Documente Academic
Documente Profesional
Documente Cultură
Practical Class 1
Audits I Prof. Dr.-Ing. Jochem
Agenda
Fundamentals
Requirements on internal auditors
DIN EN ISO 9001:2008
Preparation and conduct of audits
Certification audits
Questioning techniques
1/5/2015
Fundamentals
Fundamentals
Important terms
Example product labelling of an manufacturer of construction materials
audit
producer
Firstly the management implied disregarding of job instructions
Questioned the reasonableness of job instruction
auditor
After closer inspections the reason for the problems was the inappropriate
labelling method, since many labels peeled off due to the dusty working
environment
1/5/2015
Fundamentals
EN ISO 19011:2011 Guidelines for auditing
ISO 19011:2011 was established as a guideline for integrated management systems to ensure a
unified audit procedure for all systems.
This International Standard provides guidance on auditing management systems, including the
principles of auditing, managing an audit program and conducting management system audits, as
well as guidance on the evaluation of competence of individuals involved in the audit process,
including the person managing the audit program, auditors and audit teams (ISO 19011)
Content:
1. Scope
2. Normative references
3. Terms and definitions
4. Principles of auditing
5. Managing an audit program
6. Performing an audit
7. Competence and evaluation of auditors
1/5/2015
Fundamentals
Important terms
Definition: Audit
is a systematic, independent and documented process to obtain
audit evidence and to evaluate it objectively. Moreover it is
determining to which extent the audit criteria are fulfilled.
systematic
independent
documented
Inspection based on
checklists and process
descriptions etc.
1/5/2015
Fundamentals
Important terms
Definition: Audit
is a systematic, independent and documented process to obtain
audit evidence and to evaluate it objectively. Moreover it is
determining to which extent the audit criteria are fulfilled.
evaluate it
objectively
audit criteria
are fulfilled
obtain audit
evidence
1/5/2015
Fundamentals
Important terms
Definition: audits
systematic, independent and documented process for obtaining audit
evidence and evaluating it objectively to determine the extent to which
the audit criteria are fulfilled
Definition: auditor
person who conducts an audit
1/5/2015
Fundamentals
Important terms
Definition: technical expert
person who provides specific knowledge or expertise to the audit team
NOTE 1:
Specific knowledge or expertise is that which relates to the organization, the process or activity
to be audited, or language or culture.
NOTE 2:
A technical expert does not act as an auditor in the audit team.
1/5/2015
Fundamentals
Important terms
Definition: audit team
one or more auditors conducting an audit, supported if needed by
technical experts
Definition: guide
person appointed by the auditee to assist the audit team
1/5/2015
Fundamentals
Important terms
Definition: observer
person who accompanies the audit team but does not audit
NOTE 1:
An observer is not a part of the audit team and does not influence or interfere with the conduct
of the audit
NOTE 2:
An observer can be from the auditee, a regulator or other interested party who witnesses the
audit.
1/5/2015
Fundamentals
Important terms
Definition: audit client
organization or person requesting an audit
NOTE:
In the case of internal audit, the audit client can also be the auditee or the person managing the
audit program. Requests for external audit can come from sources such as regulators,
contracting parties or potential clients.
1/5/2015
Fundamentals
Important terms
Definition: audit program
arrangements for a set of one or more audits planned for a specific
time frame and directed towards a specific purpose
NOTE:
An audit program includes all activities necessary for planning, organizing and conducting the
audits.
1/5/2015
Fundamentals
Important terms
Definition: audit plan
description of the activities and arrangements for an audit
1/5/2015
Fundamentals
Important terms
Definition: audit criteria
set of policies, procedures or requirements used as a reference
against which audit evidence is compared
NOTE :
Audit criteria may include policies, procedures, standards, legal requirements, management
system requirements, contractual requirements, sector codes of conduct or other planned
arrangements.
1/5/2015
Fundamentals
Important terms
Definition: audit findings
results of the evaluation of the collected audit evidence against audit
criteria
NOTE 1:
Audit findings indicate conformity or nonconformity.
NOTE 2:
Audit findings can lead to the identification of opportunities for improvement or recording good
practices.
1/5/2015
Fundamentals
Important terms
Definition: audit conclusion
outcome of an audit, after consideration of the audit objectives and all
audit findings
1/5/2015
Fundamentals
Audit types
Quality audit
A quality audit is a special form of an audit
It shall determine the extent to which the requirements for quality management systems are
fulfilled.
Audit findings are used to evaluate the effectiveness of the management system
and to detect opportunities for improvement.
audit
quality audit
DIN EN ISO 9000:2005
05.01.2015
Fundamentals
Audit types
Overview: Categorization based on auditors status
Example
norm
Audit of selfdeclaration
EN ISO
19011
(quality)
audit
First-party-audit
Second-party-audit
customer
supplier audit
EN ISO
19011
through
independent
organization
Third-party-audit
certification
audit
ISO/IEC
17021*
* Anforderungen an
DrittparteienZertifizierungen
05.01.2015
Fundamentals
Goals for internal audits
Identify weaknesses
Initiate improvements
1/5/2015
Fundamentals
Reasons for internal audits
Audit scope:
An audit is a random sample test.
1/5/2015
Fundamentals
Types of quality audits
Fundamentals
System audits
1/5/2015
Fundamentals
Internal vs. external system audits
Internal audit
External audit
Management system of a
company:
Within the own
organizational structure
On their own and direct
responsibility and planning
For hedging and improving
their management system
Management system of a
company:
Carried out by external
auditors
Not on their own and direct
responsibility and planning
Verification of satisfied
customer requirements
(Second party audit) or
the certification of
conformity (Third party
audit)
1/5/2015
Fundamentals
Process audits
Purpose of the process audits:
Process description
Working instructions
Further documents on implementing, monitoring
and controlling a process
Records
Requirements on the qualification of the
employees
1/5/2015
Fundamentals
Product audits
Purpose of the product audits:
1/5/2015
Fundamentals
Overview
audit
Subject of the
quality audit
Parts, Assemblies,
In-process product,
Final product, Service
Production processes,
Administrative processes,
Service processes
System elements,
Sub-systems, Entire system
Purpose of the
audit
Documented
requirements
(specifications)
Measurements, Weight,
Surface quality, Material
properties, Functional
characteristics, Service
characteristics
Organizational structure,
Quality documentation
Audit
documentation
Drawings, Tables,
Product description
1/5/2015
Requirements on auditors
Requirements on auditors
Personal capabilities of auditors
Psychological sensitivity
Obligation of secrecy
Assertive
1/5/2015
Requirements on auditors
Required condition for the performance as an auditor
Has to know the status and the relevance of the processes which will be audited
1/5/2015
Requirements on auditors
Main tasks of an auditor
1/5/2015
Requirements on auditors
Principles of auditing
The six principles of auditing
1. Integrity
Foundation of professionalism
Auditors and the person managing an audit program should:
Perform their work with honesty, diligence, and responsibility;
Observe and comply with any applicable legal requirements;
Perform their work in an impartial manner,
i.e. remain fair and unbiased in all their dealings;
Be sensitive to any influences that may be exerted on their judgement
while carrying out an audit.
1/5/2015
Requirements on auditors
Principles of auditing
The six principles of auditing
2. Fair presentation
1/5/2015
Requirements on auditors
Principles of auditing
The six principles of auditing
3. Due professional care
Auditors should exercise due care in accordance with the importance of the
task they perform and the confidence placed in them by the audit client and
other interested parties
4. Confidentiality
Security of information
Audit information should not be used inappropriately for personal gain by the
auditor or the audit client, or in a manner detrimental to the legitimate
interests of the auditee.
1/5/2015
Requirements on auditors
Principles of auditing
The six principles of auditing
5. Independence
Basis for the impartiality of the audit and objectivity of the audit conclusions
6. Evidence-based approach:
1/5/2015
Standards address the scope of the required activities (What to do not how to do it)
DIN EN ISO 9001 ff. summarize the most important standards for a quality management system
1/5/2015
Demands:
DIN EN ISO 9001
1/5/2015
Customer focus
Leadership
A desired result is achieved more efficiently when activities and related resources are managed as a
process
Process approach
Continual improvement
Factual approach to decision making
Supplier relationship mutual benefit
1/5/2015
Value-adding activities
Information flow
Management
responsibility
Customer
Measurement,
analysis
and improvement
Resource
management
Requirements
Input
Customer
Product realization
Product
Satisfaction
Output
1/5/2015
Management
responsibility
Resource
management
Measurement,
analysis
and improvement
Input
Output
Resource management(6)
Product realization
1/5/2015
General requirements
Note:
1/5/2015
Documentation requirements I
Note 1 to 4.2.1:
The extent of the quality management system documentation can differ from one organization to another due to the
size of the organization and type of activities, the complexity of processes and their interactions, and the competence
of personnel.
1/5/2015
Documentation requirements II
The six required quality management procedures:
1.
2.
3.
4.
5.
6.
1/5/2015
Records
(proof)
Protect data
against loss?
Documents
(specification)
Creation date
Creator (signature)
Dont use a pencil!
Determine archiving period and place
past
Information
future
Actual version
(where needed)
available?
1/5/2015
Control of documents
The documented procedure for the control of documents must ensure that valid versions of appropriate
documents are available at the place of action.
Checking whether the documents are up to date if things changed new release needed
Prevent usage of invalid documents by indicate them (in case they need to be kept)
1/5/2015
Control of records
Records must be generated and kept up to date to guarantee the proof of conformity.
The procedure to control the documents must be documented and include the following regulations:
1/5/2015
Requirements
Management responsibility
5.1
Customer focus
5.2
Quality policy
5.3
Planning
5.4
Management review
1/5/2015
5.6
Management commitment
Top management shall provide evidence of its commitment to the development and implementation
of the quality management system and continually improve its effectiveness by:
1/5/2015
Customer focus
1/5/2015
Quality policy
Top management shall ensure that the quality policy:
1/5/2015
Planning
Determine measurable quality goals in accordance with the quality policy and the commitment to
continuous improvement
Determine and plan all activities and resources to fulfill the requirements
1/5/2015
Define and communicate the responsibilities and authority within the organization (5.5.1)
1/5/2015
5.5
Management review
Ensure the continuing suitability, adequacy and effectiveness of the quality management system
The output from the management review shall include decisions and actions related to:
Improvement of the effectiveness of the quality management system
Improvement of product
Resource needs
1/5/2015
Target
Defines and provides resources for the
implementation and fulfillment of the quality policy,
quality targets and customer requirements
Requirements
6.1
Human resources
6.2
Infrastructure
6.3
Work environment
6.4
1/5/2015
Provision of resources
1/5/2015
Human resources
Keep and store records of the measures (Internal and external training)
Ensure that the employees are aware of the relevance and importance of their activities and how
they contribute to the achievement of the quality targets
1/5/2015
Infrastructure
1/5/2015
Work environment
etermined
Managed and
Maintain
Human factors shall be determined and implemented
Safety instructions
Physically factors for the achievement of error-free products shall be determined and implemented
Hygiene, cleanliness
Pollution
1/5/2015
Requirements
7.1
Customer-related processes
7.2
7.3
Purchasing
7.4
7.5
7.6
1/5/2015
1/5/2015
Customer-related processes
e.g. obtain confirmation, clarity, make performance possible, document changes and make
the employees aware of it ... (7.2.2)
Communication with the customer
e.g. product information, enquiries, customer complaints ... (7.2.3)
1/5/2015
Purchasing
Evaluate and select suppliers (Define evaluation criteria, document evaluations and measures)
Requirements of approval
Qualification requirements
Purchasing documents
1/5/2015
7.5
Establish appropriate monitoring and verification activities; determine procedures for release,
delivery/installation
1/5/2015
Requirements
General requirements
8.1
8.2
8.3
Analysis of data
8.4
Improvement
8.5
1/5/2015
General requirements
Plan and implement the monitoring, measurement, analysis and improvement processes
1/5/2015
Customer satisfaction
8.2.1
Internal audit
8.2.2
8.2.3
8.2.4
1/5/2015
Internal audit
Plan audit program, take the results of previous audits into account
Define audit criteria, frequency and methods
Objectivity and impartiality of the auditors (again: auditors do not audit their own activities)
Define requirements and responsibilities for planning, implementation and documentation
1/5/2015
Authorizing usage:
1/5/2015
Analysis of data
The generated data from measurements, monitoring and others sources provide the basis for the
evaluation of the quality management system and the necessity of improvements.
Data analysis:
Product conformity
Customer satisfaction
Internal audits
Suppliers
1/5/2015
Improvement
Continuous improvement of the efficiency of the quality management system is required by the
standard
Define and implement the process for identifying and implementing corrective actions
Define and implement process for identifying and implementing preventive measures
1/5/2015
Corrective action
1/5/2015
Preventive action
1/5/2015
1/5/2015
Steps
Content
Audit preparation:
Audit conduct:
- Opening meeting
- Lead audit interviews and record results
- Final discussion
Audit post-processing :
1/5/2015
Characteristics
Opening meeting
Audit interviews
Coordination of the
auditors
Final discussion
1/5/2015
1/5/2015
1/5/2015
1/5/2015
points:
persons perspective:
1/5/2015
Questioning techniques
Questioning techniques
General information I
1/5/2015
Questioning techniques
General information II
So questions need to be formed precisely and not be repeated without any intention.
1/5/2015
Questioning techniques
Examples
Since you have to take a look at these documents, you will have to continue questioning either
way
1/5/2015
Questioning techniques
Principles for asking questions
Keep calm
Hear each other out
Argue convincingly
Listen actively
Be interested
Participate
1/5/2015
Questioning techniques
Information to extract from the interviewee
With
whom?
Using
what?
INPUT
From whom/
where
Requirements
Process
What
results?
Requirements
How
done?
1/5/2015
OUTPUT
To whom/
where
1/5/2015
Participants:
Auditor, Co-Auditor
CEO, QM-Representative, Cellarer, Manager Service Department
1/5/2015
1/5/2015
1/5/2015
Audit plan: contains the auditors and the organization which will be audited, the planned date
(audit date), the duration, the functional units, processes and the interlocutor for the audits onsite.
Do not forget to schedule:
Opening meeting
Lunch break
Final discussion
1/5/2015
Contains the overall evaluation of the implementation of the quality management system and
organizational information concerning the audit (date, organizational unit, auditors, etc.)
Will be coordinated with the audited organizational unit during the final discussion
1/5/2015
Audit team leader should report the audit results in accordance with the audit program procedures.
The audit report should provide a complete, accurate, concise an clear record of the audit, and
should include or refer to the following:
a.
b.
The audit scope, particularly identification of the organizational and functional units or processes
audited
c.
d.
e.
The dates and locations where the audit activities were conducted
f.
g.
h.
i.
A statement on the degree to which the audit criteria have been fulfilled
DIN EN ISO 19011
1/5/2015
The audit report can also include or refer to the following, as appropriate:
j.
k.
A summary of the audit process, including the uncertainty and/or any obstacles encountered that may
decrease the reliability of the audit conclusions
l.
Confirmation if the audit objectives have been accomplished within the audit scope in accordance
with the audit plan
A management summary covering the audit conclusions and the main audit findings that support
them
o.
Any unresolved diverging opinions between the audit team and the auditee;
p.
q.
r.
s.
t.
1/5/2015
Contains the discrepancies, the resulting measures and the proof of completion of those measures
and organizational information concerning the audit (date, organizational unit, auditors, etc.)
Is formulated in clear and understandable way
Will be coordinated with the audited organizational unit during the final discussion
1/5/2015
Certification audit
Certification audit
Deviation report
Principle:
IAF Guide 62
manage:
1/5/2015
Certification audit
Audit cycle
Order is
placed
Consultation
Supervision
audit
Pre-audit
Supervision
audit
Audit
Verification
audit
fulfilled?
Certificate
granting
Renewal of the
certificate
1/5/2015
Certification audit
Additional information
Auditors are generally generous, dont lie brazenly!
Audit is also a sales pitch. Good things should also be presented well!
All employees must be informed about the policies and targets
Individual variations are valid, but the certification only fails on a systematic deviation in one
location!
1/5/2015
Presentation
Presentation
Task for the presentation
Scenario
The Vietnamese-German University offers a variety of services for students. The canteen is
the most sensitive area due to the wide clientele and the strong public perception. For that
reason the canteen tries to improve the customer satisfaction within their offered services.
1/5/2015
Presentation
Task for the presentation
Task
You, as the internal auditor, got the task to create an audit program for the following four years
including four individual audits. Plan various kinds of audits in order to maximize the efficiency
and effectiveness of the program.
Create an audit plan for a single audit with the audit target The payment system meets the
requirements of the students.
Prepare a presentation with your results by Friday (2014/01/09).
You will have 15 minutes to present your results followed by a
discussion part (10 minutes).
1/5/2015