Professional Documents
Culture Documents
Remote Auditing
Colin MacNee
Duncan MacNee Limited
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 1
Caveat
The views expressed are my own and do not
represent
BSI
CQI
IAF
IRCA
ISO
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 2
Purpose
ISO 9001:2008
Quality management systems – requirements
Introduction
0.1 General
This International Standard can be used by internal or
external parties, including certification bodies, to assess
the organization's ability to meet customer, statutory
and regulatory requirements applicable to the product,
and the organization's own requirements.
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 3
Accredited Certification
Accreditation Body (AB)
ISO/IEC 17021:2011 (2006)
Organization
Customer
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 4
Relationship between ISO/IEC
17021:2011 and ISO 19011:2011
ISO 19011 is intended to provide useful guidance in:
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 5
Background - ISO 19011:2002 “On-site”
6.3 Conducting document review
Prior to the on-site audit activities...
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 6
Background - ISO 19011:2011 “On-site”
6.3.1 Performing document review in preparation for the audit
No mention of on-site
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 7
Audit Methods
Extent of involvement
between the auditor
Location of the Location of the
and the auditee auditor: On-Site auditor: Remote
Human
interaction
No
Human
interaction
A Free sample
12thbackground
April 2012 from www.pptbackgrounds.fsnet.co.uk© 2011, 2012 Duncan MacNee Limited 8
‘Working’ definitions
On-site audit:
an audit method where the auditor gathers information relevant to the
audit objectives, scope and criteria when physically present at the
audit location
Remote audit:
an audit method where the auditor gathers information relevant to the
audit objectives, scope and criteria when not physically present at
the audit location
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 9
‘Working’ definitions
Human interaction audit:
an audit method where the auditor gathers information relevant to the
audit objectives, scope and criteria from an auditee e.g. interviews
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 10
Benefits
and
Drawbacks
A Free sample
12thbackground
April 2012 from www.pptbackgrounds.fsnet.co.uk© 2011, 2012 Duncan MacNee Limited 11
Benefits Drawbacks
Capability Capability
Cost Cost
Availability Availability
Access Access
Security Security
Confidence Competence
Language Language
Privacy Privacy
Efficiency Efficiency
Effectiveness Effectiveness
Integrity Integrity
Time Time
REGULATION
POLICY
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 12
Balance of the different audit
methods
Optimise the benefit of each method.
use the cost effectiveness of remote to cover larger samples
Use the social aspect of on-site to increase trust
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 13
Thank You
Any Questions?
4/12/2012
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 14 14
Backup
A Free sample
12thbackground
April 2012 from www.pptbackgrounds.fsnet.co.uk© 2011, 2012 Duncan MacNee Limited 15
ISO 9001 Auditing Practices
Group
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 16
ISO 9001 Auditing Practices Group
QMS auditing topics QMS auditing topics
Introduction to the ISO 9001 Auditing Practices Group Auditing Customer Feedback processes
The need for a 2-stage approach to auditing Documenting a Nonconformity
Measuring QMS effectiveness and improvements Guidance for reviewing and closing nonconformities
Identification of processes Auditing Internal Communications
Understanding the process approach Auditing Preventive Action
Determination of the “where appropriate” processes Auditing Service Organizations
Auditing the “where appropriate” requirements Third Party Auditor Impartiality and Conflict of Interest
Demonstrating conformity to the standard Auditing the Effectiveness of the Internal Audit
Linking an audit of a particular task, activity or process to Auditing Electronic Based Management Systems
the overall system Auditing the Management of Resources
Auditing continual improvement Auditing Customer Communications
Auditing a QMS which has minimum documentation Auditing the Design and Development Process
How to audit top management processes Auditor Code of Conduct and Ethics
The role and value of the audit checklist Guidance on Cultural Aspects of Auditing
Scope of ISO 9001, Scope of Quality Management System Output Matters!
and Defining Scope of Certification Auditing the Procurement and Supply Chain Processes
How to Add Value during the audit process Added Value Audits versus Consultancy
Auditing competence and the effectiveness of actions taken Writing Audit Reports
Auditing Statutory and Regulatory requirements Audit trail
Auditing Quality Policy, Quality Objectives, and Approach to Demonstration of Traceability of Measurement
Management Review Results
Auditing ISO 9001, Clause 7.6 Control of monitoring and Deployment of the Expected Outcomes documents
measuring equipment
How to deal with Consultants
Making effective use of ISO 19011
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 17
References
ISO
Auditing management system standards
ISO 19011 Auditing Group
ISO/IAF
ISO 9001 Auditing Practices Group
Auditing Electronic Based Management Systems
INAB
Policy on assessment of quality system documentation and data in an electronic
environment
IRCA
Auditing Electronic-Based Management Systems (EBMS)
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 18
Time-based audit method profiles
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 19
Time-based audit method profiles
A Financial Services company with an Information Security
Management System (ISO 27001) may have the following timeline
audit profile:
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 20
Time-based audit method profiles
A Chemical Manufacturing company with an Environmental
Management System (ISO 14001) may have the following timeline
audit profile:
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 21
Information
Communication
Technology
A Free sample
12thbackground
April 2012 from www.pptbackgrounds.fsnet.co.uk© 2011, 2012 Duncan MacNee Limited 22
E-mail
Examples:
OutLook Express, Hotmail, Google Mail, Yahoo Mail
Advantages:
Simple technology, free (mostly) many vendors, recording
Disadvantages:
Asynchronous, security (bombardment, spamming, phishing,
spoofing, viruses, trojans, worms), privacy
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 23
Online Chat / Instant Messaging (IM)
Examples:
AOL Instant Messenger (AIM), Google Talk, Internet Relay
Chat (IRC) - various, Lotus Notes Sametime, Skype,
Windows Live Messenger
Advantages:
Simple technology, free (mostly) many vendors,
synchronous (mostly), recording
Disadvantages:
Slow, security (e.g. spyware, viruses, trojans, worms), privacy,
inappropriate use
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 24
Telephony
Examples:
Ranging from land-line, cable, mobile, VOIP, satellite
Advantages:
Mobility, many technologies and vendors, synchronous,
still and video pictures
Disadvantages:
Coverage, security, privacy, limited recording, inappropriate
use
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 25
Videoconferencing
Examples:
Ranging from large, static, videoconferencing suites to webcams
Advantages:
Multiple locations and users, security, privacy, recording
Cheap, mobile, many vendors
Disadvantages:
Very expensive, static, few vendors (FedEx Office), complex technology
Security, privacy, inappropriate use
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 26
Web conferencing
Examples:
Adobe Acrobat Connect, IBM Lotus Sametime, Microsoft
Live Meeting, WebEx
Advantages:
Many vendors, functionality 1
Disadvantages:
Expensive
Note: Functionality can include - Presentations, live or streaming video, VoIP, recording, whiteboard, text chat, screen sharing, desktop sharing, application sharing
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 27
Defining a Code of Practice
Roles
Example
Remote: Auditor
On-site: Auditee(s), Auditee Guide (IG), Avatar
Responsibilities
Authorities
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 28
Good practice and potential
pitfalls
Pilot
Evolution, not revolution
Code of Practice
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 29