We
shall try to define and understand some of the terms used in quality management
system. The standard ISO 9000:2005 is the basis on which the terms are defined.
9) Terms
related to Audit
Terms
related to Audit as defined in ISO 9000:2005 are:
9.1)
Audit
ISO 9000 definition:
“Systematic, independent and
documented process for obtaining audit evidence and evaluating it
objectively to determine the extent to which audit criteria are
fulfilled.”
NOTE 1 Internal audits, sometimes called first-party audits, are conducted by, or on behalf of, the organization itself for management review and other internal purposes, and may form the basis for an organization’s declaration of conformity. In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.
NOTE 2 External audits include those generally termed second- and third-party audits. Second-party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations,such as those providing certification/ registration of conformity to ISO 9001 or ISO 14001.
NOTE 3 When two or more management systems are audited together, this is termed a combined audit,
NOTE 4 When two or more auditing organizations cooperate to audit a single auditee, this is termed a joint audit.
NOTE 1 Internal audits, sometimes called first-party audits, are conducted by, or on behalf of, the organization itself for management review and other internal purposes, and may form the basis for an organization’s declaration of conformity. In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.
NOTE 2 External audits include those generally termed second- and third-party audits. Second-party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations,such as those providing certification/ registration of conformity to ISO 9001 or ISO 14001.
NOTE 3 When two or more management systems are audited together, this is termed a combined audit,
NOTE 4 When two or more auditing organizations cooperate to audit a single auditee, this is termed a joint audit.
Explanation:
An audit is a systematic, independent,
and documented process for obtaining audit evidence and evaluating it
objectively to determine the extent to which audit criteria are
fulfilled.Audits are structured and formal evaluations.The organization must
plan and document its system for auditing. It must have management support and
resources behind it.
Audits must be performed in an impartial manner.An audit is an evidence gathering process. Audit evidence is used to evaluate how well audit criteria are being met. Audits must be objective, impartial, and independent, and the audit process must be both systematic and documented.
There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits.
Organizations use first party audits to audit themselves. First party audits are used to confirm or improve the effectiveness of management systems. They’re also used to declare that an organization complies with an ISO standard (this is called a self-declaration). Of course, such a declaration is credible only if first party auditors are genuinely independent and free of bias. If you decide to use first party auditors to make a self-declaration of compliance, make sure that they aren’t auditing their own work. Second party audits are external audits. They’re usually done by customers or by others on their behalf. However, they can also be done by regulators or any other external party that has a formal interest in an organization. Third party audits are external audits as well. However,they’re performed by independent organizations such as registrars (certification bodies) or regulators.
ISO 19011 2011 also distinguishes between combined audits and joint audits. When two or more management systems of different disciplines are audited together at the same time, it’s called a combined audit; and when two or+ more auditing organizations cooperate to audit a single auditee organization it’s called a joint audit.
ISO 19011 2011 should be used by those who carry out first and second party audits. ISO/IEC 17021 2011 should be used by those who carry out third party audits.
Audits must be performed in an impartial manner.An audit is an evidence gathering process. Audit evidence is used to evaluate how well audit criteria are being met. Audits must be objective, impartial, and independent, and the audit process must be both systematic and documented.
There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits.
Organizations use first party audits to audit themselves. First party audits are used to confirm or improve the effectiveness of management systems. They’re also used to declare that an organization complies with an ISO standard (this is called a self-declaration). Of course, such a declaration is credible only if first party auditors are genuinely independent and free of bias. If you decide to use first party auditors to make a self-declaration of compliance, make sure that they aren’t auditing their own work. Second party audits are external audits. They’re usually done by customers or by others on their behalf. However, they can also be done by regulators or any other external party that has a formal interest in an organization. Third party audits are external audits as well. However,they’re performed by independent organizations such as registrars (certification bodies) or regulators.
ISO 19011 2011 also distinguishes between combined audits and joint audits. When two or more management systems of different disciplines are audited together at the same time, it’s called a combined audit; and when two or+ more auditing organizations cooperate to audit a single auditee organization it’s called a joint audit.
ISO 19011 2011 should be used by those who carry out first and second party audits. ISO/IEC 17021 2011 should be used by those who carry out third party audits.
9.2)
Audit programme
ISO 9000 definition:
“Set
of one or more audits planned for a specific time frame and directed towards a
specific purpose”
NOTE An audit programme includes all activities necessary for planning, organizing and conducting the audits.
NOTE An audit programme includes all activities necessary for planning, organizing and conducting the audits.
Explanation:
An audit
programme is a set of one or more audits planned for a specific time frame and
directed towards a specific purpose. It is set of arrangements that
are intended to achieve a specific audit purpose within a
specific time frame. It includes all of the activities and resources
needed to plan, organize, and conduct one or more audits.ISO 19011 expects
organizations to appoint audit program managers. They are responsible for
setting objectives, assigning responsibilities, allocating resources, and
monitoring performance. Audit programme gives at a glance information
about time frame, audit intervals, responsibility and resources. It helps
in adhering to audit frequency. It may include may include first, second and
third party audit at, if any.
9.3)
Audit criteria
ISO 9000 definition:
“Set of policies, procedures or
requirements.”
NOTE Audit criteria are used as a reference against which audit evidence is compared.
NOTE Audit criteria are used as a reference against which audit evidence is compared.
Explanation:
Audit
criteria refers to Set of policies, procedures or requirements used as a
reference. Audit criteria are used as a reference against which audit evidence
is compared.. Audit evidence is used to determine how well audit criteria
are being met. Audit evidence is used to determine how well
policies are being implemented, how well procedures are being
applied, and how well requirements are being followed.When requirements
are used as audit criteria, auditors often use the terms conformity and
nonconformity to indicate whether or not requirements are being met.
However, when legal requirements are used as audit criteria, auditors tend
to use the terms compliance and noncompliance (instead of conformity and
nonconformity). for e.g during the audit of iso 9001:2008 standards, the
requirements of ISO 9001:2008 becomes the audit criteria.
9.4)
Audit evidence
ISO 9000 definition:
“Records,
statements of factor other information which are relevant to the audit
criteria and verifiable.”
NOTE Audit evidence can be qualitative or quantitative.
NOTE Audit evidence can be qualitative or quantitative.
Explanation:
Audit
evidence includes records, factual statements, and other verifiable
information that is related to the audit criteria being used. Audit
criteria include policies, procedures, and requirements. Audit evidence
can be either qualitative or quantitative. Objective evidence is
information that shows or proves that something exists or is true. Audit
evidence should be identified , recorded, documented and evaluated
against audit criteria to determine audit findings.
9.5)
Audit findings
ISO 9000 definition:
“Results
of the evaluation of the collected audit evidence against audit
criteria.”
NOTE Audit findings can indicate either conformity or nonconformity with audit criteria or opportunities for improvement.
NOTE Audit findings can indicate either conformity or nonconformity with audit criteria or opportunities for improvement.
Explanation:
Audit
findings result from a process that evaluates audit evidence and compares
it against audit criteria. Audit findings can show that audit criteria are
being met (conformity) or that they are not being met (nonconformity).
They can also identify best practices or improvement
opportunities. Audit evidence includes records, factual statements, and
other verifiable information that is related to the audit criteria being
used. Audit criteria include policies, procedures, and requirements.
9.6)
Audit conclusion
ISO 9000 definition:
“Outcome
of an audit provided by the audit team after consideration of the audit
objectives and all audit findings “
Explanation:
Audit
conclusions are drawn by the audit team after the audit has been completed
and after audit findings and audit objectives have been considered. Audit
findings result from a process that evaluates audit evidence and compares
it against audit criteria.
9.7)
Audit client
ISO 9000 definition:
“Organization or person requesting
an audit”
NOTE The audit client may be the auditee or any other organization that has the regulatory or contractual right to request an audit.
NOTE The audit client may be the auditee or any other organization that has the regulatory or contractual right to request an audit.
Explanation:
An
audit client is any person or organization that requests an audit. Internal
audit clients can be either the auditee or audit program manager whereas
external audit clients can include regulators or customers or any other
parties that have a legal or contractual right or obligation to carry out an
audit.
9.8)
Auditee
ISO 9000 definition:
“Organization being audited.”
Explanation:
“Organization being audited.”
Explanation:
An
auditee is an organization (or part of an organization) that is being audited.
Organizations can include companies, corporations, enterprises, firms,
charities, associations,and institutions. Organizations can be either
incorporated or unincorporated and can be privately or publicly owned.
9.9)
Auditor
ISO 9000 definition:
“Person
with the demonstrated personal attributes and competence to conduct an audit.”
NOTE The relevant personal attributes for an auditor are described in ISO 19011.
NOTE The relevant personal attributes for an auditor are described in ISO 19011.
Explanation:
An
auditor is a person who is trained and tasked to carry out audits.
Auditors collect evidence in order to evaluate how well audit criteria are
being met. They must be objective, impartial, independent, and
competent. ISO 19011 distinguishes between internal and external
auditors. Internal auditors perform first party audits while external
auditors perform second and third party audits.
9.10)
Audit team
ISO 9000 definition:
“One
or more auditors conducting an audit, supported if needed by technical
experts.”
NOTE 1 One auditor of the audit team is appointed as the audit team leader.
NOTE 2 The audit team may include auditors-in-training.
NOTE 1 One auditor of the audit team is appointed as the audit team leader.
NOTE 2 The audit team may include auditors-in-training.
Explanation:
An audit team is made up of one or
more auditors, one of whom is appointed to be the Lead Auditor. The audit
team may also include audit trainees. When necessary, audit teams are
also supported by guides and technical experts. Guides and technical
experts assist auditors but do not themselves act as auditors.
The Lead Auditor is responsible for:
The Lead Auditor is responsible for:
- Leading the team and deciding on allocation of audit activities
- Communicating with the auditee to confirm audit plans
- Monitoring the performance of auditors within the team
- Check for adequacy any checklists and other documented preparations of the audit team members
- Authorising the final report before being provided to the auditee
- Managing any conflicts between auditors and auditees
- Lead team meetings to discuss progress at regular intervals throughout the audit
- Decide upon any non-conformances or follow-up action required based on collated findings
- Conducting the entry and exit meetings
- Collating the findings of each auditor involved in the audit.
All other auditors are responsible
for:
- Participate in the planning of the audit
- Prepare for the audits
- Submit checklists to the Lead Auditor for review of adequacy
- Report findings and perceived non-conformances to the lead auditor within sufficient timeframes
- Provide any information requiring follow-up actions
- Attend and participate in team meetings to report on progress
- Conducting audit
9.11)
Technical expert
ISO 9000 definition:
“(audit)
Person who provides specific knowledge or expertise to the audit team.”
NOTE 1 Specific knowledge or expertise relates to the organization, the process or activity to be audited,or language or culture.
NOTE 2 A technical expert does not act as an auditor in the audit team.
NOTE 1 Specific knowledge or expertise relates to the organization, the process or activity to be audited,or language or culture.
NOTE 2 A technical expert does not act as an auditor in the audit team.
Explanation:
Technical
experts support audit teams by providing specific expertise or knowledge
about the organization, process, or activity being audited or about the
auditee’s language or culture. They do not act as auditors.Technical experts
should be under the supervision of an auditor, so as to meet the audit
objectives in which an audit team may need to be supplemented by.To avoid
Technical Experts to associate with the concerned auditee’ s competitors from
the same industrial sector by other auditee; all technical experts should be
required to sign a statement on avoiding conflicts of interest and on ensuring
integrity, confidentiality before participating in the audit .
9.12)
Audit plan
ISO 9000 definition:
“Description
of the activities and arrangements for an audit.”
Explanation:
An audit plan specifies how you
intend to conduct a particular audit. It describes the activities you
intend to carry out in order to achieve your audit objectives. An audit
is an evidence gathering process. Audit evidence is used to evaluate how
well audit criteria are being met.Audit planning is a vital area of
the audit primarily conducted at the beginning
of audit process to ensure that appropriate attention is devoted to
important areas, potential problems are promptly identified, work is completed
expeditiously and work is properly coordinated. “Audit planning” means
developing a general strategy and a detailed approach for the expected nature,
timing and extent of the audit. The auditor plans to perform
the audit in an efficient and timely manner.
An Audit plan is the specific guideline to be followed when conducting an audit.It helps the auditor obtain sufficient appropriate evidence for the circumstances, helps keep audit costs at a reasonable level, and helps avoid misunderstandings with the client. It addresses the specifics of what, where, who, when and how:
What are the audit objectives?
Where will the audit be done? (i.e. scope)
When will the audit(s) occur? (how long?)
Who are the auditors? How will the audit be done?
An Audit plan is the specific guideline to be followed when conducting an audit.It helps the auditor obtain sufficient appropriate evidence for the circumstances, helps keep audit costs at a reasonable level, and helps avoid misunderstandings with the client. It addresses the specifics of what, where, who, when and how:
What are the audit objectives?
Where will the audit be done? (i.e. scope)
When will the audit(s) occur? (how long?)
Who are the auditors? How will the audit be done?
9.13)
Audit scope
ISO 9000 definition:
“Extent and boundaries of an audit.”
“Extent and boundaries of an audit.”
NOTE
The audit scope generally includes a description of the physical locations, organizational
units, activities and processes, as well as the time period covered.
Explanation:
Audit
Scope refers to the activities covered by an audit. Audit scope includes,
where appropriate: audit objectives; nature and extent of auditing procedures
performed; Time period audited; and related activities not audited in order to
delineate the boundaries of the audit.The range of activities that are the
focus of an audit. The scope includes all areas of importance in an audit.The
scope of an audit is a statement that specifies the focus, extent, and
boundary of a particular audit. The scope can be specified by defining the
physical location of the audit, the organizational units that will be
examined, the processes and activities that will be included, and the time
period that will be covered.
9.14)
Competence
ISO 9000 definition:
“(audit)
demonstrated personal attributes and demonstrated ability to apply knowledge
and skills.”
Explanation:
Competence means being able to apply knowledge and skill
to achieve intended results. Being competent means having
the knowledge and skill that you need and knowing how to apply
it. Being competent means that you know how to do your job.Competence is
the ability of an individual to do a job properly. A competency is a set of
defined behaviors that provide a structured guide enabling the identification,
evaluation and development of the behaviors in individual employees.Some
scholars see “competence” as a combination of practical and theoretical
knowledge, cognitive skills, behavior and values used to improve performance;
or as the state or quality of being adequately or well qualified, having the
ability to perform a specific role.Competency is sometimes thought of as being
shown in action in a situation and context that might be different the next
time a person has to act. In emergencies, competent people may react to a
situation following behaviors they have previously found to succeed. To be
competent a person would need to be able to interpret the situation in the
context and to have a repertoire of possible actions to take and have trained
in the possible actions in the repertoire, if this is relevant. Regardless of
training, competency would grow through experience and the extent of an
individual to learn and adapt.
No comments:
Post a Comment