Professional Documents
Culture Documents
Audit NC Report
Audit Repor
Audit Type Business Unit Account / Function Project / Support Phase Audit Banking RBS SIT PDA Note-worthy Efforts (Positive Finding) Standard process for estimation missing. Estimations are done manually, and no justifications Test design techniques, not followed considering the project size. Audit Date (E.g - 06-May-08) Audit Schedule Ref. Total (NC + Observation) Findings pending for closure
S. No. Observations (These are potential NCs) 1 Risks not captured for the phase and signoff being obtained.
TO BE FILLED Sr. No. Non Conformance (NC) Finding details Risk Rating Process Area
NC Statement
Impact
Non-Conformance Statement
Impact
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 1 of 21
Non-Conformance Statement
Impact
Non-Conformance Statement
Impact
iQ: SPM
Audit NC Report
Audit Report
29-Mar-11 2011-03 1 1 Names of Auditees Names of Auditor (s) Report Date Closure Target Date Muthu Vijaya Bharathi Friday, April 01, 2011 Sunday, May 01, 2011
Opportunity for Improvement (Recommendation) Estimation process can be standardized and usage of project specific template, recommended.
Verifier Name
TO BE FILLED IN FOR NC CLOSURE Correction. (This is correction of the the NC) Corrective Action (To eliminate the cause of NC to prevent its recurrence) Preventive Action (To eliminate the cause of potential NC to prevent occurence) Verifier Name and Verification comments
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 3 of 21
iQ: SPM
Audit NC Report
Accepted?
Closure Date
Closure Date
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 5 of 21
iQ: SPM
Audit NC Report
Annexure
Field Name Audit Type Business Unit Audit Date Audit Schedule Ref Account Project / Function Auditee(s) Auditor(s) Total Number of NCs + Observations Open NCs Description Mention the type of audit conducted. Use the drop down menu. Select the appropriate business unit at Organizational level Date on which the Audit took place This is audit schedule reference field auto populated from the audit date field Name of the Client Account The name of the project/function that was audited The people who faced the Audit The people who conducted the Audit This field gets automatically populated once the NC and observation No. are incremented Total number of Non Conformances that are open. This field gets automatically populated depending on the NC No. and NC Closed Date.
Closed NCs
Total number of Non Conformances that are closed. When the NC is closed the closure date must be entered. This field gets automatically populated depending on the NC No. and NC Closed Date. Report Date Date of preparation of report in the format dd-mmm-yy. Closure Target Date This field is auto populated and is 30 days after report date Noteworthy effort A noteworthy effort will be reported as a positive finding. A noteworthy effort can be an improvement compared to the previous audit, or processes that perform better than expected, e.g. best practice. Opportunity for improvement (OFI) Any improvement activities/suggestions by the auditors can be placed in this section. It shall be up to the auditees to decided if they would want to go ahead and implement them. Accepted? The auditees should specify whether they have accepted the OFI by selecting Yes or No These are findings which are potential NCs. These may not be direct failure against the requirements but if the observations are not acted upon these may lead to NC in subsequent audits Sr. No gets auto populated based on input in Non-conformance statement field Here auditors should record their observations with all of the following details Non-Conformance Statement- Write the NC with facts that are used as an evidence. Definition of a NC: A practice/activity that does not confirm to the processes or policies of FS SBU (in Quality Manual or otherwise) and/or Project and/or Client requirements and in turn exposes FS SBU and/or Project and/or client to any potential delivery, security, or legal risk is a NonConformance. In addition to these, any business risk (To FS SBU or to the client) foreseen that has not been formally identified and/or mitigated shall be identified as a non-conformance. Impact- Write the perceived impact on the project of the non-conformance Risk Rating- Asses the risk rating based on the impact. Read the risk rating guideline given below.
Observation
Version 2.8, 30-June 2009 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 7 of 21
iQ: SPM
Audit NC Report
Annexure
Field Name Process Area Correction Corrective Action (Correcting NC and removing cause of NC) Description Select the Process Area from the drop down menu. Action taken for Correcting the non-conformity. Action to eliminate the cause of a detected non-conformity in order to avoid recurrence Your corrective action procedure must explain how you: review non-conformance and customer complaints decide the cause of the problem decide an appropriate course of action to stop the problem recurring put the plan into action ensure that the action has solved the problem Corrective action is RE-ACTIVE ie dealing with the problem AFTER the event
Preventive Action Action to eliminate the cause of a potential non-conformity in order to avoid (Removing cause of potential NC) occurrence Your preventive action procedure must explain how you: review potential problems decide the potential cause of the problem decide an appropriate course of action to stop the problem occurring put the plan into action ensure that the preventive action has solved the potential problem Preventive action is a PRO-ACTIVE procedure ie dealing with the problem BEFORE it happens
Description of the root cause of the NC. This is identifying the cause which has led to the NC. Attacking the root cause and taking necessary corrective action will help in avoiding the recurrence of the NC The date on which the auditor closes the NC after verifying the CPA The remark written by the verifier after verifying the RCA, corrective and preventive action indicating that the NC is closed. Verification of Audit NC Closure can be performed by Auditor or Quality Manager of respective project or Quality Manager from other project or Auditors during the subsequent internal audit. 3/21/2007 Risk in the context of Project Management means 'probability' that a 'finding' will impact the project deliverables adversely. Project deliverables include internal deliverables ,client deliverables and external compliance requirements. The internal deliverables include Operational efficiency, Knowledge repository, Compliance with organizational standards, security and profitability etc. We also need to assess 'magnitude' of this impact.
Version 2.8, 30-June 2009 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 8 of 21
iQ: SPM
Audit NC Report
Annexure
Field Name Description Auditor has to perform three functions namely - Identify a risk associated with a 'finding'- You need to assess and categorize probability that a 'finding' will affect project deliverables adversely into High/ Medium/ Low. - Assess magnitude of this risk on the project deliverables- You need to assess and categorize the effect as /High/ Medium/ Low - Perform risk rating based on the following guidelines. Assessment Guideline High Probability with High Impact Medium Risk probability with High Impact or High probability with medium impact. Medium probability with medium Impact, High probability with low impact, or Low probability with High Impact Medium Probability with low Impact, Low probability with medium Impact The file naming structure to be followed to send your audit report is - "City/ Account Name/ Project Name".
Risk Rating Very High High Medium Low File Naming Convention
Version 2.8, 30-June 2009 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 9 of 21
iQ: SPM
Audit NC Report
Audit Report Worksheet All Audit Report Worksheet, Process Title Column Annexure ISO 9001 Reference Sheet All
D M M M
1.4
31-Aug-04
A D
1.5
1-Jul-05
D M
1.6
30-Sep-05
A M
1.7
28-Feb-06
1.8 1.9
14-Dec-06 21-Mar-07
M A A M
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 10 of 21
iQ: SPM
Audit NC Report
2.0
3-Oct-07
2.1
27-Mar-08
Audit Report
2.2
16-May-08
PIP ID 232
2.3
15-Oct-08 All
PIP ID 262
M M D
M 2.4 6-Mar-09 Audit ReportProcess Areas, Business Unit, Audit Time IAG Internal discussion Organizational change M A D
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 11 of 21
iQ: SPM
Audit NC Report
2.6
8-May-09
Audit Report
PIP ID 312 2.7 5-Jan-10 Audit Report IAG Internal Discussion IAG Internal Discussion IAG Internal Discussion IAG Internal Discussion 2.8 IAG Internal Discussion
A A M
M A
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 12 of 21
iQ: SPM
Audit NC Report
dment Log
Brief Description of Change Initial release
Column on 'ISO 9001 Clause' removed. Process references ID's removed from the 'Process Title' column. Formatting changes to the template. List of Processes updated with the list of latest and current processes.
Added the definitions of Observations, Recommendations & a NC. Deleted the ISO reference sheet
Follow-up Action Definitions of Observations and Recommendations changed. Changed Format of NC recording. Added Audit Finding, Impact and Risk Rating Kanbay Logo Changes into Definitions of terminology based on the changes made to the NC Report Format as mentioned above. Audit Date Report Date Preventive Action category File Naming Convention Risk types in NC Report Format and the risk assessment guideline in the annexure Account/ Function with corresponding definition in "Annexure" Changed Changed Risk Rating guidelines to include risk analysis wrt "Findings" in place of "Non-Conformances" Changed "Positive Observations" to "Observations" Added a portion on "Repeat Findings" and Name of the Verifier Added Closure Audit and Phase Audit as drop down values for Audit type Corrective Action changed to 'Corrective Action (Correcting NC and removing cause of NC)' with definition thereof. Preventive Action changed to 'Preventive Action (Removing cause of potential NC)' with definition thereof. Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed Page 13 of 21
iQ: SPM
Audit NC Report
dment Log
Brief Description of Change Name of the Verifier Changed Verification of Implementation to 'Verifier Name and Verification Comments'. File Naming Convention Observations changed to 'Positive Observation' 1. Kanbay Logo replaced with Capgemini Logo 2. References to Kanbay updated as per Integration updates Added references to new processes added in FSGM- Decision Analysis and Resolution process, Pursuit QA, M-Review, Organization Process Performance Process and Database Support Methodology Added a column to capture the 'Root cause Analysis for each NC. This is an OFI from ISO auditor Updated reference of KGL to FSGL 1. Template Title changed from Audit NC Report to Audit Report 2. Repositioned fields :Auditees, Auditors , Audit Date, Audit Time, Root Cause Analysis 3. Deleted fields for Count of NCs closed , Repeat NC, 'Findings' section under 'NC findings' column', category from the NC information 4. Added Closure Target date in the top section of report, field for capturing observations which are potential NCs, column Correction for closing of NCs 5. Reworded terms: Positive Observation as Noteworthy, Recommendations as Opportunity for improvement, Process Title field as Process Area, Open NCs field to Open findings (open field turn red if any NC/ obs is open) 6. List of values in Process Title column modified to include key process areas 7.Added a new sheet - 'Sample Audit Report'. 8. Columns that need Auditees to work on are highlighted in light blue color. 1. Process Areas drop down list is modified to include important CMMI PAs. 2. Business Unit field is added to reflect BUs per new Org. Structure. 3. Audit time field is removed.
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 14 of 21
iQ: SPM
Audit NC Report
dment Log
Brief Description of Change In Process area drop down list changed process area PM - Measurement and Analysis to PM Metrics In Process area drop down list Removed process area PM - Quantitative Project Management Added the focus area checklist template at the bottom of the report - Row 47. This needs to be filled in by the auditors and sent as embedded file along with the final audit report Removed QPM and Measurement and Analysis from process area dropdown list and added Metrics Process area in the list. Added the focus area checklist template at the bottom of the report - Row 47 Added a column K 'Accepted?' to capture information whether OFI is accepted or not Made some formatting changes in header of Noteworthy effort and OFI to accommodate above addition Changed Audit type Cell C2 drop down value 'Internal Quality Audit' to 'Internal Audit' Added a process area 'PM - Document Control' in the drop down values for NC process areas Process Areas are modified
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 15 of 21
iQ: SPM
Audit NC Report
Audit Report
Audit Type Internal Audit Business Unit Select suitable from drop down Account / Function ABC (dummy name) Project Name ABC123 (dummy name) Audit Date (E.g - 06-May08) Schedule Ref. Audit Total (NC + Observation) Findings pending for closure
Note-worthy Efforts (Positive Finding) Review meeting are planned effectively at different levels and actions are followed up.
S. No. Observations (These are potential NCs) 1 There are a lot of errors in the data downloaded for metrics analysis. Integrity of the data
TO BE FILLED IN Sr. No. Non Conformance (NC) Finding details Risk Rating Process Area
NC Statement Metrics sheet is not evidenced for project. Project is not quantitatively managed
High
PM - Metrics
Impact a. The quality of deliverables can not be measured. b. Continuous improvement can not be achieved Non-Conformance Statement
Person though aware about the existence of metrics sheet is not implementing because raw data is not available. Raw data was not available because appropriate tool or resource (data collector) was not available.
Impact
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 16 of 21
iQ: SPM
Audit NC Report
Non-Conformance Statement
Impact
Non-Conformance Statement
Impact
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 17 of 21
iQ: SPM
Audit NC Report
Audit Report
5-Jan-09 2009-01 2 1 Names of Auditees Names of Auditor (s) Report Date Closure Target Date Lmn, Pqr, Xyz (dummy names) Def, Ghi (dummy names) Wednesday, January 07, 2009 Friday, February 06, 2009
Opportunity for Improvement (Recommendation) Configuration management plan needs to be reviewed by considering all the different roles
Verifier Name
TO BE FILLED IN FOR NC CLOSURE Correction. (This is correction of the the NC) Metrics sheet has been implemented in the project Corrective Action (To eliminate the cause of NC to prevent its recurrence) Preventive Action (To eliminate the cause of potential NC to prevent occurence) Verifier Name and Verification comments Def (dummy name)
Consider hiring a person Ensured that all projects for the DC role or train under same account or BU existing person to perform have their metric sheets this role of collecting data. prepared and updated. Provided process trainings as necessary. Have a plan around identifying team member(s) who will play the role of collecting and consolidating raw data in other projects, Also identifying their
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 18 of 21
iQ: SPM
Audit NC Report
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 19 of 21
iQ: SPM
Audit NC Report
Accepted? Yes
Closure Date
Closure Date
15-Jun-08
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 20 of 21
iQ: SPM
Audit NC Report
Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed
Page 21 of 21