Audit Quick Reference

Audit Requirements (Reference: ISO 9001:2000, 8.2.2)

1. Conduct audits at planned intervals 6. Select impartial and objective auditors 2. Assess for conformity and effectiveness 7. Document an audit procedure covering 3. Plan the audit program to consider: responsibilities and requirements for: - status and importance of audited areas - audit planning and execution - previous audit results - audit reporting and recordkeeping 4. Determine the audit criteria and scope 8. Ensure timely corrective action by auditee 5. Define the audit frequency and methods 9. Verify corrective actions and report results Audit Activities (Reference: ISO 19011:2002, 6.2-6.8)

(Audit Initiation) ISO 19011:2002, 6.2

1. Clarify the reason for the requested audit 2. Appoint the audit team leader 3. Define objectives, scope, and criteria (Document Review) ISO 19011:2002, 6.3 1. Review documents before onsite audit 2. Take into account audit objective and scope 3. Consider organization size and complexity 4. Include relevant documents and records (Audit Preparation) ISO 19011:2002, 6.4 1. Prepare audit plan as basis for agreement 2. Use plan to schedule and control the audit 3. Keep flexible to permit changes during audit

4. Determine the feasibility of the audit 5. Select the audit team members 6. Establish initial contact with the auditee 5. Defer until onsite audit if not detrimental 6. Determine conformity with audit criteria 7. Report any documentation concerns 8. Decide to continue audit or postpone it 4. Assign work to the audit team members 5. Prepare process diagram and audit checklist 6. Confirm audit arrangements and logistics

Process Diagram
What (Resources) equipment; tools; software. Inputs what received; when; from who. Methods procedures; forms; instructions; controls. WHAT WHO Who (Resources) people; skills; experience. Outputs what delivered; when; to who. Measures quality objectives; performance results.

INPUTS

PROCESS

OUTPUTS

METHODS

MEASURES

(Audit Execution) ISO 19011:2002, 6.5

1. Hold opening meeting and explain objective 2. Define the role of guides and observers 3. Interview people at their workplace 4. Put the person at ease (lower anxiety) 5. Explain your purpose (what you want) 6. Ask about job and applicable documents 7. Use open-ended questions (5 Ws and H) 8. Verify responses (confirm understanding) 9. Remember to ask for proof (show me) 10. Observe activities and examine records 11. Take random, yet representative samples

Requirement Sources:

12. Follow trails to other areas based on scope 13. Check the facts (use other sources) 14. Record the evidence (checklist notes) 15. Make tentative conclusions (no secrets) 16. Give opportunity to discuss other subjects 17. Avoid consulting on cause and solution 18. Thank for time and cooperation 19. Review progress periodically with audit team 20. Compare audit evidence to audit criteria 21. Generate findings and prepare conclusions 22. Conduct closing meeting and report results

1. Standard (e.g., ISO 9001:2000) 2. Company (policies and procedures) 3. Customer (contracts and orders) 4. Legal (statutes and regulations)

Evidence Sources:

1. Interviews (personnel statements) 2. Observations (demonstrated practices) 3. Documents (plans, procedures, specs) 4. Records (tests, minutes, completed forms) V1.R2

2005-2006

<www.WhittingtonAssociates.com> Page 1 of 4

Audit Quick Reference

Audit Objectives: 1. Verify conformity with requirements 2. Judge effectiveness of quality system 3. Identify opportunities for improvement Three Dimensional Audit: 1. Front: Intent (plan for process) 2. Side: Practice (implementation of intent) 3. Top: Result (effectiveness of practice)
3. Examine results 2. Assess practices 1. Check intent

(Audit Reporting) ISO 19011:2002, 6.6

1. Prepare audit report per audit procedure 3. Ensure it is complete, correct, clear, concise 2. Include in any nonconformity statements: 4. Approve audit report per audit procedure - requirement (with source) 5. Issue audit report in agreed timeframe - problem (with evidence) 6. Distribute to client-designated recipients (Audit Completion) ISO 19011:2002, 6.7 1. Ensure all activities in plan are carried out 3. Keep or destroy documents per agreements 2. Ensure the audit report has been distributed 4. Remember audit not closed until F/U audit (Follow-Up Audit) ISO 19011:2002, 6.8 1. Notify auditee if need for corrective action 4. Ask auditee to notify you of completed action 2. Agree with the proposed corrective action 5. Verify action was effective to avoid problem 3. Ensure action is taken in agreed timeframe 6. Close out the nonconformity based on action Audit Principles (Reference: ISO 19011:2002, 4) 1. Carry out the audit in an ethical manner 4. Conduct an impartial and objective audit 2. Present truthful, fair, and accurate results 5. Base conclusions on verifiable evidence 3. Perform audit with due professional care

Audit Questions

1. What is the primary purpose of this process? 9. How is the process monitored and controlled? 2. Who is the manager (owner) of the process? 10. What are its outputs and who receives them? 3. What are its inputs and who supplies them? 11. Do these outputs meet the requirements? 4. How do you know if these inputs are good? 12. What do you do if the outputs are not right? 5. What are your responsibilities in the process? 13. What are the process quality objectives? 6. How do you know what to do? 14. How is the process performance measured? 7. What training and skills are needed? 15. Please show me the records you maintain. 8. Please show me how you do it. 16. How could this process be improved? Audit Definitions (Reference: ISO 19011:2002, 3 and ISO 9000:2000) Audit: systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. Criteria: set of policies, procedures, or requirements against which audit evidence is compared. Evidence: verifiable records, statements of fact, or other information relevant to audit criteria. Findings: results of the evaluation of collected audit evidence against audit criteria. Program: set of one or more audits planned for a specific timeframe and directed to specific purpose. Plan: description of the activities and arrangements for an audit. Scope: extent and boundaries of an audit. Nonconformity: non-fulfillment of a requirement. Corrective Action (Reference: ISO 9001:2000, 8.5.2) 1. Determine if similar deficiencies exist 6. Implement planned corrective action 2. Implement immediate fix (correction) 7. Reflect changed process in documentation 3. Identify root cause of nonconformity 8. Verify the action was an effective solution 4. Develop action to prevent recurrence 9. Record the results of the investigation 5. Assign responsibilities and due dates 10. Inform audit function of completed action

2005-2006

<www.WhittingtonAssociates.com> Page 2 of 4

V1.R2

Audit Quick Reference

Audit Program (Reference: ISO 19011:2002, 5)
1. Assign responsibility for the audit program 2. Establish objectives for the audit program - meet requirements for system certification - verify conformity to contract requirements - assess compliance to legal requirements - contribute to improvement of system - evaluate the capability of suppliers 3. Establish procedures to conduct the audits 4. Prepare annual schedule of planned audits 5. Communicate audit program to organization 6. Provide resources to carry out these audits 7. Conduct audits within specified timeframes 8. Keep records as evidence of audit program 9. Monitor audit program against objectives 10. Evaluate and develop auditor performance 11. Initiate corrective and preventive actions 12. Identify improvements for audit program

Audit Status

Conducted = Audit carried out according to plan Reported = Approved audit report distributed

Audit Strategy

Completed = Audit report and other records filed Closed = Corrective actions verified as effective Horizontal: Assess process across departments Trace: Follow a transaction through the system

Vertical: Assess processes within department Clause: Assess a clause across departments
Vertical

Horizontal D D D D=Departments D D

Audit Checklist (Reference: ISO 19011:2002, 6.4.3)

Benefits 1. Establishes the audit sampling plan 7. Prepares audit team to conduct the audit 2. Provides balanced audit coverage 8. Allows lead auditor to evaluate planning 3. Helps acquire objective evidence 9. Controls the audit pace (time manager) 4. Encapsulates the audit methodology 10. Keeps focus on audit objective and scope 5. Guides auditor on timing and content 11. Serves as memory aid (confidence builder) 6. Serves as repository for audit notes 12. Become the record of investigated areas Format Reference: Specific source of requirement - clause or section number Requirement: Applicable requirements to look at standard, company, customer, and legal Evidence: Expected evidence to look for statements, observations, documents, and records

Checklist Example

Reference (Source of Requirement): ISO 9001:2000, 4.2.3.a Look at Requirement: Approve documents for adequacy before issue

Look for Expected Evidence: 1. Statements Understanding of process 2. Observation Demonstration of process 3. Documents Covered in required procedure 4. Records Document approvals

Plus information from turtle diagram Inputs, Outputs, Resources, Methods, Measures Audit Notes (Reference: ISO 19011:2002, 6.5.4) 1. Explain why you are taking the notes 4. Use statements as requirement or evidence 2. Note what was heard, seen, and read 5. Spot different answers for audit follow-up 3. Jot down specific facts and references 6. Determine activities for further investigation

2005-2006

<www.WhittingtonAssociates.com> Page 3 of 4

V1.R2

Audit Quick Reference

Opening Meeting (Reference: ISO 19011:2002, 6.5.1)
Purpose 1. Confirm audit plan and arrangements 4. Create sense of trust and cooperation 2. Describe audit process and methods 5. Give insight on management support 3. Explain roles of guides and observers 6. Provide time for auditee questions Topics 1. Introductions (auditors, auditee, and guides) 8. Communications (auditee kept informed) 2. Attendance (sign-in sheet, if used) 9. Reporting (plan and classification scheme) 3. Objective (reason for audit) 10. Confidentiality (non-disclosure of information) 4. Scope (coverage of audited areas) 11. Logistics (work space and needed resources) 5. Criteria (applicable requirements) 12. Meetings (briefings and closing meeting) 6. Agenda (auditor assignments and times) 13. Safety and Security (site requirements) 7. Methods (audit process and sampling) 14. Questions (audit clarifications) Interview Techniques (Reference: ISO 19011:2002, 6.5.4) 1. Talk to people performing work within scope 5. Avoid leading questions and biased results 2. Conduct interviews in normal working hours 6. Share interview results with audited person 3. Explain reasons for the audit and note-taking 7. Thank for participation and cooperation 4. Start by asking persons to describe their work 8. (See other techniques under Audit Execution) Audit Sampling (Reference: ISO 19011:2002, 6.5.4) 1. Ensure random, yet representative sample 5. Select own sample of people; documentation 2. Select small, balanced view of process 6. Use sufficient sample to reach judgment 3. Base size on volume, time, and past issues 7. Remember evidence is based on samples 4. Consider risk and complexity of the process 8. Explain uncertainty introduced by sampling Closing Meeting (Reference: ISO 19011:2002, 6.5.7) Purpose 1. Present balanced summary and conclusions 4. Resolve any misunderstandings or errors 2. Report any nonconformities or concerns 5. Ensure clear understanding of audit results 3. Identify possible areas for improvement 6. Seek agreement on report and findings Topics 1. Introductions (for any new attendees) 8. Summary (findings by area and clause) 2. Attendance (sign-in sheet, if used) 9. Nonconformities (requirements and evidence) 3. Thanks (for time and cooperation) 10. Acknowledgments (signed forms and report) 4. Scope (reminder if audit coverage) 11. Agreements (on corrective action schedule) 5. Disclaimer (limited sample in brief time) 12. Report (expected date, if not provided) 6. Criteria (applicable requirements) 13. Follow-up (next steps, e.g., surveillance visit) 7. Positives (strengths and conforming areas) 14. Thanks (courtesy and hospitality) Auditor Traits (Reference: ISO 19011:2002, 7.2 and QE19011S:2004) 1. Ethical (truthful, fair, and honest) 6. Versatile (adjusts to situations) 2. Open Minded (considers other viewpoints) 7. Tenacious (persistent and focused) 3. Diplomatic (tactful with people) 8. Decisive (reaches timely conclusions) 4. Observant (actively aware of surroundings) 9. Self-reliant (acts independently) 5. Perceptive (understands situations) 10. Willing (interested in being an auditor)

Audit Benefits

1. Verifies conformity to requirements 2. Initiates needed corrective actions 3. Evaluates effectiveness of system 4. Identifies opportunities for improvement

5. Increases quality awareness of organization 6. Reduces risk of product or service failures 7. Provides information for management review 8. Satisfies requirement of Standard for audits

This Audit Quick Reference may not be reproduced, stored electronically, or transmitted in any form without the prior written permission of the author, <Larry@WhittingtonAssociates.com>.

2005-2006

<www.WhittingtonAssociates.com> Page 4 of 4

V1.R2