Sunteți pe pagina 1din 4

ISO 9001 Auditor Guidance

1.Time Planning: Appropriate time to be planned for - Opening Meeting, Audit Plan for
various business verticals, travel time planning, closing meeting time, corroboration /
communication time, reporting and publishing time for QSARs / results. Plan to be
provided to auditees in advance for Auditor-Auditee interaction.
2.Time Scheduling: Completing all workgroups in allotted optimal time as per the
importance of workgroup processes to auditee's business is essential. Auditee may have
some business emergencies, need to take care of occasional diversion of auditee to such
emergencies and if in excess, then only time can be enhanced else need to squeeze
time. Reason - you have already booked return ticket and not advisable to spend more
than what is approved - due to commercial reasons.
3.Use of and adherence to the RCOM Common Internal Audit Procedure is a MUST. Please
read it beforehand.
4.Starting of Audit -
a.Have opening meeting. Introduce yourself, get auditee's introduction including
Auditee's management, workstreams / substreams, function owners, organogram,
QMS - processes, documentation and control - in brief etc. / and that too - using
informal manner. Some work-streams / functions may not have enough activities /
transactions enough to audit – find if so and plan audit time allocation changes
according to the work content without changing overall schedule and time plan.
b.Opening Meeting conduct guidelines: All auditee - MUST and optionally -
auditee's local business leads can be present for the opening meeting.
c.Explain plan, start / close of day and end of audit - closing meeting time. Ask if plan /
schedule is ok with all.
d.Explain ground rules - skipping auditee to handle emergency. Change of auditee in
between or proxy auditee seating... etc. Rules for Handling phone calls / emails etc.
Allow observers to learn.
e.Lunch time planning, span of lunch time, location / comfort for menue or special
requirements if any so that less time is wasted and arrangements can be done in
advance. Always ensure Lunch Activity should not consume your valuable time and
should not become an excuse for not auditing some planned part of follow-up. Lunch
should not lead to extravagant expenditure of time and excess of hospitality or
gesture of over-powering auditor emotionally.
f.Ask auditee to keep normally required records ready and accessible, network readiness
etc so that there should be no wastage of time in searching, accessing etc.
g.Auditor to suggest that - it is sampling audit, all correct samples may not mean
processes are not having any issues, or all samples wrong may not mean otherewise,
however all wrong samples may lead auditor to chase for more samples or causes
and may lead to find reasons why NC cannot be given.
h.Explain plan and can make last minute changes to plan to accommodate last minute
auditee required changes. Once determined in opening meeting, keep the plan fixed
but not regid still since auditee can have emergencies.
i.Explain confidentiality principle - we keep your information confidential etc. and abide
by that.
j.Explain - you may need auditee's leads (/ associates) in case of further probing /
explanations / understanding etc. and ensure you have their contacts so if auditee
ensures they cannot be contacted, you can contact them independently.
k.Explain - how you handle NCs? How you would assign Major / Minor / Observation is
poential NC, suggestions for improvements etc and what they are supposed to act on
l.Explain - Audit closing practice in / via respective portal.
m.Re-audit / inspection if major NC may be necessary.
n.Closure of NC - Auditor's approval for plan of closure is essential.
1.Ensure before ending audit, have auditee agreed to Required Vs Observed evidences in
case NC is there and have NC communicated to and agreed by auditee. If not you can
continue to explain and make him and his boss accept but escalate in case auditee is not
agreeing to you. In any case, NC once determined and agreed by auditee, cannot be
taken back. Hence be very confident of the NC raining if the situation warrants. Have
SOP / ISO clauses properly studied beforehand so that you are sure of NC. No not
engage in to consultative mode for NC closures or Suggestions. Suggestions should be
only for QMS and not for the generic business processes of auditee.
2.Do not think, giving NC is a must or otherwise.
3.Ensure NC is properly worded, and only most significant clause is mentioned if there are
multiple affected clauses.
4.Ensure while giving NC, you record: observed reality - include samples if documents that
can be attached, details and references of observations by way of records numbers and
record indexes, ISO Clause affected and / or Organization's SOP impacted, Observed
Effect of impact or potential impact that can cause in future, multiple occurances of
violations of requirements - from when to when, or previous audit reference if repeat
oudit observations etc. need to be recorded.
5.Do not expect if your own business is handling auditee-like situation for QMS in a specific
way, auditee's business should also handle it in same way. Do not fall in to trap of
comparing QMS, rather let auditee explain how the their QMS / records / evidences
qualify for No NC in case of compromising situations. Let auditee explain how evidence
suggest compliance to their processes / SOPs, ISO clauses and Quality policy and
Statutory requirements.
6.Ending - Have closing meeting. Closing meeting conduct guidelines.
a.All auditee to be present. Some auditee may not be. If there is an NC for a work-
stream, then presence of auditee for this work-stream is must.
b.Explain auditee - their respective Good and Not-So good points and areas of potential
c.Thank auditee for time, hospitality and arrangements.
d.Explain auditee how you have taken care of confidentiality and privacy of auditee’s
data and what will you do with evidences gathered, how will you protect it?
e.Clearly explain NC / No NC / Observation / Suggestions - with specific reference to ISO
clause and in case necessary reference to procedures. Have clearly written
references of Required or Expected Vs Observed things and what really is the NC.
Also clearly explain observations.
1.Use of Auditee's checklist: is not essential and mandatory. You can make your own. You
can use auditee checklist if you are convienced that it is necessary and sufficient. Using
any checklist is not mandatory. Wrong checklist is not an NC if the checklist is not a
controlled document which is a regular case. If using wrong checklist by you is causing a
wrong NC then it could be an issue, hence please be sure if you are picking up auditee’s
NC or preparing your own NC.
2.Findings - corroboration - Corroborate your findings with other processes / other
workstreams or even audits at other locations with respective auditors. If there are
auditors on site, please meet them and understand their findings.
3.Result of Past audits for one FY / last surveillance audit and their closure etc. must be
seen. management Review must o/p and tracking must be seen.
4.For NC / Observation / Suggstion - use of correct language, keywords, clauses, use of
most appropriate and most serious clause in case event qualifies for multiple clauses and
auditee's agreement is essential.
5.Gather evidence that you can carry and that auditee can not deny or if same is not
possible, record and have auditee agree for same in some way or other - possibly using
email etc.
6.Avoid taking copies of auditee's confidential or private data. Avoid private questions to
auditor or questions related to confidential information for auditee's business unless it is
essential for the audit.
7.Do not threaten auditee. Do not show extra sympathy to auditee. If auditee is a friend, do
not use freindship beyond ethical boundaries for you as an auditor and a representative
of auditee's management since you are conducting internal audit on behalf of the
auditee's management.
8.Final escalations can go to Auditee's MR in case auditee is not getting convinced for your
NC / Observation related remarks.
9.Any acceptable evidence auditee can give you till you leave the auditee's business place
for your entire audite schedule - last day of audit - in the city / location of audit is
acceptable for not raising NC, however inform auditee that "Now I am giving you an NC,
situation will depend on the time you show me the evidence and it is acceptable to me
or not".
10.Never give NC because auditee or his colleague gave you NC last time...
11.Prior study of auditee's QMS is essential so as to avoid wastage of auditee's time at the
time of actual audit. While with auditee, maximum time will be spent in sample
evaluation and inspection, probing and Q&A related to audit itself.
12.Avoid extending time unless it is emergency.
13.Visiting Auditee's field place of work if outside incidents are handled by auditee's work-
function is essential on sampling basis.
14.Visiting auditee's workplace or carrying audit at real workplace of auditee instead of
conference room is essential.
15.Be sure to make effective and efficient use of time when with auditee, avoid waste of
time by auditee or by you as well. Avoid taking calls when in front of auditee and
encourage auditee to avoid taking calls unless it is great emergency.
16.You have to release other business group's Audit QSARS in their portal in time.
17.You have to release of IMSG Audit QSARs in IMSG Portal in time.
18.Auditor has to support Auditee for approval of NC action Plan, Review / closure of CAR
and closure of NCs in respective portals in time.
19.Updating of Auditor’s Audit-Hours Record essential.