Module 2-1

ISO 9001:2008 is a management tool which can be used by an organization to better affect its quality management disciplines and its strive toward World Class Excellence.

It is essential for an organization to understand its performance against its requirements, both conformity and effectiveness; and whenever possible, to identify opportunities for improvement. To achieve these objectives, organizations set out to conduct internal reviews.

Internal audits are mandated in ISO 9001:2008 through the clause 8.2.2. The clause states:

The organization shall conduct internal audits at planned intervals to determine whether the quality management system

Conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
is effectively implemented and maintained.

The intent of this process is to ensure the organization’s knowledge of itself and how it is performing to its requirements. This process is charged to the internal auditor, whether developed from within or hired from outside.

Success in the auditing process is characterized by reliance on a number of principles. These principles make the audit experience an efficient and reliable tool in support of management policies and controls, providing information on which an organization can act to improve its performance.

Combined ... the organization has a management tool for continual improvement of the Quality Management System!

Audits are conducted to ‘determine the degree of conformity to requirements, effectiveness of the system and identification of opportunities for improvement’. The focus of the audit depends upon the scope and objectives attached to the event. When conducting QMS audits, the auditor focuses on the agreements made between the organization and the customer using the relevant system disciplines within the organization. EMS audits are conducted focusing on the organization commitment to the continual improvement of their environmental performance toward the environment.

These shifts in focus require the auditor to view their respective events with a different level of decision-making requirements. The auditor auditing within the QMS disciplines are able to be less subjective and a bit more mechanical in decision-making. However, an auditor auditing within the EMS disciplines must view the event not only as in the mechanical disciplines, but also in the broader view of continual improvement. Typically, the auditor may choose to view a concern more seriously than the actual ‘black-and-white’ of the requirement being audited.

System audits, sometimes referred to as document reviews and tabletop reviews and commonly called Stage 1 Audits, are conducted to determine the existence of a management system or part. This audit focuses on a review of the Quality Management System as written against a reference Standard, such as ISO 9001 and ISO 14001, to ensure that relevant requirements have been properly addressed.

Conformance audits, commonly called Stage 2 Audits, are conducted to determine whether or not the organization, department, defined area or process is conforming to their mandates. These audits test a management system’s implementation and effectiveness; and whenever they arise during the evaluations, identified opportunities for improvement is presented.

There are three types of audits. Each is driven by two specific and mutually unique characteristics. They are ‘who is conducting the audit’ and ‘to what reference is the audit conducted’.

Audit programmes either external or internal have similar structures and requirements ... only the focus changes. The concepts remain the same, however.

External audit programmes are organized through the auditing organization and are supported (agreed) with by the organization subject to the audit. Typically, Certification Bodies and Registrars, but this can include second party audit programmes as well, require a prescribed set of conditions for audits, re-audits, surveillances, etc., that the client must agree to in advance. This arrangement is structured around time cycles and conformance to standard performance.

Internal audit programmes are organized and required from within the organization itself, setting up its own structure for periodic internal review of its Quality Management System.

Creating an audit programme correctly gives the auditing authority the ability to review and evaluate the level of conformity, effectiveness and efficiency of a Quality Management System, and affect corrective action and growth oriented change whenever identified.

The following audit cycles identifies the typical paths for external and internal audits. Each audit cycle demonstrates common components:

Each type of audit cycles uses this information, yet slightly differently, to achieve its respective objectives and targets, as visually demonstrated in the respective audit cycles.

Audit teams are assemblies of auditors who have been selected to conduct audits within defined areas. The audit team consists of the Lead Auditor plus auditor members that are expert in any identified specialized area as required. Additionally, auditor trainees and observers can participate when acceptable to the client, auditee and Lead Auditor.

The Lead Auditor is also regarded as the Team Leader. An audit team may consist of many individuals that, in their own right, hold the qualification and certification of a Lead Auditor. However, there is only one individual who is authorized as the Team Leader.

When an audit team consists of only one auditor, the auditor is the Team Leader. (Note: The IRCA Certification Scheme for Auditors and Lead Auditors, however, defines a team as ‘comprised of not less than two persons’ for the purpose of Lead Auditor certification criteria.) It is common for auditing to consist of just the one auditor. When this occurs, it is critical that the auditor satisfies all relevant audit skills criteria, including audit management and specialized knowledge as required.

The audit team is lead by a Team Leader. The Team Leader is an individual that has the overall responsibility in managing the audit process. This responsibility extends to:

During the document review process, the audit team skill requirements are determined. The principal method in establishing the specific skills required is through the scope of the audit.

The Team Leader must review the scope of the audit upon assignment. From this review, appropriately qualified auditor types can be recommended for selection. The exact individuals are assigned by the Registrar, client or auditing authority. It is not the responsibility of the Team Leader to fill the team membership.

It is, however, the responsibility of the Team Leader to review the qualifications of the selected and assigned audit team members, whenever possible. Should the review prove to suggest a selected team member is light in qualifications or is otherwise felt unsuitable for the audit, the Team Leader must communicate immediately with the assigning audit authority for reassignment or resolution of the concerns raised.

Practising auditors quite often are known to their colleagues. When an auditor has been selected to lead a team of auditors, this knowledge becomes increasingly important. The Team Leader must ensure that the team members can work together as one, compliment each other’s strengths and support each other’s weaknesses.

Though audits at all levels are to be conducted as professionally as possible, regardless of any required formality or otherwise, occasionally an auditor’s personality may rub others wrong causing tension within the team and into the general audit process itself. Personalities that risk tension are those of:

Any of the above will weigh heavily in the audit process and risk failure. The Team Leader must ensure that the auditors selected for the team do not have these traits, either through reputation or previous experience with the Team Leader. Whenever the Team Leader is faced with these issues, it is important to communicate his or her concerns to the auditing authority immediately. The auditing authority must then evaluate the concern and act appropriately. This could include replacement of the auditor in question or simply a notation of the concern with no changes.

Sometimes the Team Leader has no knowledge of an auditor assigned to his team. When this occurs, the Team Leader must accept the auditor’s ‘personality’ credentials at face value. In other words, proceed with the auditor with an open posture welcoming him or her into the process. Should any personality concerns present themselves during the audit, the Team Leader must control the situation as early as reasonably possible. This could include a private closed door ‘chat’ with the view of overcoming the identified concern, reassignment to other investigation areas, or even dismissal from the audit team in extreme situations. When this last act is decided, the auditing authority must be notified immediately.

Communication between the audit team and the organization is often initiated by the auditing authority. Shortly after these initial communications, however, the Team Leader is generally required to make direct contact with the organization’s representatives. This contact is made to address and confirm the scope of the audit and agree initial audit process activities.

Communication between the Team Leader and the other team members is essential to the success of the audit process. The Team Leader must communicate to the audit team members all relevant audit requirements before the audit, such as:

The specific information above will vary depending on the nature and type of the audit. External audits require formal attention, such as written instructions to the team members. Internal audits generally do not require formal instructions. Often verbal instructions are adequate.

Audit planning activities, including the audit timing plan and resource requirements are established by the Team Leader. The planning activities focus around the nature and scope of the audit. External audits have formal timing and resource requirements that must be followed closely. Internal audits can be organized to a more relaxed environment as long as the general timing needs that have been communicated are adhered to and local resources are made available.

The Team Leader is responsible for ensuring the Audit Plan is followed. This includes leading the formal meetings supported by relevant meeting agendas and ensuring the investigations are conducted as required in a timely manner.

The investigation activities must be monitored by the Team Leader by regularly contacting the team members for their respective progress. Further, the Team Leader must make adjustments to the team activities should any concerns, such as short or extra time, be identified.

At the conclusion of the investigation process, the Team Leader shall ensure that the results are properly recorded and presented to the organization’s Management Representative. He or she shall ensure the report represents a true and accurate accounting of the audit process. Further, the report must be signed and dated by the Team Leader.

These attributes vary in intensity depending on the nature and type of audit process required.

Third Party audit Team Leader qualifications often are focused by direct subject experience and expertise. These qualifications are generally represented with Standard Industrial Classification (SIC) code experience. SIC codes detail industrial activities through numerical definitions and word explanations. Registrars are required to demonstrate their technical expertise to their respective Accreditation Boards through specific SIC codes before they can be considered for accreditation. The SIC codes qualification controls are then passed to the auditor.

An auditor becomes eligible to lead (Team Leader) a team of auditors during an audit after he or she has participated in at least three audits of similar nature or SIC code. Depending upon the Registrar, the individual may additionally have to be a Certified Lead Auditor.

This requirement, however, is driven by the Registrar, itself, as they are only mandated to demonstrate to the Accreditation Bodies the methods of qualifying as Team Leaders and Auditors. Many Registrars conduct their own programme of qualifying Team Leaders, such as on-the-job training using internal trainers supported with internal professional development training programmes.

Second and First Party audit Team Leaders are often selected on the basis of local requirements only. Saying this, however, the qualifications and subsequent assignment of Team Leaders must remain relevant to the audit scope. Second Party audits focus on existing and past contracts and orders, and the assessment of potential suppliers. First Party audits are typically focused only on the need to have the auditors remain independent for the audit process. This is so because internal audits are typically conducted by a small group of trained local personnel.

The Team Leader is an individual who is skilled in managing and leading audits effectively and efficiently. His or her personality must be such that those who are involved with the audit process are motivated to function toward the common goal: audit process success. The Team Leader’s management and leadership skills encompass and affect both the audit team and the organization representatives.

Matching the auditors with appropriate guides is crucial to the audit process. The Team Leader must ensure that the guides compliment the areas that the team members are assigned to investigate, whenever possible.

Often in audits key personnel are assigned by the organization to act as guides to the auditors. At the same time, since these guides are key personnel, they are typically required to be on hand sometime during the audit to address the investigation of their respective areas. It is important that the guides assigned to the auditors compliment the investigation by areas whenever possible. Otherwise, the risk of disruption during the audit investigation at some (or many) point will occur. This disruption causes delays to the already very tight audit programme ... time that the audit team can ill afford to lose.

The Team Leader is well advised to lightly (or casually) interview the guide regarding his or her day-to-day functions during the Opening Meeting. This way, the Team Leader can quickly determine whether or not potential conflicts exist. When conflicts are identified, the Team Leader must discuss the risks with the organization’s Management Representative hoping to resolve the concerns or at least bring to light the risk and the need to be flexible when required during the investigations.

Overall, managing audits require additional skills other than just that of audit investigation principles and techniques. The Team Leader must be able to effectively communicate to all who are involved both verbally and in writing. Without these skills, the audit process risks becoming marginalized, minimizing its effectiveness and usually creates confusion and, in some instances, even causing bad feelings.

Effective communication skills are important for any auditor. They are especially important for the Team Leader. Not only must he or she have the skills to carry out an audit, he or she must be able to communicate the various audit requirements to each team member to ensure effective audit management.

Further, the Team Leader’s verbal and written communication skills are used fully when formalizing the audit report, and then when delivering the report to the auditee, client, etc., as applicable and supporting the report with verbal explanations during any closure activities that have been agreed.

The Team Leader is ultimately responsible for all phases of the audit. The Team Leader should have an established record of management capabilities and relevant experience. Further, the Team Leader is the authority for final decisions regarding the conduct of the audit and any audit observations.

Audit team members are responsible for functioning to the requirements of the Team Leader. They audit the assigned areas for conformance using relevant conformance criteria, including quality system procedures, audit checklists, plus any additional investigation sources identified during the audit activity.

Whenever assistance is required, it is the responsibility of the auditor to notify the Team Leader and secure the assistance required. When Major Nonconformances are identified, the auditor must first inform the Team Leader at the point of discovery. From this discussion, the Team Leader then has the opportunity to approach the organization’s representatives for notification and action.

The Team Leader regularly communicates with each team member as part of his or her management activities. This practice helps the Team Leader ensure that a timely and successful audit is completed. These regular contacts provide the Team Leader with the opportunity to maintain a general understanding of the audit process and status.

The auditor is responsible for assisting in the audit activities under the direction of the Team Leader. The auditor ensures the audit is carried out objectively and fairly by:

He or she must ensure that the guide is fully aware and in understanding of any nonconformances discovered. Additionally, the auditor is responsible for verifying the effectiveness of corrective actions taken as a result of an audit, when requested.

Trainee auditors function similarly to team auditors being responsible for auditing assigned areas, as well. These auditors, however, perform under the supervision of an experienced auditor. Trainees are those who are developing their experience or those who are experienced but who lack the experience within the organization itself.

It is essential that the Team Leader monitors the activities of the trainee closely. The level of monitoring is at the discretion of the Team Leader. Basically because the trainee’s skills, including those of interfacing with the guide and investigation techniques are still in the developmental phases, the Team Leader must ensure that no unnecessary situations arise. Also, the Team Leader is typically required to report the trainee’s progress to the auditing authority.

Observer members of an audit team are not actually involved in conducting the audit itself. They become team members because the Team Leader has identified the need, then subsequently informed the auditing authority. Observers are on the team either to provide technical guidance as experts of a subject, such as translators or specialists, or to conduct a review of the auditors conducting the audit.

It is essential that the Team Leader brief the observer as to precisely what is expected in their participation. Observers are not auditors. They function to the requirements of the Team Leader, supporting any activity required.

When working with observers as technical experts, it is important to utilize their expertise properly. The auditor is the decision maker; therefore, the technical expert’s role is to interpret information provided, then convert the information for the auditor into words that can be used to make decisions of conformity or not.

An example ... when working with an interpreter, the auditor asks the interpreter to read a document for him, and from this reading the auditor determines conformity or not. The auditor must not ask the interpreter to read a document, then say ‘does it say this or mean that?’ with the interpreter deciding conformity or not.

An observer that has joined the team as an evaluator is there to review the auditors conducting the audit. Typically, this type of observer is a representative of the auditing authority, such as a Certification Body or Registrar, or a customer. These persons do not affect the audit results or make decisions regarding any particular discovery during the investigation. It is important to have the evaluator understand his role ... silent observer only.

The Team Leader must evaluate the expertise resource required for the audit. In doing so the Team Leader must take into account the nature and scope of the audit, such as the type of business or industry, SIC (Standard Industrial Classification) code, etc. The audit team must be made up of those who have specific expert knowledge.

If this is not possible, then outside independent specialists must be brought into the audit for use by the auditor. The specialist participates to provide technical observations and interpretations only. Ultimately, the auditor will be the person who determines conformance to requirement or not.

It is important to ensure proper management of the audit process through the audit team itself. The Team Leader is the Team Leader in all respects to the audit. It is from this person that the team focuses and performs.

The Team Leader must ensure that the team’s behaviour and discipline are at the highest professional level. Audits are stressful for the audited organization and its people. The audit team must not exacerbate this. Maintaining professional attitude and integrity will work to create a cooperative environment from which to conduct each element of the audit process. And, in the event that the process turns sour, the Team Leader will still be able to maintain control and ensure a proper and comprehensive conclusion to the audit.

Team members are responsible for performing the tasks that are required and delegated by the Team Leader. Each member has specific investigation assignments, such as work areas, procedures, processes, buildings, installation sites, etc.

The best audit preparation cannot foresee the unknown. During the investigation process of an audit, auditors may have to be rotated into different assignments and tasks. As unforeseen situations occur, the Team Leader must review the new requirements, then assess which is the best team member for the assignment. Consideration must be made regarding subject expertise, persons affected on both sides of the audit process, timing adjustments, as required, plus any miscellaneous consequences to these changes. It is wise to recess the audit investigation and meet with the representatives of the audited organization to agree the changes.