Attributes of a Good Auditor

Ethical (Sincere, honest and discreet)

Open-minded (Receptive to others)
Diplomatic (Tactful in dealing with people)
Observant (Actively aware of surrounding)
Perceptive (Instinctively aware of and
understand)
Versatile (Adjusts readily to different situations)
Tenacious (Focused on achieving objectives)
Decisive (Concludes in time, based on logical
reasoning)
Self-reliant (Acts independent while interacting
effective)

Specific Knowledge of QMS auditors:

Quality related method and techniques
QMS principles and applications
QM tools and their application (SPC,
FMECA etc.,)
Processes and products:
Sector-specific terminology
Technical characteristics of processes and
products, and
Sector-specific processes and practices.

 Skills and GK for Auditors:

Management system and reference documents include:
Applications of Management system to different
organizations
Interaction between components of Management systems
QMS audit criteria
Ability to prioritize between various reference documents
Application of reference documents to audit situations
Information systems, control of documents, data and records
Organization context auditors should know:
Organizational structure, size, functions and
interrelationships
General business processes and related terminologies
Cultural and social customs of auditees.
Auditors should also know applicable laws and
regulations: Local, regional, national codes. Laws and
regulations.
Contracts and agreements
International treaties and conventions
Other requirements to which organization subscribes.

Auditing
Independence
Impartiality of the audit and objectivity
of the audit conclusions.
Evidence based approach
The rational method for reaching
reliable and reproducible audit
conclusions in a systematic audit
approach.

 Audit
Systematic, independent and documented
process for obtaining Audit evidence and
objectively evaluating to determine the
extent to which the audit criteria are fulfilled.
Quality systems audit
Systematic investigations of the intent, the
implementation and the effectiveness of
selected aspects of the Quality system of
an organization.

Audit evidence
Based on actual observation.
Uninfluenced by emotion or prejudice
Stated or documented
Qualitative or quantitative
Verifiable

 Audit criteria
Set of policies, procedures or requirements used as a
reference

Requirements are:
Stated needs of the customer
Implied needs
Obligatory needs

Audit criteria may include:

Policies, Procedures
Requirements
Objectives
Quality plans
Governing specifications
Statutory and regulatory requirements
Contractual needs.

 Audit scope:
Extent and boundaries of an audit: physical locations and
organizational units, activities and time period covered.
Audit client: Organization or person requesting an audit.
Auditee: Organization being audited.
Purpose of Audit:
To determine the extent of fulfilling the audit criteria.
To evaluate strengths and weaknesses of the QMS.
A management tool for assessment of any designated
process or activity.
A management tool for identification of improvement actions
by the auditee.
Evaluation of effectiveness and efficiency of the QMS by the
auditor and to make informed judgment on the system.
A tool for obtaining evidence that existing requirements of
product or contract have been met.

 How QMS are Audited?

Are processes identified along with their interactions with

other processes?
Are processes adequately established for effective and
efficient realization of processes and continual improvement?
Are the ongoing control of processes at the linkage are
adequately established?
Are resources used effectively and efficiently?
Are product and process performance measures adequate?
Are their trends monitored and tracked for improvement?
How analysis of data is used for improvement?
Are improvement processes established?

Categories of audit
Systems Audit
Assessing the QMS
Product Audit
Assessing the quality of
the product
Process Audit
Assessing the business
processes of an organization
Combined audit
When a QMS and EMS
are audited together.
Joint Audit
When two or more
organizations cooperate to audit a single
auditee

Types of Audit
Internal
or
Ist Party : organization
External
or
2nd Party: Audit on suppliers
3rd Party: Registration Body

Benefits of Audits
First party:
Powerful tool for aiding continual
improvements
Control mechanism utilized by
management.
QMS standard requires them.
Correct non compliances before
external bodies find them.

Second party audit:

QMS standards implied need
Provides input to selection and
evaluation of suppliers
Helps to improve suppliers quality
systems
Increases mutual understanding of
quality
Leads to Supply chain tuning
towards JIT, TQM etc.,

 Third Party audit:

Reduce avoidable costs to customers and
organization.
Less need for 2nd party audits.
Establish minimum standards met by
companies.
Recognition of compliance with an
international standard
Aid to companys market competitiveness.

 Adequacy audit/Documentation
audit:
To check the completeness of
documentation.
Compliance audit:
To check the degree of compliance,
the effectiveness and efficiency of
the QMS (improvements)

 Scope definition is important in an audit.

Does scope call for audit of total integrated
management system?
Does the scope calls for audit of one elements of
the integrated management system?
Once scope is clear, the process of audit will be:
Document review
Compliance audit
Pre audit activities
Audit activities
Post audit activities

Integration of quality management system may be

partial or total.

 Conducting an audit - Overview of the process

steps
1. Sources of information
2. Collecting by appropriate sampling
3. Verification of audit evidence
4. Evaluating against audit criteria
5. Audit findings
6. Reviewing
7. Audit conclusions
Take a procedure and ask questions Who, What,
How, When and Why?
In respect to WI, ask How in Detail? Who in
specific? Which in specific?

For compliance use the concept of Look at and Look for.

We look at a product, document, record or equipment.
For example in the case of procedures:
Look for : Compliance, effective date, controlled, approved,
understandable, readable
Component: ID, Inspection/test status
Purchase order: Complete data, authorized, accuracy,
approved vendor
Records: Legible, authorized, retention period, indexed,
stored, accessible
Operator: understandable work instruction, following
procedure, skill, quality policy, safety.
Instrument: Identification, calibration status, stored, handled
Environment: Lighting, noise, vibration, pollution, lines

Fact Finding:
Use checklists
Select samples yourself
Look for audit evidence by reading,
observation and communication.
Make notes
To and fro checking.

 Conducting Interviews:
During normal working hours and work-places
Put the person at ease
Explain the reason for interview and take notes
Ask them first to describe the job
Adopt good questioning techniques (Can you
explain, please)
Check facts and record findings
Avoid questions that bias answers and leading
questions
Summarize and review results with persons
intrviewed
Thank persons interviewed for participation and
co-operation.

What should Auditor do?

Listen attentively while taking notes
Listen without your own judgment and conclusions
Create a warm climate by active listening
Be aware of the learning happening while listening
Do not pressurize auditees to answer or behave in your
prescribed manner.
Ask what would you like to do? Instead of our prescriptions so
that auditee understands his context better.
Show flexibility to the following:
Changing situations
Management styles
Management levels
Reasoning about nonconformities
Evaluation of corrective action

 Audit Evidence:
Admissible statements
Document no and issue
Identifiers
Departments
Positions (and names if necessary)
Verification:
Random basis
Chosen by auditor
Permission sought
Establish and agree facts
Remain disinterested and polite

Nature of the Audit:

Audit must be positive
Audit should help to improve system
Nonconformities are opportunities
Dont look for blame
Look for solutions

Review meetings:
Review non-conformities
Resolve questions or problems
Monitor progress
Clarify misunderstandings
If appropriate, agree for corrective actions.
A good auditor will never get involved in an argument or take
sides if internal conflicts develop during the audit.

Nonconformity

Nonfulfillment of any audit criteria is a non-conformity.

Audit criteria:
Policies
Procedures
Objectives
Quality plan
Governing specifications
Statutory or regulatory requirements.

1.
2.
3.

Non conformity exists because of

Manual/procedures do not comply with the standard
Practice is not in line with the intent
Practice is not effective

How nonconformities are stated?

Fact based/objective
Clearly expressed in auditees language
Concisely stated
Refer to clause number of the standard and auditees documents
agreed as audit criteria
State the exact nonconformity
Mention the identifiers of the nonconformity
Categorize as major or minor (In internal audits if it is a practice in the
organization)
Be accepted and signed by the auditee.

Following words will be freely used in the audit reports:

Deficiency, discrepancy, finding, noncompliance, nonconformance,
nonconformity to describe a situation which exists, but does not
comply with requirements.

 Report should contain

Details of nonconformity
The observation :Factual info gathered during audit
and substantiated by audit evidence.
The explanation: A brief explanation of why stated
observation is a nonconformity. It could, at times be
a repetition of the procedure or standards
requirement.
The attribution: Relevant clause of ISO 9001:2000
against which the observation is a nonconformity
and or reference to Quality system document.
The corrective action planned
Corrective action completed and verified.

 Types of nonconformity (Used only in Third-party audits)

Minor- A failure in some part of the organizations documented
quality system relative to appropriate standard.
Or A single observed lapse in following one item of an organizations
quality system.
Major- The absence or total breakdown of a system to meet ISO
9001:2000 requirement or
Any noncompliance that would result in the probable shipment of a
nonconforming product.

Before declaring major or minor, consider the following questions,

What could go wrong if the nonconformity remains uncorrected?
How often such nonconformity get repeated?

Recommendation options:
Corrective actions
Partial reassessment
Full reassessment

Observations: Moving towards a nonconformity

Audit report
Should include:

Audit objectives
Audit scope, identifying functions, processes and time period
Identification of audit client
Dates and places of onsite audits
Audit criteria
Audit findings
Audit conclusions

Should not contain:

Individual names in nonconformity references

Confidential information
Subjective statements
Emotive statements
Information not raised earlier
An audit is complete when:
All activities as per audit plan have been carried out and approved audit report
distributed.

 Internal audit reports are inputs to management reviews.

One can make an analysis of the audit findings to discuss
in reviews.
Analysis can be made clause wise or process wise.
Analysis should enable management to concentrate their
efforts on processes where corrective action is required.
Normal practice whosoever asks you to conduct the audit
MR/QA manager, if they have specific printed
checklists/observation recordable use that. Otherwise
prepare one yourself. Write the final findings and report in
that form/or give it typed back to MR/QA Manager with a
copy to the concerned person audited for follow-up if any.
You can include your observations/recommendations in
the report in an objective way based on precise
observation/info.

QMS Audits
Five audit trails are normally used by most of
the Lead auditors.
1. Business planning and management review
2. Process monitoring and improvement
3. New product development
4. Provision
5. Administration and resources.
The related diagrams and audit trail are given
below:

Sample four types of

processes: Product
realization, business
processes, and support
processes

5.5 Responsibility, authority and

communications

4.2 Documentation
requirements

6.2 Human Resources

Sample: Each sub

element is unique
6.3 Infrastructure

6.4 Work environment