QMS AUDITING1

Eng. Sunil Jayawardena

CESL-Internal Audit Team

DEFINITION
Systematic, independent and

documented process for obtaining

audit evidence and evaluating it
objectively to determine the extent to
which audit criteria are fulfilled.
ISO 9000:2005

PRINCIPLES OF AUDITING
ISO 19011 contains a number of fundamental principles.
Integrity: professionalism, honesty, diligence, responsibility, legal

requirements, impartial manner, fair, unbiased.

Fair presentation: report truthfully and accurately.
Due professional care: Application of diligence and judgment in
auditing.
Confidentiality: should be discreet in use and protection of
information.
Independence: Impartiality and objectivity, free from bias and
conflicts of interest.
Evidence based approach: Verifiable evidence, samples,

TYPES OF AUDITS
First party: an audit by the organization of its own system and

procedure. To assure maintenance, development and improvement

of the QMS.

Second party: an audit done by the organization on its suppliers and

sub-contractors. To determine suitability of suppliers; to appraise

supplier/sub-contractors performance in respect of quality
management.

Third party (External Audit): audit carried out by an auditing

organization independent of the client and the user, for the purpose
of certifying the clients management system. To determine whether
an organizations QMS has established, documented, implemented
and maintained in accordance with specified standard.

AUDIT PROGRAMMES
Audit Programmes must be determined, managed

and controlled.

To be effective.
To demonstrate continual improvement.

Ex: Internal audit programme

Surveillance audit programme for three year

THE AUDIT PROCESS

Certification Audit: include number of distinct activities
a two stage initial audit;
Surveillance audits in first and second year, and
a re-certification audit in the third year before expiration of the certificate.

Second-party audit
First-party audit

AUDIT OBJECTIVES
Confirmation of management system complies with the

standard.

Determining whether QMS is designed to achieve and is

achieving regulatory compliance and Continual Improvement of

the system processes.

Confirming that the organization complies with its own policies

and procedures.

Evaluating the capability to meet legislative and contractual

requirements.

Evaluating the effectiveness of QMS in meeting its objectives.

Identifying of potential areas of improvement.

AUDIT SCOPE
Describes the extent and boundaries of the audit in terms

of;

Physical location
Organizational units
Activities and processes to be audit
The duration of audit

AUDIT CRITERIA
The requirements of the quality management system

standard

Policies
Procedures
Regulations
Legislation
Contractual requirements
Industry sector codes of conduct

THE AUDIT TEAM

Audit Team Selection
Audit program manager should appoint an audit team leader with appropriate

skills and competence.

The audit team will comprise an audit team leader and may comprise auditors,
auditor-in- training and technical experts.
If there is only one auditor, he should perform the duty of the team leader as
well.
Size and composition will depend on: audit objectives, scope, criteria, duration,
requirements of accreditation or certification body , language of auitee,
independence.
The client or auditee have the right to request the replacement of a particular
team member.

THE AUDIT TEAM

Auditor roles and responsibilities
Audit Team Leader should have knowledge and skills to do

followings
Balance the strengths and weaknesses of the individual team members
Develop a harmonious working relationship
Manage the audit process
Represent the audit team in communication
Lead the audit team to achieve the audit conclusion
Prepare and complete the audit report
Audit team leader shall assign responsibility for auditing specific

management system processes, functions, sites, areas and activities.

THE AUDIT TEAM

Auditor roles and responsibilities
Audit Team task
Examine and verify the structure, policies, processes, procedures,
records and related documents to the management system.
Determine these meets all of the requirements relevant to the audit
objectives
Determine that processes and procedures are established,
implemented and maintained effectively.
Communicate to the auditee, for action, any inconsistencies between
policy, objectives and targets and the result.

THE AUDIT TEAM

Auditor roles and responsibilities
The responsibilities of team members
Review all relevant information related to the assigned task.
Preparation of necessary document for the task.
Comply with the audit requirements.
Be effective and efficient.
Report nonconformities and findings to team leader.
Co-operate and support to the team leader.
Stay with the audit scope.
Communicate audit requirements to the auditee.
Document corrective action requests (CARs).
Report audit findings to the auditee.
Verify corrective actions taken.
Retain and safeguard all the documents pertaining to the audit.

THE AUDIT TEAM

Auditor roles and responsibilities
Communication during the audit
Progress of audit and concerns to the auditee periodically.
When audit objectives are cannot be met.
If there is a significant risk of proceeding the audit.
Review audit scope with the client and make changes whenever
necessary during the audit.

GOOD PRACTICE AT
MEETINGS
At meeting, the auditors should remain polite, calm and

professional at all times.

Introduce themselves;
Ensure that the agenda is known and understood;
Keep to the agenda;
Keep control;
Keep to time;
Avoid arguments;
Listen to others;
Maintain appropriate records.

U
O
Y
K
N
A
H
T