internal auditor ttttttttttttttttttraining.pptx
RedhaElhuni
17 views
72 slides
Aug 10, 2024
Slide 1 of 72
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
About This Presentation
asdaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Slide Content
1 Introduction to Auditing Table of Content 2 3 4 5 6 The ProcessApproachand ProcessAuditing Managing an Audit Program AuditActivities Auditor Competence and Responsibilities Conclusion
Introduction to Auditing
Auditing What is an audit? Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determinetheextent towhich auditcriteriaare fulfilled (ISO19011: 2002 clause 3.1) Whyaudit? Requirementof ISO 9001:2008 Monitorand measure the managementsystem Promotecontinuous improvementof the managementsystem
Principles of Auditing Principles relating toauditors: Ethical conduct Fairpresentation Due professional care Principles relating toaudit: Independence Evidence-based approach 4.0 Note: reference to ISO 19011:2002 Clause number
Benefits of Auditing Verifiesconformitytorequirements Increasesawareness and understanding Providesa measurementof effectiveness of the management system to top management Reduces risk of managementsystem failure Identifies improvementopportunities Continuous improvement if performed regularly Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Types of Audit Registration / Certification Product Customercontract Gapassessment / Pre-assessment Surveillance Combined audit / jointaudit Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
The Process Approach and Process Auditing Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Process Approach The process approach emphasize the importanceof: Understanding and meeting requirements Looking at processes in termsof added value Obtaining resultsof process performance Continual improvementof process Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Act Do Plan Check Continual Improvement Process PDCA (Plan-Do-Check-Act) ) The Plan-do-Check-Act (PDCA) methodology applies to all processes • Deploy and conform with plan • • • • • Activities Controls Documentation Resources Objectives • • • Analyze/review Decide/change Improve effectiveness • and Measure monitor for conformity and effectiveness
Management System Standards and the Process Approach ISO 22716: Is based upon the PDCA cycle which can be applied to processes Applies the PDCA cycle to implementing, operating, monitoring, exercising, maintaining and improving the effectiveness of a Cosmetic GMP ISO 19011:2002 does not explicitly mention process audits, but is written for application toall managementsystem audits Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Applying the Process Approach to Auditing Auditors can apply the process approach to auditing by ensuring the auditee: Can define the objectives, inputs, outputs, activities, and resources for its processes Analyzes, monitors, measures, and improves its processes Understands thesequence and interactionof its processes Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Process Auditing Approaches Individual Process: Input / Output / Value-added Activity Plan-Do-Check-Act Resources Relationshipwith otherprocesses: Flow / Sequence / Linkage / Combination Interaction / Communication Evidence Customerand suppliercontract(s) Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Process Auditing “Turtle Diagram” With who? Personnel Outputs To Whom/ Where What results? Performance indicators Inputs From Whom/ Where With what? Resources Process (specific value-added activities) How done? Methods/ Documentation Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Process Auditing Example With what? • Order processing system With who? • Customers • Competent sales and processing staff What results? • Order processing • • • time Number or orders Value of orders Contract accuracy Outputs Production/Service Delivery Inputs • • Customer requirements Sales staff How done? • • • • IT system Processing system Terms and conditions Contract review procedure Contract Review Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Managing an Audit Program Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Managing an Audit Program Process Flow PLAN DO CHECK ACT 5.1 AUTHORIZE MONITOR & IMPROVE ESTABLISH • OBJECTIVES • EXTENT • ROLES • RESOURCES • PROCEDURES IMPLEMENT • SCHEDULE AUDITS • EVALUATE • AUDITORS • SELECTTEAMS • DIRECT ACTIVITIES • MAINTAIN RECORDS AUDITOR COMPETENCE & EVALUZATION REVIEW • MONITOR • REVIEW • IDENTIFY NEED FOR CA/PA • IDENTIFY OPPORTUNITIES TO IMPROVE SPECIFIC AUDIT ACTIVITIES Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Audit Activities Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Typical Audit Activities Initialing theAudit Conducting Document Review Preparing forOn-siteActivities Conducting for On-siteActivities Preparing, Approving, Distributing Audit Report Completing theAudit Conducting Audit Follow-up PLAN DO CHECK ACT 6.1 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Audit Program Top management should authorize responsibility for program management to: Establish, implement, review, and improve theaudit program Identifythe necessary resourcesand ensure theyare provided • Organizationshould developaudit program processes • Program should be managed by a memberof theorganization • Keep appropriate audit records to monitor and review the audit program Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Audit Program Responsibilities Top management should authorize responsibility for program management Thoseassigned responsibilityshould: Establish, implement, review, and improve theaudit program Identify the necessary resourcesand ensure theyare provided Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Initiating the Audit Initiating theaudit includes: Appointing theaudit team leader Defining auditobjectives, scope, criteria Determining feasibilityof theaudit Selecting theaudit team Establishing initial contactwith theauditee 6.2 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Defining Audit Objectives, Scope, Criteria Audit Objectives may include: Determining of the extent of conformity of auditee`s QMS with auditcriteria Evaluation of capability of QMS to ensure compliance with statutory, regulatory, and contractual requirements Evaluationof effectiveness of the QMS to meet itsobjectives Identificationof areas of improvement 6.2.2 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Selecting the Audit Team ForTeam size and competence, consider: Auditobjectives, scope, criteria, and duration Whetheraudit is combined or joint Competenceof team to meetobjectives Statutory, regulatory, contractual and accreditation/certification requirements Independenceof the team 6.2.4 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Auditor Competenceand Responsibilities Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Auditor Competence Auditorcompetence is based on: Personal attributes Application of knowledgeand skills Competence is to bedeveloped, maintained, and improved 7.1 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Personal Attributes Open- minded Diplomatic Auditor Competence Personal Attributes Ethical Observant Perceptive Versatile Decisive Tenacious Self- reliant 7.2 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Auditor Competence Generic Knowledge and skills Auditorskills and competencecould include: Auditprinciples, procedures, and techniques Managementsystem and referencedocuments Organizational situations Laws, regulations, and otherrequirements 7.3.1 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Auditor Competence Specific Knowledge and skills Specific knowledgeand skills forqualityauditorscould include: Quality methodsand techniques Quality terminology Quality management toolsand theirapplication Processes and products/services specific to the sector being audited 7.3.3 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Auditor Responsibilities Arriveon time Maintainconfidentiality Be objectiveand ethical Support theaudit team and team leader Plan and prepare work documents Informauditeesof theaudit process Documentand supportall findings Keepauditee informed Safeguard all documents Prepare theaudit report Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Audit Planning Determine theobjectiveof theaudit Identifyspecified requirements Determineauditdurationand resources needed Select the team Contacttheauditee – agree thedate(s) Draw up audit plan Brief the team Preparework documents Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Conducting Document Review A reviewof documentation: Should be conducted prior to on-site audit activities unless deferring review is not detrimental to the effectiveness of the audit May include relevant FSMS documents, records, and previous audit reports May includea preliminary sitevisit 6.3 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Prepare Work Documents Preparework documents Useas a referenceand forrecording audit proceedings Include checklists, sampling plans and forms, ISO 22000:2005 standard, etc. Keep checklists flexible to allow changes resulting from informationcollected during theaudit Safeguard anyconfidential and proprietary information Retainwork documentsand records Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Checklists Preparation One Approach is to: Identifyauditscope and process(es) within scope Identify applicable factors (inputs, outputs, measures, resources, etc.) Use these points and otherrequirements (ISO 22716 system documentation, etc.) to: Plan what to look at Plan what to look for (auditevidence) Preparechecklist Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Process/ActivityAudited: Requirement Source Evidence Notes ISO22716 Clause#orother requirement Whatto “lookat” Whatto “lookfor” Notes Checklists Structure Auditchecklist structure: Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Conduct on-Site Audit Activities Conductopening meeting Communicateduring theaudit Explain rolesand responsibilitiesof participants Collectand verify information Generateaudit findings Prepareauditconclusions Conductclosing meeting 6.5 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Opening Meeting Hold opening meeting with auditee top managementand those responsible forprocesses audited Meeting may be informal Chaired by team leader Audit team present Purpose is toconfirm all priorarrangements 6.5.1 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Sources of information Collecting and Verifying Information Collect by appropriate sampling & verification Evaluate againstaudit criteria Review Audit Conclusions
Auditing Process Collect & Verify information Collect informationrelevant to: Auditobjectives, scope, and criteria interfaces between functions, activitiesand processes Collect audit evidence by appropriate sampling and verify and record it Be aware on sampling limitations, if acting on the audit conclusion Useonly information that isverifiableas auditevidence 6.5.4 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Auditing Process Techniques to Obtain Audit Evidence Interview: Personnel that manage, perform, and verifyactivities Alsoensure theyare responsible fortheactivity being audited Listencarefully to responses Observe: Identity, status, condition, processes, equipment, activities, environment, and people 6.5.4 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Auditing Process Audit Evidence Reviewdocuments thatdescribe: Activities Plans Controls Strategies Exercises tests Review records forevidenceof conformitytodocuments Review records, statements of fact, or other information which are relevant to theauditcriteriaand verifiable Auditevidence may bequalitativeorquantitative Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Communication and interpersonal skills Putauditeeatease Ask shortquestionsand listen Reflect right attitude, tone of voice, body language, and facial expressions Smile and showeye contact Avoid interruptions Avoid off-cuff and condescending remarks Give praise when appropriate Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Communication and interpersonal skills Show interest Be tactful and polite Show patience and understanding Remembertosay please and thank you Ask the rightperson Don`tsayyou understand when you do not Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Questioning Techniques Open question Using why, who, what, where, when, or how gets more than a yes or noanswer Expansivequestion Furtherelaborates thecurrentpoint Opinion question Asks opinionaboutcurrentpoint Non-verbal Uses body language, for example: raise eye-brow to elicit further information Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Questioning Techniques Repetitivequestion Repeats back response in form of a question Hypothetical question Uses what if, suppose that, etc. Closed question Getsyes or noanswer Avoid using toooften Used forconfirmation Silence Draws more information Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Note Taking Notescould be used as reference for: Immediate investigation Investigation later Use bya colleague Subsequentaudits Notes taken during an auditarea record of: The auditsample taken Whatwas reported Whatwas observed Notes may be referenced by subsequentauditor Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Sampling Samples should test theeffectiveness of the system and should be: Representative Structured Independentlyselected Sample size should be based on: Risk Importance Status Findings from the previous/currentaudit Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Control of the Audit Checklist is an aid, nota requirement If potential audit trailsappear, decide to: Disregard Note for later Followup immediately Following audit trails may effect: Sample size Audit plan Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
EXAMPLES Uncooperative Long telephone calls Cannotfind document Unprepared Constant interruptions Provocation Long-winded auditees Interdepartmental orpersonality conflicts Diversionary tactics Language Noisy environment Boastful Called away Volunteered information Handling Difficult Situations
Establish the Facts Judgment in the Audit Process Audit focus must be on conformity and effectiveness, NOT on finding nonconformities The auditee must be given the benefit of any doubt where there is insufficientauditevidence Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Establish the Facts Discussconcerns Verify the findings Record all theevidence: Exactobservation Where, what, etc. Establishwhya nonconformityorotherwise Statewho (if relevant) – preferably by job title Obtainagreementwith the facts Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Generate Audit Findings Evaluate audit evidence against audit criteria to generate audit findings Indicate if findings are conformities, nonconformities or opportunities for improvement Meet (audit team) to review findings Specify (with supporting evidence) or summarize conformity by location, function, orprocesses, as required by audit plan 6.5.5 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Nonconformity Non-fulfillmentof a specified requirement: Notdoing it Partiallydoing it Doing it thewrong way Specified requirement: Conditionsof thecustomercontract Qualitystandard (ISO 22716) Quality managementsystem Statutoryorregulatoryrequirements 6.5.5 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Generate Audit Findings Record nonconformityfindingsand supporting evidence Obtain auditee acknowledgement of nonconformities for accuracy and understandability Try and resolvedifferencesof opinion Keepa record of unresolved issues 6.5.5 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Nonconformity - Minor Failure to comply with a requirement which (based on judgment and experience) is not likely toresult in QMS failure Singleobserved lapse or isolated incident Minimal risk of nonconforming productorservice Examples: A two month lapse in the internal audit program A training record notavailable No actions taken to improve system based on previous result findings Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Nonconformity - Major Absenceortotal breakdownof a system to meeta requirement A numberof minors related to the sameclause orrequirement A nonconformity that experience and judgment indicate will likely result in QMS failure or significantly reduce its ability to assure controlled processes and products Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Nonconformity - Major Examples: No documented procedure for a required documented ISO 22716 process/activity Documentchanges routinely made withoutauthorization Noawareness program forthe Food safety management system No futureplanned internal audits Insufficientscope Numerous minor nonconformities found in the production process Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Nonconformity Classifying the Nonconformity Considerthe seriousness: Whatcould gowrong if the nonconformityremains uncorrected? Is it likely the system would detect it before the customer is affected? If you are notcertain it is a nonconformity, it is not. You must have: A requirement that has been broken Proof that it has been broken Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Nonconformity Good Report Examples Nonconformity Report Incident Number:1 QMS Company underaudit: XYZ, Inc. Area under Review: Purchasing ISO 22716 Clause number 7.4 Category: Major Minor Requirement: Clause 7.4.1 of ISO 9001:2008 requires that the organization establish criteria forevaluation and re- evaluation of suppliers. Nonconformity Findings: Upon speaking with the purchasing Manager, it was found that noevaluation of ABC supplier had taken place since the contract wassigned and business begin with ABC supplier Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Nonconformity Poor Report Examples The nonconformity statements below are inadequate due to the lack of specified requirementsand detailed evidence: Steering Group meeting minutesare notadequate The authority level for the Emergency Controller must be documented forclarify purposes Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Preparing Audit Conclusions Audit team conferprior to theclosing meeting: Scheduling of theaudit plan To plan forclosing meeting Purpose is to: Reviewaudit findings and other information Agreeon auditconclusions To prepare theaudit reportand recommendations If included in audit plan, todiscussaudit follow-up 6.5.6 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Audit Report Prepare, Approve & Distribute 1. 2. 3. 4. 5. 6. 7. 8. 9. Auditreference Clientand Auditeedetails Audit team details Listof auditee representatives Objectives, scope, and criteria Auditplan – dates, places, areas audited and timing Summary of audit process Audit Summary Uncertaintydue tosampling 6.6.1 6.6.2 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Audit Report Prepare, Approve & Distribute 10. Nonconformityreports 11. Recommendation 12. 13. 14. 15. 16. 17. Obstacles encountered Anyareas in audit scope notcovered Any unresolved issues between theauditeeand team Confirmation thatauditobjectivesaccomplished Confidentialitystatement Distribution list 6.6.1 6.6.2 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Audit Report Distribution • • • • • • Issuewithinagreed time period If delayed, providereasonsand agreeon new issuedate Report must bedated, reviewed, and approved as per procedures Distributetorecipients designated byauditclient Report is propertyof auditclient Recipients and audit team must respect the confidentiality of the report 6.6.1 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Completing the Audit • • • • Audit is complete when all activities in audit plan have been carried outand audit report is distributed Maintain or dispose of audit documents based on contractual, regulatory, and audit program procedures Maintain confidentiality of audit documents, information, and report Notify audit client and auditee ASAP if disclosure of audit information is required. 6.7 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Closing Meeting • • • • • • • Hold closing meeting to presentaudit findingsand conclusions Cover situations encountered during audit that may decrease relianceon auditconclusions Discussand resolvediverging audit findingsand conclusions Keepa record if not resolved Provide recommendations for improvement where specified by auditobjectives Keep minutesand attendancerecords Will normally be informal for internal audits 6.5.7 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Completing the Audit Conducting the Follow-up • • • • • • Audit conclusions may require corrective, preventive, or improvementactions Auditee decides and carries out these actions within agreed timeframe These actionsare not partof theaudit Audit team number should verify completion and effectiveness of actions taken Thisverification may be partof a subsequentaudit Maintain independence in subsequentauditactivities 6.8 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Completing the Audit Corrective the Follow-up • • • • • • • Auditee receives the nonconformityreport Auditee prepares and approvesa correctiveaction plan Auditeesubmits the plan toauditors Auditorsevaluateand approve the plan Auditee implements theapproved correctiveaction plan Auditorverifies the implementation and effectiveness Recordsof all actions taken by auditorand auditee 6.8 Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
CASE STUDIES Find Major/Minor NC Find standard clause reference State Standard requirement Write NC statement Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Conclusion Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Final Questions? Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Foryouattendanceand participation! Ramasubramanian.s Management consultant/Trainer/Auditor +919952229598
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 17
- Slides 72
- Age 482 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
49 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
48 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
23 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views