VGU - PC2 Audit 2014-12-15 - v2.2 - AlJ

Quality Management I
Practical Class 1
Audits I Prof. Dr.-Ing. Jochem
Agenda
Fundamentals
Requirements on internal auditors
DIN EN ISO 9001:2008
Preparation and conduct of audits
Certification audits
Questioning techniques
QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

Page 2
1/5/2015
Fundamentals
Fundamentals
Important terms
Example product labelling of an manufacturer of construction materials
audit
Partly missing labelling of products was discovered
Job instructions referring to content and placement of labels existed
producer
Firstly the management implied disregarding of job instructions
Questioned the reasonableness of job instruction
auditor
After closer inspections the reason for the problems was the inappropriate
labelling method, since many labels peeled off due to the dusty working
environment
The final goal of quality audits is the guidance to the solution of a

problem and thus an improvement of operational processes
Page 4
1/5/2015
Fundamentals
EN ISO 19011:2011 Guidelines for auditing
ISO 19011:2011 was established as a guideline for integrated management systems to ensure a
unified audit procedure for all systems.
This International Standard provides guidance on auditing management systems, including the
principles of auditing, managing an audit program and conducting management system audits, as
well as guidance on the evaluation of competence of individuals involved in the audit process,
including the person managing the audit program, auditors and audit teams (ISO 19011)
Content:
1. Scope
2. Normative references
3. Terms and definitions
4. Principles of auditing
5. Managing an audit program
6. Performing an audit
7. Competence and evaluation of auditors

Page 5
1/5/2015
Fundamentals
Important terms
Definition: Audit
is a systematic, independent and documented process to obtain
audit evidence and to evaluate it objectively. Moreover it is
determining to which extent the audit criteria are fulfilled.
systematic
independent
documented
Inspection based on
checklists and process
descriptions etc.
The auditor does not

examine his own work
environment
The results and the

approach are documented
and written down in the
audit report
DIN EN ISO 19011

Page 6
1/5/2015
Fundamentals
Important terms
Definition: Audit
is a systematic, independent and documented process to obtain
audit evidence and to evaluate it objectively. Moreover it is
determining to which extent the audit criteria are fulfilled.
evaluate it
objectively
audit criteria
are fulfilled
Statements and evaluations

have to be comprehensible
Example for an audit

criterion: the quality
management system must be
conform to ISO 9001:2008
obtain audit
evidence
Audit evidence represents

the current state, e.g.
questioning, examination
of documents etc.
DIN EN ISO 19011

Page 7
1/5/2015
Fundamentals
Important terms
Definition: audits
systematic, independent and documented process for obtaining audit
evidence and evaluating it objectively to determine the extent to which
the audit criteria are fulfilled
Definition: auditor
person who conducts an audit
DIN EN ISO 19011:2011

Page 8
1/5/2015
Fundamentals
Important terms
Definition: technical expert
person who provides specific knowledge or expertise to the audit team
NOTE 1:
Specific knowledge or expertise is that which relates to the organization, the process or activity
to be audited, or language or culture.
NOTE 2:
A technical expert does not act as an auditor in the audit team.
DIN EN ISO 19011:2011

Page 9
1/5/2015
Fundamentals
Important terms
Definition: audit team
one or more auditors conducting an audit, supported if needed by
technical experts
Definition: guide
person appointed by the auditee to assist the audit team
DIN EN ISO 19011:2011

Page 10
1/5/2015
Fundamentals
Important terms
Definition: observer
person who accompanies the audit team but does not audit
NOTE 1:
An observer is not a part of the audit team and does not influence or interfere with the conduct
of the audit
NOTE 2:
An observer can be from the auditee, a regulator or other interested party who witnesses the
audit.
DIN EN ISO 19011:2011

Page 11
1/5/2015
Fundamentals
Important terms
Definition: audit client
organization or person requesting an audit
NOTE:
In the case of internal audit, the audit client can also be the auditee or the person managing the
audit program. Requests for external audit can come from sources such as regulators,
contracting parties or potential clients.
DIN EN ISO 19011:2011

Page 12
1/5/2015
Fundamentals
Important terms
Definition: audit program
arrangements for a set of one or more audits planned for a specific
time frame and directed towards a specific purpose
NOTE:
An audit program includes all activities necessary for planning, organizing and conducting the
audits.
DIN EN ISO 19011:2011

Page 13
1/5/2015
Fundamentals
Important terms
Definition: audit plan
description of the activities and arrangements for an audit
Definition: audit scope

extent and boundaries of an audit
NOTE:
The audit scope generally includes a description of the physical locations, organizational units,
activities and processes, as well as the time period covered.
DIN EN ISO 19011:2011

Page 14
1/5/2015
Fundamentals
Important terms
Definition: audit criteria
set of policies, procedures or requirements used as a reference
against which audit evidence is compared
NOTE :
Audit criteria may include policies, procedures, standards, legal requirements, management
system requirements, contractual requirements, sector codes of conduct or other planned
arrangements.
Definition: audit evidence

records, statements of fact or other information which are relevant to
the audit criteria and verifiable
DIN EN ISO 19011:2011

Page 15
1/5/2015
Fundamentals
Important terms
Definition: audit findings
results of the evaluation of the collected audit evidence against audit
criteria
NOTE 1:
Audit findings indicate conformity or nonconformity.
NOTE 2:
Audit findings can lead to the identification of opportunities for improvement or recording good
practices.
DIN EN ISO 19011:2011

Page 16
1/5/2015
Fundamentals
Important terms
Definition: audit conclusion
outcome of an audit, after consideration of the audit objectives and all
audit findings
DIN EN ISO 19011:2011

Page 17
1/5/2015
Fundamentals
Audit types
Quality audit
A quality audit is a special form of an audit
It shall determine the extent to which the requirements for quality management systems are
fulfilled.
Audit findings are used to evaluate the effectiveness of the management system
and to detect opportunities for improvement.
audit
quality audit
QM | Prof. Dr.-Ing. Jochem | L 08: Audits

Page 18
05.01.2015
Fundamentals
Audit types
Overview: Categorization based on auditors status
Example
norm
Audit of selfdeclaration
EN ISO
19011
internal quality audit

through the
organization
itself
(quality)
audit
First-party-audit
external quality audit

through
interested
parties
Second-party-audit
customer
supplier audit
EN ISO
19011
through
independent
organization
Third-party-audit
certification
audit
ISO/IEC
17021*
* Anforderungen an
DrittparteienZertifizierungen
QM | Prof. Dr.-Ing. Jochem | L 08: Audits

Page 19
05.01.2015
Fundamentals
Goals for internal audits
Evaluation of the effectiveness of internal management systems
Identify weaknesses
Initiate improvements
Initiate corrective and preventive actions
Trace the implemented actions
As preparation for certification audit

Page 21
1/5/2015
Fundamentals
Reasons for internal audits
Planned monitoring of the management system
Introduction of new products or technologies
Critical deviations from previous audits
Monitoring of corrective and preventive actions
Audit scope:
An audit is a random sample test.

Page 22
1/5/2015
Fundamentals
Types of quality audits
Fundamentals
System audits
Purpose of the system audits:

Fundamentals of the system audits:
Evaluation of the documentation and

efficiency of a management system
Underlying policy and standards

System manual
Process description
Working instructions
Technical specifications
Records

Page 24
1/5/2015
Fundamentals
Internal vs. external system audits
Internal audit
External audit
Management system of a
company:
Within the own
organizational structure
On their own and direct
responsibility and planning
For hedging and improving
their management system
Management system of a
company:
Carried out by external
auditors
Not on their own and direct
responsibility and planning
Verification of satisfied
customer requirements
(Second party audit) or
the certification of
conformity (Third party
audit)

Page 25
1/5/2015
Fundamentals
Process audits
Purpose of the process audits:
Fundamentals of the process audits:
Evaluation of the efficiency of the

implemented steps/ measures within a
process
Evaluation of the quality ability and the
conformity of the process
Process description
Working instructions
Further documents on implementing, monitoring
and controlling a process
Records
Requirements on the qualification of the
employees

Page 26
1/5/2015
Fundamentals
Product audits
Purpose of the product audits:
Fundamentals of the product audits:
Identifying and demonstrating fluctuations

in production quality
determination of the quality level of
delivered goods or incoming goods check
Determination of the ability of the testing
center
components, assemblies and end products

production documents, -processes, steps test
steps
used production means and measuring devices

Page 27
1/5/2015
Fundamentals
Overview
audit
Product quality audit
Process quality audit
System quality audit
Subject of the
quality audit
Parts, Assemblies,
In-process product,
Final product, Service
Production processes,
Administrative processes,
Service processes
System elements,
Sub-systems, Entire system
Purpose of the
audit
Determine to what extent

the product meets the
quality requirements.
Determine to what extent the

process meets the
requirements and to what
extent the required results
are met.
Determine to what extent the

current system meets the
requirements
Documented
requirements
(specifications)
Measurements, Weight,
Surface quality, Material
properties, Functional
characteristics, Service
characteristics
Work equipment, Process

settings, Auxiliary material,
Environmental factors,
Process capability
Organizational structure,
Quality documentation
Audit
documentation
Drawings, Tables,
Product description

Page 28
Plans for settings, Production

plans, Test and inspection
Organizational guidelines,
plans, Work station
Quality manual, Environmental
description, Maintenance
manual, Accident prevention
plans, Cleaning plans,
regulations, Industrial safety
Environmental specifications,
regulations
Personnel qualification
1/5/2015
Requirements on auditors
Personal capabilities of auditors
Psychological sensitivity
Ability to establish contact
Ability to resolve conflicts
Obligation of secrecy
Acting with responsibility
Keen perception/ Quick-wittedness
Assertive

Page 30
1/5/2015
Required condition for the performance as an auditor
The internal auditor:
Has to know and understand the defined requirements (system documentation)
Is not allowed to auditee his own activities
Has to be objective and impartial
Has to apply and interpret the policies correctly
Has to know the status and the relevance of the processes which will be audited

Page 31
1/5/2015
Main tasks of an auditor
Audit planning (scope, frequency, methods)
Preparation (announcement, list of questions, etc.)
Collection of information via interviews and taking records
Evaluation of the results
Make a positive and motivating final meeting
Preparation of the (audit-) report
Monitoring of corrective and preventive actions

Page 32
1/5/2015
Principles of auditing
The six principles of auditing
1. Integrity
Foundation of professionalism
Auditors and the person managing an audit program should:
Perform their work with honesty, diligence, and responsibility;
Observe and comply with any applicable legal requirements;
Perform their work in an impartial manner,
i.e. remain fair and unbiased in all their dealings;
Be sensitive to any influences that may be exerted on their judgement
while carrying out an audit.
DIN EN ISO 19011

Page 33
1/5/2015
2. Fair presentation
Obligation to report truthfully and accurately
Significant obstacles encountered during the audit and unresolved diverging

opinions between the audit team members and the auditee should be
reported.
The communication should be truthful, accurate, objective, on time, clear and

complete.
DIN EN ISO 19011

Page 34
1/5/2015
3. Due professional care
Application of accuracy and judgement while auditing
Auditors should exercise due care in accordance with the importance of the
task they perform and the confidence placed in them by the audit client and
other interested parties
Important factor: ability to make reasoned judgements in all audit situations.
4. Confidentiality
Security of information
Audit information should not be used inappropriately for personal gain by the
auditor or the audit client, or in a manner detrimental to the legitimate
interests of the auditee.

Page 35
1/5/2015
DIN EN ISO 19011
5. Independence
Basis for the impartiality of the audit and objectivity of the audit conclusions
Auditors should be independent of the activity being audited wherever

practicable, and should in all cases act in a manner that is free from bias and
conflict of interest.
6. Evidence-based approach:
Rational method for reaching reliable and reproducible audit conclusions

in a systematic audit process
Audit evidence should be verifiable

It will in general be based on available samples of information, since an
audit is conducted during a finite period of time and with finite
resources.

Page 36
1/5/2015
DIN EN ISO 19011

Standards
Standards include requirements based on the private sector
Standards address the scope of the required activities (What to do not how to do it)
Requirements on quality management systems are described in standards
DIN EN ISO 9001 ff. summarize the most important standards for a quality management system

Page 38
1/5/2015

Overview
Guidelines:
DIN EN ISO 9000
DIN EN ISO 9004
Standards of the quality management

Fundamentals and vocabulary
Managing for the sustained success of an
organization A quality management
approach
Demands:
DIN EN ISO 9001
Quality management systems

Requirements

Page 39
1/5/2015

Principles of the DIN EN ISO 9000:2005
Customer focus
Leadership
A desired result is achieved more efficiently when activities and related resources are managed as a
process
System approach to management
Motivation, competence, awareness of customer requirements
Process approach
Leaders establish unity of purpose and direction of the organization
Involvement of employees at all levels
Understanding the current and future customer needs
Identifying, understanding and managing interrelated processes as a system contributes to the

organizations effectiveness and efficiency
Continual improvement
Factual approach to decision making
Supplier relationship mutual benefit

Page 40
1/5/2015

Model of a process-based quality management system
Key
Continuous improvement of the

quality management system
Value-adding activities
Information flow
Management
responsibility
Customer
Measurement,
analysis
and improvement
Resource
management
Requirements
Input
Customer
Product realization
Product
Satisfaction
Output

Page 41
1/5/2015

Structure
Management
responsibility
Resource
management
Measurement,
analysis
and improvement
Input
Output
Quality management system (4)
Management responsibility (5)
Resource management(6)
Product realization (7)
Measurement, analysis and improvement

(8)
Product realization

Page 42
1/5/2015

4.1
General requirements
Note:
When an organization decides to outsource a process, which influences the

product conformity, they have to guarantee the control of such processes.
The type and extent of this control need to be defined in the quality
management system.

Page 43
1/5/2015

4.2
Documentation requirements I
The quality management system documentation shall include:

documented statements of a quality policy and quality
objectives,
a quality manual,
documented procedures and records required by this
International Standard, and
documents, including records, determined by the organization
to be necessary to ensure the effective planning, operation
and control of its processes.
Note 1 to 4.2.1:
The extent of the quality management system documentation can differ from one organization to another due to the
size of the organization and type of activities, the complexity of processes and their interactions, and the competence
of personnel.

Page 44
1/5/2015

4.2
Documentation requirements II
The six required quality management procedures:
1.
Control of documents (4.2.3)
2.
Control of records (4.2.4)
3.
Internal audit (8.2.2)
4.
Control of non-conforming product (8.3)
5.
Corrective actions (8.5.2)
6.
Preventive action (8.5.2)

Page 45
1/5/2015

4.2.3/4
Control of documents and records
Records
(proof)
Protect data
against loss?
Documents
(specification)
Creation date
Creator (signature)
Dont use a pencil!
Determine archiving period and place
past
Hand out date

Revision status and version
Release (signature)
Distributor
Dont use a pencil!
today
Information
future
neither legislative content nor proof

Page 46
Actual version
(where needed)
available?
1/5/2015

4.2.3
Control of documents
The documented procedure for the control of documents must ensure that valid versions of appropriate
documents are available at the place of action.
Release for application of the documents
Indicate changes in documents and revision status
Documents of external origin must be identified and their distribution controlled
Checking whether the documents are up to date if things changed new release needed
Prevent usage of invalid documents by indicate them (in case they need to be kept)

Page 47
1/5/2015

4.2.4
Control of records
Records must be generated and kept up to date to guarantee the proof of conformity.
The procedure to control the documents must be documented and include the following regulations:
Documents must be readable and easy to identify
Ensure the retrieval
Identification (name, date, signature)
Storage (place, responsibility, duration)
Assign the documents to the procedures
Protect from loss (data protection)

Page 48
1/5/2015

Target
The management of an
organization has to recognize
quality as an executive function,
which needs to be understood,
coordinated and developed.

Page 49
Requirements
Management responsibility
5.1
Customer focus
5.2
Quality policy
5.3
Planning
5.4
Responsibility, authority and communication 5.5
Management review
1/5/2015
5.6

5.1
Management commitment
Top management shall provide evidence of its commitment to the development and implementation
of the quality management system and continually improve its effectiveness by:
Communicating to the organization the importance of meeting

customer as well as statutory and regulatory requirements,
Establishing the quality policy,
Ensuring that quality objectives are established,
Conducting management reviews, and
Ensuring the availability of resources.

Page 50
1/5/2015

5.2
Customer focus
Needs and expectations of customers
Determine (target group, competitive analysis)
Convert requirements and
Communicate to the employees of the organization
Understand the current and future demands of the customers
Fulfill customer expectations in order to increase customer satisfaction

Page 51
1/5/2015

5.3
Quality policy
Top management shall ensure that the quality policy:
Is appropriate to the purpose of the organization,

Includes a commitment to comply with requirements and continually improve the effectiveness of
the quality management system,
Provides a framework for establishing and reviewing quality objectives,
Is communicated and understood within the organization and
Is reviewed for continuing suitability.

Page 52
1/5/2015

5.4
Planning
Determine measurable quality goals in accordance with the quality policy and the commitment to
continuous improvement
Determine and plan all activities and resources to fulfill the requirements
Plan the processes
Required by the quality management system
Necessary for implementation
Keep up the operability of the quality system during updates
Activities of verification, criteria of acceptance and required quality records

Page 53
1/5/2015

Responsibility, authority and communication
Define and communicate the responsibilities and authority within the organization (5.5.1)
Appoint a management representative (5.5.2)
Member of the organization's management

Has the authority to establish, implement and maintain the processes
Reports to the top management on the performance of the quality management system
Task: ensuring the promotion of awareness of customer requirements
Establish and keep up an appropriate internal communication process (5.5.3)

Page 54
1/5/2015
5.5

5.6
Management review
Ensure the continuing suitability, adequacy and effectiveness of the quality management system
The input to management review shall include actual information on:

Results of audits, customer feedback
Process performance and product conformity
Status of preventive and corrective actions
The output from the management review shall include decisions and actions related to:
Improvement of the effectiveness of the quality management system
Improvement of product
Resource needs

Page 55
1/5/2015

Resource management (6)
Target
Defines and provides resources for the
implementation and fulfillment of the quality policy,
quality targets and customer requirements
Requirements
Provision of the resources
6.1
Human resources
6.2
Infrastructure
6.3
Work environment
6.4

Page 56
1/5/2015

6.1
Provision of resources
Establish and implement plans for resourcing
Planning application of resources in light of opportunities and constraints
Consideration of material and immaterial resources

Page 57
1/5/2015

6.2
Human resources
Identify needed training systematically
Ensure competence of employees
Conduct training and judge effectiveness
Keep and store records of the measures (Internal and external training)
Ensure that the employees are aware of the relevance and importance of their activities and how
they contribute to the achievement of the quality targets

Page 58
1/5/2015

6.3
Infrastructure
Provide and maintain a required infrastructure to achieve conformity to product requirements

Infrastructure includes:
Buildings, workspace and associated utilities
Process equipment (hardware and software)
Supporting services (transport, communication or information systems)
Maintenance of the infrastructure
Consideration of the external impacts on the infrastructure

Page 59
1/5/2015

6.4
Work environment
Needed work environment shall be
etermined
Managed and
Maintain
Human factors shall be determined and implemented
Creative work methods
Participation of the employees
Safety instructions
Physically factors for the achievement of error-free products shall be determined and implemented
Noise, vibration, heat, light, moisture
Hygiene, cleanliness
Pollution

Page 60
1/5/2015

Target
Identify and describe the processes and their
junctions to enable an efficient and error-free work
flow
Requirements
Planning of product realization
7.1
Customer-related processes
7.2
Design and development
7.3
Purchasing
7.4
Production and services
7.5
Control of monitoring and measuring

equipment

Page 61
7.6
1/5/2015

7.1
Planning of product realization
Determining, planning and implementing processes needed for product realization

Planning of product realization shall be consistent with the requirements of other processes of the
quality management system
Determine methods and procedures
Define appropriate quality targets and requirements for the product
Measure and monitor the processes
Ensure the availability of resources and information
Record the results of process control measures

Page 62
1/5/2015

7.2
Customer-related processes
Process for determining the customer requirements
e.g. completeness, conditions, availability, assumed requirements, ... (7.2.1)

Review and record of the customer requirements
e.g. obtain confirmation, clarity, make performance possible, document changes and make
the employees aware of it ... (7.2.2)
Communication with the customer
e.g. product information, enquiries, customer complaints ... (7.2.3)

Page 63
1/5/2015

7.4
Purchasing
Purchased products must comply with the requirements of the organization
Evaluate and select suppliers (Define evaluation criteria, document evaluations and measures)
Determine purchasing requirements (optionally with):
Requirements of approval
Qualification requirements
Requirements for quality management system
Purchasing documents
must clearly describe the product
Release after examination
Check purchased products

Page 64
1/5/2015

Control of production and service provision
7.5
Must be planned and controlled:
Determine the availability of product characteristics and work instructions
Use and maintain suitable production equipment and testing instruments
Provide a suitable working environment
Establish appropriate monitoring and verification activities; determine procedures for release,
delivery/installation

Page 65
1/5/2015

Measurement, analysis and improvement (8)
Target
The quality management system, processes and
products have to be planned, implemented and
complied with the requirements.
(e.g. by measurement, monitoring, analysis,
improvement)
Requirements
8.1
Monitoring and measurement
8.2
Control of nonconformity product
8.3
Analysis of data
8.4
Improvement
8.5

Page 66
1/5/2015

8.1
Plan and implement the monitoring, measurement, analysis and improvement processes
Determine appropriate methods and their extent
Determine and apply statistical tools

Page 67
1/5/2015

8.2
Monitoring and measurement
Customer satisfaction
8.2.1
Internal audit
8.2.2
Monitoring and measurement of processes
8.2.3
Monitoring and measurement of product
8.2.4

Page 68
1/5/2015

8.2.2
Internal audit
Conduct internal audits at planned intervals
Target: Determine whether the quality management system conforms to
the planned arrangements
the requirements of International Standard
the quality management system requirements established by the organization
Is effectively implemented and maintained
Plan audit program, take the results of previous audits into account
Define audit criteria, frequency and methods
Objectivity and impartiality of the auditors (again: auditors do not audit their own activities)
Define requirements and responsibilities for planning, implementation and documentation

Page 69
1/5/2015

8.3
Control of non-conformity product
The usage or delivery of non-conforming products must be prevented

Ways to deal with non-conforming products:
Eliminate the detected non-conformity
Authorizing usage:
release or acceptance under concession by a relevant authority/ the customer
Eliminate its original intended use or application
Appropriate to the effects, or potential effects, of the non-conformity when non-conforming

product is detected after its delivery

Page 70
1/5/2015

8.4
Analysis of data
The generated data from measurements, monitoring and others sources provide the basis for the
evaluation of the quality management system and the necessity of improvements.
Data analysis:
Product conformity
Customer satisfaction
Internal audits
Product and process characteristics
Suppliers

Page 71
1/5/2015

8.5
Improvement
Continuous improvement of the quality management system
Continuous improvement of the efficiency of the quality management system is required by the
standard
Define and implement the process for identifying and implementing corrective actions
Define and implement process for identifying and implementing preventive measures

Page 72
1/5/2015

8.5.2
Corrective action
Define requirements for:
Reviewing non-conformities (incl. customer complaints)

Determining the causes of non-conformities
Determining and implementing the needed measure(s)
Recordings of the results
Reviewing the effectiveness
The organization takes action to eliminate the causes of

non-conformities in order to prevent recurrence.

Page 73
1/5/2015

8.5.3
Preventive action
Define requirements for:
Determining potential non-conformities and their causes

Determining and implementing the needed measure(s)
Recordings of the results
Reviewing the effectiveness
The organization determines action to eliminate the causes of potential

non-conformities in order to prevent their occurrence.

Page 74
1/5/2015

Group work
ISO 9001 and the process
Task 1
Get together in the defined groups in order to work on following exercise.
Read the selection of the processes in your handout and assign the best fitting norm chapters
from ISO 9001
See handout !

Page 75
1/5/2015
Preparation and conduct of internal

audits
Preparation and conduct of internal audits

Audit planning, preparation and conduct
Steps
Content
Audit preparation:
- Audit program (annual plan)

- Audit plan (planning of a specific audit)
- Checklists (lists of questions)
Audit conduct:
- Opening meeting
- Lead audit interviews and record results
- Final discussion
Audit post-processing :
- Creation and distribution of the audit report

Page 77
1/5/2015
Preparation and conduct of internal audits

Audit conduct
Steps
Characteristics
Opening meeting
With all the involved executives (possibly employees): discuss

the target and scope of the audit, confirm the presence hours of
the employee, last coordination of the audit plan
Audit interviews
Use checklists, if necessary think of communication techniques,

have relevant system documents ready, examine records, take
notes
Coordination of the
auditors
Coordinate divergences and pre-formulate them, establish an

overall-evaluation and pre-formulate it as well
Final discussion
Coordination with the audited executives regarding audit

findings and follow-up

Page 78
1/5/2015
Audit Preparation and conduct of internal audits

Audit interview
Elements of an audit interview
Introduce yourselves to each other
Note down the name of the auditee
Questions (use e.g. QM- guides, process- and work instructions)
Use questioning techniques (What? Where? When? Why? Who?)
Write down results (e.g. examined documents, observed deficits)
Summary (Feedback, no discussion)

Page 79
1/5/2015

Audit interview
Audit interviews Important facts I
How to listen: Signs of attention

Show the employee who wants to talk about a
problem that you- as an auditor -are not distracted
or preoccupied with your own thoughts
Signal that you are interested in the described
problem
Use encouraging silence
Try to offer signs of attention to let the employee feel

comfortable even in stressful situations!

Page 80
1/5/2015

Audit interview
Audit interviews Important facts I
Communication barriers are created when the
auditor:
Gives orders
Warns or threatens
Communication barriers arise when the
Holds long-winded lectures
auditor:
Judges criticizes or reproaches
Shows tactical behavior (trying to
Flatters or unjustifiably praises sb.
"hoodwink" the employee)
Ridicules or embarrass sb.
Does not fully expresses his questions
Investigate or interrogated
Is aggressive and attacks
Overemphasized his own standpoint
Blames others for mistakes
Exceeds his position of power
Mentions vulnerable sides/ weak spots
Page 81
1/5/2015

Audit interview
Final discussion
The final meeting should show the following
It is important to see things from the audited
points:
persons perspective:
Unfamiliar questions need to be answered
Wrong answers and deviations will be

documented
The random sample characteristics of an

audit
Mention positive audit findings
Present negative audit findings and

divergences
People may be audited which dont want to

be audited
Arrange corrective measures
Further observations and recommendations
People wont meet, know or understand

every requirement specification
Concluding valuation regarding the efficacy

of the QMS
Time pressure, interruption of the daily work

routine
If needed: arrange follow-up meetings

Page 82
1/5/2015
General information I
Get started with humor, wake the auditees interest
Focus the view
Have a factual conversation
Always discuss one question at-a-time
Maintain the right distance
During disturbances or incomprehension:

rephrase the question
Integrate all participants
At the end: give feedback (very good, no complaints!

or ... Doesnt fit our internal requirements of ISO 9001)

Page 84
1/5/2015
General information II
Ask open questions.
The questions asked should be target-oriented and based on simplicity
A person asking wrong or vague questions, is not qualified to be an auditor
So questions need to be formed precisely and not be repeated without any intention.
Examples for open questions:

How do you ensure, that ...?
How is the ... arranged?
How have you documented ...?
Whats the background of this instruction?

Page 85
1/5/2015
Examples
Avoid suggestive questions:

Didnt you say yesterday that..., didnt you?
You wont be able to gain new information when the answer is asked as question
Dont ask Yes/No- Questions (except where needed for confirmation):
Do you got any further education certificates?
Since you have to take a look at these documents, you will have to continue questioning either
way
Do not frame your questions provokingly:

Do you even have a education certificate at all?

Page 86
1/5/2015
Principles for asking questions
Keep calm
Hear each other out
Argue convincingly
Listen actively
Be interested
Participate

Page 87
1/5/2015
Information to extract from the interviewee
With
whom?
Using
what?
INPUT
From whom/
where
Requirements
Process
What
results?

Page 88
Requirements
How
done?
1/5/2015
OUTPUT
To whom/
where

Group work
Audit interview and report (Role play l)
Task
Split up into 3 roles: 1 auditor (maybe 1 co-auditor), the audited employees and an observer.
Prepare your role! The auditors have to prepare target-aimed questions. (20 min)
There is a complete scenario for an audit interview scenario on your additional exercise paper.
Read your role instructions carefully. Both sides will have to make notes while playing that
scene. (30 min)
First of all evaluate your interview by using the template regarding that specific principles
given by todays input. (20 min)
Afterwards try to frame audit findings together by comparing the audit criteria and the audit
evidences. Write an audit report by using the template and make sure to follow all principles
given in the exercise. (20 min)
See handout !
Page 89
1/5/2015

Group work
Audit situation final meeting (Role play II)
Task
Your company conducts a supplier audit, which takes place on the Vintners Winery. After the
audit process has been finished the participants come together for the final meeting
Participants:
Auditor, Co-Auditor
CEO, QM-Representative, Cellarer, Manager Service Department

Page 90
1/5/2015

Audit post-processing
Further components of audit interviews
After an audit, the following measures are required:
Preparation of the audit report
Follow-up corrective measures
Support for the definition of preventive measures
Only with these measures, the audit will be an effective guiding element.

Page 91
1/5/2015

Audit program annual plan
ISO 19011: a set of one or more audits, which are planned for a specific
period of time
Contains the schedule which defines when an audit is performed in a specific area,
what the scope of the audit will be (all or specific processes) and what has been
defined by the auditors
Also serves as a registration for carried out audits
Is created and maintained by the quality representative

Page 92
1/5/2015

Audit plan
ISO 19011: Planning the activities of an audit
Audit plan: contains the auditors and the organization which will be audited, the planned date
(audit date), the duration, the functional units, processes and the interlocutor for the audits onsite.
Do not forget to schedule:
Opening meeting
Lunch break
Evaluation time of the notes/records by the auditor
Final discussion
Created and updated by the lead auditor

Page 93
1/5/2015

Audit report
The audit report is the core of the evaluation:
Contains the overall evaluation of the implementation of the quality management system and
organizational information concerning the audit (date, organizational unit, auditors, etc.)
Contains recommendations for further improvements
Contains a number of variations and refers to the deviation report
Is completed by a checklist or a protocol
Is formulated in clear and understandable way
Will be coordinated with the audited organizational unit during the final discussion
Is created by the lead auditor

Page 94
1/5/2015

Audit report
Audit report requirements according to DIN EN ISO 19011
Audit team leader should report the audit results in accordance with the audit program procedures.
The audit report should provide a complete, accurate, concise an clear record of the audit, and
should include or refer to the following:
a.
The audit targets
b.
The audit scope, particularly identification of the organizational and functional units or processes
audited
c.
Identification of the audit client
d.
Identification of audit team and auditees participants in the audit
e.
The dates and locations where the audit activities were conducted
f.
The audit criteria
g.
The audit findings and related evidence
h.
The audit conclusions
i.
A statement on the degree to which the audit criteria have been fulfilled
DIN EN ISO 19011

Page 95
1/5/2015

Audit report
Audit report requirements according to DIN EN ISO 19011
The audit report can also include or refer to the following, as appropriate:
j.
The audit plan
k.
A summary of the audit process, including the uncertainty and/or any obstacles encountered that may
decrease the reliability of the audit conclusions
l.
Confirmation if the audit objectives have been accomplished within the audit scope in accordance
with the audit plan
m. Any areas within the audit scope not covered

n.
A management summary covering the audit conclusions and the main audit findings that support
them
o.
Any unresolved diverging opinions between the audit team and the auditee;
p.
Opportunities for improvement, if specified in the audit objectives;
q.
Strengths and best practices identified;
r.
Agreed follow-up action plans, if any;
s.
A statement of the confidential nature of the contents;
t.
The distribution list for the audit report.

DIN EN ISO 19011

Page 96
1/5/2015

Audit report
Deviation report
The deviation report complements the audit report:
Contains the discrepancies, the resulting measures and the proof of completion of those measures
and organizational information concerning the audit (date, organizational unit, auditors, etc.)
Is formulated in clear and understandable way
Will be coordinated with the audited organizational unit during the final discussion
Is created by the lead auditor

The deviation report can be part of the audit report.
DIN EN ISO 19011

Page 97
1/5/2015
Certification audit
Certification audit
Deviation report
Principle:
IAF Guide 62
(IAF = International Accreditation Forum)
manage:
Requirements for certification/registration bodies
Requirements for preparation, performance and report of the certification audits
Qualification requirements for certification auditors
Effort of an audit depending on number of employees of the organization

+ 10 employees = 2 man-days
DIN EN ISO 19011

Page 99
1/5/2015
Certification audit
Audit cycle
Order is
placed
Consultation
Supervision
audit
Pre-audit
Supervision
audit
Audit
Verification
audit
fulfilled?
Certificate
granting
Renewal of the
certificate
Validity: 3 years with the

assignment of the
supervision audit

Page 100
1/5/2015
Certification audit
Additional information
Auditors are generally generous, dont lie brazenly!
Audit is also a sales pitch. Good things should also be presented well!
All employees must be informed about the policies and targets
Individual variations are valid, but the certification only fails on a systematic deviation in one
location!

Page 101
1/5/2015
Presentation
Presentation
Task for the presentation
Scenario
The Vietnamese-German University offers a variety of services for students. The canteen is
the most sensitive area due to the wide clientele and the strong public perception. For that
reason the canteen tries to improve the customer satisfaction within their offered services.

Page 103
1/5/2015
Presentation
Task for the presentation
Task
You, as the internal auditor, got the task to create an audit program for the following four years
including four individual audits. Plan various kinds of audits in order to maximize the efficiency
and effectiveness of the program.
Create an audit plan for a single audit with the audit target The payment system meets the
requirements of the students.
Prepare a presentation with your results by Friday (2014/01/09).
You will have 15 minutes to present your results followed by a
discussion part (10 minutes).

Page 104
1/5/2015

VGU - PC2 Audit 2014-12-15 - v2.2 - AlJ

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

VGU - PC2 Audit 2014-12-15 - v2.2 - AlJ

Încărcat de

Drepturi de autor:

Formate disponibile

Quality Management I

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

Partly missing labelling of products was discovered

Job instructions referring to content and placement of labels existed

The final goal of quality audits is the guidance to the solution of a

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

The auditor does not

The results and the

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

Statements and evaluations

Example for an audit

Audit evidence represents

DIN EN ISO 19011

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

DIN EN ISO 19011:2011

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

DIN EN ISO 19011:2011

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

DIN EN ISO 19011:2011

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

DIN EN ISO 19011:2011

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

DIN EN ISO 19011:2011

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

DIN EN ISO 19011:2011

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

Definition: audit scope

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

Definition: audit evidence

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

DIN EN ISO 19011:2011

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

DIN EN ISO 19011:2011

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

QM | Prof. Dr.-Ing. Jochem | L 08: Audits

internal quality audit

external quality audit

QM | Prof. Dr.-Ing. Jochem | L 08: Audits

Evaluation of the effectiveness of internal management systems

Initiate corrective and preventive actions

Trace the implemented actions

As preparation for certification audit

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

Planned monitoring of the management system

Introduction of new products or technologies

Critical deviations from previous audits

Monitoring of corrective and preventive actions

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

Purpose of the system audits:

Evaluation of the documentation and

Underlying policy and standards

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

Fundamentals of the process audits:

Evaluation of the efficiency of the

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

Fundamentals of the product audits:

Identifying and demonstrating fluctuations

components, assemblies and end products

QM 1 l Practical Class 1 - Audits l Prof. Dr.- Ing. Jochem

Product quality audit

Process quality audit

System quality audit