Documente Academic
Documente Profesional
Documente Cultură
Pocket Guide
J.P. Russell
2007004699
ISBN: 978-0-87389-710-5
No part of this book may be reproduced in any form or by any means, electronic,
mechanical, photocopying, recording, or otherwise, without the prior written
permission of the publisher.
Publisher: William A. Tony
Acquisitions Editor: Matt T. Meinholz
Project Editor: Paul OMara
Production Administrator: Randall Benson
ASQ Mission: The American Society for Quality advances individual,
organizational, and community excellence worldwide through learning, quality
improvement, and knowledge exchange.
Attention Bookstores, Wholesalers, Schools, and Corporations: ASQ Quality
Press books, videotapes, audiotapes, and software are available at quantity
discounts with bulk purchases for business, educational, or instructional use.
For information, please contact ASQ Quality Press at 800-248-1946, or write to
ASQ Quality Press, P.O. Box 3005, Milwaukee, WI 53201-3005.
To place orders or to request a free copy of the ASQ Quality Press Publications
Catalog, including ASQ membership information, call 800-248-1946. Visit our
Web site at www.asq.org or http://qualitypress.asq.org.
Printed in the United States of America
Printed on acid-free paper
Table of Contents
Chapter 1
Welcome to Auditing. . . . . . . . . . . . . .
13
21
Chapter 4
29
37
Chapter 6
53
Chapter 7
65
Chapter 8
Data Collection. . . . . . . . . . . . . . . . . . .
77
93
Chapter 10
Chapter 11
Reporting . . . . . . . . . . . . . . . . . . . . . . 123
vi Table of Contents
Appendix A
Appendix E
Appendix F
Appendix G
Appendix J
Appendix M
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Chapter 1
Welcome to Auditing
Chapter One
from simple verification of compliance to identification of performance-improvement opportunities. Your organization has objectives that the
internal audit program can help achieve.
An audit is some type of formal independent
examination of products, services, work processes,
departments, or organizations. Conducting an
audit is a process, work practice, or service. Some
organizations prefer the word evaluation, survey,
review, or assessment instead of the word audit.
I will use the word audit when I reference the
process because it is universally accepted and, to
experts, it means a certain type of investigation
or examination as described in this guidebook.
The audit process steps (Figure 1.1) are to:
Identify plans (what people are supposed
to do)
Make observations (what people are
actually doing)
Evaluate the facts collected (sort the
evidence)
Report the results (conformance or
noncompliance)
Follow up (ensure that problems are
corrected)
No matter what name is used for the audit process, auditors are entrusted with confidential
Welcome to Auditing
Identify
plans
Make
observations
Evaluate
Report
results
Follow
up
Figure 1.1
Chapter One
Audit Principle
Use knowledge and skills for the
advancement of public welfare.
TERMINOLOGY
This chapter is about the terminology of auditing to help you communicate effectively. Your
organization may have its own names for things
that are different from standard audit terms or
even different from the dictionary. If the terminology in the text starts to get confusing, consider starting your own cross-reference showing
the word you are familiar with compared to the
more generic terminology. You can start with
the examples shown in Table 1.1.
CONTROLS TO EXAMINE
An audit is a process of investigating and examining evidence to determine whether agreedupon requirements are being met. An effective
Welcome to Auditing
Universal
terminology
Audit
Assessment, evaluation
Survey
Review
Audit program
department
Regulatory compliance
department
Employee
Associate
Customer
Client
Audit program
manager
Compliance director
Chapter One
Welcome to Auditing
Customer
Second-party
Customer
audits your
organization
External
Third-party
Independent
audit
organization
Internal
First-party
Audit your own
organization
Second-party
You audit
your supplier
Supplier
Figure 1.2
Audit classifications.
Chapter One
AUDIT TYPES
Audits are also classified by area (process, system) or object (product, service) of the audit. You
may be assigned to conduct a system, process, or
product audit. Different audits may require different methods, personnel, or equipment.
The product audit (or service audit), the
smallest circle in Figure 1.3, determines if tangible characteristics and attributes of a thing are
being met. Typically, an auditor checks the object
or service to ensure that it has the proper markings, weight, size, viscosity, smoothness, amount,
hardness, color, texture, placement, arrangement, count, and so on. The auditor checks the
System audit
Process audit
Product
audit
Figure 1.3
Welcome to Auditing
10
Chapter One
Welcome to Auditing
11
12
Chapter One
KEEN OBSERVATIONS
Regardless of the type of audit, an auditor must
be good at observing and reporting factual
information.
The person conducting the audit is the auditor. Other equivalent descriptive words are evaluator, assessor, examiner, reviewer, and so on.
The organization being audited is called the
auditee. Any type of organization can be an auditee (your department, a corporation, government
agency, nonprofit organization, retail sales store,
manufacturer, and so on). The person or organization who requested the audit is the client.
Audits are only conducted when someone or some
group requests one. You might think of the client as the person who has authority to assign you
to do an audit. This person is one of the customers of the audit service, to whom you are accountable. This person (the client) normally is your
boss, the audit program manager, or the quality/
environmental/safety manager.
In the next several chapters we will take you from
getting the audit assignment and reporting findings to ending the audit by completing follow-up
actions.
Index
A
accessibility limitations, 6768
activities, observing, 8788
agenda
exit meeting, 12528
opening meeting, 6772
assignment, 1315
accepting, 1519
Arthur Anderson corporation, 3
audit
definition of, 2
follow-up, 14041
versus inspection, 56
types, 811
audit classifications, 67
audit conclusion, 11822
audit criteria, 77
audit escort, 71
audit evidence, 77, 78, 9091, 11213
audit follow-up, 13543
audit methods and techniques, 6869
207
208
Index
Index
209
strategies, 5963
techniques, process, 1026
terminology, 4, 12
types of, 811
auditor, 12
code of conduct, 19, 17172 (Appendix J)
number needed, 30
responsibilities, 24, 128
auxiliary verbs, 4041
availability, for audit, 15
B
best practice, 113
best practices, observed, 116
C
can, 42
canned checklists, 48
checklists, 4448
in desk audits, 54
example, 47, 15960 (Appendix E)
rules, 4546
client, 12, 13
responsibilities, 135
closed-ended requirements, 94
closing meeting, 123
code of conduct, auditor, 19, 17172 (Appendix J)
collection plan, 4849, 78
communication flow, between auditor and
auditee, 33
competence, of auditor, 1819
210
Index
concern, 113
conclusion, audit, 11822
conflicts of interest, 1518
conformance, 25, 3738
verifying, 8889
conformity, 113
controls verification, 80
correction, 138
corrective action, 138
corrective action
effective, 14142
timely implementation, 143
corrective action and preventive action (CAPA)
process
closure, 14243
effectiveness, 14142
elements, 13639
follow-up audit, 14041
verification, 13940
corrective action checklist, 17779 (Appendix L)
corrective action plan, 13637, 138
corrective/preventive action request
closeout, 14243
example, 17375 (Appendix K)
corroboration, of information, 8182
criteria, audit, 77
D
data collection, 7791
collection plan, 4849, 78
examination of documents and records, 7980
interviewing people, 8186
Index
E
element method (technique), 39, 60
ENCR4 formula, 114
Enron Corporation, 3
escorts, for auditor, 71
ethics, in auditing, 23
evaluation, of document, 5357
evidence, 77, 78, 10910
physical, 86
exit meeting, 70, 12328
external audits, 67
external requirements, 38
F
finding, 112, 11617
211
212 Index
closeout, 14243
first-party audits, 6
flowcharting, 5759
benefits, 59
symbols, 58
follow-up actions, 123, 127
exit meeting, 12328
recommending solutions, 13334
the report, 129
report format, 13031
responsibilities, 128
what to avoid, 132
follow-up audit, 139
G
good practice, 113
I
improvement point, 112
improvement potential, indicators of, 105
information analysis, 10922
classification of observations, 11014
nonconformity statements, 11417
overall audit conclusion, 11822
inputs, for audit, 2126
purpose of audit, 2527
scope of audit, 2223
standards to audit against, 2325
when and where, 22
inspection, versus audit, 56
Index
internal audits, 67
and conflicts of interest, 1518
interview questions, process interview, 101
interview schedule, 69
example, 15557 (Appendix D)
interviewing, 8186
guidelines, 85
six-step method for, 84
issue, 113
J
judgmental sampling, 50
L
lead auditor, 29, 31
and opening meeting, 6566, 72
responsibilities, 2930, 31, 125
logistics, 70
M
malicious compliance, 133
management systems, process approach for,
1067
mandatory requirements, 4142
may, 42
meeting agenda and record, example, 15153
(Appendix C)
meetings, during audit, 7374
must, 42
213
214
Index
N
nonconformance, in desk audit, 55
nonconformity, 112
nonconformity (noncompliance) statements,
11417
examples, 1689 (Appendix I)
nonrandom sampling, 50
noteworthy achievement, 113
notification letter, 35
example, 16364 (Appendix G)
O
objectives, of audit, 3740
observation , 113
of activities, 8788
classification, 11014
open-ended questions, 46
open-ended requirements, 9495, 9798, 99
types of, 9596
opening meeting, 6566
agenda, 6772
opportunities for improvement, 116
optional requirements, 4244
P
PDCA technique, 3940, 99101
questions, 100101
performance auditing, 105
performance standards, popular, 16566
(Appendix H)
Index
215
physical evidence, 86
physical examination, 86
planning. See audit planning
positive practice, 113
post-audit meeting, 123
prescriptive requirements, 94
preventive/corrective action request, example,
17375 (Appendix K)
process approach, for management systems,
1067
process audit, 6, 11, 3940
complex, 104
process auditing techniques, 1026
process model, 103
process technique, 39, 99101
questions, 100101
process techniques/process auditing, 94, 1026
closed-ended requirements, 94
open-ended requirements, 9495
process technique, 99101
product audit, 89, 1011
purpose, of audits, 2527
Q
qualitative data, 112
quantitative data, 112
R
recommendations, 13334
records
versus documents, 43
216 Index
S
sampling plan, 4950
scope of audit, 2223
problems outside of, 6263
scoring, 121
second-party audits, 6
follow-up, 14041
Index
217
shall, 41
should, 42
six-step method, for interviewing, 84
solutions, recommending, 13334
standards
audited against, 2325
performance, 16566 (Appendix H)
strategies, auditing, 5963
strong areas, 11920
surprise audits, 32, 33
system approach, for management systems,
1067
system audit, 910, 11, 104
T
team, audit, 2931
terminology, 4, 12
unclear, 97
third-party audits, 67
follow-up, 14041
traceability, 94
tracing (audit strategy), 6061
20 basic audit principles, 18183 (Appendix M)
Type I requirements, 95, 9798
Type II requirements, 96, 9899, 100
Type III requirements, 96, 9798
Type IV requirements, 96, 99, 100
V
vague requirements, 3940, 97
validation
218
Index
of system/process, 8990
versus verification, 88
value-added processes, managing, 106
verification
of conformance, 8889
of controls, 80
of corrective actions, 13940
of information, 8182
in process audit, 104
versus validation, 88
W
weak areas, 11920
work order, example, 14950 (Appendix B)
working papers, 51, 7475
Y
yes/no questions, 4546, 8586