Internal Quality Audit FOR ISO 9001 : 2008

Prepared By: Ashraf S. Youssef, Ph. D. QA & Ind. Methods Manager S.M. ASQ, L.A. BSI, M. ELI, M. EMS

ISO 9001 : 2008

Nov, 14-16, 2009

Course Structure

Tutorial Sessions Case Studies Role Play Games

Learning Objectives
To understand:
Purpose, benefits and typical structure of a Quality Management System (QMS) Plan-Do-Check Act (PDCA) methodology, and the process approach to Quality Management The 8 principles of Quality Management and how they relate to the QMS and ISO 9001 Purpose, scope and uses of the ISO 9000 series standards Auditing Process Roles, responsibilities and competence requirements of auditors and lead auditors with reference to ISO 19011

Agenda
1. Purpose and structure of o a QMS, PDCA o and the 8 principles of quality management 2. ISOM 9001 Explored & Understood 3. Internal Quality Audit Steps

4. Auditors Skills & Responsibility

Course assessment

Continual assessment
You will be informed of progress as we go The exam

Exam Pass Criteria

70% pass mark Open book

Ask questions
Its your tutors job to make problems go away

Session 1

Purpose and structure of a QMS, PDCA and the 8 principles of quality management

What is Quality?
Q is fitness for use. Q is conformance to requirements. Q is conformance to customer/user requirements.
Meet/satisfy customer/user requirements, needs, and expectations.

Degree to which a set of inherent characteristics fulfills requirements. (ISO 9000 : 2005)

What is Audit? Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled

What is Audit Evidence?

Records, statements of fact or other information, which are relevant to the audit criteria and verifiable

What is Audit Findings?

Results of the evaluation of the collected audit evidence against audit criteria.

What is Audit Client? organization or person requesting an audit.

What is Auditee? Organization being audited

What is Auditor? Person with the competence to conduct an audit.

What is Technical Expert?

person who provides specific knowledge or expertise to the audit team.

What is Audit Plan?

Description of the activities and arrangements for an audit.

What is Audit Scope? extent and boundaries of an audit.

What is Nonconformance?

Non-fulfillment of a requirement

What is Correction, and C & P Actions?

Correction: Action to eliminate a detected nonconformity

Corrective Action: Action to eliminate the cause of a detected nonconformity

Preventive Action: Action to eliminate the cause of a potential nonconformity or other undesirable potential situation

What is Ident., Trac. And Status?

Identification: To describe product/ raw material/ semi finish product etc. Example Batch #, Lot #, Code etc Traceability: Ability to trace the history, application or location of that which is under consideration Status: To identify the current status of product/ raw material with regard to inspection and test results. Tag/ sticker of HOLD, REWORK, SCRAP Identified areas.

Types of Audits

First-party
Second-party

Third-party

The purpose of an audit is ...

to collect objective evidence to permit an informed judgment about the status of the quality management system

Objectivity of Auditing
AUDIT CRITERIA AUDIT FINDINGS
Improvement Conformance Major Non-Conformance Minor

AUDIT EVIDENCE

AUDIT CONCLUSION
RECOMMENDATION FOR AUDIT

Audit Methods & Techniques

FORWARD TRACE
RECEIVE GOODS

INSPECT

STORES

BACKWARDS TRACE

What is ISO 9000:2008 QMS?

ISO = International Organization for Standards

9000 = code to denote QMS Family

2008 = year of last revision Is a family of standards for implementing a Quality Management System (QMS)

ISO 9000:2008 Family

ISO 9000

ISO 9001
ISO 9004 ISO/DIS 19011

Only ISO 9001 can be used for certification purposes

The ISO 9001:2008 Model

Continual Improvement of the QMS
CUSTOMER REQUIREMENTS clause 4 CUSTOMER SATISFACTION

info. flow

management responsibility clause 5

clause 6 resource management

clause 8 meas, analysis improvement

info. flow

Input
value adding activities

clause 7 product realization

product

Output
value adding activities

Clauses/Requirements
Clause 4. Quality Management System
Clause 5. Management Responsibility Clause 6. Resource Management Clause 7. Product Realization Clause 8. Measurement, Analysis and Improvement

Count the number of requirement categories.

Quality Management Principles

Customer Focus
Leadership Involvement of People Process Approach System Approach to Management

Continual Improvement
Factual Approach to Decision Making Mutually Beneficial Supplier Relationships

1.

Customer Focus

CUSTOMER REQUIREMENTS

Know their current and future needs

Meet their requirements Exceed their expectations Get their feedback

CUSTOMER SATISFACTION

Organizations depend on their customers; therefore they should

2.

Leadership
management responsibility

Leaders create common purpose and direction; therefore they should

Maintain a healthy internal environment Inspire workforce to excel

3. Involvement of People
People are the essence of an organization; therefore
They should be fully involved Their abilities should be used for organization benefits
resource management

4. Process Approach
Manage activities and related

resources as a PROCESS
Review Purchase Design Make
Order

Deliver
Product

Turtle Approach
WITH WHAT ?
(Materials / Equipment)

WITH WHO?
(Competence / Skills / Training)

PROCESS
INPUTS

OUTPUTS

HOW?
(Support Processes, Procedures & Methods)

OBJECTIVES/MEASURES?
(Performance Indicators)

Example: Management, Responsibility

with what
Management Review forum Previous years results

with who
Management team Quality manager Team leaders

inputs
Internal audits Customer satisfaction trends Process/Product measures Faults/Complaints data

Management responsibility & objective setting

outputs
Annual plan Improvement objectives

measures
Results vs plan Customer surveys Milestones

support processes
IT systems Purchasing HR, Training

how
Implementation plan Resource allocation Roles & responsibilities Communications

5.

System Approach to Management

Managing interrelated processes as a system helps the organization in achieving its objectives in an effective and efficient manner

6.

Continual Improvement: PDCA Cycle

Continual Improvement of the QMS

Plan

management responsibility

Act

resource management Do

meas., analysis improvement Check

product realization

7.

Factual Approach to Decision-Making

Effective decisions are based on the analysis of data and information

CUSTOMER REQUIREMENTS
info. flow

management responsibility

meas., analysis improvement

info. flow

product realization

CUSTOMER SATISFACTION

8. Mutually Beneficial Supplier Relationship

Interrelated Win-Win
Supplier
product realization

Session 2

ISO 9000 series explored and understood

Structure of ISO 9001:2008

0.1 General 0.2 Process Approach 0.3 Relationship with ISO 9004 0.4 Compatibility with other standards 1 Scope 2Normative References 3 Terms & Definitions 4. Quality Management system 5. Management Responsibility 6. Resource Management 7. Product Realization 8. Measurement, Analysis & Improvement

4: Quality Management System

General requirements (4.1)

General requirements for approach & content of the QMS (e.g. for the adoption of the process approach) Outsourcing

Documentation requirements (4.2)

Mandatory procedures Manual, Policy & Objectives General sufficiency of documentation and records System for Document Control System for Control of Records

5: Management Responsibility The areas where direct Top Management involvement is mandatory
Demonstrating commitment Demonstrating customer focus Input into policy development & review Identification of objectives and input into the planning process Defining responsibilities, providing resources Ensuring internal communications are effective Involvement in management review

6: Resources Human Resources

Ensuring adequacy particularly in respect of training

Infrastructure
Buildings, work space, equipment, vehicles, information systems etc

Environmental controls (Aligned with ISO14000)

Heat, light, humidity, temperature, clean rooms In fact any controls that are applicable

7: Product Realisation Think of this as Production or Service Delivery

Control of the core day to day operations Operational planning (7.1) Handling contracts, enquiries & customer communication systems (7.2) Design (7.3) Management of supplies and suppliers (7.4) Operational controls (7.5) Calibration (7.6)

Exclusions may apply

8: Measurement, Analysis & Improvement

The collection and constructive use of data Measuring product (conformity checks and inspection) Measuring process (efficiency measures) Customer satisfaction (Survey, Feedback, Complaint) Internal audit Control of quarantine/isolation activities Analysis of data (you must do something with data) Continual improvement (the standard encourages the application of the process approach to improvement) Corrective action (Correction + Corrective Action) Preventive action

Session 3

Internal Quality Audit Steps

Internal Quality Audit Steps

Initiation Preparation

Evaluation Reporting
Fixing

Internal Quality Audit Steps

Initiation

STEPS 1. Request Audit 2. Identify Lead Auditor 3. Define Audit Scope

RESPONSIBILITY Program Manager Program Manager Program Manager & Lead Auditor

Importance of Preparation

Exercise: Initiation Who is responsible for scheduling the audits?

When are internal audits scheduled?

How often are audits performed? Who is responsible for selecting the auditors? What criteria are important for selecting auditors?

Annual Audit Plan Considerations Approvals

Exercise: Auditing the Training Activity

Why is the audit performed? What is being audited? Which requirements?

SOLUTION: Purpose:
To verify compliance with Quality Manual and ISO 9001:2000

Audit Scope:
Training Activity

Requirements:
As specified in
ISO 9001:2008 EEICQM-01 EEICHR-P-01

Internal Quality Audit Steps

Initiation Preparation
STEPS RESPONSIBILITY 4. Select Audit Team Lead Auditor 5. Understand Org. Audit Team 6. Review Documentation Audit Team 7. Plan the Audit Lead Auditor 8. Prepare Checklist & Working Papers Audit Team

Audit Team
Consider team member qualifications Consider activities being audited Consider type and degree of experience of the auditors Create a balanced team

Preparation Steps
review documents

initiation

get approvals

plan audit

Exercise: Review Documentation

For the Training activity, which specific documents would you request to prepare your team for the audit?

Review Documentation
Quality manual Procedures Forms Organization chart Facility floor plan Past audit performance Customer feedback Number of employees Working hours

Plan Audit
Confer with audit team members Dont forget the approvals

Audit Plan: December 22-23, 2001 Purpose: To verify compliance with Quality Manual and ISO 9001:2000 Audit Scope: Training Requirements: As specified in - ISO 9001:2008 - Quality Manual, - HR Procedure Overall Schedule: December 22, 2001 December 23, 2001 8:00-8:30 Opening Meeting 8:00-11:00 Field Activities 8:30-9:00 Audit Team Meeting 11:00-12:00 Audit Team Meeting 9:00-12:00 Field Activities 12:00-1:00 Exit Meeting 12:00-1:00 Audit Team Meeting 1:00-3:00 Field Activities 3:00-3:30 Daily Auditee Briefing Audit Team Members: Ms. Ashraf Youssef, Lead Auditor Mr. Wissam Toumeh, Auditor Mr. Nelson Tenorio, Auditor Approved: ________________ Mr. Ashraf Youssef Approved: ________________ Mr. Muntaser Kalahji.

Internal Quality Audit Steps

Initiation Preparation

Evaluation

STEPS 9. Conduct Opening Meeting 10. Meet with Management 11. Interview & Observe 12. Assess Evidence

RESPONSIBILITY Lead Auditor Audit Team Audit Team Audit Team

An auditors memory is as sharp as his pencil.

Focus of the Audit

To collect objective evidence to permit an informed judgment about the status of the quality management system.

Objective evidence may be ... documented based on interview based on observation quantitative qualitative verifiable

Checklists & Working Papers

Checklists

Audit Questions

Audit Investigation

Audit Findings

Checklists

Checklists plan the flow of questions

Checklists

Checklists guide the course of the audit

Checklists

Checklists define the sample

Checklists

Checklists help in writing the report

Checklist should
Be based on information available before the audit Be modified when necessary Allow follow-up Be balanced to cover priority areas Be created by individual auditors

Checklist should NOT Restrict auditors inquiry Be completely generic Be yes/no lists

To Create a Checklist
What am I looking for?

Documents

Who do I want to talk to?

Individual

What will I ask?

Questions on checklist

What am I looking for?

What am I looking for?

RECORDS ARE THE MOST RELIABLE SOURCE OF INFORMATION

What am I looking for? Sample should be representative, although not necessarily statistically valid

Who do I talk to?

Talk to the right people
Those responsible for the activity

Those doing the activity

Audit Team Meeting

Informal briefings Opportunity to share information Discuss necessary adjustments to plan Develop report Helps keep communication lines open among audit team members

Opening Meeting
Conduct before start of field activities Audit team members must be present Auditee contacts should be present Creates an atmosphere of cooperation between auditors and auditee

Opening Meeting
Sign-in sheet Distribute detailed audit schedule Address any auditee scheduling concerns Revise schedule, if necessary

Daily Auditee Briefing

Review potential findings regularly with auditee Opportunity for auditee to close a finding before the end of the audit Helps strengthen communications Audit becomes constructive

Interview & Observe

Asking questions
Observing activities Examining documents & records Examining facilities

Observing Activities

Confirm that procedures are being followed

how?

Observing Activities

Look for undocumented activities

what?

Observing Activities

Confirm answers

who?

Observing Activities
Auditee Reactions
Take over conversations Play show & tell Blame someone Act defensively Waste time Interrupt Provoke Bribe!

Interviewing

Interviewing
Introduce yourself
Explain why you are there Investigate to depth necessary Ask, Listen, Verify

Interview the right people

Those responsible for the activity

Those doing the activity

Hearsay is not evidence

Interviewing

Interview for:
elaboration
corroboration perspective basis for evidence

Interviewing
Two eyes Two ears One mouth Ratio of use:
One of speaking to four receiving

Interviewing

why what

when how
where

who

When Something Seems Wrong

When Something Seems Wrong Is it really wrong? Does he know it is wrong? What is his explanation? Is it an isolated event, or a symptom of a deeper problem? Why didnt quality system detect it? What lapse in the quality system allows this to happen?

Nonconformity Nonconformity refers to a failure to meet a specified requirement:

Quality Manual Policies Procedures ISO 9001:2000 req. Government Regulations

90% or more of processes can be improved by modifying organizational systems (a management responsibility) rather than attempting to modify an individual employees performance.

W. Edwards Deming

What if nothing seems to be wrong?

No problems dont panic

Move on
Dont keep looking for something wrong

ROLE PLAY:

Auditing role play

Internal Quality Audit Steps

Initiation Preparation

Evaluation
STEPS RESPONSIBILITY 13. Write Nonconformities Audit Team 14. Conduct Closing Meeting Audit Team 15. Write a Summary Report Lead Auditor

Reporting

Do I have a Nonconformity?

YES if you have objective evidence that: A requirement is not addressed Practice differs from defined system System is not effective

Major or Minor Nonconformity

Major
System element is missing System element is not implemented System element is not effective

Minor
A single/isolated lapse in the system

EXERCISE: Nonconformity or Not

For each situation, identify whether

major nonconformity, Minor nonconformity, or nothing.

Nonconformity Statement State the evidence

What is it?

State the requirement

What is it against?

Writing a Nonconformity: The 4 Cs Clear Simple language Correct Objective Complete Traceable Concise
What happened? What should happen?

Writing Nonconformity: Steps

1. Write (informally) the nonconformity on the spot. 2. Explain to auditee manager promptly. 3. Review with team members. 4. Write nonconformity statement on the NCR. 5. Get auditee manager signature.

Closing Meeting Keys

Informal setting Report the results to management Agree on follow-up Entertain questions

Agenda of Closing Meeting

1. 2. 3. 4. 5. 6. Introduction & purpose of meeting Thanks for cooperation Distribute list of attendees Review audit purpose and scope Explain nature of sampling Summarize results: Good observations, no. of NCRs, overall weakness, recommendations, repeat good observations 7. Summary from each auditor 8. When to expect written report 9. Agreement on follow-up 10. Questions & Clarifications

Audit Summary Report

Prepared by Lead Auditor Sent promptly to MR Sent promptly to Heads of audited area

Audit Report Content Audited area Lead Auditor and members Audit date Audit scope Audit criteria (list of key documents) Summary of findings Good practices Total number of nonconformities Descriptions and discussion of nonconformities Conclusion

Internal Quality Audit Steps

Initiation
Preparation Evaluation Reporting

Fixing

STEPS RESPONSIBILITY 16. Take Corrective Actions Auditee 17. Verify Corrective Actions Audit Team

Follow-Up Flowchart
Identify NC, issue NCR
Agree on need for CA, sign it

Agree? OK Verify CA & Close NCR

not OK

Propose CA plan

Implement CA

Session 4

Auditors Skills & Responsibilities

Auditors Responsibilities
Communicating Planning and executing Documenting Reporting Verifying Safeguarding Cooperating

Auditors Qualifications Education Training Experience Personal Attributes Management Skills

Auditor Skills Communication skills Interpersonal skills Analytic skills

Auditor Ethics

I will inform each client or employer of any business connections, interests, or affiliations that might influence my judgment or impair the equitable character of my services.
ASQ Code of Ethics

Internal Auditor

Acts as a consultant


115