WIXLIB

Auditing Process-basedQuality Management SystemsCharlie Cianfrani and Jack West

C. A. Cianfrani & J. E. WestJanuary, 2013

Agenda Course objectivesWhat is an audit?How to prepare for and plan an auditHow to conduct an auditHow to report on an auditCourse closing C. A. Cianfrani & J. E. WestJanuary, 2013

Course Objectives Learn the basics of performing internalaudits of a QMS based on the processapproach–––––––Process mentalityConsider policy, objectives, processes,products and organizational alignmentPrepare an audit planConduct an auditDocument findingsWrite an audit reportEnsure follow-up on corrective actions C. A. Cianfrani & J. E. WestJanuary, 2013

Agenda Course objectivesIntroductionsWhat is an audit?How to prepare for and plan an auditHow to conduct an auditHow to report on an auditCourse closing C. A. Cianfrani & J. E. WestJanuary, 2013

What is an audit?An audit* is a systematic, independentand documented process for obtainingaudit evidence and evaluating itobjectively to determine the extent towhich audit criteria are fulfilled* Definition is from both– ISO 9000:2005 Quality management systemsFundamentals and vocabulary– ISO 19011:2011 Guidelines for quality and/orenvironmental management systems auditing C. A. Cianfrani & J. E. WestJanuary, 2013

What is an internal audit?An internal quality audit is anaudit that is performed by orat the direction of membersof the organization C. A. Cianfrani & J. E. WestJanuary, 2013

Why audit?Possible reasons to audit:– ensure compliance with ISO 9001:2008– ensure compliance with organizationrequirements– ensure compliance with regulatoryrequirements– ensure the QMS is effectively implementedand maintained C. A. Cianfrani & J. E. WestJanuary, 2013

Why audit? (continued)Auditing for improved performance– look for opportunities for improvement– look for best practices that could be applied inother areas– look for preventive action– look for outstanding emphasis on customersatisfaction C. A. Cianfrani & J. E. WestJanuary, 2013

Principles of auditing Ethical conductFair presentationProfessional careIndependenceObjectivityImpartialityEvaluations based on evidenceCompetenceCooperationTrust C. A. Cianfrani & J. E. WestJanuary, 2013

Audit vs. Management Review vs. Self-assessmentThree complementary concepts: What do we mean by self-assessment?- ISO 9004:2009 Annex A- Baldrige What do we mean by management review?– They are all approaches to ensuring effectiveness,efficiency, improvement and customer satisfaction C. A. Cianfrani & J. E. WestJanuary, 2013

Three Types of Audits External independent audits – third party Customer audits of suppliers – second party Internal audits – first party C. A. Cianfrani & J. E. WestJanuary, 2013

Three Types of AuditsExternal independent audits – third party Conformity to a specific standardREGISTRARSTANDARD (9001)ORGANIZATION C. A. Cianfrani & J. E. WestJanuary, 2013LISTCUSTOMER

Three Types of AuditsCustomer audits of suppliers – second party Conformance to customer requirements Customer’s special interest itemsSTANDARD (e.g. ISO 9001)OTHER REQUIREMENTSORGANIZATION C. A. Cianfrani & J. E. WestJanuary, 2013CUSTOMER

Three Types of AuditsInternal audits – first party Performance to theorganization’s objectives Identification of problemareas! Finding opportunities forimprovement! C. A. Cianfrani & J. E. WestJanuary, 2013

The Process ApproachEvolving nature of quality management– Internal focus vs. customer focus– Control vs. improvement– QA by QA vs. QA by organization– Leadership: from QA or from management– Documented procedures vs. manage processes– Independence of QA vs. integration– Alignment of business, policy and objectives C. A. Cianfrani & J. E. WestJanuary, 2013

Remember the quality management principles? Principle #4 – Process ApproachA desired result is achieved more efficiently whenactivities and related resources are managed as aprocess. Principle #5 – System approach tomanagementIdentifying, understanding, and managinginterrelated processes as a system contributes tothe organization's effectiveness and efficiency inachieving its objectives C. A. Cianfrani & J. E. WestJanuary, 2013

ProcessA group of interrelated activities and relatedresources that transforms inputs into ProcessResources C. A. Cianfrani & J. E. WestJanuary, 2013

System: A Family of Well Managed ProcessesDriven by Top ManagementContinually Improving twork of Interrelated Processes C. A. Cianfrani & J. E. WestJanuary, 2013CUFocused SonTOMER

The SIPOC Model of a mersRequirements&FeedbackThe “SIPOC” model (suppliers, inputs, processes, outputs, customers)shows linkage of: processes from suppliers to final customers feedback from customers to the organization feedback from the organization to suppliers (see pg 16 in audit book) C. A. Cianfrani & J. E. WestJanuary, 2013

ISO 9001 and Auditing Audits are covered in clause 8.2.2 of ISO9001:2008 which is part of section 8 –“Measurement, analysis and improvement” Emphasizes determining effectiveimplementation and maintenance of thequality management systemNote: the overall effectiveness ofthe Quality management systemis the responsibility of top management C. A. Cianfrani & J. E. WestJanuary, 2013

Agenda IntroductionsCourse objectivesWhat is an audit?How to prepare for and plan auditsHow to conduct an auditHow to report on an auditCourse closing C. A. Cianfrani & J. E. WestJanuary, 2013

Planning the Audit Program C. A. Cianfrani & J. E. WestJanuary, 2013

The Audit Process – An merfeedback Planning C. A. Cianfrani & J. E. WestJanuary, 2013 Review results Use resultsInternalInternalauditauditResources Provide resourcesOutput Audit Report Findings/CARs Information Follow-up Time Improvement Trained Conclusionspersonnel

Audit ConclusionsAudit output conclusions may include: Conclusion regarding the conformance of theaudited process to ISO requirementsStatements regarding the suitability of a processto achieve objectivesComments regarding the effectiveimplementation of a processSuggestions for consideration regardingpossibilities for improvement C. A. Cianfrani & J. E. WestJanuary, 2013

Administrative Issues to Address Typically an audit boss is assigned by managementto oversee the internal audit process Clear charter for the internal audit process Tie with other auditing (e.g., finance, EMS) Overall audit plan/schedule? How is input provided to management review? Analysis of audit process and results? C. A. Cianfrani & J. E. WestJanuary, 2013

Auditor CriteriaNeed knowledge and skills in Audit principles, procedures and techniquesManagement system including quality managementOrganizational understandingSpecific process and product knowledgeSocial interactionConsider guidance in ISO 19011 Education and experienceCompetence C. A. Cianfrani & J. E. WestJanuary, 2013

Lead Auditor CriteriaAudit team leaders need to be able to:– Plan audits– Effectively communicate with auditees– Organize and direct audit team members– Lead team in reaching conclusions– Prevent and resolve conflicts– Coach “auditors-in-training”– Consolidate team inputs and prepare greatreports C. A. Cianfrani & J. E. WestJanuary, 2013

Making an Audit Schedule List main activities (processes)List departments involved with the QMSDecide what activities to audit in what departmentsBe sure to include quality-relevant supportingactivities Be sure to include ISO system-level activities Check to ensure coverage of all pertinent activities Assign individuals or teams to perform audits C. A. Cianfrani & J. E. WestJanuary, 2013

Audit Process OverviewPreparefor theauditPerformthe auditReport theresultsPerformcorrectiveaction C. A. Cianfrani & J. E. WestJanuary, 2013

The Audit Process - Overview Prepare detailed plans for each audit Execute each audit Report audit results including conclusions andrecommendations Corrective actions if needed Follow-up to ensure corrective actions areeffective C. A. Cianfrani & J. E. WestJanuary, 2013

Audit Approaches “Horizontal” audit — audit of one system across severalfunctional groups (one thing-many places)– audit across several groups to evaluate if a consistentapproach is being followed e.g. for competence (Clause 6.2) “Vertical” audit — audit each function (department) of theorganization and audit all processes in each function (manythings-one place)– audit within a manufacturing cell for process performance,product compliance, data analysis, corrective action,improvement etc., etc., Clauses 7.1, 7.5, 8.4, 8.5.2 etc. Some combination of all of the above– e.g. QA performs QMS audits (horizontal) and trained“not full time” auditors perform function audits(vertical) C. A. Cianfrani & J. E. WestJanuary, 2013

Planning Individual Audits C. A. Cianfrani & J. E. WestJanuary, 2013

Prepare for an Audit Define audit objectivesTypically doneDefine audit scopeby audit bossDefine audit resourcesDefine audit criteriaPrepare and distribute an audit notification toauditee Gather and understand relevant documents Prepare work plan i.e. audit plan C. A. Cianfrani & J. E. WestJanuary, 2013

Audit Objectives Compliance and improved effectiveness?(Required by ISO 9001!) Improved efficiency?(Perhaps needed for survival!) Both? C. A. Cianfrani & J. E. WestJanuary, 2013

Audit Scope What are the boundaries of an audit?What processes will we audit?What organizational functions are included?What is the audit emphasis?What is the timeframe? C. A. Cianfrani & J. E. WestJanuary, 2013

Audit Resources Who will audit? A team? An individual? If a team, who will be the lead auditor? Do we have appropriate personnel (i.e. do weneed any special technical expertise? C. A. Cianfrani & J. E. WestJanuary, 2013

Audit Criteria What policies, procedures, instructions or otherrequirements will we use as a reference? External requirements? Internal requirements? C. A. Cianfrani & J. E. WestJanuary, 2013

“Audit” implies comparison to criteria C. A. Cianfrani & J. E. WestJanuary, 2013

Must audit criteria be in writing?Your Opinion? C. A. Cianfrani & J. E. WestJanuary, 2013

Examples of Audit Criteria - Internal Standard operatingprocedures Quality systemprocedures Training procedures Calibration procedures Startup/shutdownprocedures Maintenanceprocedures C. A. Cianfrani & J. E. WestJanuary, 2013 Emergencyprocedures Design procedures Records procedures Customer complaintprocedures Specifications Drawings Advertising literature

Examples of Audit Criteria - External ISO 9001:2008 Sector specific documents, e.g. ISO/TS 29001Government regulations and industry codesCorporate policyCustomer requirements, reflected in the contractand purchasing specifications Market and customer requirements for betterproducts, improved services, or lower prices, thathave been accepted by senior management asinternal goals or requirements C. A. Cianfrani & J. E. WestJanuary, 2013

Audit Notification A unique document for each audit It should contain:––––––Purpose or objectives of the auditScope and boundaries of the auditIdentification of audit team membersCriteria for the auditAnticipated start and stop dates and timesAudit interfaces, if any Provide notification to the auditee well in advance Notification to auditee can be done by auditoror audit boss C. A. Cianfrani & J. E. WestJanuary, 2013

Relevant Documents Auditors need to review as much documentationas can be obtained Do the documents appear to be adequate? Have we obtained performance data (frominternal operations and customers)? How about past audit reports and correctiveaction requests? Do we understand the requirements inprocedures, work instructions, etc.? C. A. Cianfrani & J. E. WestJanuary, 2013