Internal Quality Audit

FOR ISO 9001 : 2008

:Prepared By
.Ashraf S. Youssef, Ph. D
QA & Ind. Methods Manager
S.M. ASQ, L.A. BSI, M. ELI, M. EMS

‫دورة تأهيل المراجعين الداخليين‬

ISO 9001 : 2008

Nov, 14-16, 2009

 Course Structure
• Tutorial Sessions
• Case Studies
• Role Play
• Games
 Learning Objectives

• To understand:
 Purpose, benefits and typical structure of a
Quality Management System (QMS)
 Plan-Do-Check Act (PDCA) methodology,
and the process approach to Quality
Management
 The 8 principles of Quality Management and
how they relate to the QMS and ISO 9001
 Purpose, scope and uses of the ISO 9000
series standards
 Auditing Process
 Roles, responsibilities and competence
requirements of auditors and lead auditors
with reference to ISO 19011
 Agenda
1. Purpose and structure of
o a QMS, PDCA
o and the 8 principles of quality management
2. ISOM 9001 Explored & Understood
3. Internal Quality Audit Steps
4. Auditor’s Skills & Responsibility

4
 Course assessment

• Continual assessment
You will be informed of progress as we go
The exam
• Exam Pass Criteria
70% pass mark
Open book
• Ask questions
It’s your tutors job to make problems go away
Session 1

Purpose and structure of a

QMS, PDCA and the 8
principles of quality
management
 What is Quality?

• Q is fitness for use.

• Q is conformance to requirements.
• Q is conformance to customer/user requirements.
Meet/satisfy customer/user requirements, needs, and
expectations.

• Degree to which a set of inherent

characteristics fulfills requirements.
(ISO 9000 : 2005)
 What is Audit?

• Systematic, independent and documented

process for obtaining audit evidence and
evaluating it objectively to determine the
extent to which the audit criteria are fulfilled
 What is Audit Evidence?

• Records, statements of fact or other

information, which are relevant to the
audit criteria and verifiable
 What is Audit Findings?

• Results of the evaluation of the

collected audit evidence against audit
criteria.
 What is Audit Client?

• organization or person requesting an

audit.
What is Auditee?

• Organization being audited

 What is Auditor?

• Person with the competence to conduct

an audit.
 What is Technical Expert?

• person who provides specific knowledge or expertise to

the audit team.
 What is Audit Plan?

• Description of the activities and

arrangements for an audit.
 What is Audit Scope?

• extent and boundaries of an audit.

What is Nonconformance?

Non-fulfillment of a
requirement
 What is Correction, and C & P Actions?

Correction:
Action to eliminate a detected
nonconformity

Corrective Action:
Action to eliminate the cause of a detected
nonconformity

Preventive Action:
Action to eliminate the cause of a potential
nonconformity or other undesirable
potential situation
 What is Ident., Trac. And Status?

Identification:
To describe product/ raw material/ semi finish
product etc. Example Batch #, Lot #, Code etc

Traceability:
Ability to trace the history, application or location of
that which is under consideration

Status:
To identify the current status of product/ raw material with regard
to inspection and test results. Tag/ sticker of HOLD, REWORK,
SCRAP Identified areas.
 Types of Audits

• First-party
• Second-party
• Third-party
The purpose of an audit is ...

to collect objective evidence to permit an

informed judgment about the status of the
quality management system
 Objectivity of Auditing
AUDIT AUDIT
CRITERIA EVIDENCE

AUDIT FINDINGS

Improvement Conformance Non-Conformance

Major Minor

AUDIT CONCLUSION

RECOMMENDATION
FOR AUDIT
Audit Methods & Techniques

FORWARD TRACE

RECEIVE
INSPECT STORES
GOODS

BACKWARDS TRACE
 What is ISO 9000:2008 QMS?

• ISO = International Organization for

Standards
• 9000 = code to denote QMS Family
• 2008 = year of last revision
• Is a family of standards for implementing a
Quality Management System (QMS)
 ISO 9000:2008 Family

 ISO 9000
 ISO 9001
 ISO 9004
 ISO/DIS 19011

Only ISO 9001 can be used for

certification purposes
 The ISO 9001:2008 Model
Continual
Continual Improvement
Improvement of
of the
the QMS
QMS
CUSTOMER REQUIREMENTS

clause 4

CUSTOMER SATISFACTION
info. flow management
management
responsibility
responsibility
clause 5
clause 6 clause 8
resource
resource meas,
meas,analysis
analysis info. flow
management
management improvement
improvement

clause 7
Input product
product Output
realization product
product
value adding realization value
activities adding activities
 Clauses/Requirements

Clause 4. Quality Management System

Clause 5. Management Responsibility
Clause 6. Resource Management
Clause 7. Product Realization
Clause 8. Measurement, Analysis and Improvement

Count the number of requirement categories.

 Quality Management Principles

 Customer Focus
 Leadership
 Involvement of People
 Process Approach
 System Approach to Management
 Continual Improvement
 Factual Approach to Decision Making
 Mutually Beneficial Supplier Relationships
 1. Customer Focus

• Organizations depend on their customers;

CUSTOMER REQUIREMENTS

therefore they should

CUSTOMER SATISFACTION
Know their current and future needs
Meet their requirements
Exceed their expectations
Get their feedback
 2. Leadership
management
management
• Leaders create common purpose responsibility
responsibility

and direction; therefore they

should
Maintain a healthy internal
environment
Inspire workforce to excel
 3. Involvement of People
resource
resource
• People are the essence of an management
management
organization; therefore
They should be fully involved
Their abilities should be used for
organization benefits
 4. Process Approach

 Manage activities and related resources

as a PROCESS

Review Purchase Design Make Deliver

Order Product
 “Turtle” Approach
?WITH WHAT ?WITH WHO
Materials /(
)Equipment Competence / Skills /(
)Training

PROCESS
OUTPUTS
INPUTS

?HOW ?OBJECTIVES/MEASURES
Support Processes,( )Performance Indicators(
)Procedures & Methods
 Example: Management, Responsibility

with what with who

Management Review Management team
forum Quality manager
Previous year’s results Team leaders

inputs
Internal audits Management
Customer satisfaction responsibility & outputs
trends objective Annual plan
Process/Product setting Improvement objectives
measures
Faults/Complaints data

how
measures support Implementation plan
Results vs plan
Customer surveys
processes Resource allocation
Roles & responsibilities
Milestones IT systems
Communications
Purchasing
HR, Training
 5. System Approach to Management

• Managing interrelated processes as a system

helps the organization in achieving its
objectives in an effective and efficient manner
6. Continual Improvement: PDCA Cycle

Continual
Continual Improvement
Improvement of
of the
the QMS
QMS

management
management
responsibility
responsibility
Plan Act

resource
resource meas.,
meas.,analysis
analysis
management
management improvement
improvement

Do Check
product
product
realization
realization
 7. Factual Approach to Decision-
Making
• Effective decisions are based on the
analysis of data and information
CUSTOMER REQUIREMENTS

CUSTOMER SATISFACTION
info. flow management
management
responsibility
responsibility

meas.,
meas.,analysis
analysis info. flow
improvement
improvement

product
product
realization
realization
 8. Mutually Beneficial Supplier Relationship

• Interrelated
• Win-Win
product
product
Supplier realization
realization
Session 2

ISO 9000 series explored

and understood
 Structure of ISO 9001:2008
• 0.1 General
• 0.2 Process Approach
• 0.3 Relationship with ISO 9004
• 0.4 Compatibility with other standards
• 1 Scope
• 2Normative References
• 3 Terms & Definitions
• 4. Quality Management system
• 5. Management Responsibility
• 6. Resource Management
• 7. Product Realization
• 8. Measurement, Analysis & Improvement
 4: Quality Management System

• General requirements (4.1)

– General requirements for approach & content of the
QMS (e.g. for the adoption of the process approach)
– Outsourcing
• Documentation requirements (4.2)
– Mandatory procedures
– Manual, Policy & Objectives
– General sufficiency of documentation and records
– System for Document Control
– System for Control of Records
 5: Management Responsibility

• The areas where direct Top Management involvement is

mandatory
– Demonstrating commitment
– Demonstrating customer focus
– Input into policy development & review
– Identification of objectives and input into the planning process
– Defining responsibilities, providing resources
– Ensuring internal communications are effective
– Involvement in management review
 6: Resources

• Human Resources
Ensuring adequacy particularly in respect of training
• Infrastructure
Buildings, work space, equipment, vehicles, information
systems etc
• Environmental controls (Aligned with ISO14000)
Heat, light, humidity, temperature, clean rooms
In fact any controls that are applicable
 7: Product Realisation

• Think of this as “Production” or “Service Delivery”

Control of the core day to day operations
Operational planning (7.1)
Handling contracts, enquiries & customer communication
systems (7.2)
Design (7.3)
Management of supplies and suppliers (7.4)
Operational controls (7.5)
Calibration (7.6)
• Exclusions may apply
 8: Measurement, Analysis & Improvement
• The collection and constructive use of data
– Measuring product (conformity checks and inspection)
– Measuring process (efficiency measures)
– Customer satisfaction (Survey, Feedback, Complaint)
– Internal audit
– Control of quarantine/isolation activities
– Analysis of data (you must do something with data)
– Continual improvement (the standard encourages the
application of the process approach to improvement)
– Corrective action (Correction + Corrective Action)
– Preventive action
Session 3

Internal Quality Audit Steps

 Internal Quality Audit Steps

Initiation

Preparation

Evaluation

Reporting

Fixing
 Internal Quality Audit Steps

Initiation STEPS RESPONSIBILITY

1. Request Audit Program Manager
2. Identify Lead Auditor Program Manager
3. Define Audit Scope Program Manager
& Lead Auditor
Importance of Preparation
 Exercise: Initiation

• Who is responsible for scheduling the

audits?
• When are internal audits scheduled?
• How often are audits performed?
• Who is responsible for selecting the
auditors?
• What criteria are important for selecting
auditors?
 Annual Audit Plan

• Considerations
• Approvals
Exercise: Auditing the Training Activity

• Why is the audit performed?

• What is being audited?
• Which requirements?
SOLUTION:
• Purpose:
To verify compliance with Quality Manual
and ISO 9001:2000
• Audit Scope:
Training Activity
• Requirements:
As specified in
 ISO 9001:2008
 EEICQM-01
 EEICHR-P-01
 Internal Quality Audit Steps

Initiation
STEPS RESPONSIBILITY
Preparation 4. Select Audit Team Lead Auditor
5. Understand Org. Audit Team
6. Review Documentation Audit Team
7. Plan the Audit Lead Auditor
8. Prepare Checklist &
Working Papers Audit Team
 Audit Team

• Consider team member qualifications

• Consider activities being audited
• Consider type and degree of experience of
the auditors
• Create a balanced team
Preparation Steps

review
initiation
documents

get plan
approvals audit
Exercise: Review Documentation

For the Training activity, which specific

documents would you request to prepare
your team for the audit?
Review Documentation
• Quality manual • Past audit performance
• Procedures • Customer feedback
• Forms • Number of employees
• Organization chart • Working hours
• Facility floor plan
 Plan Audit

• Confer with audit team members

• Don’t forget the approvals
Audit Plan: December 22-23, 2001

Purpose: To verify compliance with Quality Manual and ISO 9001:2000

Audit Scope: Training
Requirements: As specified in
- ISO 9001:2008
- Quality Manual,
- HR Procedure
Overall Schedule:
December 22, 2001 December 23, 2001
8:00-8:30 Opening Meeting 8:00-11:00 Field Activities
8:30-9:00 Audit Team Meeting 11:00-12:00 Audit Team Meeting
9:00-12:00 Field Activities 12:00-1:00 Exit Meeting
12:00-1:00 Audit Team Meeting
1:00-3:00 Field Activities
3:00-3:30 Daily Auditee Briefing

Audit Team Members: Ms. Ashraf Youssef, Lead Auditor

Mr. Wissam Toumeh, Auditor
Mr. Nelson Tenorio, Auditor

Approved: ________________ Approved: ________________

Mr. Ashraf Youssef Mr. Muntaser Kalahji.
 Internal Quality Audit Steps

Initiation

Preparation
STEPS RESPONSIBILITY
9. Conduct Opening Meeting Lead Auditor
Evaluation 10. Meet with Management Audit Team
11. Interview & Observe Audit Team
12. Assess Evidence Audit Team
An auditor’s memory is
.as sharp as his pencil
Focus of the Audit

To collect objective evidence to permit

an informed judgment about the status
of the quality management system.
Objective evidence may be ...
• documented
• based on interview
• based on observation
• quantitative
• qualitative
• verifiable
Checklists & Working Papers

Checklists

Audit Questions

Audit Investigation

Audit Findings
Checklists

Checklists plan
the flow of
questions
Checklists

Checklists
guide the course
of the audit
Checklists

Checklists
define
the sample
Checklists

Checklists
help in writing
the report
 Checklist should …

• Be based on information available before

the audit
• Be modified when necessary
• Allow follow-up
• Be balanced to cover priority areas
• Be created by individual auditors
 Checklist should NOT …

• Restrict auditor’s inquiry

• Be completely generic
• Be yes/no lists
To Create a Checklist

What am I
Documents
?looking for

Who do I want Individual

?to talk to

?What will I ask Questions on checklist

What am I looking for?
What am I looking for?

RECORDS ARE THE MOST

RELIABLE SOURCE OF
INFORMATION
What am I looking for?

Sample should be representative,

although not necessarily statistically valid
Who do I talk to?

• Talk to the right people

Those responsible for the activity
Those doing the activity
 Audit Team Meeting

• Informal briefings
• Opportunity to share
information
• Discuss necessary
adjustments to plan
• Develop report
• Helps keep communication
lines open among audit team
members
 Opening Meeting
• Conduct before start of field activities
• Audit team members must be present
• Auditee contacts should be present
• Creates an atmosphere of cooperation
between auditors and auditee
 Opening Meeting

• Sign-in sheet
• Distribute detailed audit schedule
• Address any auditee scheduling
concerns
• Revise schedule, if necessary
 Daily Auditee Briefing

• Review potential findings regularly with

auditee
• Opportunity for auditee to close a finding
before the end of the audit
• Helps strengthen communications
• Audit becomes constructive
Interview & Observe

• Asking questions
• Observing activities
• Examining documents & records
• Examining facilities
 Observing Activities

Confirm that 
procedures are being
followed

??how
how
 Observing Activities

 Look for
undocumented
activities

??what
what
 Observing Activities

 Confirm answers

??who
who
Observing Activities

• Auditee Reactions
Take over conversations
Play “show & tell”
Blame someone
Act defensively
Waste time
Interrupt
Provoke
Bribe!
Interviewing
Interviewing
• Introduce yourself
• Explain why you are there
• Investigate to depth
necessary
• Ask, Listen, Verify
• Interview the right people
Those responsible for the
activity
Those doing the activity
• Hearsay is not evidence
Interviewing

• Interview for:
elaboration
corroboration
perspective
basis for evidence
 Interviewing

• Two eyes
• Two ears
• One mouth

• Ratio of use:
One of speaking
to four receiving
Interviewing

why
why
when
when

what
what how
how

who
who where
where
When Something Seems Wrong
 When Something Seems Wrong

• Is it really wrong?
• Does he know it is wrong?
• What is his explanation?
• Is it an isolated event, or a
symptom of a deeper problem?
• Why didn’t quality system detect
it?
• What lapse in the quality system
allows this to happen?
Nonconformity

Nonconformity refers to a
failure to meet a specified
requirement:
Quality Manual Policies
Procedures
ISO 9001:2000 req.
Government Regulations
or more of processes can be improved 90%
by modifying organizational systems
a management responsibility) rather)
than attempting to modify an
.individual employee’s performance

W. Edwards Deming
 What if nothing seems to be wrong?

• No problems …
don’t panic
• Move on
• Don’t keep looking
for something wrong
ROLE PLAY:

• Auditing role play

 Internal Quality Audit Steps

Initiation

Preparation

Evaluation
STEPS RESPONSIBILITY
13. Write Nonconformities Audit Team
Reporting 14. Conduct Closing Meeting Audit Team
15. Write a Summary Report Lead Auditor
 Do I have a Nonconformity?

YES
if you have objective evidence that:
• A requirement is not addressed
• Practice differs from defined system
• System is not effective
 Major or Minor Nonconformity

• Major
System element is missing
System element is not implemented
System element is not effective
• Minor
A single/isolated lapse in the system
 EXERCISE: Nonconformity or Not

• For each situation, identify whether

major nonconformity,
Minor nonconformity, or
nothing.
Nonconformity Statement

• State the evidence

What is it?
• State the requirement
What is it against?
Writing a Nonconformity: The 4 C’s

• Clear … Simple language

• Correct … Objective
• Complete … Traceable
• Concise
What happened?
What should happen?
 Writing Nonconformity: Steps

1. Write (informally) the nonconformity

on the spot.
2. Explain to auditee manager promptly.
3. Review with team members.
4. Write nonconformity statement on the
NCR.
5. Get auditee manager signature.
 Closing Meeting Keys

• Informal setting
• Report the results to management
• Agree on follow-up
• Entertain questions
 Agenda of Closing Meeting

1. Introduction & purpose of meeting

2. Thanks for cooperation
3. Distribute list of attendees
4. Review audit purpose and scope
5. Explain nature of sampling
6. Summarize results: Good observations, no. of NCRs,
overall weakness, recommendations, repeat good
observations
7. Summary from each auditor
8. When to expect written report
9. Agreement on follow-up
10. Questions & Clarifications
 Audit Summary Report
• Prepared by Lead Auditor
• Sent promptly to MR
• Sent promptly to Heads of audited area

Audit Report Content

• Audited area
• Lead Auditor and members
• Audit date
• Audit scope
• Audit criteria (list of key documents)
• Summary of findings
• Good practices
• Total number of nonconformities
• Descriptions and discussion of nonconformities
• Conclusion
 Internal Quality Audit Steps

Initiation

Preparation

Evaluation

Reporting

STEPS RESPONSIBILITY
Fixing 16. Take Corrective Actions Auditee
17. Verify Corrective Actions Audit Team
Follow-Up Flowchart

Identify
Identify Agree
Agreeononneed
need
NC,
NC,issue
issueNCR
NCR for
forCA,
CA,sign
signitit

Propose
ProposeCACA
??Agree
Agree plan
plan
not OK

OK

Verify
VerifyCACA Implement
Implement
&&
CA
CA
Close
CloseNCRNCR
Session 4

Auditor’s Skills & Responsibilities

 Auditor’s Responsibilities

• Communicating
• Planning and executing
• Documenting
• Reporting
• Verifying
• Safeguarding
• Cooperating
 Auditor’s Qualifications

• Education
• Training
• Experience
• Personal Attributes
• Management Skills
 Auditor Skills

• Communication skills
• Interpersonal skills
• Analytic skills
 Auditor Ethics

“I will inform each client or employer of any

business connections, interests, or
affiliations that might influence my
judgment or impair the equitable
character of my services.”

ASQ Code of Ethics

Internal Auditor

• Acts as a consultant
‫كككككك‬
‫كك‬ ‫‪115‬‬