standard
requirements
Requirements Internal Document Contract Standard, Manual,
Procedures, WI

‘Auditor – Pahlawan vs Panglima Panglima vs Co. X SQAS vs Panglima

Auditee’ or
relationship Panglima vs Panglima

Scope Whole organization / Partly (i.e. Division Whole organization

Sister company / Section) or whole
organization

UKNT
 Differences in Types of Audits
Type 1st Party 2nd Party 3rd Party
Criteria

Client Management Interested Parties Organization to

be certified
Auditor Internal / External External to External /
organization Certification
audited / Interested Body
Parties
Auditee Internal Organization to be Organization to
audited be certified /
certified
Consultation Yes / No Yes / No No

UKNT
 When to perform Internal Audit
Internal Audits
Adequacy Audit: To
determine the adequacy of
documented QMS in
Adequacy / Document
addressing standard
requirements
Internal Audits
Compliance Audit: Must be
carried out within specified
period agreed by both parties
Compliance

Corrective Action - Must be

resolve within specified
period determined by
Corrective Action
Certification Body.
Internal Audits
UKNT
 WHAT IS AUDIT ?

A systematic, independent and documented

process for obtaining audit evidence and
evaluating it objectively to determine the extent to
which the audit criteria are fulfilled.

Source: ISO 19011

UKNT
A-2
 WHAT IS AN AUDIT?
Audit Audit
Criteria Evidence

Audit Findings

Conformity Audit Conclusion Non-Conformity

Minor Major

Observation
Certification Re-Audit

UKNT
A-3
 Why Audit

Requirements of:
• ISO 9001;
• ISO 14001;
• ISO 45001

UKNT
 ISO 45001:2018
ISO 45001:2018
The organization shall conduct internal audits at planned intervals to provide information
on whether the OH &S management system:
a) Conform to:
1) The organization's own requirements for its management system, including the
OH&S policy and OH&S objectives;
2) The requirements of this documents

b) Is effectively implemented and maintained,

The organization shall:

c) Plan, establish, implement and maintain an audit programme(s) including the
frequency, methods, responsibilities, consultation, planning requirement and reporting
which shall take into consideration the importance of the processes concerned and
the results of previous audits
d) Define the audit criteria and scope for each audit

Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the
audit process.

UKNT
 Definitions 19011:2018
Audit (3.1)
Systematic, independent and documented process for obtaining audit
evidence and evaluating it objectively to determine the extent to which
audit criteria are fulfilled.
Audit evidence (3.9)
Records, statements of fact or other information, which are relevant to
the audit criteria and verifiable

Audit Findings (3.9.5)

Results of the evaluation of the collected audit evidence against audit
criteria

Objective Evidence (3.8)

data supporting the existence or verify of something
(Note : Objective evidence may be obtained through observation,
measurement, test or other means)

UKNT
 Definitions 19011:2018
Audit Finding (3.10)
Result of the evaluation of the audit evidence(3.9) against audit
criteria (3.2)

Risk (3.19)
Effect of uncertainty

Conformity(3.20)
Action taken to eliminate detected non-conformity

Noncomformity(3.21)
Fulfilment of a requirement

Preventive Action (Proactive)

Action taken to eliminate the cause of a potential nonconformity or
other potentially undesirable situation.

UKNT
 Definitions 19011:2018
Audit Conclusion (3.11)
Outcome of an audit (3.1), after consideration of the audit objectives and all audit
findings (3.10)

Auditee (3.13)
Organisation as whole or parts thereof being audited.

UKNT
 Audit Costs
1. Audits are expensive both in terms of time and
people. They need to be planned, carried out and
reported.

2. The greatest costs will undoubtedly when untrained

or otherwise unsuitable auditors are used because
the information obtained by them is likely to be flawed
and therefore particularly costly.

UKNT
 EVIDENCES of AUDIT

1. Audit Program/Schedule
2. Audit Plan
3. Attendance list Please file
4. Audit checklist records neatly

5. Audit notes
6. Audit Report
7. Non-Conformity Report (s)
8. Corrective and Preventive
Actions (CAPA)
9. Follow-up Audit Report
(if applicable)

UKNT
 SESSION 2

Overview on ISO 9001, ISO 14001 and

ISO 45001 Requirements

UKNT
A-1
 Correspondence QMS, EMS &
Clause
OHSAS
ISO 9001:2015 ISO 14001:2015 Clause ISO 45001:2018
# #
4 Context of the Context of the
organization organization
4.1 Understanding the Understanding the
organization and its organization and its
context context
4.2 Understanding the Understanding the needs
needs and expectations and expectations of
of interested parties interested parties
4.3 Determining the scope Determining the scope of
of the QMS the EMS
4.4 Quality Management Environmental
System Management System

UKNT
 Clause MS ISO 9001:2015 MS ISO 14001:2015 Clause ISO 45001:2018
# #
5 Leadership Leadership
5.1 Leadership and Leadership and commitment
commitment
5.2 Quality Policy Environmental policy
5.3 Organizational Organizational roles,
roles, responsibilities and authorities
responsibilities and
authorities

UKNT
 Claus MS ISO 9001:2015 Clause MS ISO 14001:2015 Clause ISO 45001:2018
e# # #
6 Planning 6 Planning

6.1 Actions to address risks 6.1 Actions to address risk

and opportunities associated with threats and
opportunities
6.1.1 6.1.1 General
6.1.2 6.1.2 Significant environmental
aspects
6.1.3 Compliance obligations

6.1.4 Planning action

6.2 Quality objectives & 6.2 Environmental objectives

planning to achieve and planning to achieve
them them
6.2.1 6.2.1 Environmental objectives

6.2.2 6.2.2 Planning actions to achieve

environmental objectives
6.3 Planning of Changes

UKNT
 Clause MS ISO 9001:2015 Clause MS ISO 14001:2015 Clause # ISO
# # 45001:2018
7 Support 7 Support

7.1 Resources 7.1 Resources

7.1.1 General
7.1.2 People
7.1.3 Infrastructure
7.1.4 Environment for the operation
Monitoring & measuring
7.1.5 resources
General
7.1.5.1 Measurement traceability
7.1.5.2 Organizational knowledge
7.1.6
7.2 Competence 7.2 Competence

7.3 Awareness 7.3 Awareness

7.4 Communication 7.4 Communication

7.4.1 General

7.4.2 Internal communication

7.4.3 External communication

UKNT
 7.5 Documented information 7.5 Documented information

7.5.1 General General

7.5.1
7.5.2 Creating and updating Creating and updating
7.5.2
7.5.3 Control of documented Control of documented
information 7.5.3 information

UKNT
 Clause MS ISO 9001:2015 Clause MS ISO 14001:2015 Clause ISO
# # # 45001:2018
8 Operation 8 Operation

8.1 Operational planning and 8.1 Operational planning and

control control
8.2 Requirements for products
& services
8.3 Design & development of
products & services
8.4 Control of externally
provided processes,
product & services
8.5 Production & service
provision
8.6 Release of products &
services
8.7 Control of nonconforming 8.2 Emergency preparedness
outputs and response

UKNT
 Clause MS ISO 9001:2015 Clause MS ISO 14001:2015 Clause ISO
# # # 45001:2018
9 Performance evaluation 9 Performance evaluation 4.5

9.1 Monitoring, 9.1 Monitoring, measurement, 4.5.1

measurement, analysis analysis and evaluation
and evaluation
9.1.1 General 9.1.1 General 4.5.1

9.1.2 Evaluation of compliance 9.1.2 Evaluation of compliance 4.5.2

9.2 Internal audit 9.2 Internal audit 4.5.5

9.3 Management review 9.3 Management review 4.6

UKNT
 Clause MS ISO 9001:2015 Clause MS ISO 14001:2015 Clause ISO
# # # 45001:2018
10 Improvement 10 Improvement

10.1 General 10.1 General

10.2 Nonconformity and 10.2 Nonconformity and

corrective action corrective action

10.3 Continual Improvement 10.3 Continual improvement

Note: The previous version “preventive action” has been deleted because
the new standard ISO has included actions on risks associated with threats
and opportunities instead, which in essence is addressing potential
nonconformities.

UKNT
 SESSION 3

Review on ISO 9001:2015

Requirements

UKNT
A-1
 WHAT IS QUALITY ???

Quality is the
customers' perception
of the value of the
suppliers' work output.
UKNT
 QUALITY
– Delivering product and/or services that meets /
fulfills customers’ requirements with the right price
at the right time
(Fit for use & conform to user requirements)

– Must not only supply product and/or service to the

customer, must also deliver “satisfaction” to the
customer.

UKNT
 SATISFIED CUSTOMERS WILL

1. Buy more often

2. Buy more (range)
3. Pay more (less price sensitive)
4. Recommend more
a. Free advertising
b. Referred customers are best

ORGANISATIONS more
PROFITABLE

UKNT
 Organization without ISO …

UKNT
 THE ISO 9000 FAMILY
1. ISO 9000 – Quality Management System –
Fundamentals and Vocabulary
2. ISO 9001 – Quality Management System –
Requirements
3. ISO 9004 – Quality Management System –
Guidelines for performance improvement
4. ISO 19011:2018 – Guidelines for Auditing
Management Systems

UKNT
 End of Day 1

UKNT