Upload
joshua-hardin
View
22
Download
0
Embed Size (px)
DESCRIPTION
A presentation on current internal audit practices and requirements for an ISO9000/AS9100 Quality Management system
Citation preview
1MODERN INTERNAL AUDITS- compliance -
- improvement -
ISO 9001:2000
2THE PURPOSE OF INTERNAL AUDITS
ISO 19011 COMBINES THE QMS AND EMS AUDIT PROCEDURES
AUDIT (ISO 9000:2000 VOCABULARY)
Systematic, independent and documentedprocess for obtaining audit evidence andevaluating it objectively to determine theextent to which audit criteria are fulfilled
Audit criteria; Set of policies, procedures orrequirements used as a reference
3THE PURPOSE OF INTERNAL AUDITS
ISO 9000:2000 2.8.2 Auditing the Quality Management System
Audits are used to determine the extent to which the qualitymanagement system requirements are fulfilled. Audit findingsare used to assess the effectiveness of the quality managementsystem and to identify oppurtunities for improvement
2.8.1 Evaluating processes within the QMS
a) Is the process identified and appropriately defined?b) Are responsibilities assigned?c) Are the procedures implemented and maintained?d) Is the process effective in achieving the required results?
4Internal audit We conduct audits at planned intervals to determine whether our QMS conforms to the planned arrangements and to the requirements of the ISO 9001 standard and to check that it is effectively implemented and maintained.
Planning of audit program We plan an audit program taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits.
Documented audit procedure We have established a documented procedure for the planning, conducting, criteria, scope, frequency and methods of audits including reporting of results and maintenance of audit records.
Auditors We select our auditors and conduct audits in such a way that the objectivity and impartiality of our audits is ensured.
Responsibility of corrective actions Our management responsible for the area audited ensures that actions are taken without undue delay to eliminate any detected nonconformities and their causes.
Follow up We perform follow-up activities to verify that actions are taken to eliminate nonconformities and their causes, and we report the results of our verification activities.
ISO 9001:2000 8.2.2 Internal audit
transformed into positive claims:
ISO 9004:2000 8.2.1.3 Internal audit
Examples of subjects for considerationby internal auditing:
effective and efficient implementation of processes oppurtunities for continuous improvement capability of processes effective and efficient use of statistical techniques use of information technology analysis of quality cost data effective and efficient use of resources processes and product performance results adequacy and accuracy of performance measurements improvement activities relationships with interested parties
5PERFORMANCE MATURITY LEVELS (A.2 ISO 9004:2000)
No formal approach
Reactive approach
Stable formal system approach
Continuous improvement emphasized
Best-in-class performance
1
2
3
4
5
Performance level Guidance
No systematic approach evident, no results, poorresults or unpredictable results
Problem- or corrective based systematic approach,minimum data on improvement results available
Systematic process-based approach, early stage ofsystematic improvements, data available on conformanceto objectives and existence of improvement trendsImprovement process in use, good results andsustained improvement trends
Strongly integrated improvement process, best-in-classbenchmarked results demonstrated
SELF ASSESSMENT MODEL OF ISO 9004
6CIRCUMSTANCES FOR EFFECTIVE AUDITING?
Change willingness organization is willing to implement reasonable audit findings
Attitudes support improvement without that auditing work in mainly lost!
Top management briefs auditors what special themes they want the auditors to verify
Members of top management work as auditors in some extent shows the importanceof audits to organization and gives them an oppurtunity to interact with people
Feedback to auditors what really happened with nonconformities and recommendations
7Purpose
PlanningPreparing ofsingle audit visit
Conduct ofaudits
ReportingCorrectiveactions
Auditors
Documents and records - reading
Questionnaires
Interviews, follow up ofprocesses and inspections
Verification of essentialmust - be points, records
Audit records
Recommendations(ISO 9004) Nonconformities
(ISO 9001)Scheduledcorrectiveactions
Follow up and closingof the correctiveactions
Interactiveskills
Qualifications
Compliance withstandards, norms,legistlation, QMS,contracts etc.(ISO 9001)
AUDIT LIFE - CYCLE PROCEDURE
Annual auditschedule ofthe wholeQMS
Individualauditplans
Identification of improve-ment needs
Month and yearMonday
Tues day
Wednesday
Thursday
Friday
Saturday
Sunday
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
Proceduresand records
Planningskills
Purpose why and what?
Competence
Independency
Product auditSystem auditProcess audit
Identification ofareas of improvement(ISO 9000, 9004)
Strengths(ISO 9004)
Managementreviews
8WHAT IS A MODERN AUDIT?
How rules and requirements are followed in practice? relevant instructions, procedures, norms, standards. . .
objectives, action plans, values, policies, environmental programs... customer- and delivery contracts and conditions, purchase contracts
laws, acts, regulatory requirements, permissions, eco-labelling criterias.
what deviations do we find out in fulfilling the requirements
Should something be done more effectively and more efficiently toimprove customer satisfaction and profitability? what could be done better to achieve the expectations?
the people working in the process know best the weak points
recommendations and identification of potential risks of not tofulfill the requirements, things that could be done better!
9WHAT?- content
HOW?- process
RESULTS- indicators -
+Right things- criterias- laws, acts,,,- expectations- objectives- requirements- etc.
Right things right,efficiently withoutwasting of resources
What has been achieved?What do the results indicate?- level of results?- trends of results- fulfilling of specification limits- learning from the results
More accuratedefinition ofmust bethings
Improvement
WHAT - HOW - RESULTS - IMPROVEMENT The basic formula of any work and modernaudit
Learning
Do we find any signof utilization of results?Any sign of learning?Any sign of improvement?
ASSIGNMENT OF MODERN AUDITORS
10PROFILE OF AN EFFECTIVE AUDITOR
Personal
Understands systems
Plans in advance
Problem centric whats behind the problems
Investigator remember the superindent Columbo!
Gets along with bosses as well as with workers
Constructive sees problems as oppurtunities to some better
Good listener makes people discuss and tell their story
Creates confidence, is frank and honest
Competent and professionalNot the huge numberof questions but goodlistening and activescanning!
11
AUDIT TEAM (ISO 19011)Lead auditor: total responsibility leader of the audit team
Auditors: experts appropriate competence independent knowledge of applicaple requirements
Team: planning of the audit (audit program) choice of the audit approach (product or system or process audit) planning of audit questions carrying out of audit (interviews, verifications, information collections, clarifying of backgrounds) reporting (judgement, conclusions, compiling of audit report) close up of audit (presenting of audit report) follow up of completing of corrective actions, if agreed
Auditee: works in cooperation with the audit team gives open information to the audit team reserves the key persons to be present during the audit commits to perform the corrective actions needed
12
WHAT COULD BE CONSIDERED IN AUDIT PLANNING?
Audit RoughPlanning
Needs and expec-tations of stake-holders?
Customerexpectations?
Shareholderexpectations? Society
expectations?
Personnelexpectations?
Documentedrequirements?
SpecificationsQuality ManualWork instructionsContractsISO 9001ISO 14001GMP, GLP etc.
What are the most criticalrequirements in fulfillingcustomer expectations?
Results and theirtrends, level, history=> Hints for the audit?
Any violations,trends, peaksetc?
What do theyexpress?
Continuousimprovement?
Supplierexpectations
13
ISO 9001:2000 SHORTLY
4 QMS
documents structure records
5 Management responsibility
commitment, regulatory req. customer focus quality policy (success factors) measurable quality objectives, deployment communication organization, responsibilities,
authorities reviews
6 Resources
provision of resources competence, training, awareness infrastructure work environment
7 Processes
process planning customer related processes design and development purchasing production / service delivery calibration- reasonable process description- process measures- process improvement
8 Measurement, analysis, improv.
measurement (customer, product, process,supplier)
internal audits nonconforming products analysis, conclusions, corrective and
preventive actions, continuous improve-ment
LKK
MEO
TO
14
ISO 9001:2000 TAKES A NEW APPROACH TO AUDITING
Does there exist any approach required by the shall be? Find out evidence!
Have people understood it? Find out evidence!
Is the approach implemented and deployed? Find out evidence!
Is it effective? Are there any positive feedback? Find out evidence!
Is there any evidence of improvement of the approach? Find out evidence!
(There are a lot of requirements which are not explicitely requiredto be documented, but which have to be implemented and applied)
15
ISO 9001:2000challenges
forauditors
2. Focus on customers3. Role of managementincreases
Improvement
Commitment
4. Communication
Internal
Betweenfunctions,organzations
1. Emphasis from documentedprocedures to measurableobjectives, feedback analysisand continous improvement
6. Work environment- suitability
7. Suitability and maintenanceof machines, rooms, systems,support services
8. Fulfillment of legal and regulatoryrequirements
10. ContinuosimprovementData, feedbac
information, analysis, conclusions,actions, follow up
9. Processapproach
11. ISO 9004
Improvementprocesses
5. People development(competence, effectiveness)
16
PLAN WHOM TO MEET AND IN WHICH
ORDER
Plan whom to meet during the audit and theorder of interviews
Either or
Process owneror functionalmanager
Supervisor orteam leader
People performingthe work
17
PREPARING FOR THE AUDIT
Reports of earlier audits
Company vision, goals,objectives and programs
Quality, environmental andsafety policy
Customer complaints, feedback,quality control summaries, processmeasure trends, supplier deliverydata and trends etc.
Relevant manuals, proceduresand instructions - prioritize!
Critical human, material,equipment etc. resourcesneeded to meet customerand other requirements
Organization structure and essential responsibilities and authorities
Organizational and process changes,investment programs concerning products
Most critical standards, normsand legistlation e.g. GMP, GLP
Particular substance and / or material requirements
Get acquainted with the information systemsof the company
Process flow sheets
Product changesand change control
Identification of stakeholder needs and expectationsto find out what is crucial for the business to be audited
DECIDE WHAT IS THE
RED THREAD OF
YOUR FORTHCOMING
AUDIT AND THEN
PRIORITIZE YOUR
SOURCE READINGS!
18
Quality Policy 5.3
Quality Objectives 5.4.1
QMS Planning (5.4.2)
Resources 6.0
PROCESS 7.0Inputs Outcomes
Monitoring
8.2.3/4
Special Requirements8.5
8.4
8.2.1 5.5.1
4.2.4
4.2.3
8.2.2
5.6 Management review
C
U
S
T
O
M
E
R
N
E
E
D
S
Plan reasonable audit programs
19
PROCESS
Documentationaudit
Infrastructureaudit
Human Resourcesaudit
Performance &Records audit
Work Environmentaudit
Product &Process audits
5.4.24.2.3
7.17.5.1
6.16.3
7.6
6.16.2
5.5.15.5.3
4.2.45.2
5.35.4.1
7.5.28.2.3
8.48.5.1
6.4
7.27.37.47.5.37.5.5
8.2.48.3
ISO 9001:2000 GIVES YOU POSSIBILITIES
TO PLAN AUDIT PROGRAMS ACCORDING TO
DIFFERENT NEEDS AND ASPECTS
Management responsibility 5.1 5.6
20
Enterprise architecture and infrastructure
Management of structures, functions and processes
Human resource management
Technology development and innovation
Financial management
Strategicmanage-ment
Procurementand supplychain mana-gement
Marketingand salesmanage-ment
Operationsmanage-ment
Logisticsand distri-butionmanage-ment
QualityService
VALUEGENERATIONAND VALUEADDITION
COMPETENCE
KNOWLEDGE
REVISED VALUE CHAIN BY T Morden, 1999
CHALLENGE FOR THE AUDITORS- SYSTEM AUDITING
Customers
Auditors have to understand the value generating systems
21
Suppliervalue chains
Organizationsvalue chain
Distributionchannelvalue chains
Customervalue chains
MODERN AUDITING IS VERIFYING THE REQUIRED IMPLEMENTATION
OF VALUE ADDING CHAINS. AS AN AUDITOR YOU HAVE TO UNDERSTAND
THE WHOLE BUSINESS SYSTEMS TO BE EFFECTIVE!
Enterprise architecture and infrastructure
Management of structures, functions and processes
Human resource management
Technology development and innovation
Financial management
Strategicmanage-ment
Procurementand supplychain mana-gement
Marketingand salesmanage-ment
Operationsmanage-ment
Logisticsand distri-butionmanage-ment
QualityService
VALUEGENERATIONAND VALUEADDITION
COMPETENCE
KNOWLEDGE
BROAD PERSPECTIVE OF AUDIT
22
DIFFERENT AUDITING TACTICS
Process auditing
Downstream auditing
From sales todelivery
Upstream auditing
From delivery tosales
Product auditing
Verification ofproduct requirements
DepartmentalauditingVertical auditing
Vertical walk throughthe same department
Horizontal auditing
Identification of problemsbetween departments
Effective in revealingsystematic deficienciesEffective in revealing
systematic deficiencies
Not so effective inrevealing systematicdeficiencies
Identification ofinformation flow,commitment to objectives etc.
23
PROCESS AUDIT TACTICS
Sales Engineering Production Delivery
Down stream
Up stream
PROCESS AUDITS CAN BE DONE EITHER IN DOWN STREAMOR IN UP STREAM. UP STREAM IS MORE BENEFICIAL FOR AUDITORS, IT GIVES PRACTICAL EXPERIENCES ALONG THEROUTE AND FINALLY AT SALES OFFICE YOU CAN ASKVERY TIGHT QUESTIONS
InputsOutputs
RESOURCES
Goals, budgets, strategy, procedures,legistlation, instructions, standards etc.
CONTROL
24
Storage
Production
Packing anddelivery logistics
Purchase- raw materials- logistics
Productionplanning
Marketing &Sales
InformationSystems
Maintenance- process capabilityHuman Resource
Administration
DOWN STREAM OR UPSTREAMAUDITING AND FOLLOWING OF TRACEABILITY IS ONE OF THE MOST EFFECTIVE AUDIT TACTICS- traceability audit
R&D
Take a specific product batch and follow itspath through the process and track essential data, information and instructions linked to the same batch!
Usage
Specs
Take anexample,a certainlot or batchand tracedata andproceduresto it throughthe process
25
E.G. SALES DELIVERYPROCESS
INPUTS OUTPUTS
Control
RESOURCESMake questions conserning:- Input information and data(orders, contracts, needs, ex-pectations, experiences)
- Raw materials, components etc.- Supplier quality- Etc.
Make questions concerning:- Product quality- Delivery quality- Nonconformities- Customer feedback- Customer satisfaction
Make questions concerning:- Resource management- People competence- Infrastructure- Work environment
Make questions concerning:- Process planning and documentation, process intsructions, regulatory req.- Process boundaries (functional and / or team boundaries)- Process management, responsibilities, ownership, objectives, measures- Customer definition and identification of their needs and expectations- Supplier selection criterias, purchasing, feedback and re-evalution procedures- Product specifications- Quality control, measurement, calibration, test status requirements- Corrective and preventive and process improvement procedures
Choose andtrace somecertain lot
Plan the processaudit
C
u
s
t
o
m
e
r
s
Suppliers
26
WHAT ISIMPORTANT
in process control?
Man Machines Materials
Methods
MeasurementsMilieu
Marks
skills, knowledge, qualifications work content and order motivation, attitudes, satisfaction awareness of own role
capability of machines, yield effectiveness, efficiency maintenance performance degree of utilization properties
uniformity, stability environmental aggressiveness
work flow who, what, when, how unambiguity, clarity readability variation control utilization of feedback updating of content information flow
sampling methods, representativeness repeatability, reproducibility measuring uncertainty records conditions traceable calibration
working conditions sampling conditions analysis conditions sample storing conditons working environment
preventive costs appraisal costs defect and scrap costs complaint costs environmental sanctions penalty costs
PRACTICAL ITEMS FOR PROCESS AUDITS
27
? ? ? ? ?
? ??
?
?? ?
? ?
? ?
??
?
?
?
?
?
?
?
?
??
??
?
? ? ? ?
?
??
THE RED THREAD OF THE AUDIT
Dont make the questionnaire too detailedFollow your main themes, listen and make additional questions
Return to your main questions when you feel that the maincontent to your earlier question has been achieved
Additionalquestionsduringaudit
28
Audit question-naire
Choose 1 3 Must-Be matters as driversof the audit
What is importantto customers, owners,personnel, suppliersand society?
Support ofdocuments,records, norms,(GMP, GLP, ISO,,,)standards, pro-cedures etc.?
Managementresponsibility- what kind of
support?
Critical re-sources?- what kind
of support?
Critical processphases?- what to observe?
Feedback, measures- corrective actions?- preventive actions?- continuous improvement?
FIND OUT WHETHER THEY MANAGE THE MATTERS
EFFECTIVELY AND EFFICIENTLY IN THE AUDITED AREA
PLANNING OF AUDIT QUESTIONNAIRE
29
QUESTIONNAIRE Page:________
Questions Auditees Auditors Records OK NOT OK
Arrange the questions either
according to themes or accor-
ding to people to be audited
Remember questions inspiring
improvement ideas
Remember questions concerning
learning from feedback, results
Rememeber to collect facts during
discussions
30
THEMES FOR THE INTERVIEW OF ORDINARY PEOPLE
1 Who are your internal customers? What do they expect or require from your job?
3 With whom do you work together? What is crucial in this cooperation?
4 What work phases are critical in your work? What are the requirements?
5 How do you see that procedures, manuals, instructions etc. support you and your work?
6 How is the acceptability of your work phase assessed? How do you receive feedback?
7 What kind of records you are requested to fulfill? Are they clear?
8 How do you handle deviating parts, materials, products, situations etc.?
9 What would you like to specially improve in your work?
10 What kind of training or competence improvement needs do you have?
11 How well do you see that the infrastructure (facilities etc.) is supporting your work?12 How well do you see that the work environment is supporting your work?
13 How well do you see that suppliers actions and deliveries support your work?
2 How do you see that your bosses empasize the customer focus in practice?
31
COLLECTION OF OBSERVATIONS DURING AUDIT
Skills and competences of personnel
Training and qualifications of personnel
Status of materials, products, qualifiedprocesses, testing and measuring systems
Order, tideness, hygiene
Review of files and records
Follow up of inspections and process phases,use of clarifying questions
Follow up of the skills of people to use computersystems in controllingoperations
Identification of materialmarkings and labels,traceability of chemicals, additives, analysis data,calibrations chains,acceptances etc.
Identification ofnon-conformities andtheir handling, preventionof reoccurrence, use ofearly warning indicators,continuous improvement
Implementation ofrules and criteriaand relevantdocuments
Interviews of personnel(management, white and blue collarpeople; awareness of their roles,duties, authorities, QMS, awarenessof process thinking)
32
SCHEDULING THE AUDIT DAY
Opening introductions objectives program reporting
Auditing interviews, observings, verifications
and additional tasks
Report compilation
Close up meeting
5 - 10 min
2 - 5 h
1/2 - 2 h
1/2 h
(In practice auditors startdirectly with interviews etc.and shortly introduce thepurpose and scope to everyonemet during the audit)
33
CONDUCT OF AUDIT
ASK OBSERVE
VERIFYRECORD
Open ended questionsto receive thebest information
Follow whatis occurringin processes
The compliance withthe documents andrequirementsThe existence of relevantfiles and history of results
Objective evidence,both positive andnegative points
34
BACKGROUND INFORMATION FOR THE AUDITS
Never accuse the interviewee
Collect and record the facts from the company, not your opinions
Be systematic
Never loose the product and customer requirements from your sight
Record what the interviewee himself is saying, not your interpretations
Prepare, prepare and once more prepare thoroughly before your audit visit
Be positive even in the case that things are not so well looked after
Clarify to yourself what are the objectives of this audit -what do you want to find out?Inform the organization to be audited
If you have made wrong conclusions, be correct and change your decisions
35
To be a goodauditor . . .
1 You have tounderstand the scopeand the objectives of
every audit
3 You have to havethe red thread and logics
in your audit assignment
4 You have to befrank, confident and
make people to discusswith you
2 You have tofocus on the
essential features
5 You have to makereasonable conclusionsfrom your observations
6 You have to keepyour timetables
36
AUDIT RECORDS
1. Identifications: auditor names auditee names and positions date company, functios and / or products & processes
2. Main items of interviews: records from the main items discussed
3. Checked examples - recording of facts: reports, protocols and other documents reviewed - take copies with you! identifications of rules, procedures, criterias applied during audit information concerning processes, equipment, tests etc. followed
4. If necessary: recording of conditions like temperature, moisture, dust etc. order and tideness, hygiene, ventilation, illumination ... attitudes among personnel to control and react production conditions,process and product deviations, disturbances
awareness of their own roles, motivation, working atmosphere
37
A GOOD OBSERVATION?
Is based on facts
Gives such a clear description that it can beunderstood even after years
A complete sentence
Does not use streching words as sufficiently, well enough etc.
Unambiguous and precise
Not an opinion
Does not refer to a person
Valuable for the corrective actions and improvement
Expresesses the situation as clearly as possible
Encourages and supports the receiver
38OBJECTIVE EVIDENCE
Verified documents (date, title, identification, version)
Verified equipment, systems, rooms etc.
Verified records and files (reports, files, memos,,,)
Interviewed persons (position, name, department,,,)
Verified products (product id, drawing, specification, place, lot,,,)
Verified production lines, infrastructure ,,,
Background of the observation- random or systematic?- linking to what ISO 9001,GMP, GLP etc. element?
- linking to quality objectives?- where in the QMS?- situation where observed?- area in charge?- evidence received??
39WRITING A NONCONFORMITY REPORT
Specify the problem accurately and unambiguosly
Link the verified facts to your report
Give information what kind of risks the problemmay cause to the auditee
Give a clear address of the problem (where, when, with whom,machines etc.)
Refer to the documented requirement which has been violated(procedure, instruction, ISO 9001 element etc.)
NonconformityReport
40
REPORTING OF AUDIT RESULTS
Strengths andRecommendations(ISO 9004)
Non-fulfilment ofa requirement- based on objectiveevidence
Strengths; things that show strongpositive influence on product or servicequality, work atmosphere, profitability,customer satisfaction etc.
Recommendations; things whereyou are not completely sure whether they
are nonconformities, things whichwere raised during the audit to be
improved etc.
NonconformityReport (ISO 9001)
AuditSummary
Consider thoroughly your findings before reporting!
41
CLOSE UP MEETING
Report: strengths and recommendations nonconformities
Introduction: where and when main items of audit auditors people met during audit
Audit approach: execution report structure
Internal discussion within the audit team: What did we learn from this audit? What should we learn for the future audits?
42
CORRECTIVE ACTIONS AND CONTINUOUS IMPROVEMENT
Nonconformities: immediate actions plans and schedules follow up of the effectiveness closing
Recommendations: prioritization evaluation, decision and
communication
Strengths: how to exploit strengthsto improve customer sa-tisfaction and competitiveness?
Cause
Known
Notknown
Resource needs
Minor Extensive
Impact
Small
Large
43DEVELOPING OF INTERNAL AUDITS
Self assessment models (ISO 9004:2000)
Special questions asked literally during audit
Problem mapping during audits (e.g. with help of process flow sheets)
Cross-functional boundary problem identifications
Quality Award questions
Questionnaires to be fulfilled by the personnel during audits
Bottleneck analysis, lead time analysis etc. as a group workduring audits
44
Improvement of internal audits
Preparing for the audit? available material sufficiency? information from the auditee organization? compiling of questions?
Audit interviews, verification? interactiveness? questioning technics? ability to make additional questions? looking for facts, evidences? follow up of your red thread?
Audit plan in practice - functionality? possible deficiencies accuracy? time schedule tight or loose?
Compilation of audit report?
Close up meeting clarity, additional value?
Competence of the audit team in substance matters?
Recording of audit findings?
What to improve next time?Viewpoint