You are on page 1of 21

iQ: SPM

Audit NC Report

Audit Repor
Audit Type Business Unit Account / Function Project / Support Phase Audit Banking RBS SIT PDA Note-worthy Efforts (Positive Finding) Standard process for estimation missing. Estimations are done manually, and no justifications Test design techniques, not followed considering the project size. Audit Date (E.g - 06-May-08) Audit Schedule Ref. Total (NC + Observation) Findings pending for closure

S. No. Observations (These are potential NCs) 1 Risks not captured for the phase and signoff being obtained.

TO BE FILLED Sr. No. Non Conformance (NC) Finding details Risk Rating Process Area

Root Cause Analysis

NC Statement

Impact

Non-Conformance Statement

Impact

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 1 of 21

Non-Conformance Statement

Impact

Non-Conformance Statement

Impact

iQ: SPM

Audit NC Report

Audit Report
29-Mar-11 2011-03 1 1 Names of Auditees Names of Auditor (s) Report Date Closure Target Date Muthu Vijaya Bharathi Friday, April 01, 2011 Sunday, May 01, 2011

Opportunity for Improvement (Recommendation) Estimation process can be standardized and usage of project specific template, recommended.

Action taken on observation for closure

Verifier Name

TO BE FILLED IN FOR NC CLOSURE Correction. (This is correction of the the NC) Corrective Action (To eliminate the cause of NC to prevent its recurrence) Preventive Action (To eliminate the cause of potential NC to prevent occurence) Verifier Name and Verification comments

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 3 of 21

iQ: SPM

Audit NC Report

Accepted?

Closure Date

Closure Date

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 5 of 21

iQ: SPM

Audit NC Report

Annexure
Field Name Audit Type Business Unit Audit Date Audit Schedule Ref Account Project / Function Auditee(s) Auditor(s) Total Number of NCs + Observations Open NCs Description Mention the type of audit conducted. Use the drop down menu. Select the appropriate business unit at Organizational level Date on which the Audit took place This is audit schedule reference field auto populated from the audit date field Name of the Client Account The name of the project/function that was audited The people who faced the Audit The people who conducted the Audit This field gets automatically populated once the NC and observation No. are incremented Total number of Non Conformances that are open. This field gets automatically populated depending on the NC No. and NC Closed Date.

Closed NCs

Total number of Non Conformances that are closed. When the NC is closed the closure date must be entered. This field gets automatically populated depending on the NC No. and NC Closed Date. Report Date Date of preparation of report in the format dd-mmm-yy. Closure Target Date This field is auto populated and is 30 days after report date Noteworthy effort A noteworthy effort will be reported as a positive finding. A noteworthy effort can be an improvement compared to the previous audit, or processes that perform better than expected, e.g. best practice. Opportunity for improvement (OFI) Any improvement activities/suggestions by the auditors can be placed in this section. It shall be up to the auditees to decided if they would want to go ahead and implement them. Accepted? The auditees should specify whether they have accepted the OFI by selecting Yes or No These are findings which are potential NCs. These may not be direct failure against the requirements but if the observations are not acted upon these may lead to NC in subsequent audits Sr. No gets auto populated based on input in Non-conformance statement field Here auditors should record their observations with all of the following details Non-Conformance Statement- Write the NC with facts that are used as an evidence. Definition of a NC: A practice/activity that does not confirm to the processes or policies of FS SBU (in Quality Manual or otherwise) and/or Project and/or Client requirements and in turn exposes FS SBU and/or Project and/or client to any potential delivery, security, or legal risk is a NonConformance. In addition to these, any business risk (To FS SBU or to the client) foreseen that has not been formally identified and/or mitigated shall be identified as a non-conformance. Impact- Write the perceived impact on the project of the non-conformance Risk Rating- Asses the risk rating based on the impact. Read the risk rating guideline given below.

Observation

Sr. No. NC Findings

Version 2.8, 30-June 2009 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 7 of 21

iQ: SPM

Audit NC Report

Annexure
Field Name Process Area Correction Corrective Action (Correcting NC and removing cause of NC) Description Select the Process Area from the drop down menu. Action taken for Correcting the non-conformity. Action to eliminate the cause of a detected non-conformity in order to avoid recurrence Your corrective action procedure must explain how you: review non-conformance and customer complaints decide the cause of the problem decide an appropriate course of action to stop the problem recurring put the plan into action ensure that the action has solved the problem Corrective action is RE-ACTIVE ie dealing with the problem AFTER the event

Preventive Action Action to eliminate the cause of a potential non-conformity in order to avoid (Removing cause of potential NC) occurrence Your preventive action procedure must explain how you: review potential problems decide the potential cause of the problem decide an appropriate course of action to stop the problem occurring put the plan into action ensure that the preventive action has solved the potential problem Preventive action is a PRO-ACTIVE procedure ie dealing with the problem BEFORE it happens

Root Cause Analysis

Description of the root cause of the NC. This is identifying the cause which has led to the NC. Attacking the root cause and taking necessary corrective action will help in avoiding the recurrence of the NC The date on which the auditor closes the NC after verifying the CPA The remark written by the verifier after verifying the RCA, corrective and preventive action indicating that the NC is closed. Verification of Audit NC Closure can be performed by Auditor or Quality Manager of respective project or Quality Manager from other project or Auditors during the subsequent internal audit. 3/21/2007 Risk in the context of Project Management means 'probability' that a 'finding' will impact the project deliverables adversely. Project deliverables include internal deliverables ,client deliverables and external compliance requirements. The internal deliverables include Operational efficiency, Knowledge repository, Compliance with organizational standards, security and profitability etc. We also need to assess 'magnitude' of this impact.

NC Closed Date Verifier Name and Verification comments

Risk Rating Guidelines

Version 2.8, 30-June 2009 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 8 of 21

iQ: SPM

Audit NC Report

Annexure
Field Name Description Auditor has to perform three functions namely - Identify a risk associated with a 'finding'- You need to assess and categorize probability that a 'finding' will affect project deliverables adversely into High/ Medium/ Low. - Assess magnitude of this risk on the project deliverables- You need to assess and categorize the effect as /High/ Medium/ Low - Perform risk rating based on the following guidelines. Assessment Guideline High Probability with High Impact Medium Risk probability with High Impact or High probability with medium impact. Medium probability with medium Impact, High probability with low impact, or Low probability with High Impact Medium Probability with low Impact, Low probability with medium Impact The file naming structure to be followed to send your audit report is - "City/ Account Name/ Project Name".

Risk Rating Very High High Medium Low File Naming Convention

Version 2.8, 30-June 2009 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 9 of 21

iQ: SPM

Audit NC Report

Template Amendment Log


Version No. 1.0 1.1 1.2 1.3 Date 19-Oct-01 22-Jun-02 8-Jan-03 6-May-03 Section All PIP No. A/M/D A

Audit Report Worksheet All Audit Report Worksheet, Process Title Column Annexure ISO 9001 Reference Sheet All

D M M M

1.4

31-Aug-04

A D

1.5

1-Jul-05

D M

1.6

30-Sep-05

All-Report and Annexure Annexure

A M

1.7

28-Feb-06

1.8 1.9

14-Dec-06 21-Mar-07

Report and Annexure Report and Annexure Audit Report

M A A M

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 10 of 21

iQ: SPM

Audit NC Report

Template Amendment Log


Version No. Date Section PIP No. A/M/D D A M M Capgemini Integration M

2.0

3-Oct-07

Annexure Audit Report & Annexure All

2.1

27-Mar-08

Audit Report

CMMi Gap Analysis

2.2

16-May-08

Audit Report, Annexure

PIP ID 232

2.3

15-Oct-08 All

PIP ID 262

M M D

M 2.4 6-Mar-09 Audit ReportProcess Areas, Business Unit, Audit Time IAG Internal discussion Organizational change M A D

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 11 of 21

iQ: SPM

Audit NC Report

Template Amendment Log


Version No. Date Section 2.5 28-Mar-09 Process Area PIP No. IAG Internal discussion A/M/D M

2.6

8-May-09

Audit Report

PIP ID 312 2.7 5-Jan-10 Audit Report IAG Internal Discussion IAG Internal Discussion IAG Internal Discussion IAG Internal Discussion 2.8 IAG Internal Discussion

A A M

M A

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 12 of 21

iQ: SPM

Audit NC Report

dment Log
Brief Description of Change Initial release

Column on 'ISO 9001 Clause' removed. Process references ID's removed from the 'Process Title' column. Formatting changes to the template. List of Processes updated with the list of latest and current processes.

Added the definitions of Observations, Recommendations & a NC. Deleted the ISO reference sheet

Follow-up Action Definitions of Observations and Recommendations changed. Changed Format of NC recording. Added Audit Finding, Impact and Risk Rating Kanbay Logo Changes into Definitions of terminology based on the changes made to the NC Report Format as mentioned above. Audit Date Report Date Preventive Action category File Naming Convention Risk types in NC Report Format and the risk assessment guideline in the annexure Account/ Function with corresponding definition in "Annexure" Changed Changed Risk Rating guidelines to include risk analysis wrt "Findings" in place of "Non-Conformances" Changed "Positive Observations" to "Observations" Added a portion on "Repeat Findings" and Name of the Verifier Added Closure Audit and Phase Audit as drop down values for Audit type Corrective Action changed to 'Corrective Action (Correcting NC and removing cause of NC)' with definition thereof. Preventive Action changed to 'Preventive Action (Removing cause of potential NC)' with definition thereof. Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed Page 13 of 21

iQ: SPM

Audit NC Report

dment Log
Brief Description of Change Name of the Verifier Changed Verification of Implementation to 'Verifier Name and Verification Comments'. File Naming Convention Observations changed to 'Positive Observation' 1. Kanbay Logo replaced with Capgemini Logo 2. References to Kanbay updated as per Integration updates Added references to new processes added in FSGM- Decision Analysis and Resolution process, Pursuit QA, M-Review, Organization Process Performance Process and Database Support Methodology Added a column to capture the 'Root cause Analysis for each NC. This is an OFI from ISO auditor Updated reference of KGL to FSGL 1. Template Title changed from Audit NC Report to Audit Report 2. Repositioned fields :Auditees, Auditors , Audit Date, Audit Time, Root Cause Analysis 3. Deleted fields for Count of NCs closed , Repeat NC, 'Findings' section under 'NC findings' column', category from the NC information 4. Added Closure Target date in the top section of report, field for capturing observations which are potential NCs, column Correction for closing of NCs 5. Reworded terms: Positive Observation as Noteworthy, Recommendations as Opportunity for improvement, Process Title field as Process Area, Open NCs field to Open findings (open field turn red if any NC/ obs is open) 6. List of values in Process Title column modified to include key process areas 7.Added a new sheet - 'Sample Audit Report'. 8. Columns that need Auditees to work on are highlighted in light blue color. 1. Process Areas drop down list is modified to include important CMMI PAs. 2. Business Unit field is added to reflect BUs per new Org. Structure. 3. Audit time field is removed.

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 14 of 21

iQ: SPM

Audit NC Report

dment Log
Brief Description of Change In Process area drop down list changed process area PM - Measurement and Analysis to PM Metrics In Process area drop down list Removed process area PM - Quantitative Project Management Added the focus area checklist template at the bottom of the report - Row 47. This needs to be filled in by the auditors and sent as embedded file along with the final audit report Removed QPM and Measurement and Analysis from process area dropdown list and added Metrics Process area in the list. Added the focus area checklist template at the bottom of the report - Row 47 Added a column K 'Accepted?' to capture information whether OFI is accepted or not Made some formatting changes in header of Noteworthy effort and OFI to accommodate above addition Changed Audit type Cell C2 drop down value 'Internal Quality Audit' to 'Internal Audit' Added a process area 'PM - Document Control' in the drop down values for NC process areas Process Areas are modified

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 15 of 21

iQ: SPM

Audit NC Report

Audit Report
Audit Type Internal Audit Business Unit Select suitable from drop down Account / Function ABC (dummy name) Project Name ABC123 (dummy name) Audit Date (E.g - 06-May08) Schedule Ref. Audit Total (NC + Observation) Findings pending for closure

Note-worthy Efforts (Positive Finding) Review meeting are planned effectively at different levels and actions are followed up.

S. No. Observations (These are potential NCs) 1 There are a lot of errors in the data downloaded for metrics analysis. Integrity of the data

TO BE FILLED IN Sr. No. Non Conformance (NC) Finding details Risk Rating Process Area

Root Cause Analysis

NC Statement Metrics sheet is not evidenced for project. Project is not quantitatively managed

High

PM - Metrics

Impact a. The quality of deliverables can not be measured. b. Continuous improvement can not be achieved Non-Conformance Statement

Person though aware about the existence of metrics sheet is not implementing because raw data is not available. Raw data was not available because appropriate tool or resource (data collector) was not available.

Impact

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 16 of 21

iQ: SPM

Audit NC Report

Non-Conformance Statement

Impact

Non-Conformance Statement

Impact

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 17 of 21

iQ: SPM

Audit NC Report

Audit Report
5-Jan-09 2009-01 2 1 Names of Auditees Names of Auditor (s) Report Date Closure Target Date Lmn, Pqr, Xyz (dummy names) Def, Ghi (dummy names) Wednesday, January 07, 2009 Friday, February 06, 2009

Opportunity for Improvement (Recommendation) Configuration management plan needs to be reviewed by considering all the different roles

Action taken on observation for closure

Verifier Name

TO BE FILLED IN FOR NC CLOSURE Correction. (This is correction of the the NC) Metrics sheet has been implemented in the project Corrective Action (To eliminate the cause of NC to prevent its recurrence) Preventive Action (To eliminate the cause of potential NC to prevent occurence) Verifier Name and Verification comments Def (dummy name)

Consider hiring a person Ensured that all projects for the DC role or train under same account or BU existing person to perform have their metric sheets this role of collecting data. prepared and updated. Provided process trainings as necessary. Have a plan around identifying team member(s) who will play the role of collecting and consolidating raw data in other projects, Also identifying their

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 18 of 21

iQ: SPM

Audit NC Report

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 19 of 21

iQ: SPM

Audit NC Report

Accepted? Yes

Closure Date

Closure Date

15-Jun-08

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 20 of 21

iQ: SPM

Audit NC Report

Version 2.8, 30-June 2010 Issue 2010 Capgemini Financial Services USA Inc. Uncontrolled if Copied/Printed

Page 21 of 21

You might also like