Best Practices in Auditing

BEST PRACTICES IN
AUDITING
Brief Course
Edited and Presented By:
Eng. Kefah El-Ghobbas
PECB Trainer, LA ISO 9001, ISO 14001, OSHAS 18001

Eng Kefah El-Ghobbas
Job Positions
Holding BS.c in Mechanical Engineering of Road Vehicles major with more than 17 years of experience
in filed of Industrial Engineering Management with concentration on developing, implementing, and
enhancing QHSE&Engg Management systems according to the international standards beside
exceptional skill in developing Business Processes Management framework and implementing
improvements in the Business Process to increase productivity, cutting cost, and streamline operations.
+971 50 1529279
k.elghobbas@aljadarat-trainingcentre.ae
www. aljadarat-trainingcentre.ae
https://ae.linkedin.com/in/kefah-el-ghobbas-46323a15
twitter.com/name.surname
fb.com/kefah.el-ghobbas

DOMAIN 1:
FUNDAMENTALAUDIT
CONCEPTS AND PRINCIPLES
Rev 1.0 Kefah El-Ghobbas 3

What is the auditing?
ISO 19011 defines an audit as :
A systematic, independent , and documented
process for obtaining audit evidence and
evaluating it objectively to determine the
extent to which audit criteria are fulfilled.
IMS check whether operating effectively in
accordance with the system criteria

Audit Guideline
ISO 19011
Guideline on quality and/or environmental management
systems auditing.
Contains :
1. The principles of auditing
2. Management of audit program
3. Audit activities
4. The competence of quality management systems

Auditors Principles
 Ethical conduct
The role of the auditor is one of trust, integrity, confidentiality,
discretion. Certified Auditors are bound by strict codes.
 Fair presentation
Audit findings, audit conclusions and audit reports reflect
truthfully, accurately and completely audit activities. Any
unresolved or diverging opinions between audit team and auditee
and any obstacles encountered are reported.
 Due professional care
Auditors must exercise a degree of care appropriate to the
importance of the task and to the confidence placed in them by
audit clients and other interested parties.

Audit Process Principles
 Independent
Auditors must be independent of the organization or activities being
audited. The must remain free form bias and conflicts of interest.
 Evidence
Audit evidence is verifiable. It’s based on samples of the information
available, since the audit is conducted during a finite period of time
and with finite recourses.

Types of Audits
First Party( Internal auditing)
An audit by the organization of its own systems and procedure in order
to assure the maintenance, development, and improvement of QMS.
Second Party( External auditing)
An audit by the organization on its suppliers and sub-contractors to
determine suitability of the suppliers, appraise them, and determine
their capability on meeting purchasing requirements.
Third Party( External auditing)
An audit by certification body on an organization's quality
management system against ISO 9001

Process Based quality Management
Take into the consideration “ Process Approach’ concept
in order to implement ISO 9001:2008 requirements and
achieve customer expectations & demands.
How ?
Customer Req. Set policy &
objectives
Define processes &
assign
responsibilities
Make
measurement
tools for
effectiveness
Means for
preventive non-
conformity
Review
system
Continual
Improvement
tools

Auditing for Continual Improvement
• It’s important for auditing in scope of ISO 9001:2008 is to
know how to evaluate monitoring & measurement processes
that the organization has established to contribute the
continual improvement.
• ISO 9001: 2008 clause 8.5.1 requires that the continual
improvement to the effectiveness of QMS takes place
through the use of the Quality Policy, quality objectives, audit
results, analysis of data, corrective & preventive actions and
management review.

DOMAIN 2:
MANAGING AN ISO 9001 AUDIT
PROGRAM

Audit Program Pillars
• Setting audit program objectives
• Extent of the audit program
• Responsibility & Resources
• Procedures
• Records
• Monitoring & Reviewing

Auditing Program Objectives
1. To meet the requirements of the certification to ISO
9001:2008 )or another management standard);
2. To verify conformance with contractual
requirements;
3. To obtain and maintain confidence in the capability
of supplier.
4. To contribute to the improvement of the quality
management system.

Factors influences Audit Program
1. Scope, objective, and duration of each audit;
2. Frequency of audits to be conducted;
3. Number, status, importance, complexity, similarity, and
locations of the activities o be audited;
4. Standards, statutory, regulatory and contractual
requirements, policies, procedures and other audit
criteria;
5. Need for accreditation and certification;
6. Results of previous audits or previous audit program
review;
7. Language, culture and social issues;
8. Significant changes to any functional area.

Responsibility of Managing Program
1. Assign the audit responsibility to persons who has a
specific understanding of audit principles, auditor
competence and the application technique.
2. The auditor must have appropriate management
skills as well as technical and business
understanding relevant of the activities to be
audited.

Resources Required by Program
1. Financial resources to develop, implement, manage and
improve audit activities;
2. Audit technique;
3. Processes to achieve and maintain auditor competence
and to improve auditor performance;
4. Availability of auditors and technical experts;
5. The extent of the audit program;
6. Traveling time, accommodation and other auditing
needs.

Audit Program Procedure
Procedures need to be developed and implemented :-
1. to address responsibilities and requirements for
planning and conducting audits,
2. the selection of auditors,
3. the methods of reporting and maintaining records;
this is a requirement for internal auditing (ISO
9001:2008, clause 8.2.2)

Audit Program records
Records should be maintained to demonstrate the effectiveness
of operation of the audit program.
These program review:
1. Results of the audit program review;
2. Audit plan;
3. Audit reports;
4. Nonconformity reports;
5. Report of corrective actions
6. Auditor personnel records, covering area, such as
performance evaluation, audit team selection, qualifications
and training.

Monitoring and reviewing the audit program
The audit program needs to be monitored periodically in order to
assess:
• Whether the audit objectives are being met;
• The effectiveness of the audit program;
• Any opportunity for improvement.

Summery of Audit Program
Audit Program
Define Program:
•Objectives / extent
•Procedures
•Resources
•responsibilities
Implement Program:
•Evaluating auditors
•Selecting audit teams
•Directing audit activities
•recording
Monitoring and review
Improvement Action

Auditors Roles & Responsibilities
• Team Leader responsibilities:
• Make final decisions for all phases of the audit;
• Prepare Audit Plan;
• Brief the team;
• Review working documents to ensure adequacy;
• Represent the audit team at opening and closing meetings;
• Report critical nonconformities to the auditee immediately;
• Report any major obstacles encountered during the audit;
• Submit the audit report.
• Team member responsibilities:
• Prepare any work documents (including check-list) necessary to
carry out those tasks;
• Review all relevant information related to their assigned tasks;
• Report deficiencies and audit findings to team leader;

Team Member Responsibilities during audit
Stay within the scope ;
 Communicate the audit requirements to the
auditee;
 Collect objective evidence from the audit both
for and against conformance;
 Document CAR’s;
 Report the audit findings to auditee;
 Verify corrective actions taken in response to
CAR’s;

Good Practices at Auditing
At auditing , the auditors should remain polite, calm, and
professional at all times.
They should be :
1. Introducer to themselves ;
2. Ensure that agenda is known and understood;
3. Keep to agenda;
4. Keep to time;
5. Avoid arguments;
6. Listen to other;
7. Maintain appropriate records;

DOMAIN 3:
PREPARATION OF AN ISO 9001
AUDIT

Prepare for On-site audit
Desk Study
The first stage for on-site preparation is document review to audit
criteria, objectives and scope of the audit in order to gain information
about organization processes and activities.
Check List
What you should
refer to:
• Quality manual
• Quality objectives
& policy
• Records & forms
Process Map &
Interaction of the
activities
Where no
documented
procedures or
instructions
Previous Audit
results & reported
CAR’s

Wok Documents
1. Audit procedure, checklists and sample planning;
2. The audit plan;
3. Forms for recording information, supporting evidence,
records of meetings and audit findings;

Check List
Purposes :
It’s acting as a guide for auditor to ensure that the objectives and scope of
the audit are met, and that every part of the audit is completed.
advantages :
An aid to preparation to the audit, the number of questions & sample plan
can be used to estimate the time required to conduct an audit or parts of
audit, aid to control the depth of audit, also consider good tool to ensure
that all planned arrangements for audit are covered.
disadvantages :
1. The use of standardized checklists may stifle initiative and analysis of
the process or procedure.
2. May prevent the auditor from investigating significant incidents simply
because they were not on the checklist.

DOMAIN 6:
CONDUCT OF AN ISO 9001
AUDIT

Conducting the audit
Collecting and verifying information during the audit should be
verified by the auditors and can then be considered to be “
audit evidence”
audit evidence
Records, statements of fact or other information which are relevant to
the audit criteria and verifiable.
So
Audit evidence should be identified,
documented and recorded.

Conducting Audit (Cont..)
The auditor should adopt a positive, professional and
constructive approach. In common with this, the auditor should
try to obtain a co-operative, open honest approach from auditee.
What shall I do?
1. Meet the area representatives first;
2. Always talk to those performing the task;
3. Explain the purposes of the visit;
4. Be calm, polite and reassuring;
5. Never talk down, never act superior;
6. Speak clearly and carefully.
• The auditors should use all of his or her senses when carrying out audit with a must
keeping their eyes and ears open!
• He/she must examine the objective evidence and ask open ended questions with
assistance and refer of his/her checklists.

Conducting Audit (Cont..)
DO NOT DO
1. Be side tracked
2. Be led or misled
3. Get ”bogged down”
4. Let the auditee dictate
place of audit
5. Make assumption or
presumption
1. Be prepared;
2. Be punctual;
3. Insist on the person being
questioned answer for
themselves;
4. As little talking as possible;
5. Avoid misunderstanding;
6. Keep questions clear and
concise;
7. Be polite and clam;
8. Give compliment;

DOMAIN 4:
CLOSING AN ISO 9001 AUDIT

Audit Review
• The audit review ill include:
•A study of notes and / or comparison of notes with team members;
•A review of checklist;
•The listing of findings, together with any audit evidence;
•Decisions on nonconformities and observations;
•The writing and classifying of Corrective Action Requests CAR.
NON-CONFOMITY defined as
The non fulfillment of a requirement

What is mean non conformity
1. There is a failure in complying with standards
applicable to the organization.
2. Failure in implementing quality policy, processes or
documented requirements specified by the
organization.
3. Failure in implementing a legislative or contractual
requirements.

FINDING STATEMENT
• The finding statement should contain :
1. Overview of finding;
2. Description of the deficiency;
3. Example of audit evidence;
4. Summery of the requirement.

Where shall I write the findings?
On CAR
This form where you the auditor can write the following:
1. Report nonconformities;
2. Show the level of nonconformities;
3. Record the acceptance of auditee on nonconformity;
4. Record the actions level taken to correct the situation;
5. Record the acceptance by the auditor of the corrective
actions taken to resolve the nonconformity.

?
QUESTIONS
123 456 789
name.surname@domain.com
www.domain.com
linkedin.com/name.surname
twitter.com/name.surname
fb.com/name.surname
THANK YOU

Best Practices in Auditing

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Destacado

Destacado (20)

Similar a Best Practices in Auditing

Similar a Best Practices in Auditing (20)

Más de PECB

Más de PECB (20)

Último

Último (20)

Best Practices in Auditing

Notas del editor