Terms related to Audit in QMS
We shall try to define and understand
some of the terms used in quality management system. The standard ISO
9000:2005 is the basis on which the terms are defined.
9) Terms related to Audit
Terms related to Audit as defined in ISO 9000:2005 are:
9.1) Audit
ISO 9000 definition:
“Systematic, independent and
documented process for obtaining audit evidence and evaluating it
objectively to determine the extent to which audit criteria are
fulfilled.”
NOTE 1 Internal audits, sometimes called first-party audits, are conducted by, or on behalf of, the organization itself for management review and other internal purposes, and may form the basis for an organization’s declaration of conformity. In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.
NOTE 2 External audits include those generally termed second- and third-party audits. Second-party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations,such as those providing certification/ registration of conformity to ISO 9001 or ISO 14001.
NOTE 3 When two or more management systems are audited together, this is termed a combined audit,
NOTE 4 When two or more auditing organizations cooperate to audit a single auditee, this is termed a joint audit.
Explanation:NOTE 1 Internal audits, sometimes called first-party audits, are conducted by, or on behalf of, the organization itself for management review and other internal purposes, and may form the basis for an organization’s declaration of conformity. In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.
NOTE 2 External audits include those generally termed second- and third-party audits. Second-party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations,such as those providing certification/ registration of conformity to ISO 9001 or ISO 14001.
NOTE 3 When two or more management systems are audited together, this is termed a combined audit,
NOTE 4 When two or more auditing organizations cooperate to audit a single auditee, this is termed a joint audit.
An audit is a systematic, independent,
and documented process for obtaining audit evidence and evaluating it
objectively to determine the extent to which audit criteria are
fulfilled.Audits are structured and formal evaluations.The organization
must plan and document its system for auditing. It must have management
support and resources behind it.
Audits must be performed in an impartial manner.An audit is an evidence gathering process. Audit evidence is used to evaluate how well audit criteria are being met. Audits must be objective, impartial, and independent, and the audit process must be both systematic and documented.
There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits.
Organizations use first party audits to audit themselves. First party audits are used to confirm or improve the effectiveness of management systems. They’re also used to declare that an organization complies with an ISO standard (this is called a self-declaration). Of course, such a declaration is credible only if first party auditors are genuinely independent and free of bias. If you decide to use first party auditors to make a self-declaration of compliance, make sure that they aren’t auditing their own work. Second party audits are external audits. They’re usually done by customers or by others on their behalf. However, they can also be done by regulators or any other external party that has a formal interest in an organization. Third party audits are external audits as well. However,they’re performed by independent organizations such as registrars (certification bodies) or regulators.
ISO 19011 2011 also distinguishes between combined audits and joint audits. When two or more management systems of different disciplines are audited together at the same time, it’s called a combined audit; and when two or+ more auditing organizations cooperate to audit a single auditee organization it’s called a joint audit.
ISO 19011 2011 should be used by those who carry out first and second party audits. ISO/IEC 17021 2011 should be used by those who carry out third party audits.
Audits must be performed in an impartial manner.An audit is an evidence gathering process. Audit evidence is used to evaluate how well audit criteria are being met. Audits must be objective, impartial, and independent, and the audit process must be both systematic and documented.
There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits.
Organizations use first party audits to audit themselves. First party audits are used to confirm or improve the effectiveness of management systems. They’re also used to declare that an organization complies with an ISO standard (this is called a self-declaration). Of course, such a declaration is credible only if first party auditors are genuinely independent and free of bias. If you decide to use first party auditors to make a self-declaration of compliance, make sure that they aren’t auditing their own work. Second party audits are external audits. They’re usually done by customers or by others on their behalf. However, they can also be done by regulators or any other external party that has a formal interest in an organization. Third party audits are external audits as well. However,they’re performed by independent organizations such as registrars (certification bodies) or regulators.
ISO 19011 2011 also distinguishes between combined audits and joint audits. When two or more management systems of different disciplines are audited together at the same time, it’s called a combined audit; and when two or+ more auditing organizations cooperate to audit a single auditee organization it’s called a joint audit.
ISO 19011 2011 should be used by those who carry out first and second party audits. ISO/IEC 17021 2011 should be used by those who carry out third party audits.
9.2) Audit programme
ISO 9000 definition:
“Set of one or more audits planned for a specific time frame and directed towards a specific purpose”
NOTE An audit programme includes all activities necessary for planning, organizing and conducting the audits.
Explanation:NOTE An audit programme includes all activities necessary for planning, organizing and conducting the audits.
An audit programme is a set of one or
more audits planned for a specific time frame and directed towards a
specific purpose. It is set of arrangements that are intended to
achieve a specific audit purpose within a specific time frame. It
includes all of the activities and resources needed to plan, organize,
and conduct one or more audits.ISO 19011 expects organizations to
appoint audit program managers. They are responsible for setting
objectives, assigning responsibilities, allocating resources, and
monitoring performance. Audit programme gives at a glance information
about time frame, audit intervals, responsibility and resources. It
helps in adhering to audit frequency. It may include may include first,
second and third party audit at, if any.
9.3) Audit criteria
ISO 9000 definition:
“Set of policies, procedures or requirements.”
NOTE Audit criteria are used as a reference against which audit evidence is compared.
Explanation:NOTE Audit criteria are used as a reference against which audit evidence is compared.
Audit criteria refers to Set of
policies, procedures or requirements used as a reference. Audit criteria
are used as a reference against which audit evidence is compared..
Audit evidence is used to determine how well audit criteria are being
met. Audit evidence is used to determine how well policies are being
implemented, how well procedures are being applied, and how well
requirements are being followed.When requirements are used as audit
criteria, auditors often use the terms conformity and nonconformity to
indicate whether or not requirements are being met. However, when legal
requirements are used as audit criteria, auditors tend to use the terms
compliance and noncompliance (instead of conformity and nonconformity).
for e.g during the audit of iso 9001:2008 standards, the requirements of
ISO 9001:2008 becomes the audit criteria.
9.4) Audit evidence
ISO 9000 definition:
“Records, statements of factor other information which are relevant to the audit criteria and verifiable.”
NOTE Audit evidence can be qualitative or quantitative.
Explanation:NOTE Audit evidence can be qualitative or quantitative.
Audit evidence includes records, factual
statements, and other verifiable information that is related to the
audit criteria being used. Audit criteria include policies, procedures,
and requirements. Audit evidence can be either qualitative or
quantitative. Objective evidence is information that shows or proves
that something exists or is true. Audit evidence should be identified ,
recorded, documented and evaluated against audit criteria to determine
audit findings.
9.5) Audit findings
ISO 9000 definition:
“Results of the evaluation of the collected audit evidence against audit criteria.”
NOTE Audit findings can indicate either conformity or nonconformity with audit criteria or opportunities for improvement.
Explanation:NOTE Audit findings can indicate either conformity or nonconformity with audit criteria or opportunities for improvement.
Audit findings result from a process
that evaluates audit evidence and compares it against audit criteria.
Audit findings can show that audit criteria are being met (conformity)
or that they are not being met (nonconformity). They can also identify
best practices or improvement opportunities. Audit evidence includes
records, factual statements, and other verifiable information that is
related to the audit criteria being used. Audit criteria include
policies, procedures, and requirements.
9.6) Audit conclusion
ISO 9000 definition:
“Outcome of an audit provided by the audit team after consideration of the audit objectives and all audit findings “
Explanation:
Audit conclusions are drawn by the audit
team after the audit has been completed and after audit findings and
audit objectives have been considered. Audit findings result from a
process that evaluates audit evidence and compares it against audit
criteria.
9.7) Audit client
ISO 9000 definition:
“Organization or person requesting an audit”
NOTE The audit client may be the auditee or any other organization that has the regulatory or contractual right to request an audit.
Explanation:NOTE The audit client may be the auditee or any other organization that has the regulatory or contractual right to request an audit.
An audit client is any person or
organization that requests an audit. Internal audit clients can be
either the auditee or audit program manager whereas external audit
clients can include regulators or customers or any other parties that
have a legal or contractual right or obligation to carry out an audit.
9.8) Auditee
ISO 9000 definition:“Organization being audited.”
Explanation:
An auditee is an organization (or part
of an organization) that is being audited. Organizations can include
companies, corporations, enterprises, firms, charities, associations,and
institutions. Organizations can be either incorporated or
unincorporated and can be privately or publicly owned.
9.9) Auditor
ISO 9000 definition:
“Person with the demonstrated personal attributes and competence to conduct an audit.”
NOTE The relevant personal attributes for an auditor are described in ISO 19011.
Explanation:NOTE The relevant personal attributes for an auditor are described in ISO 19011.
An auditor is a person who is trained
and tasked to carry out audits. Auditors collect evidence in order to
evaluate how well audit criteria are being met. They must be objective,
impartial, independent, and competent. ISO 19011 distinguishes between
internal and external auditors. Internal auditors perform first party
audits while external auditors perform second and third party audits.
9.10) Audit team
ISO 9000 definition:
“One or more auditors conducting an audit, supported if needed by technical experts.”
NOTE 1 One auditor of the audit team is appointed as the audit team leader.
NOTE 2 The audit team may include auditors-in-training.
Explanation:NOTE 1 One auditor of the audit team is appointed as the audit team leader.
NOTE 2 The audit team may include auditors-in-training.
An audit team is made up of one or more
auditors, one of whom is appointed to be the Lead Auditor. The audit
team may also include audit trainees. When necessary, audit teams are
also supported by guides and technical experts. Guides and technical
experts assist auditors but do not themselves act as auditors.
The Lead Auditor is responsible for:
The Lead Auditor is responsible for:
- Leading the team and deciding on allocation of audit activities
- Communicating with the auditee to confirm audit plans
- Monitoring the performance of auditors within the team
- Check for adequacy any checklists and other documented preparations of the audit team members
- Authorising the final report before being provided to the auditee
- Managing any conflicts between auditors and auditees
- Lead team meetings to discuss progress at regular intervals throughout the audit
- Decide upon any non-conformances or follow-up action required based on collated findings
- Conducting the entry and exit meetings
- Collating the findings of each auditor involved in the audit.
- Participate in the planning of the audit
- Prepare for the audits
- Submit checklists to the Lead Auditor for review of adequacy
- Report findings and perceived non-conformances to the lead auditor within sufficient timeframes
- Provide any information requiring follow-up actions
- Attend and participate in team meetings to report on progress
- Conducting audit
9.11) Technical expert
ISO 9000 definition:
“(audit) Person who provides specific knowledge or expertise to the audit team.”
NOTE 1 Specific knowledge or expertise relates to the organization, the process or activity to be audited,or language or culture.
NOTE 2 A technical expert does not act as an auditor in the audit team.
Explanation:NOTE 1 Specific knowledge or expertise relates to the organization, the process or activity to be audited,or language or culture.
NOTE 2 A technical expert does not act as an auditor in the audit team.
Technical experts support audit teams by
providing specific expertise or knowledge about the organization,
process, or activity being audited or about the auditee’s language or
culture. They do not act as auditors.Technical experts should be under
the supervision of an auditor, so as to meet the audit objectives in
which an audit team may need to be supplemented by.To avoid Technical
Experts to associate with the concerned auditee’ s competitors from the
same industrial sector by other auditee; all technical experts should be
required to sign a statement on avoiding conflicts of interest and on
ensuring integrity, confidentiality before participating in the audit .
9.12) Audit plan
ISO 9000 definition:
“Description of the activities and arrangements for an audit.”
Explanation:
An audit plan specifies how you intend
to conduct a particular audit. It describes the activities you intend
to carry out in order to achieve your audit objectives. An audit is an
evidence gathering process. Audit evidence is used to evaluate how well
audit criteria are being met.Audit planning is a vital area of
the audit primarily conducted at the beginning of audit process to
ensure that appropriate attention is devoted to important areas,
potential problems are promptly identified, work is completed
expeditiously and work is properly coordinated. “Audit planning” means
developing a general strategy and a detailed approach for the expected
nature, timing and extent of the audit. The auditor plans to perform
the audit in an efficient and timely manner.
An Audit plan is the specific guideline to be followed when conducting an audit.It helps the auditor obtain sufficient appropriate evidence for the circumstances, helps keep audit costs at a reasonable level, and helps avoid misunderstandings with the client. It addresses the specifics of what, where, who, when and how:
What are the audit objectives?
Where will the audit be done? (i.e. scope)
When will the audit(s) occur? (how long?)
Who are the auditors? How will the audit be done?
An Audit plan is the specific guideline to be followed when conducting an audit.It helps the auditor obtain sufficient appropriate evidence for the circumstances, helps keep audit costs at a reasonable level, and helps avoid misunderstandings with the client. It addresses the specifics of what, where, who, when and how:
What are the audit objectives?
Where will the audit be done? (i.e. scope)
When will the audit(s) occur? (how long?)
Who are the auditors? How will the audit be done?
9.13) Audit scope
ISO 9000 definition:“Extent and boundaries of an audit.”
NOTE The audit scope generally includes a
description of the physical locations,organizational units, activities
and processes, as well as the time period covered.
Explanation:
Audit Scope refers to the activities
covered by an audit. Audit scope includes, where appropriate: audit
objectives; nature and extent of auditing procedures performed; Time
period audited; and related activities not audited in order to delineate
the boundaries of the audit.The range of activities that are the focus
of an audit. The scope includes all areas of importance in an audit.The
scope of an audit is a statement that specifies the focus, extent, and
boundary of a particular audit. The scope can be specified by defining
the physical location of the audit, the organizational units that will
be examined, the processes and activities that will be included, and the
time period that will be covered.
9.14) Competence
ISO 9000 definition:
“(audit) demonstrated personal attributes and demonstrated ability to apply knowledge and skills.”
Explanation:
Competence means being able to apply
knowledge and skill to achieve intended results. Being competent means
having the knowledge and skill that you need and knowing how to apply
it. Being competent means that you know how to do your job.Competence is
the ability of an individual to do a job properly. A competency is a
set of defined behaviors that provide a structured guide enabling the
identification, evaluation and development of the behaviors in
individual employees.Some scholars see “competence” as a combination of
practical and theoretical knowledge, cognitive skills, behavior and
values used to improve performance; or as the state or quality of being
adequately or well qualified, having the ability to perform a specific
role.Competency is sometimes thought of as being shown in action in a
situation and context that might be different the next time a person has
to act. In emergencies, competent people may react to a situation
following behaviors they have previously found to succeed. To be
competent a person would need to be able to interpret the situation in
the context and to have a repertoire of possible actions to take and
have trained in the possible actions in the repertoire, if this is
relevant. Regardless of training, competency would grow through
experience and the extent of an individual to learn and adapt.
No comments:
Post a Comment