Modern Internal Audits

1MODERN INTERNAL AUDITS- compliance -

- improvement -

ISO 9001:2000

2THE PURPOSE OF INTERNAL AUDITS

ISO 19011 COMBINES THE QMS AND EMS AUDIT PROCEDURES

AUDIT (ISO 9000:2000 VOCABULARY)

Systematic, independent and documentedprocess for obtaining audit evidence andevaluating it objectively to determine theextent to which audit criteria are fulfilled

Audit criteria; Set of policies, procedures orrequirements used as a reference

3THE PURPOSE OF INTERNAL AUDITS

ISO 9000:2000 2.8.2 Auditing the Quality Management System

Audits are used to determine the extent to which the qualitymanagement system requirements are fulfilled. Audit findingsare used to assess the effectiveness of the quality managementsystem and to identify oppurtunities for improvement

2.8.1 Evaluating processes within the QMS

a) Is the process identified and appropriately defined?b) Are responsibilities assigned?c) Are the procedures implemented and maintained?d) Is the process effective in achieving the required results?

4Internal audit We conduct audits at planned intervals to determine whether our QMS conforms to the planned arrangements and to the requirements of the ISO 9001 standard and to check that it is effectively implemented and maintained.

Planning of audit program We plan an audit program taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits.

Documented audit procedure We have established a documented procedure for the planning, conducting, criteria, scope, frequency and methods of audits including reporting of results and maintenance of audit records.

Auditors We select our auditors and conduct audits in such a way that the objectivity and impartiality of our audits is ensured.

Responsibility of corrective actions Our management responsible for the area audited ensures that actions are taken without undue delay to eliminate any detected nonconformities and their causes.

Follow up We perform follow-up activities to verify that actions are taken to eliminate nonconformities and their causes, and we report the results of our verification activities.

ISO 9001:2000 8.2.2 Internal audit

transformed into positive claims:

ISO 9004:2000 8.2.1.3 Internal audit

Examples of subjects for considerationby internal auditing:

effective and efficient implementation of processes oppurtunities for continuous improvement capability of processes effective and efficient use of statistical techniques use of information technology analysis of quality cost data effective and efficient use of resources processes and product performance results adequacy and accuracy of performance measurements improvement activities relationships with interested parties

5PERFORMANCE MATURITY LEVELS (A.2 ISO 9004:2000)

No formal approach

Reactive approach

Stable formal system approach

Continuous improvement emphasized

Best-in-class performance

1

2

3

4

5

Performance level Guidance

No systematic approach evident, no results, poorresults or unpredictable results

Problem- or corrective based systematic approach,minimum data on improvement results available

Systematic process-based approach, early stage ofsystematic improvements, data available on conformanceto objectives and existence of improvement trendsImprovement process in use, good results andsustained improvement trends

Strongly integrated improvement process, best-in-classbenchmarked results demonstrated

SELF ASSESSMENT MODEL OF ISO 9004

6CIRCUMSTANCES FOR EFFECTIVE AUDITING?

Change willingness organization is willing to implement reasonable audit findings

Attitudes support improvement without that auditing work in mainly lost!

Top management briefs auditors what special themes they want the auditors to verify

Members of top management work as auditors in some extent shows the importanceof audits to organization and gives them an oppurtunity to interact with people

Feedback to auditors what really happened with nonconformities and recommendations

7Purpose

PlanningPreparing ofsingle audit visit

Conduct ofaudits

ReportingCorrectiveactions

Auditors

Documents and records - reading

Questionnaires

Interviews, follow up ofprocesses and inspections

Verification of essentialmust - be points, records

Audit records

Recommendations(ISO 9004) Nonconformities

(ISO 9001)Scheduledcorrectiveactions

Follow up and closingof the correctiveactions

Interactiveskills

Qualifications

Compliance withstandards, norms,legistlation, QMS,contracts etc.(ISO 9001)

AUDIT LIFE - CYCLE PROCEDURE

Annual auditschedule ofthe wholeQMS

Individualauditplans

Identification of improve-ment needs

Month and yearMonday

Tues day

Wednesday

Thursday

Friday

Saturday

Sunday

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

00

Proceduresand records

Planningskills

Purpose why and what?

Competence

Independency

Product auditSystem auditProcess audit

Identification ofareas of improvement(ISO 9000, 9004)

Strengths(ISO 9004)

Managementreviews

8WHAT IS A MODERN AUDIT?

How rules and requirements are followed in practice? relevant instructions, procedures, norms, standards. . .

objectives, action plans, values, policies, environmental programs... customer- and delivery contracts and conditions, purchase contracts

laws, acts, regulatory requirements, permissions, eco-labelling criterias.

what deviations do we find out in fulfilling the requirements

Should something be done more effectively and more efficiently toimprove customer satisfaction and profitability? what could be done better to achieve the expectations?

the people working in the process know best the weak points

recommendations and identification of potential risks of not tofulfill the requirements, things that could be done better!

9WHAT?- content

HOW?- process

RESULTS- indicators -

+Right things- criterias- laws, acts,,,- expectations- objectives- requirements- etc.

Right things right,efficiently withoutwasting of resources

What has been achieved?What do the results indicate?- level of results?- trends of results- fulfilling of specification limits- learning from the results

More accuratedefinition ofmust bethings

Improvement

WHAT - HOW - RESULTS - IMPROVEMENT The basic formula of any work and modernaudit

Learning

Do we find any signof utilization of results?Any sign of learning?Any sign of improvement?

ASSIGNMENT OF MODERN AUDITORS

10PROFILE OF AN EFFECTIVE AUDITOR

Personal

Understands systems

Plans in advance

Problem centric whats behind the problems

Investigator remember the superindent Columbo!

Gets along with bosses as well as with workers

Constructive sees problems as oppurtunities to some better

Good listener makes people discuss and tell their story

Creates confidence, is frank and honest

Competent and professionalNot the huge numberof questions but goodlistening and activescanning!

11

AUDIT TEAM (ISO 19011)Lead auditor: total responsibility leader of the audit team

Auditors: experts appropriate competence independent knowledge of applicaple requirements

Team: planning of the audit (audit program) choice of the audit approach (product or system or process audit) planning of audit questions carrying out of audit (interviews, verifications, information collections, clarifying of backgrounds) reporting (judgement, conclusions, compiling of audit report) close up of audit (presenting of audit report) follow up of completing of corrective actions, if agreed

Auditee: works in cooperation with the audit team gives open information to the audit team reserves the key persons to be present during the audit commits to perform the corrective actions needed

12

WHAT COULD BE CONSIDERED IN AUDIT PLANNING?

Audit RoughPlanning

Needs and expec-tations of stake-holders?

Customerexpectations?

Shareholderexpectations? Society

expectations?

Personnelexpectations?

Documentedrequirements?

SpecificationsQuality ManualWork instructionsContractsISO 9001ISO 14001GMP, GLP etc.

What are the most criticalrequirements in fulfillingcustomer expectations?

Results and theirtrends, level, history=> Hints for the audit?

Any violations,trends, peaksetc?

What do theyexpress?

Continuousimprovement?

Supplierexpectations

13

ISO 9001:2000 SHORTLY

4 QMS

documents structure records

5 Management responsibility

commitment, regulatory req. customer focus quality policy (success factors) measurable quality objectives, deployment communication organization, responsibilities,

authorities reviews

6 Resources

provision of resources competence, training, awareness infrastructure work environment

7 Processes

process planning customer related processes design and development purchasing production / service delivery calibration- reasonable process description- process measures- process improvement

8 Measurement, analysis, improv.

measurement (customer, product, process,supplier)

internal audits nonconforming products analysis, conclusions, corrective and

preventive actions, continuous improve-ment

LKK

MEO

TO

14

ISO 9001:2000 TAKES A NEW APPROACH TO AUDITING

Does there exist any approach required by the shall be? Find out evidence!

Have people understood it? Find out evidence!

Is the approach implemented and deployed? Find out evidence!

Is it effective? Are there any positive feedback? Find out evidence!

Is there any evidence of improvement of the approach? Find out evidence!

(There are a lot of requirements which are not explicitely requiredto be documented, but which have to be implemented and applied)

15

ISO 9001:2000challenges

forauditors

2. Focus on customers3. Role of managementincreases

Improvement

Commitment

4. Communication

Internal

Betweenfunctions,organzations

1. Emphasis from documentedprocedures to measurableobjectives, feedback analysisand continous improvement

6. Work environment- suitability

7. Suitability and maintenanceof machines, rooms, systems,support services

8. Fulfillment of legal and regulatoryrequirements

10. ContinuosimprovementData, feedbac

information, analysis, conclusions,actions, follow up

9. Processapproach

11. ISO 9004

Improvementprocesses

5. People development(competence, effectiveness)

16

PLAN WHOM TO MEET AND IN WHICH

ORDER

Plan whom to meet during the audit and theorder of interviews

Either or

Process owneror functionalmanager

Supervisor orteam leader

People performingthe work

17

PREPARING FOR THE AUDIT

Reports of earlier audits

Company vision, goals,objectives and programs

Quality, environmental andsafety policy

Customer complaints, feedback,quality control summaries, processmeasure trends, supplier deliverydata and trends etc.

Relevant manuals, proceduresand instructions - prioritize!

Critical human, material,equipment etc. resourcesneeded to meet customerand other requirements

Organization structure and essential responsibilities and authorities

Organizational and process changes,investment programs concerning products

Most critical standards, normsand legistlation e.g. GMP, GLP

Particular substance and / or material requirements

Get acquainted with the information systemsof the company

Process flow sheets

Product changesand change control

Identification of stakeholder needs and expectationsto find out what is crucial for the business to be audited

DECIDE WHAT IS THE

RED THREAD OF

YOUR FORTHCOMING

AUDIT AND THEN

PRIORITIZE YOUR

SOURCE READINGS!

18

Quality Policy 5.3

Quality Objectives 5.4.1

QMS Planning (5.4.2)

Resources 6.0

PROCESS 7.0Inputs Outcomes

Monitoring

8.2.3/4

Special Requirements8.5

8.4

8.2.1 5.5.1

4.2.4

4.2.3

8.2.2

5.6 Management review

C

U

S

T

O

M

E

R

N

E

E

D

S

Plan reasonable audit programs

19

PROCESS

Documentationaudit

Infrastructureaudit

Human Resourcesaudit

Performance &Records audit

Work Environmentaudit

Product &Process audits

5.4.24.2.3

7.17.5.1

6.16.3

7.6

6.16.2

5.5.15.5.3

4.2.45.2

5.35.4.1

7.5.28.2.3

8.48.5.1

6.4

7.27.37.47.5.37.5.5

8.2.48.3

ISO 9001:2000 GIVES YOU POSSIBILITIES

TO PLAN AUDIT PROGRAMS ACCORDING TO

DIFFERENT NEEDS AND ASPECTS

Management responsibility 5.1 5.6

20

Enterprise architecture and infrastructure

Management of structures, functions and processes

Human resource management

Technology development and innovation

Financial management

Strategicmanage-ment

Procurementand supplychain mana-gement

Marketingand salesmanage-ment

Operationsmanage-ment

Logisticsand distri-butionmanage-ment

QualityService

VALUEGENERATIONAND VALUEADDITION

COMPETENCE

KNOWLEDGE

REVISED VALUE CHAIN BY T Morden, 1999

CHALLENGE FOR THE AUDITORS- SYSTEM AUDITING

Customers

Auditors have to understand the value generating systems

21

Suppliervalue chains

Organizationsvalue chain

Distributionchannelvalue chains

Customervalue chains

MODERN AUDITING IS VERIFYING THE REQUIRED IMPLEMENTATION

OF VALUE ADDING CHAINS. AS AN AUDITOR YOU HAVE TO UNDERSTAND

THE WHOLE BUSINESS SYSTEMS TO BE EFFECTIVE!

Enterprise architecture and infrastructure

Management of structures, functions and processes

Human resource management

Technology development and innovation

Financial management

Strategicmanage-ment

Procurementand supplychain mana-gement

Marketingand salesmanage-ment

Operationsmanage-ment

Logisticsand distri-butionmanage-ment

QualityService

VALUEGENERATIONAND VALUEADDITION

COMPETENCE

KNOWLEDGE

BROAD PERSPECTIVE OF AUDIT

22

DIFFERENT AUDITING TACTICS

Process auditing

Downstream auditing

From sales todelivery

Upstream auditing

From delivery tosales

Product auditing

Verification ofproduct requirements

DepartmentalauditingVertical auditing

Vertical walk throughthe same department

Horizontal auditing

Identification of problemsbetween departments

Effective in revealingsystematic deficienciesEffective in revealing

systematic deficiencies

Not so effective inrevealing systematicdeficiencies

Identification ofinformation flow,commitment to objectives etc.

23

PROCESS AUDIT TACTICS

Sales Engineering Production Delivery

Down stream

Up stream

PROCESS AUDITS CAN BE DONE EITHER IN DOWN STREAMOR IN UP STREAM. UP STREAM IS MORE BENEFICIAL FOR AUDITORS, IT GIVES PRACTICAL EXPERIENCES ALONG THEROUTE AND FINALLY AT SALES OFFICE YOU CAN ASKVERY TIGHT QUESTIONS

InputsOutputs

RESOURCES

Goals, budgets, strategy, procedures,legistlation, instructions, standards etc.

CONTROL

24

Storage

Production

Packing anddelivery logistics

Purchase- raw materials- logistics

Productionplanning

Marketing &Sales

InformationSystems

Maintenance- process capabilityHuman Resource

Administration

DOWN STREAM OR UPSTREAMAUDITING AND FOLLOWING OF TRACEABILITY IS ONE OF THE MOST EFFECTIVE AUDIT TACTICS- traceability audit

R&D

Take a specific product batch and follow itspath through the process and track essential data, information and instructions linked to the same batch!

Usage

Specs

Take anexample,a certainlot or batchand tracedata andproceduresto it throughthe process

25

E.G. SALES DELIVERYPROCESS

INPUTS OUTPUTS

Control

RESOURCESMake questions conserning:- Input information and data(orders, contracts, needs, ex-pectations, experiences)

- Raw materials, components etc.- Supplier quality- Etc.

Make questions concerning:- Product quality- Delivery quality- Nonconformities- Customer feedback- Customer satisfaction

Make questions concerning:- Resource management- People competence- Infrastructure- Work environment

Make questions concerning:- Process planning and documentation, process intsructions, regulatory req.- Process boundaries (functional and / or team boundaries)- Process management, responsibilities, ownership, objectives, measures- Customer definition and identification of their needs and expectations- Supplier selection criterias, purchasing, feedback and re-evalution procedures- Product specifications- Quality control, measurement, calibration, test status requirements- Corrective and preventive and process improvement procedures

Choose andtrace somecertain lot

Plan the processaudit

C

u

s

t

o

m

e

r

s

Suppliers

26

WHAT ISIMPORTANT

in process control?

Man Machines Materials

Methods

MeasurementsMilieu

Marks

skills, knowledge, qualifications work content and order motivation, attitudes, satisfaction awareness of own role

capability of machines, yield effectiveness, efficiency maintenance performance degree of utilization properties

uniformity, stability environmental aggressiveness

work flow who, what, when, how unambiguity, clarity readability variation control utilization of feedback updating of content information flow

sampling methods, representativeness repeatability, reproducibility measuring uncertainty records conditions traceable calibration

working conditions sampling conditions analysis conditions sample storing conditons working environment

preventive costs appraisal costs defect and scrap costs complaint costs environmental sanctions penalty costs

PRACTICAL ITEMS FOR PROCESS AUDITS

27

? ? ? ? ?

? ??

?

?? ?

? ?

? ?

??

?

?

?

?

?

?

?

?

??

??

?

? ? ? ?

?

??

THE RED THREAD OF THE AUDIT

Dont make the questionnaire too detailedFollow your main themes, listen and make additional questions

Return to your main questions when you feel that the maincontent to your earlier question has been achieved

Additionalquestionsduringaudit

28

Audit question-naire

Choose 1 3 Must-Be matters as driversof the audit

What is importantto customers, owners,personnel, suppliersand society?

Support ofdocuments,records, norms,(GMP, GLP, ISO,,,)standards, pro-cedures etc.?

Managementresponsibility- what kind of

support?

Critical re-sources?- what kind

of support?

Critical processphases?- what to observe?

Feedback, measures- corrective actions?- preventive actions?- continuous improvement?

FIND OUT WHETHER THEY MANAGE THE MATTERS

EFFECTIVELY AND EFFICIENTLY IN THE AUDITED AREA

PLANNING OF AUDIT QUESTIONNAIRE

29

QUESTIONNAIRE Page:________

Questions Auditees Auditors Records OK NOT OK

Arrange the questions either

according to themes or accor-

ding to people to be audited

Remember questions inspiring

improvement ideas

Remember questions concerning

learning from feedback, results

Rememeber to collect facts during

discussions

30

THEMES FOR THE INTERVIEW OF ORDINARY PEOPLE

1 Who are your internal customers? What do they expect or require from your job?

3 With whom do you work together? What is crucial in this cooperation?

4 What work phases are critical in your work? What are the requirements?

5 How do you see that procedures, manuals, instructions etc. support you and your work?

6 How is the acceptability of your work phase assessed? How do you receive feedback?

7 What kind of records you are requested to fulfill? Are they clear?

8 How do you handle deviating parts, materials, products, situations etc.?

9 What would you like to specially improve in your work?

10 What kind of training or competence improvement needs do you have?

11 How well do you see that the infrastructure (facilities etc.) is supporting your work?12 How well do you see that the work environment is supporting your work?

13 How well do you see that suppliers actions and deliveries support your work?

2 How do you see that your bosses empasize the customer focus in practice?

31

COLLECTION OF OBSERVATIONS DURING AUDIT

Skills and competences of personnel

Training and qualifications of personnel

Status of materials, products, qualifiedprocesses, testing and measuring systems

Order, tideness, hygiene

Review of files and records

Follow up of inspections and process phases,use of clarifying questions

Follow up of the skills of people to use computersystems in controllingoperations

Identification of materialmarkings and labels,traceability of chemicals, additives, analysis data,calibrations chains,acceptances etc.

Identification ofnon-conformities andtheir handling, preventionof reoccurrence, use ofearly warning indicators,continuous improvement

Implementation ofrules and criteriaand relevantdocuments

Interviews of personnel(management, white and blue collarpeople; awareness of their roles,duties, authorities, QMS, awarenessof process thinking)

32

SCHEDULING THE AUDIT DAY

Opening introductions objectives program reporting

Auditing interviews, observings, verifications

and additional tasks

Report compilation

Close up meeting

5 - 10 min

2 - 5 h

1/2 - 2 h

1/2 h

(In practice auditors startdirectly with interviews etc.and shortly introduce thepurpose and scope to everyonemet during the audit)

33

CONDUCT OF AUDIT

ASK OBSERVE

VERIFYRECORD

Open ended questionsto receive thebest information

Follow whatis occurringin processes

The compliance withthe documents andrequirementsThe existence of relevantfiles and history of results

Objective evidence,both positive andnegative points

34

BACKGROUND INFORMATION FOR THE AUDITS

Never accuse the interviewee

Collect and record the facts from the company, not your opinions

Be systematic

Never loose the product and customer requirements from your sight

Record what the interviewee himself is saying, not your interpretations

Prepare, prepare and once more prepare thoroughly before your audit visit

Be positive even in the case that things are not so well looked after

Clarify to yourself what are the objectives of this audit -what do you want to find out?Inform the organization to be audited

If you have made wrong conclusions, be correct and change your decisions

35

To be a goodauditor . . .

1 You have tounderstand the scopeand the objectives of

every audit

3 You have to havethe red thread and logics

in your audit assignment

4 You have to befrank, confident and

make people to discusswith you

2 You have tofocus on the

essential features

5 You have to makereasonable conclusionsfrom your observations

6 You have to keepyour timetables

36

AUDIT RECORDS

1. Identifications: auditor names auditee names and positions date company, functios and / or products & processes

2. Main items of interviews: records from the main items discussed

3. Checked examples - recording of facts: reports, protocols and other documents reviewed - take copies with you! identifications of rules, procedures, criterias applied during audit information concerning processes, equipment, tests etc. followed

4. If necessary: recording of conditions like temperature, moisture, dust etc. order and tideness, hygiene, ventilation, illumination ... attitudes among personnel to control and react production conditions,process and product deviations, disturbances

awareness of their own roles, motivation, working atmosphere

37

A GOOD OBSERVATION?

Is based on facts

Gives such a clear description that it can beunderstood even after years

A complete sentence

Does not use streching words as sufficiently, well enough etc.

Unambiguous and precise

Not an opinion

Does not refer to a person

Valuable for the corrective actions and improvement

Expresesses the situation as clearly as possible

Encourages and supports the receiver

38OBJECTIVE EVIDENCE

Verified documents (date, title, identification, version)

Verified equipment, systems, rooms etc.

Verified records and files (reports, files, memos,,,)

Interviewed persons (position, name, department,,,)

Verified products (product id, drawing, specification, place, lot,,,)

Verified production lines, infrastructure ,,,

Background of the observation- random or systematic?- linking to what ISO 9001,GMP, GLP etc. element?

- linking to quality objectives?- where in the QMS?- situation where observed?- area in charge?- evidence received??

39WRITING A NONCONFORMITY REPORT

Specify the problem accurately and unambiguosly

Link the verified facts to your report

Give information what kind of risks the problemmay cause to the auditee

Give a clear address of the problem (where, when, with whom,machines etc.)

Refer to the documented requirement which has been violated(procedure, instruction, ISO 9001 element etc.)

NonconformityReport

40

REPORTING OF AUDIT RESULTS

Strengths andRecommendations(ISO 9004)

Non-fulfilment ofa requirement- based on objectiveevidence

Strengths; things that show strongpositive influence on product or servicequality, work atmosphere, profitability,customer satisfaction etc.

Recommendations; things whereyou are not completely sure whether they

are nonconformities, things whichwere raised during the audit to be

improved etc.

NonconformityReport (ISO 9001)

AuditSummary

Consider thoroughly your findings before reporting!

41

CLOSE UP MEETING

Report: strengths and recommendations nonconformities

Introduction: where and when main items of audit auditors people met during audit

Audit approach: execution report structure

Internal discussion within the audit team: What did we learn from this audit? What should we learn for the future audits?

42

CORRECTIVE ACTIONS AND CONTINUOUS IMPROVEMENT

Nonconformities: immediate actions plans and schedules follow up of the effectiveness closing

Recommendations: prioritization evaluation, decision and

communication

Strengths: how to exploit strengthsto improve customer sa-tisfaction and competitiveness?

Cause

Known

Notknown

Resource needs

Minor Extensive

Impact

Small

Large

43DEVELOPING OF INTERNAL AUDITS

Self assessment models (ISO 9004:2000)

Special questions asked literally during audit

Problem mapping during audits (e.g. with help of process flow sheets)

Cross-functional boundary problem identifications

Quality Award questions

Questionnaires to be fulfilled by the personnel during audits

Bottleneck analysis, lead time analysis etc. as a group workduring audits

44

Improvement of internal audits

Preparing for the audit? available material sufficiency? information from the auditee organization? compiling of questions?

Audit interviews, verification? interactiveness? questioning technics? ability to make additional questions? looking for facts, evidences? follow up of your red thread?

Audit plan in practice - functionality? possible deficiencies accuracy? time schedule tight or loose?

Compilation of audit report?

Close up meeting clarity, additional value?

Competence of the audit team in substance matters?

Recording of audit findings?

What to improve next time?Viewpoint