IQR-TRG-012010 Rev.

A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
EffectiveI nternal Audit Planning:
I SO9000UsersGroup- ASQSection509,
Wednesday, J anuary20, 2010
ByDavidCollingham, CQA/CQE
Audit practices that add the most value!
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
Outline
Definitions of Key Audit Terms
Types of Audits
Nonconformance Types
ISO 9001:2008 Internal Audit Requirement
Common NCRs issued by Registrars related to Audits
Miss-Conceptions About Auditing
What does the Industry and Product/Process have to do with Planning an Audit?
How much do I invest in Auditing?
Why do we Audit?
First Party Audit Process Steps
Planning Audits
Typical Audit Schedules and Forms
EffectiveI nternal Auditor Planning
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
Definitionsof KeyAudit Terms
Effective - producing or capable of producing an intended result or
having a striking effect
Planning - the act or process of drawing up plans or layouts for some
project or enterprise
Audit - a methodical examination or review of a condition or situation
EffectiveI nternal Auditor Planning
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
First Party
When a Company uses an internal person to perform an Audit on itself.
Second Party
When a Company uses an internal person to perform an Audit
on its Supplier or an other organization.
Third Party
When a Company is Audited by a third party independent of the
Companys Customer.
Audit Types
EffectiveI nternal Auditor Planning
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
NonconformanceTypes
Major
When the Quality System exhibits a void where an element of the
system has not been documented, implemented or is not effective.
In addition, the nonconformance does risk the shipment or delivery
of nonconforming material to the Customer
Minor
When the Quality System is documented, implemented and effective, but
has exhibited a random nonconformance. The nonconformance does not
risk the shipment or delivery of nonconforming material to the Customer
Comment
When an Auditor identifies an improvement opportunity that is not
a major or minor
EffectiveI nternal Auditor Planning
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
I SO9001:2008KeyElements
Key
Value-adding activities
Information flow
Continual I mprovement of
theQualityManagement System
Customers
Customers
Requirements
Satisfaction
Management
Responsibility
Resource
Management
Measurement,
Analysis and
Improvement
Product
Realization Product
Output
Input
4.0
5.0
6.0
7.0
8.0
EffectiveI nternal Auditor Planning
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
I SO9001:2008I nternal Audit Requirement
Measurement,
Analysis and
Improvement
8.2.2 - Internal Audit
The organization shall conduct internal audits at planned intervals to determine whether the quality
management system:
a) conforms to the planned arrangements, to the requirements of this ISO Standard and to the quality
management system requirements established by the organization, and
b) is effectively implemented and maintained.
The audit program shall be planned, taking into consideration the status and importance of the processes and
areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and
methods shall be defined. The selection of the auditors and conduct of audits shall ensure objectivity and
impartiality of the audit process. Auditors shall not audit their own work.
8.0
EffectiveI nternal Auditor Planning
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
Common NCRs issued by Registrars related to Audits
Audit Plan/Schedule does not address all elements (major paragraphs)
of the ISO 9001:2008 standard
Audit Plan/Schedule does not address multiple facility locations, work
shifts (shift 1, 2 & 3) or scope of business/registration
Audit plan/schedule is not approved
Audits are not completed as scheduled
Audits are performed by personnel who audited their own work
Audit results do not have written signature or electronic signature by
Auditor with date
Audits were not conducted in an effective manner
Auditor(s) received no internal auditor training
EffectiveI nternal Auditor Planning
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
Miss-ConceptionsAboutAuditing
There needs to be 35 Internal Audits performed for ISO 9001:2008 (i.e.4.1-4.2.2,
4.23, 4.24, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.4.3, 7.5.1, 7.5.2, 7.5.3, 7.5.4, 7.5.5, 7.5.6,
7.6, 8.1, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.3, 8.4, 8.5.1, 8.5.2, 8.5.3)
I can not conduct 1 audit of the ISO 9001:2008 QMS each year
We must use an outside contractor to perform our audits
All the ISO 9001:2008 elements need to be audited every year
If you dont spend 2-5 hours on each audit, then you are not doing your job
The Auditor must prepare a checklist list using his or her own questions in
order to perform an effective audit
I can use typed audit checklists with typed in results with typed in names and
dates (no written or electronic signature)
If the Audit Report does not weight 3 pounds, then it must not have been
performed correctly
We cant use the receptionist or finance person to conduct audits, because
she/he does not know what we do
EffectiveI nternal Auditor Planning
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
What doestheI ndustryandProduct/Processhavetodowith
planninganAudit?
Critical, High Risk and High Exposure Industries/Products/Processes:
EffectiveI nternal Auditor Planning
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
High Risk
High Complexity
Critical to End Mission
High Maintenance
High Failure/Reject Rate
Appraisal/
Prevention
Investment;
Audits
High $
Risk Level
1 2 3 4 5 6 7 8 9 10
High
HowmuchdoI invest inAuditing?
EffectiveI nternal Auditor Planning
(*) Graph
not to scale
Point 2
Point 1
Industry/Product/Process
Low Risk
Low Complexity
Not Critical to End Mission
Low Maintenance
Low Failure/Reject Rate
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
WhydoweAudit?
Provides Senior Management an independent examination of business
processes
To identify improvement opportunities in processes/products/services
Proactive approach to prevent/reduce the risk of producing defective
product/services
To identify needs for training, tools/fixtures, methods, etc.
Enhances communication and training
Provides a means for operator feedback
EffectiveI nternal Auditor Planning
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
Audit Process Steps:
A- Prepare Audit Schedule and Obtain Management Approval
B - Schedule the Audit(s)
C - Obtain Audit Requirements
D - Examine prior Audit Results and Corrective Actions
E - Prepare Audit Check List(s) and Any Other Support Questions
F - Conduct Audit Investigation
G - Record Audit Finds and Obtain Auditee Acknowledgment
H - Prepare Audit Report
I - Obtain Corrective Action(s)
J - Follow-Up On Corrective Action(s)
First PartyAudit ProcessSteps
EffectiveI nternal Auditor Planning
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
EffectiveI nternal Auditor Planning
PlanningAudits
What is the budget for conducting audits? Hours? Dollars?
How many audits do we need to do?
How Im I going to be value-added?
What does Senior Management feel is critical to the business success?
Gain a clear understanding of what is expected from conducting the audits?
If we spend money from the Overhead Budget for conducting audits, what is
expected for the investment?
What are the critical processes/products that need to be examined?
What does our past internal audit results tell us to focus on?
Do we have any new areas/processes/staffing/equipment/vendors that requires
more focus than other areas?
What facility locations, functions, processes/products and work shifts need to
be included in the schedule?
What is the best time to conduct the audits? High Volume? Low Volume?
Before Lunch? After Lunch? At the end of work shift? Etc.
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
EffectiveI nternal Auditor Planning
Approved By: Jim Brown Date: 01/14/10
Example 1
PlanningAudits
(continued)
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
s
EffectiveI nternal Auditor Planning
Approved By: Jim Brown Date: 01/14/10
Example 1
PlanningAudits
(continued)
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
EffectiveI nternal Auditor Planning
Approved By: Jim Brown Date: 01/14/10
Example 1
PlanningAudits
(continued)
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
s
EffectiveI nternal Auditor Planning
Approved By: Jim Brown Date: 01/14/10
Example 1
PlanningAudits
(continued)
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
PlanningAudits
(continued)
EffectiveI nternal Auditor Planning
Approved By: Jim Brown Date: 01/14/10
Example 1
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
Typical Audit SchedulesandForms
EffectiveI nternal Auditor Planning
AUDIT FORMS & RECORDS
Procedure
Schedule
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
Typical Audit SchedulesandForms
(continued)
EffectiveI nternal Auditor Planning
AUDIT FORMS & RECORDS
Audit Summary Audit Checklist
IQR-TRG-012010 Rev. A
All Copy Rights Reserved by IQR.
Jan. 20, 2010
www.IQRCORP.com
By David Collingham, CQE/CQA
International Quality Registrars Corp.
Typical Audit SchedulesandForms
(continued)
EffectiveI nternal Auditor Planning
AUDIT FORMS & RECORDS
Audit Summary
Example