CQI (Wessex Branch) Remote Auditing - April 2012

CQI (Wessex Branch)
April 12th 2012
Remote Auditing
Colin MacNee
Duncan MacNee Limited
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 1
Caveat
The views expressed are my own and do not
represent
BSI
CQI
IAF
IRCA
ISO
12thbackground
Purpose
ISO 9001:2008
Quality management systems – requirements
Introduction
0.1 General
This International Standard can be used by internal or
external parties, including certification bodies, to assess
the organization's ability to meet customer, statutory
and regulatory requirements applicable to the product,
and the organization's own requirements.
12thbackground
Accredited Certification
Accreditation Body (AB)
ISO/IEC 17021:2011 (2006)
Certification Body (CB)

ISO 9001:2008 (2000)
Organization
Product and or Service
Customer
12thbackground
Relationship between ISO/IEC
17021:2011 and ISO 19011:2011
ISO 19011 is intended to provide useful guidance in:
Internal auditing External auditing

Organization auditing Supplier auditing 3rd party auditing
commonly called 1st commonly called 2nd e.g. legal, certification
party audit party audit and similar purposes
ISO/IEC 17021:2011
Conformity assessment-
Requirements for bodies
providing audit and
certification of
management systems
12thbackground
Background - ISO 19011:2002 “On-site”
6.3 Conducting document review
Prior to the on-site audit activities...
6.4 Preparing for the on-site audit activities

6.4.1 Preparing the audit plan
The audit plan should cover the following:
d) the dates and places where the on-site audit activities are to be conducted;
The audit plan should also cover the following, as appropriate:
k) logistic arrangements (travel, on-site facilities, etc.);
The plan should be reviewed and accepted by the audit client, and presented to the auditee, before the
on-site audit activities begin.
6.5 Conducting on-site audit activities

6.5.2 Communication during the audit
Any need for changes to the audit scope which can become apparent as on-site auditing activities
progress should be reviewed with and approved by the audit client and, as appropriate, the auditee.
6.6 Preparing, approving and distributing the audit report

6.6.1 Preparing the audit report
The audit report should provide a complete, accurate, concise and clear record of the audit, and should
include or refer to the following:
e) the dates and places where the on-site audit activities were conducted;
12thbackground
Background - ISO 19011:2011 “On-site”
6.3.1 Performing document review in preparation for the audit
No mention of on-site
6.4 Conducting the audit activities

6.6 Preparing and distributing the audit report

Annex B.6 Guidance on visiting the auditee’s location

...the following should be considered:
a) planning the visit:
...
b) on-site activities:
— avoid any unnecessary disturbance of the operational processes;
…
12thbackground
Audit Methods
Extent of involvement
between the auditor
Location of the Location of the
and the auditee auditor: On-Site auditor: Remote
Human
interaction
No
Human
interaction
A Free sample
12thbackground
April 2012 from www.pptbackgrounds.fsnet.co.uk© 2011, 2012 Duncan MacNee Limited 8
‘Working’ definitions
On-site audit:
an audit method where the auditor gathers information relevant to the
audit objectives, scope and criteria when physically present at the
audit location
Remote audit:
audit objectives, scope and criteria when not physically present at
the audit location
12thbackground
‘Working’ definitions
Human interaction audit:
audit objectives, scope and criteria from an auditee e.g. interviews
No human interaction audit:

audit objectives, scope and criteria from sources other than an
auditee e.g. document review, observation of equipment or human
behaviour
12thbackground
Benefits
and
Drawbacks
A Free sample
12thbackground
Benefits Drawbacks
 Capability  Capability
 Cost  Cost
 Availability  Availability
 Access  Access
 Security  Security
 Confidence  Competence
 Language  Language
 Privacy  Privacy
 Efficiency  Efficiency
 Effectiveness  Effectiveness
 Integrity  Integrity
 Time  Time
 REGULATION
 POLICY
12thbackground
Balance of the different audit
methods
 Optimise the benefit of each method.
 use the cost effectiveness of remote to cover larger samples
 Use the social aspect of on-site to increase trust
 Minimise the detriment of each method.
12thbackground
Thank You
Any Questions?
4/12/2012
12thbackground
A Free sample April 2012 from www.pptbackgrounds.fsnet.co.uk © 2011, 2012 Duncan MacNee Limited 14 14
Backup
A Free sample
12thbackground
ISO 9001 Auditing Practices
Group
12thbackground
ISO 9001 Auditing Practices Group
QMS auditing topics QMS auditing topics
 Introduction to the ISO 9001 Auditing Practices Group  Auditing Customer Feedback processes
 The need for a 2-stage approach to auditing  Documenting a Nonconformity
 Measuring QMS effectiveness and improvements  Guidance for reviewing and closing nonconformities
 Identification of processes  Auditing Internal Communications
 Understanding the process approach  Auditing Preventive Action
 Determination of the “where appropriate” processes  Auditing Service Organizations
 Auditing the “where appropriate” requirements  Third Party Auditor Impartiality and Conflict of Interest
 Demonstrating conformity to the standard  Auditing the Effectiveness of the Internal Audit
 Linking an audit of a particular task, activity or process to  Auditing Electronic Based Management Systems
the overall system  Auditing the Management of Resources
 Auditing continual improvement  Auditing Customer Communications
 Auditing a QMS which has minimum documentation  Auditing the Design and Development Process
 How to audit top management processes  Auditor Code of Conduct and Ethics
 The role and value of the audit checklist  Guidance on Cultural Aspects of Auditing
 Scope of ISO 9001, Scope of Quality Management System  Output Matters!
and Defining Scope of Certification  Auditing the Procurement and Supply Chain Processes
 How to Add Value during the audit process  Added Value Audits versus Consultancy
 Auditing competence and the effectiveness of actions taken  Writing Audit Reports
 Auditing Statutory and Regulatory requirements  Audit trail
 Auditing Quality Policy, Quality Objectives, and  Approach to Demonstration of Traceability of Measurement
Management Review Results
 Auditing ISO 9001, Clause 7.6 Control of monitoring and  Deployment of the Expected Outcomes documents
measuring equipment
 How to deal with Consultants
 Making effective use of ISO 19011
12thbackground
References
ISO
Auditing management system standards
ISO 19011 Auditing Group
ISO/IAF
ISO 9001 Auditing Practices Group
Auditing Electronic Based Management Systems
INAB
Policy on assessment of quality system documentation and data in an electronic
environment
IRCA
Auditing Electronic-Based Management Systems (EBMS)
12thbackground
Time-based audit method profiles
1. remote/no human interaction (document review)

2. on-site/no human interaction (observations)
3. on-site/human interaction (interviews)
1. remote/human interaction (interviews)

3. local/human interaction (interviews)
4. on-site/no human interaction (observations)

2. on-site/human interaction (interviews)
3. on-site/no human interaction (observations & document review)
5. remote/human interaction (interviews)
12thbackground
A Financial Services company with an Information Security
Management System (ISO 27001) may have the following timeline
audit profile:
 60% remote/no human interaction (document review)
 20% remote/human interaction (interviews)
 15% on-site/no human interaction (observations)
 5% on-site/human interaction (interviews)
12thbackground
A Chemical Manufacturing company with an Environmental
Management System (ISO 14001) may have the following timeline
audit profile:
 5% remote/human interaction (interviews)
 15% remote/no human interaction (document review)
 50% on-site/human interaction (interviews)
 30% on-site/no human interaction (observations)
12thbackground
Information
Communication
Technology
A Free sample
12thbackground
E-mail
Examples:
 OutLook Express, Hotmail, Google Mail, Yahoo Mail
Advantages:
 Simple technology, free (mostly) many vendors, recording
Disadvantages:
 Asynchronous, security (bombardment, spamming, phishing,
 spoofing, viruses, trojans, worms), privacy
12thbackground
Online Chat / Instant Messaging (IM)
Examples:
 AOL Instant Messenger (AIM), Google Talk, Internet Relay
 Chat (IRC) - various, Lotus Notes Sametime, Skype,
 Windows Live Messenger
Advantages:
 Simple technology, free (mostly) many vendors,
 synchronous (mostly), recording
Disadvantages:
 Slow, security (e.g. spyware, viruses, trojans, worms), privacy,
 inappropriate use
12thbackground
Telephony
Examples:
 Ranging from land-line, cable, mobile, VOIP, satellite
Advantages:
 Mobility, many technologies and vendors, synchronous,
 still and video pictures
Disadvantages:
 Coverage, security, privacy, limited recording, inappropriate
 use
12thbackground
Videoconferencing
Examples:
 Ranging from large, static, videoconferencing suites to webcams
Advantages:
 Multiple locations and users, security, privacy, recording
 Cheap, mobile, many vendors
Disadvantages:
 Very expensive, static, few vendors (FedEx Office), complex technology
 Security, privacy, inappropriate use
12thbackground
Web conferencing
Examples:
 Adobe Acrobat Connect, IBM Lotus Sametime, Microsoft
 Live Meeting, WebEx
Advantages:
 Many vendors, functionality 1
Disadvantages:
 Expensive
Note: Functionality can include - Presentations, live or streaming video, VoIP, recording, whiteboard, text chat, screen sharing, desktop sharing, application sharing
12thbackground
Defining a Code of Practice
 Roles
 Example
 Remote: Auditor
 On-site: Auditee(s), Auditee Guide (IG), Avatar
 Responsibilities
 Authorities
 Pre audit activity / Audit activity / Post audit activity
 Technology Planning: Minimum requirements to be available prior, during and

post audit
 Contingency Planning: What to do if the audit ends prematurely; unexpectedly

or planned
12thbackground
Good practice and potential
pitfalls
 Pilot
 Evolution, not revolution
 Code of Practice
 Over reliance on technology

 Assuming technology won’t fail
12thbackground

CQI (Wessex Branch) Remote Auditing - April 2012

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CQI (Wessex Branch) Remote Auditing - April 2012

Uploaded by

Copyright:

Available Formats

CQI (Wessex Branch)

April 12th 2012

Certification Body (CB)

Product and or Service

Internal auditing External auditing

6.4 Preparing for the on-site audit activities

6.5 Conducting on-site audit activities

6.6 Preparing, approving and distributing the audit report

6.4 Conducting the audit activities

6.6 Preparing and distributing the audit report

Annex B.6 Guidance on visiting the auditee’s location

No human interaction audit:

 Minimise the detriment of each method.

1. remote/no human interaction (document review)

1. remote/human interaction (interviews)

1. remote/no human interaction (document review)

 60% remote/no human interaction (document review)

 20% remote/human interaction (interviews)

 15% on-site/no human interaction (observations)

 5% on-site/human interaction (interviews)

 5% remote/human interaction (interviews)

 15% remote/no human interaction (document review)

 50% on-site/human interaction (interviews)

 30% on-site/no human interaction (observations)

 Pre audit activity / Audit activity / Post audit activity

 Technology Planning: Minimum requirements to be available prior, during and

 Contingency Planning: What to do if the audit ends prematurely; unexpectedly

 Over reliance on technology

You might also like