INTERNAL AUDIT

Auditing Technique

The Purpose

WHY AUDIT?

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 2

Management System Audit

Whats done in an audit ?

Effectiveness of an organisations Management System is assessed

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 3

Why Audit
Required by the standard Determine system effectiveness Identify existing nonconformities Highlight areas of strength Point out areas for improvement Indicate requirements for corrective and/or preventive action

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 4

Management System
Management System:
- to establish objectives and to achieve those objectives

Quality Management System:

- to direct and control an organisation with regard to quality

System:
- set of interrelated or interacting elements

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 5

System Audit
The process of assessment has to be

OBJECTIVE

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 6

System Audit
Assessment is a comparison of implemented Quality System with Quality System Standards like ISO 9000 or, implemented OHS system with OHSAS18001

However results depend on Auditor

- hence this training

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 7

What is sought by Auditor

Established Policy and Objectives Developed appropriate systems Necessary documentation of the system Effective implementation of those systems

Since we can never expect absolute perfection the auditor can only assess

The Degree of Compliance

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 8

System Standards
Lay down principles that require interpretation

The auditor must have very strong understanding of principles to be able to assess whether the standard has been
- understood - interpreted - and can demonstrate adequate control

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 9

Questions in an auditors mind

Is the system right and sufficient? Does the organisation do the right things to adequately control quality of products or safety of employees? Does the organisation do things properly all the time? What is the evidence that things are done correctly?

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 10

Nagging questions

What is adequate? When is a thing properly done? How much evidence is required?

Buzz group : You are sent as an auditor to Purchase department and one of the area to be verified is Issue of Purchase orders in time. How would you answer all the above questions ?

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 11

Auditor
Needs to judge whether an organisation has arrived at a sensible and acceptable interpretation of the standard;therefore he must
- study the standard to improve understanding - objective of the system is that performance must be consistently achieved - consider possible consequences of something going wrong due to inadequacy - take account of others opinion

- always use common sense

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 12

Auditor
Looks for:
established policies and objectives developed appropriate systems documentation to ensure adequate control effective implementation of the system

Since we can never expect absolute perfection, the auditor can only assess

THE DEGREE OF COMPLIANCE

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 13

System Audit

Systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which the audit criteria is fulfilled

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 14

Types of Audit

Internal Audit External Audit Third Party Audit

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 15

Auditor Competence

Auditors demonstrated capability to apply knowledge and skills based on

- education - experience - training

Qualification process:
- process to demonstrate the ability to fulfil specified requirements (in this case the auditors qualification)

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 16

Audit conventions

Audits create stress. Uncertainty amplifies stress

- Act predictably

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 17

Why conventions?

To reduce stress To have clear methods of audits

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 18

Audit conventions
Start at the top Audit must be planned Examination/Evaluation Reports Follow up action

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 19

Types of audit
Process Product Quality System Compliance Health & Safety Environmental Financial

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 20

10

WHAT IS AN AUDIT?
A health check Key words
Systematic Documented Periodic Objective Verification

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 21

KEY CONCEPTS
Verification Systematic Periodic Objective Documented Evaluate compliance to requirements Carried out in accordance to set protocols Conducted to established schedule Auditors have some independence and findings need evidences Reports are prepared

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 22

11

AUDIT TERMINOLOGY
Audit Cycle:
- period over which ALL parts of organisation are audited

Audit Programme:
- timetable within audit cycle - shows whats audited, when and by whom

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 23

AUDIT TERMINOLOGY
Audit Protocol/Procedure:
- detail of individual audit including: - audit scope - audit frequency - audit methodologies - personnel and experience - documentation required - reporting and distribution

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 24

12

AUDIT SCHEDULING
Unscheduled - usually prompted by:
Significant change in personnel Change in regulations Process change Customer complaint

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 25

AUDIT PROGRAMME

Process to be Audited Procurement Marketing Design Quality Assurance Production

Det Norske Veritas AS. All rights reserved

02 02 Q1 Q2

02 Q3

02 Q4

03 Q1

03 Q2

03 Q3

03 Q4

x x x x x
10 June 2009

x x x x x
Slide 26

x x x

13

HOW TO ACHIEVE CONTINUAL IMPROVEMENT

tin con

audit & review

Baseline 2 Time
Slide 27

Baseline 1
Det Norske Veritas AS. All rights reserved 10 June 2009

AUDIT TEAM REQUIREMENTS

Audit team should include experience as:
Team leader Systems auditor Technical specialist If not resourced internally then externally

Det Norske Veritas AS. All rights reserved

10 June 2009

audit & review

Baseline 3

audit & review

Slide 28

Actual Performance

ent vem pro im ual

14

AUDIT TEAM REQUIREMENTS

Audit team preferably to have 2 persons:Auditor and Second Man
- Second Man - looking while the auditor is questioning - listening and taking notes - helping share load - corroborating findings - helping draft NCs - assists reporting

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 29

STAGES OF AN AUDIT
Pre-audit activities Audit activities Post audit activities

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 30

15

CONDUCTING AN AUDIT
Pre-Audit
Agree the scope and standards of the audit Establish methods of assessment Select auditors Allocate time frame Review documented MS Research other background information (requirements) Plan the audit (checklists etc.)

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 31

Auditing Approaches

Audit by departments Audit by clauses Auditing by process , risk , aspects

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 32

16

PRE AUDIT PLANNING: CHECKLISTS

ADVANTAGES useful guide to the audit process records evidence record of audit part of report good help for beginners Requirements will be researched Helps pace the audit Acts as a prompt

DISADVANTAGES preparation time needed blinkered view somewhat cumbersome

Det Norske Veritas AS. All rights reserved

Checklists are advised they are not mandatory They are an auditors Friend
10 June 2009

Slide 33

AUDIT ACTIVITIES
Opening meeting Review documents Interview Collect evidence/site inspection Closing meeting

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 34

17

AUDIT ACTIVITIES INTERVIEWING SKILLS

Explain why asking a particular question Ask a question in different ways if not understood If auditee becomes stressed - take a break! Speak to supervisor first

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 35

Audit Activity
Auditor refers the checklist, which is a question to himself. He then asks relevant questions to the auditee. Looks for factual evidence - compliance to requirement - effective controls of activities which could affect quality - records to verify if system works - are relevant procedures available with the doers Probing Questioning

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 36

18

Audit Activity
Listening ( test )
- (take notes but get the information first)

Verifying
- (please show me)

Believe a Confession Verify a Claim Looking

- (try to look at everything and you see nothing)

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 37

Verification

Examination of Documents

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 38

19

Verification
Audit where the action is!
- task observation is a powerful method of verification

Observation of Activities and Conditions

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 39

How to Collect Objective Evidence

Review requirements vs. records Observe practice vs. requirements Conduct interviews to verify awareness and understanding Check how is routine work handled Does the system work when something non routine comes up? Are things in control in a crisis?

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 40

20

AUDIT ACTIVITIES INTERVIEWING SKILLS

What?

Why? When?

How?

Where?

Who?

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 41

AUDIT ACTIVITIES INTERVIEWING SKILLS

Closed Question
- Do you know measurement of noise level in ambient air?

Open Question
- How noise level in ambient air is measured ?

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 42

21

AUDIT ACTIVITIES INTERVIEWING SKILLS

DEVELOPING A QUESTION TECHNIQUE
Show me! I dont understand, please explain .... What if ......? Are you saying that ......? Silent approach Puzzled look Good or You have that under control!

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 43

AUDIT ACTIVITIES INTERVIEWING SKILLS

Ensure interviewee: Hears or sees what you tell or show them Understands what they have heard Agrees with what they have heard or seen Takes action Provides feedback

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 44

22

AUDIT ACTIVITIES
Make a note of audit sample - identification of person - identification of documents/records - identification of contract numbers/product/equipment At the end of each department verbally summarise the audit findings - this gives a chance for auditee to correct you - confirms with auditee the findings Auditor must be in control!

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 45

AUDIT ACTIVITIES
If something is wrong: Do not criticise Investigate Do not stop the job Do not undermine supervisor Record specific details Also record compliances!

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 46

23

AUDIT ACTIVITIES
Be objective Persist if a non-conformity exists Dont get annoyed Dont take sides Make your own judgements Plan time effectively Be positive

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 47

AUDIT ACTIVITIES
Exercising Judgement
what is the requirement how to investigate what to investigate who to speak to

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 48

24

INTERVIEWING SKILLS
On completion
- say Thanks!

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 49

POST AUDIT ACTIVITIES

Audit reporting - distinguish between
observations interpretations assessments judgements opinions advice Recommendations Non-conformities

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 50

25

WRITING OF NON-CONFORMITIES

Non-conformities must be based on objective evidence

Requirement

Failure

Evidence

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 51

Audit Observation
CASE STUDY

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 52

26

REMEMBER
The thoroughness and integrity of the internal audit might go some way to doing the certifiers work - external auditors can rely on and therefore use in their own audit many of the internal audit results

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 53

Open forum Discussion

Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 54

27

 Det Norske Veritas AS. All rights reserved

10 June 2009

Slide 55

28