bot.gov.krdbot.gov.krd/sites/default/files/Documents/ISO-19011-تدقيق نظم...

INTERNATIONAL STANDARD ��

�� ISO�� !�� 6��"�#�$�%�&�'ISO ��()�%*��+��,-.��/�0��1ii23

�

Guidelines for quality and/or environmental management systems auditing

��

ISO 19011

�� ! �� "#��

4��5(�� ISO 19011:2002 (E/Ar)

6*�� ©ISO 2002

II

�6*��7�Certified translation © ISO19011: 2002�8�-,��9�0,��:��

�;��$2002:19011�+6*��2�

PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

$�%��&�%�� <��='�>��,��*(PDF �( Acrobat Reader)��?�*��@��9�;$��<��0��;( Adobe)� <��='�A��B �C��<��

�D�<��EF��;$�D��G��*(��HC)��I!��J��K�.�*(�D<C*��?�*��@��9�; ��LM�NM��O!<��*��A$�P?��N��G�;�D�@��O!��5��Q��R3�

�A�� <��='�:��R��;��-��J��S*��&��=/*!��A�GT�U��( Adobe)�+��B �C��<�3�2�

�V��0�<��1!�<��T�G��H�,�T�N;( ISO )�W�?��='��&��>$�3�

��;( Adobe )�6*,��O<��<?��F��( Adobe ) ��*J��X��H�.�-T��<��W�Y,��G��;�� <��='�� <��=I��0<��%��<��3�"�OM�H��:��H��5��;( PDF )��@<��P�� H#�Z��*��Z��!��H��%=C$�*(;

�V��0�<�� ;*�� 1!��"�#� �S*J��F��P��!�� <�� ='�A$�� <�� =I��0<�� <GO��>$�[;*R��R��;��F�M�"��\�,-Y��H-�$�)��A�!��<��T�G��

� "#�� %��'��(#!��)��*��+��

� �6)�?�;�%�-.��<��Y��&�I�]�#,�-

� ��V��0�<�� /�?��*I]�#.�/��-

� ��)� �V��0��;�%�-.��_�]�0��1�-

� ��G��!Y<��&�I�]�23 4��-

� ��!Y��G<��;�%�-.��<��4��0��*I��]�)� 5-

� ��*��;��!Y��!�<��1!��3

III

��66666666663 �7 ��7,��6666666666�8 5 v�

�66666666��*� vii

19�666� �� 1�

2��*��:"�# �� 1�

3��7;<, ��=3��!�� 2�

4��>�� 5�

5(��?��# 6�

1.5S�`�� 6�

2.5a�(*��X��9�1;�U*'$� 9�

3.5a�(*��X��%"��M;�)�� 10�

4.5a�(*��X��=�-!T� 11

5.5a�(*��X��%F?�� 12�

6.5a�(*��X��;��(�� 12�

6��<@�� 13�

1.6S�`�� 13�

2.6a�(*��<��"*�� 15�

3.6a/�b�� 18�

4.6:(��a�(*��@O$�c�@JT� 18�

5.6:(��a�(*��@O$�=�-!T� 20�

6.6a�(*��0T�:�d�T;�)��M;�)*�M�� 26�

1.6.6a�(*��0T�)*�M�� 26

2.6.6a�(*��0T�:�d�T;�)��M�� 27�

7.6a�(*��W��G��M�� 27�

8.6a�(*�� 28�

7A�*� ��*5��$�B�� 28�

1.7S�`�� 28�

2.7��YJO��%�� 30�

3.7%��I��;�� 30�

4.7a�(*��6��C;��0(*��P��*T;�H��6��C;�5�<�� 33�

5.7�I!��,T;�") �6"�-��4<��1��,�� 37�

6.7��(*��5��0T�� 37�


�;��$2002:19011�+6*��2�

IV

� Contents Page

Foreword .......................................................................................................��.........................�.....��...... iv

Introduction...............................................................................................................��.............�.............. vii

1 Scope...............................................................................................................................��.......�... 1

2 Normative references....................................................................................��...................�.......... 1

3 Terms and definitions ........................................................................................................��............ 2

4 Principles of auditing...................................................................................................... �� ............ 5

5 Managing an audit programme.......................................................................................�.��.............. 6

5.1 General .............................................................................................................................�..��............... 6

5.2 Audit programme objectives and extent..................................................................�.......��.........9

5.3 Audit programme responsibilities, resources and procedures………………………………………10

5.4 Audit programme implementation................................................................................. �� ..�.�.�...... 11

5.5 Audit programme records ...................................................��...................................�.�.....��.��.... 12

5.6 Audit programme monitoring and reviewing ....................................................................��...�..�.��.. 12

6 Audit activities......................................................................................................................��.... �� ...... 13

6.1 General ...................................................................................................................................��........... 13

6.2 Initiating the audit ....................................................................................................................��....... 15

6.3 Conducting document review.......................................................................................................�.... 18

6.4 Preparing for the on-site audit activities .....................................................................................��... 18

6.5 Conducting on-site audit activities ................................................................................................... 18

6.6 Preparing, approving and distributing the audit report .................................................................. 20

6.6.1 Preparing the audit report .............................................................................................................�.... 26

6.6.2 Approving and distributing the audit report................................................................................�..... 26

6.7 Completing the audit.....................................................................................................................��..... 27

6.8 Conducting audit follow-up...........................................................................................................�..... 27

7 Competence and evaluation of auditors.....................................................................................��... 28

7.1 General .........................................................................................................................................��...... 28

7.2 Personal attributes.......................................................................................................................��...... 30

7.3 Knowledge and skills.................................................................................................................��....... 30

7.4 Education, work experience, auditor training and audit experience .............................................. 33

7.5 Maintenance and improvement of competence.......................................................................�......... 37

7.6 Auditor evaluation......................................................................................................................�......... 37

��

�6*��7�Certified translation

© ISO19011: 2002�8�-,��9�0,��:��

�;��$2002:19011�+6*��2�

V

��666�8 5��

�� !��"�#$��%�%�&��' �%��(�)*��+,-�

��+��)�. ��/0�1��2��3��"�+4�!��'��5��6&��.��78��9��/��1:��)8��8�1��!

!�:��"��;��<��$�!=!��0��;>�?@(�2��'��$��!5&��AB��!5&��"�#$��8��:��C;��DE�?��

��-��F/��G��A$5��. ��H��6I��5?-��8��:��J��A$5��3��<!��-�� :��K�L��H�'�

��1��M�1��E%�,��1��N��.��O��$ ��P !,��!� ��3��"�+4�!��"�%!L��%��(�2��

��A$5��. �� (ISO/IEC Directives )'�

"�%!L��QR!��M�$ ��S�!,� �� 8� O ��+�� )�. �� ;��:�� 3�� "�+4�!��G�E��4(�� HT �U V��

��!��%��3�F��+4�!�M��+4�!��WX�Y"�!4��1��F��O �'�

��Z��AT��6&��:=�0�)!5��F��3��+4�!��[C;�A4��\ :-�)8�O�(�[!�@�)8�%!@��&��1��]L��AB��)8� (

_!�&��[C;��M��8�\ :-'�

��8�1�� E��4 ��C;19001��8�1��/M��&��1990: 1-10011�,��8�1991: 2-10011�,��8��1991: 3-10011�,��8�1996:14010 �,��8�1996:14011 �,��8�.1996:14012 �

�;��$2002:19011�+6*��2�

�6*��7�Certified translation © ISO19011: 20029�0,��:��8�-,��

VI

Foreword

ISO (the International Organization for Standardization)is a worldwide federation of national standards bodies (ISO

member bodies ).T he work of preparing Inter national Standards is normally carried out through ISO technical

committees. Each member body interested in a subject for which a technical committee has been established has

the right to be represented on that committee. International organizations, governmental and non-governmental, in

liaison with I SO, also take par t in the work. ISO collaborates closely with t he International Electrotechnical

Commission (IEC)on all matters of electrotechnical standardization.

International standards are drafted in accordance with the rules given in the ISO/IEC Directives ,part 3.

The main task of technical committees is to prepare International Standards�.Draft Inter national Standards

accepted by the technical committees are circulated to t he m ember bodies f or voting .Publication as an

International Standard requires approval by at least 75 %of the members casting a vote.

Attention is drawn to the possibility that some of the elements of this International Standard may be the subject of

patent rights .ISO shall not be held responsible for identifying any or all such patent rights.


�;��$2002:19011�+6*��2�

VII

��*��

��8�"�+4�!�� L 3��M]�abbb �G��8cdbbb�6F��;8�O ��G��3�L��:+��C+��1��6�&��4A ��ZE�% ��"��%8��<eM

��Z%!.��f3��8�Ze?��#T��3��'��-�V��2��V?@8�1��O3�38��J�6F��)8��M�G��g�� L 3��TF�A��2��8�"�%�$?��h��

�%�� '�

�

�6F��i��@A-�ZE�% �"�$J!��+4�!��[C;�j��G�Z%!.��ZE�%(�2�@�O ��JE�k�� 0��6F��"� ��C+��f�ZE�%(

T��#�'�1�F��2��Z��+M�)e?-�"�$J!��j��M�'�1��k�L��1��!��!�.��6TV� ��&��4�)!5��)8��$��l�$��G��g

�1�F��G��Z%!.��ZE�%(�2�@�6TV��O��"m?��f��#T��ZE�%(�2�@��8�G��Z%!.��ZE�%(�2�@�6F��n��&��O��"m?��f�ZE�%(�2�@��8

T��F�:��o�T3��#�G��;e�-��:��"m?��f�1�F��U�E�� G�ZE�% ��2��-�V��"�%�$p�h��-��.L�-��,�k��"m?��

��-�V��2��.��O��3��"�+4�!��E��4(��8�%��

�

��@�A��-��+4�!��[C;�"�$J!��2L��G8�q ��-�H=�!��Z��O��h��3��2.&��T �r �k��)8�15��"�$J!��[C;�j��k�3(�)

�6F�� :=�k��Ze?��:��JE%��:T ��G��;>�AJ(�%�A��6F��"� ��.��l��;��CM��'�

�

�Z%�&��"��!=!��O �� 8�8��=(�"�$J!��V�(�2�3��+4�!��[C;��/0�G�� Z��L��ZE!4�O��';��G�ST�M

�H-A��0�%�G�ZAs,��"m?��O��+4�!��j��k�3(�2�%�!;�� "�$J!��t ��1��l�$��)!53�" �&��\ :-�O��'�

�

��T��2FE�4�6F��u%�T��r,��G��E�A=��O;��6F�� 3�3 ��:TV��1��O ��j�k�L��L��u%�T��[C;�%!�T ��

��5�G�6�G�7'��

��T��2FE�5�6F��i��A-�ZE�% �"�$J!��j��G��uA0��K�L��OVs��g�6F��i��A-�ZE�%(��!#L��&��G�i��@A-�l��;8�H=�

�6F��G�6F��V?@8�6L��G�6F��6�A+��5��%E�!��A�!��'�

�

��T��2FE�6"�$J!��j�� F��C+��-��4�0�Z%!.��ZE�%(�2�@�O ��6�f��#T��G6F��_A��E��0(�t�v�O��-�'�

�

��T��2FE�7�1�F��2�� r,��6F��O��;A�!��o! V��Z��+5��)e?-�"�$J!��j��'�

�

��Z%!.��ZE�% �1��@�6TV��<�O��f��#T��ZE�% ��8�G��:��G��+4�!��[C;�j�k�L��)*��ZE�%(�j��@�6F��O��A&��9��

��:��8��#T��ZE��j��@��Z%!.��'�

�;��$2002:19011�+6*��2�


VIII

Introduction The ISO 9000 and ISO 14000 series of International Standards emphasize the importance of audits as a management tool for monitoring and verifying the effective implementation of an organization's quality and/or environmental policy. Audits are also an essential part of conformity assessment activities such as external certification/registration and of supply chain evaluation and surveillance. This International Standard provides guidance on the management of audit programmes, the conduct of internal or external audits of quality and/or environmental management systems, as well as on the competence and evaluation of auditors. It is intended to apply to a broad range of potential users, including auditors, organizations implementing quality and/or environmental management systems, organizations needing to conduct audits of quality and/or environmental management systems for contractual reasons, and organizations involved in auditor certification or training, in certification/registration of management systems, in accreditation or in standardization in the area of conformity assessment. The guidance in this International Standard is intended to be flexible. As indicated at various points in the text, the use of these guidelines can differ according to the size, nature and complexity of the organizations to be audited, as well as the objectives and scopes of the audits to be conducted. Throughout this International Standard, supplementary guidance or examples on specific topics are provided in the form of practical help in boxed text. In some instances, this is intended to support the use of this International Standard in small organizations. Clause 4 describes the principles of auditing. These principles help the user to appreciate the essential nature of auditing and they are a necessary prelude to clauses 5, 6 and 7. Clause 5 provides guidance on managing audit programmes and covers such issues as assigning responsibility for managing audit programmes, establishing the audit programme objectives, coordinating auditing activities and providing sufficient audit team resources. Clause 6 provides guidance on conducting audits of quality and/or environmental management systems, including the selection of audit teams. Clause 7 provides guidance on the competence needed by an auditor and describes a process for evaluating auditors. Where quality and environmental management systems are implemented together, it is at the discretion of the user of this International Standard as to whether the quality management system and environmental management system audits are conducted separately or together. Although this International Standard is applicable to the auditing of quality and/or environmental management systems, the user can consider adapting or extending the guidance provided herein to apply to other types of audits, including other management system audits. This International Standard provides only guidance, however, users can apply this to develop their own audit related requirements. In addition, any other individual or organization with an interest in monitoring conformance to requirements, such as product specifications or laws and regulations, may find the guidance in this International Standard useful.

�;��$2002:19011�+6*��2�

1

ISO 19011:2002(E/Ar) INTERNATIONAL STANDARDS ��

Guidelines for quality and/or environmental management systems�auditing 1 Scope This International Standard provides guidance on the principles of auditing, managing audit programmes,� conducting quality management system audits and environmental management system audits, as well as guidance� on the competence of quality and environmental management system auditors. It is applicable to all organizations needing to conduct internal or external audits of quality and/or environmental�management systems or to manage an audit programme. The application of this International Standard to other types of audit is possible in principle, provided that special� consideration is paid to identifying the competence needed by the audit team members in such cases. 2 Normative references The following normative documents contain provisions which, through references in this text, constitute provisions� of this International�Standard. For dated references, subsequent amendments to, or revisions of, any of these�publications do not apply. However, parties to agreements based on this International Standard are encouraged to� investigate the possibility of applying the most recent edition of the normative documents indicated below. For� undated references, the latest edition of the normative document referred to apply. Members of ISO and IEC� maintain registers of currently valid International Standards. ISO 9000:2000, Quality management systems — Fundamentals and vocabulary ISO 14050:2002, Environmental management — Vocabulary

��

�� !��"��

�� !�� "��#$�%&��'�!�%��(��%&��'�)*+��,�)*+

��-��%&��'�!�)*+��%��.�/01$�� 234�� .�%��(��%&��'�,��-��5�

��

��6 7�� 7$�� # 8� 9� :�� ;1<�� =>$�� %��(�� %&��'�)*+� �7?� � &�@� �4� �7@�� ,�%&��8� �4� �-��

��"��+#$��

�� A��#@4�B��+��7?��6��A>�3�!�A�� 4�� C�D� !�� $�76�� %��>�� 3�: $� �� 8�� E#1$��3#��2?4�� !�F�:��G7��=H��5�

2��#��$%�&"��

�IJ@�A��=H��K�# L��7?�� M #��N�O�� :��K�# L��!P <��Q��'�%&�L8��DJ��M �#��4�J3�M ��/��@&R��S �#�7��T<��$�=2U��A��G�V�S��!��6��) 3�F��&��8��A��WX

��'� QMT�� 7?� �M�(�� Y�#KZ�M$��'�&�1��O��A��&��'�[�D4��6��5�

��

�

�%�� M�� # ��\�Certified translation © ISO19011: 2002�]��:�� :��S��

2

3 Terms and definitions For the purposes of this International Standard,�the terms and definitions given in ISO 9000 and ISO 14050 apply,�unless superseded by the terms and definitions given below.�A term in a definition or note which is defined elsewhere in this clause is indicated by boldface followed by its entry�number in parentheses.� Such a boldface term may be replaced in the definition by its complete definition. 3.1 Audit systematic,� independent and documented process f or obtaining audit evidence (3.3)and e valuating it objectively� to determine the extent to which the audit criteria (3.2)are fulfilled. NOTE 1 Internal audits� ,sometimes called first-party audits� ,are conducted by ,or on behalf of,�the organization itself for�management review and other internal purposes,�and may form the basis for an organization's self-declaration of conformity.� In�many cases,�particularly in smaller organizations,� independence can be demonstrated by the freedom from responsibility for the�activity being audited. NOTE 2 External audits include those generally termed second- and third-party audits. Second-party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations, such as those providing registration or certification of conformity to the requirements of ISO 9001 or ISO 14001. NOTE 3 When a quality management system and an environmental management system are audited together, this is termed a combined audit. NOTE 4 When two or more auditing organizations cooperate to audit a single auditee (3.7), this is termed a joint audit.

'��()*+"��,-��.��

��_ T��:76 ��a3&�M �� b34� ��cddd� �b34� ��efdgd�� 7?� ��6�� !��X��:76 ��&��M��$�h�� '� �V'�F'

��M$��#.V�5��a3#M�� *DJ��4�i76 ��j��$�#@k�Sl��!b��)��>��Y#D0$�� ?��6$��

� !� A�� A�$� =�(T �� )�#$� �?�� 5�i76 �� G�V� a3#M �� m�� '� A>�3� �>�� Y#D0$� B��6��!

m��=��>��a3#M ��$5��

1.3 ��

��(�<��7�?��!��7� T��!��O��!��7?�I�`:7��#(�

�� =��n3.3�o��3�: ��?�l��3#6$�m�� &��M�� '�n2.3o��

��*DJ�1�p� ��7@�� !��+��D4�m�7?��763��

� I�U�� Y#6�� !��T�+� %01<�� 6��$� ��<�� ) 3� !�A�� 4��<?�j�<3�!��7@��q �#r4��34��4�%&��8��M �#��q #s$��#@4�5��A?��T�<$�%01<��A7M��/U��/�>3�/4t�(3��$�6��m�� 5�� %#�H.� F�D� ��u�;1<�� @�� %#�s ��u��-T��$� ��b �8�� M$� IJ� �8�� /��$� A>�3�

�m��#(3��E�1<��A?5��

� �*DJ�2p� �� 7�?�� &�_�� =�13

��7?��763�!��?�!��Y#6��+�H��Y#6��

��:7 ��Y�#K4�� &�_�� # v$��3��!�C��H��

� %01<�� !� AN�$b�� =H�� !�)�+�7H�3� A3#@k�w�_L4� �4

�)�7H�5 �� &�@��*<�� 3#( �C��H��Y#6�� 4

� �� ``_ �� 7� T�� !�i<�� -�� =H�

76 �� $�6�� %��L� �b34� �� cdde��b34� �4�

efdde5�

� �*DJ�3� p��%��(�� %&��'� ��*+� �7?� �� # '� �<?

��M��-��%&��'��!S�(�� T3�� /v

�

��*DJ�4�p��# '��#H.4��4�/��01<��/��M ��<?

�%�D�� 7?�!��(��n7.3�o��!��7�?�/v

�� x# 1�� 7?��763��5

�

��b342002:19011�n%�� M�� # ��o�


3

3.2 audit criteria set of policies, procedures or requirements NOTE Audit criteria are used as a reference against which audit evidence (3.3) is compared. 3.3 audit evidence records, statements of fact or other information, which are relevant to the audit criteria (3.2) and verifiable NOTE Audit evidence may be qualitative or quantitative. 3.4 audit findings results of the evaluation of the collected audit evidence (3.3) against audit criteria (3.2) NOTE Audit findings can indicate either conformity or nonconformity with audit criteria or opportunities for improvement. 3.5 audit conclusion outcome of an audit (3.1), provided by the audit team (3.9) after consideration of the audit objectives and all audit findings (3.4) 3.6 audit client organization or person requesting an audit (3.1) NOTE :The audit client may be the auditee (3.7) or any other organization which has the regulatory or contractual right to request an audit. 3.7 auditee organization being audited 3.8 auditor person with the competence (3.14) to conduct an audit (3.1)

/0' ��&�-�.��

��76 ��4��# 8��T��A��?��(��Q��

��yy*DJ�p =��+&��<?�S #�.�� #�3�M��_ ��<�� 3.3�5�

'0'

�1�2&3�45��6��7M �� #@U��7M��N��:��J(T��Q�

�<��: ��A>�3�� #��?��$��.��

�yy*DJ��7��.��4��.�/�>3�/4�A>��A�� =��n��?�+o�

80' ��9:��

�=��+&��<?��7?�I�`:��)�� "N� +�Q�� n3.3�o�� #�3�M��S��n2.3�o��

��yy*DJ��7��'�� "N� +�#�1��/4�A>��A��4��$�6 ��6 ��?�w#�� 4�� #�3�M��S��$��#3�6 7��

5.3 ��

��;<�� 7�?�A?�" +��n1.3�o��3#��$��

�� n9.3�o��=.�� Y��4�&�� ?8��Sl��M$�� "��+n4.3�o��

6.3��

=��>�� z763��P _1��4�%01<��n 1.3�o��

��yy*DJ�p �� =��?�/�>3�/4�A>��A��m�7?�(7.3)��+�+��`��4��:��#@4�� W4��4��

�� 7�?�z76��

7.3��?�)@��"��

) 3�� %01<��Q��7?��

A0'��"��

��%��>��m3��P _1��n14.3�o�� 7�M$��7�n1.3o��


��b342002:19011�n%�� M�� # ��o�

4

3.9 audit team one or more auditors (3.8) conducting an audit (3.1), supported if needed by technical experts (3.10) NOTE 1 One auditor of the audit team is appointed as the audit team leader. NOTE 2 The audit team may include auditors-in-training. 3.10 technical expert person who provides specific knowledge or expertise to the audit team (3.9) NOTE 1 Specific knowledge or expertise is that which relates to the organization, the process or activity to be audited, or language or culture. NOTE 2 A technical expert does not act as an auditor (3.8) in the audit team. 3.11 audit programme set of one or more audits (3.1) planned for a specific time frame and directed towards a specific purpose NOTE An audit programme includes all activities necessary for planning, organizing and conducting the audits. 3.12 audit plan description of the activities and arrangements for an audit (3.1) 3.13 audit scope extent and boundaries of an audit (3.1) NOTE The audit scope generally includes a description of the physical locations, organizational units, activities and processes, as well as the time period covered.

9.3��-&B��

� A�� %�?� �4� �D�� '� ��n8.3� o��7�M$� ��7�� n1.3� o�� :��h?�� V'�)��?�3�u�A��<� ��#�@�

n10.3o��

��1��

�� 2� �� !�� "#� �$ �� %&�

��

� � � � � � �� '( &��'�)*�+#��, ��-.��/ 0!��12�

��1�� 32�'( & ��'�)0��+#�� 4�(15� ��

6��+#�� +#�'7!6 ��4��8��-�9��-.��:�!��;��+#��<��+#�=�� >�

��2�� 6��)0�� [email protected]�A��

�� .��

�

11.3��

�� 1 9�� 32 � @1.3� A�� ;#� +#��( &��B 2�1&C�( &��6�D�E�FG��8H�H0��

�� I��C�4�� !��D��H!CJ��

�� .��6��6�+�K�H0��>��

12.3��

�� L�)��+��H!C#��$��MN+�12�@1.3�A��

13.3��

�� (+ �+�- ��@ 1.3��A��

��MN+�� O�9�� !��54 ��P��L�� +��H!CJ�+�'7!6 ��L� �++��QR�4

��<�S ��6�T��'��G� �

��b342002:19011�n%�� M�� # ��o�

�%�� M�� # ��\�Certified translation © ISO19011: 2002�� ]��:�� :��S

5

3.14 competence demonstrated� personal� attributes and demonstrated ability to apply knowledge and skills 4 Principles of auditing Auditing is characterized by reliance on a number of principles. These make the audit an effective and reliable tool in support of management policies and controls ,providing information on which an organization can act to improve its performance. Adherence to these principles is a prerequisite f or providing audit conclusions that are relevant and sufficient an d f or enabling auditors working in dependently from one another to reach similar conclusions in similar circumstances. The following principles relate to auditors. a)Ethical conduct: the foundation of professionalism Trust, integrity, confidentiality and discretion are essential to auditing. b)Fair presentation :the obligation to report truthfully and accurately Audit findings ,audit conclusions an d audit reports reflect truthfully and accurately t he audit activities. Significant obstacles encountered during the audit and unresolved diverging opinions between the audit team and the auditee are reported. c)Due professional care :the application of diligence and judgement in auditing Auditors exercise care in accordance with the importance of the t ask they perform and the confidence placed in them by audit clients and other interested parties. Having the necessary competence is an important factor. Further principles relate to the audit, which is by definition independent and systematic.

14.3��

��&Q�1�� 'E � ��+� 'T� �� 50!�� L��5�� 32L�E�8 ��+�� )H��>

�� 4�� !� ��

�� U(�) ��1 9��V(� ��W4�� T� �� X��X��(��8��(� ��R��$ ��'�(#�=��9�

'E�(R��4��E+��86$ ��L��1�� 4�'7!6 ��(� �G+� ��8��(#��S&�� .��

�� )��V��1�� 4?�:�Y�12�U(�) ��Z��4�ZS ��"G�� $ ��Z�.+��N�L�[�� I��C�\�6��O1N1��*]��S��86�� .��

�!� ��B+��L��6�XR��84. �

�"1�� 8�� "#�_9��]��U(�) ��

�#`��"��#$��%�&��'�68 ��a�X#�12+. ��X�X#�L��N�32�"� �$��+��S��+��2�T6��+��;��

��

b`��!�(�) �('��(+��C��74��E�� 4�,�T��R��"#�_9�� E��+��N�*+�I��C�"G�&4�\$�

�� c�� "#� �c�#� _9�+� �� H!C#� ��(+�L?��Z�.+�� d�6e#�L�8f��S��L�)��89��+�� 4��6��L�8 +�B��*G

��8��

� ��*+� ,�+�-.� �/�� 6�� S�+� (�8�R�� d�� G�

�� O.)�� "#� _9��g�� _X�6�� -.�� ,� �2R�� "1�� 8�� 8�Q+� �� ;��+� �8��G� ��11 �� 8 �� 2�

� -�*J�� 6� �� B��FJ�+� �� d� �h�g� ��+��U(�)�� i�62+� ( 5�� .2� �� 2� �� 'd��$��4

�32+�?G�� -�*#��986 ��+��XR��

�%�� M�� # ��\�Certified translation © ISO19011: 2002�:�� :��S�� ]�

��b342002:19011�n%�� M�� # ��o�

6

d)Independence: the basis for the impartiality of the audit and objectivity of the audit conclusions Auditors are independent of the activity being audited and are free from bias and conflict of interest. Auditors maintain an objective state of mind throughout the audit process to ensure that the audit findings and conclusions will be based only on the audit evidence. e)Evidence-based approach: the rational method for reaching reliable and reproducible audit conclusions in a�systematic audit process Audit evidence is verifiable. It is based on samples of the information available, since an audit is conducted� during a finite period of time and with finite resources. The appropriate use of sampling is closely related to the�confidence that can be placed in the audit conclusions. The guidance given in the remaining clauses of this International Standard is based on the principles set out above. 5 Managing an audit programme 5.1 General An audit programme may include on e or m ore audits, depending up on the size, nature and complexity of the organization to be audited. These audits may have a variety of objectives and m ay also include joint or combined audits (see Notes 3 and 4 to the definition of audit in 3.1). An audit programme also includes al l activities necessary f or planning and organizing the types and number of audits, and for providing resources to conduct them effectively and efficiently within the specified time frames. An organization may establish more than one audit programme.� The organization’s top management should grant the authority for managing the audit programme.�Those assigned the responsibility for managing the audit programme should a)establish, implement, monitor, review and improve the audit programme, and b)identify the necessary resources and ensure they are provided. Figure 1: illustrates the process flow for the management of an audit programme.

(`�� "#�0.� '��1Q1�+� D��&CR�� , �� a�X#� 32�� I��C�

�� d�6e#�� S��"1�� "1$��"#�_9��j��5 �� k��N�� 4+h�"1�� l��&��"#� _9�+

�� d�6e#�=C1$�S��.��1Q1 ��K0��j��5 �� k��N� �� 4+h��l��&�� "?� _9�+�

�d�6e#� =C1$�S�� .�� 1Q1 �� K0�� "1�� %�64� ��L��6�XR�+��I��6��"#�� 7��

�� (��K��>� �

�21�!2� �34� �� +� 56302�� ;�?�� b1�XJ�� 12��8�� &�&N�L��6�XG��G�O1N1��j�&5��+

��H6 �� _9��8��)H��8S�� (#�"1$��"#��>�"#�m��+

� ��"#�_9��38��'( &��E(�5�+�%�14�,T�� L��1�� L�6��>��;�J��,� 0�XR��"G

�L��6�XG��8)S�$��;��4�'��)��E 4�K)��L�6�� >�

��L��'(1 1 ��L�(�YER��"G��N�1 ��V.8��)��'E1. ��U(�) �� + ��X��>��

5��7!8��

��

��9 ,�:::4��

��;#�+#� ��+�� I��C�4�� c��"#��$ ��&�+� ��)F+��9�� Z�[� ��+� �� L��

��8�� '7!6 ��h�� c��"#��$ �+��L�� c�#�� !��"#��$ �+�B� 2J��

��!�� @�� C#3�,�4�� M��1.3A��

� g� � �c�#� �� I��C�4� � !�+��D�� H!CJ��(E�1 �� 1�+� L�� (� �#+� k�1C#� ��6�+� K�H0��

�( & ��%�1��E�FG��E� ��G+�'d��$4��2d�� R>�� I��C�4��;#�d�!CW4�'7!6 ��,1��"#��$ ��+�'E�(R� �H�S��'7!6 ��'E�(R��H�� "#� _9�+� h

�.��d?n2��_9�+�h�� I��C�4�'E�(W4�"1�1��]��'�� 4�� I��C�4��

��

� #o�I��C�4� ��1H�+� ��+� �)��+� .��6�+� d�!CG��

�

b`��2��1�� 7��D��D��(E�1 �� &��

��E��$!��jQ1�+@1�A�� I��C�4�'E�(G�� E�S��

��b342002:19011�n%�� M�� # ��o�


7

�&��34��$ (1.5)

Authority for the audit programme

(1.5)

��9��&3�C��D(E ( 6.5 )��<��

Improving the audit

Programme (5.6)

C�#�"��#E��F�G ( 7 ) �<��

Competence and Evaluation

(clause)

��9��&3�$H� ��Established the audit programme ��

( 3.5 , 2.5 ) �� ( 3.5 , 2.5 )��-��Y��U - Objectives and extent

�- ��-T��- responsibilities �- ��&��- resources �- ��# 8�- procedures

��#��*I�� ( 6 )��<��

��9��&3�J�KE ��Implementing the audit programme�

( 3.5 , 2.5 )��( 3.5 , 2.5 )��-�� 6@ - scheduling audits

�- A��)��- evaluating auditors

�- �� 3#�&�� @'- selecting audit teams �- �� 61+4�m� ��- directing audit activities

�\�� "N� +�=�(T�� - marinating records

��.%�&��&� �Monitoring and reviewing the��9��&3audit programme �

�� ( 3.5 , 2.5 )�� ( 3.5 , 2.5 )�

�-��#��M �#��- monitoring and reviewing �

�-I�MU��9�� D8��3�:� �- identifying needs for

corrective��N��:�: ��and preventive actions �

�\A�T: ��w#��3�:�� - identifying opportunities �

�

��b342002:19011�n%�� M�� # ��o�


8

Figure 1 —Illustration of the process flow for the management of an audit programme NOTE 1 Figure 1 also illustrates the application of the Plan-Do-Check-Act methodology in this International Standard. NOTE 2 The numbers in this and all subsequent figures refer to the relevant clauses of this International Standard.� If an organization to be audited operates both quality management and environmental management systems,� combined audits may be included in t he audit programme. In such a case, special attention should be p aid to the�competence of the audit team.�Two or more auditing organizations may cooperate, as part of their audit programmes, to conduct a joint audit. In�such a case, special attention should b e pa id to the division of responsibilities, the provision of any additional� resources, the competence of the audit team and the appropriate procedures. Agreement on these should be� reached before the audit commences. Practical help —Examples of audit

programmes

Examples of audit programmes include the

following:

a)a series of internal audits covering an

organization-wide quality management system for

the current year;

b)second-party management system audits of

potential suppliers of critical products to be

conducted within 6 months;

c)certification/registration and surveillance audits

conducted by a third party certification/registration

body on an environmental management system

within a time period a greed contractually

between the certification body and the client.

An audit programme also includes appropriate

planning, the provision of resources and the

establishment of procedures to conduct audits

within the programme.

��5LI��1M��9��&3��)"@��D��

�)�&��*DJ�1��p�=>1��il�3n1�o��6��.��234��4��n�p�{6@u��+�\��:��\�=�?4��o��M��

�)�&��*DJ� 2�p�� #@U��I�>LU��&U�

��$��7 ��V��<��'�#�1��"��+#$��#H.4� �4� /� -��/��M ��/4� �A>��A��)�T� $� �� 8�� z(3� ��:�� G7�� x# 1�� D��3#� %��.�� l'� �&�� W0$� ��8�� -T��

� ��<�� # 8�� 5� ��8� =�� z(3�� $�=��E��<��G7��I�D5�

��

�D��)"@��@N��9��&��)O��

��X��7?�� "��#$��7H�4�A�2 �p

�

� 4u��*+4� ��6s $� �� 7@�� 7�?�A�� ?�

��:��M��%01<�7��M��%��(��%&��'

�

j\��&��7�� +�H�� Y#67�� %&��'� ��*+4� �� 7�?�

@��<��) 3�� #:��SN�2�7��=� :��#�L4�� IJ.�

y \A?�) 3�� #��=�(T ��1��6?'��

) 3�h��-��%&��'��*+4�I�D�C��O�Y#K��3#K��

�=��M��1��i<�� (��A�$�m�7?� ��8��5�

�z��<�� {�6_ �� 7?� �234� �� "��+#$� =�13�

) 3� � �� # 8�� =�?�� &��$� ��8�� +��

"��+#��5�

��

��b342002:19011�n%�� M�� # ��o�

�%�� M�� # ��\�Certified translation © ISO19011: 2002��]��:�� :��S��

9

5.2 Audit programme objectives and extent 5.2.1 Objectives of an audit programme

Objectives should be established for an audit

programme, to direct the planning and conduct of

audits. These objectives can be based on

consideration of:

a) management priorities,

b) commercial intentions,

c) management system requirements,

d)statutory, regulatory and contractual

requirements,

e) need for supplier evaluation,

f) customer requirements,

g) needs of other interested parties, and

h) risks to the organization.

Practical help — Examples of audit

programme objectives

Examples of audit programme objectives include

the following:

a) to meet requirements for certification to a

management system standard;

b) to verify conformance with contractual

requirements;

c) to obtain and maintain confidence in the

capability of a supplier;

d) to contribute to the improvement of the

management system.

2.5��9��&3�P��Q��2�� 1.2.5��9��&3�Q��2��

�m� � �� G�V�� "��+#$� �� Y��U�� 3�:�� z(3

7�?��# '��{�6_ ��

��X��&�� ?8��7?�Y��F�� M��p�

�4u�%&��8��3��4��

j\��3&�( ��3��<��

y \�%&��8��*+4��76 ��

��u��3��M ��*< ��+�+��76 ��

y�\��&��)�� 9�� D8��

�\=��M��76 ��

t\��<M��Y�#KF��i��`�� D'��

|\��%01<�7��#K�_��.

��3+4��4�;�<��%�-2��3=�>��

��]�� I��C�4�B� 2#��;�#�� c��

�

�#o�L��N�1 �� CJ�L�(�8!��d�H�G�L��W4�d��1��

��X��

b` ��L�)�H��g��4�H��&��

��

�`�'E ��;��p��&��+��O15&��(E1 ��

�

�2`�'E�(R�� C#��S&�� 2�S ��


��b342002:19011�n%�� M�� # ��o�

10

5.2.2 Extent of an audit programme The extent of an audit programme can vary and will be influenced by the size, nature and complexity of the� organization to be audited, as well as by the following: a) the scope, objective and duration of each audit to be conducted; b) the frequency of audits to be conducted; c) the number, importance, complexity, similarity and locations of the activities to be audited; d) standards, statutory, regulatory and contractual requirements and other audit criteria; e) the need for accreditation or registration/certification; f) conclusions of previous audits or results of a previous audit programme review; g) any language, cultural and social issues; h) the concerns of interested parties; i) significant changes to an organization or its operations. 5.3 Audit programme responsibilities, resources and procedures 5.3.1 Audit programme responsibilities The responsibility for managing an audit programme should be assigned to one or more individuals with a general�understanding of audit principles, of the competence of auditors and the application of audit techniques. They�should have management skills as well as technical and business understanding relevant to the activities to be� audited.�Those assigned the responsibility for managing the audit programme should a) establish the objectives and extent of the audit programme, b) establish the responsibilities and procedures, and ensure resources are provided, c) ensure the implementation of the audit programme, d) ensure that appropriate audit programme records are maintained, and e) monitor, review and improve the audit programme.

2.2.5��9��&3�P�� a7 _3)(D��7?��<$�� "��+#$�� M��K� �� &��

M��#(3�� %01<��! ��X��7?��<$��234�p��4�o��<��) �� M �#��%��Y��I�(�5��j� o�1 �� &�� 4� ��M�� &�� 4�� ?�S��m$

��) �� 61+U�5�� 9� o��4� ��*< �� 4� ��+�+�� 76 �� 4� ��

�� 7��#@4�#�3�M��34��3��M �� o� �� ?'� %��L� �7?� I�`:�� '� � �:�� ,��$�6�

��5�� o�"��+#$��M �#��"N� +��4� ��$�T�� < �'

�$��5�� o��4� ��O� �D��+� �4� �s7��$� ��7M �� ?�l�� 34

��?�� '5��t�o��<M��Y�#KU�� '5��|� o�� 4�%01<�7��*< ��=>�� J3�M ��

��7�?5� �3.5 �9��&3� RB� ��F�&%�� "�� D"��

1.3.5 �� D"��9��&3�RB� ��#H.4�4�P _1�� "��#$�%&��'��-T��6?'�z(3�!��# '� #K��A��%��.�� ?�)��m3��

�� D��<��)��%&��8��&��)�3��#� ��/4�z(3��) �� 61+U�$��7M ��3&��8��<��

��-T�$�/��7>3�A3��G-��4��"��+#$�%&��'�� !��s�<3��X��=�?�)��7?�p�

��4\�� Y��4��3�:� ��j\��#��A��.0 ��z��U��Sl��-T��3�:�

��&�� 9\�� "��+#$��<��A��.0 �� \��"��+#��<��J�(T ��?'�)��m+4�A��.0 ��

�� y�\�"��+#$�A�T:��M �#��#��

��b342002:19011�n%�� M�� # ��o�


11

5.3.2 Audit programme resources When identifying resources for the audit programme, consideration should be given to a) financial resources necessary to develop, implement, manage and improve audit activities, b) audit techniques, c) processes to achieve and maintain the competence of auditors, and to improve auditor performance, d) the availability of auditors and technical experts having competence appropriate to the particular audit�programme objectives, e) the extent of the audit programme, and f) traveling� time, accommodation and other auditing needs. 5.3.3 Audit programme procedures Audit programme procedures should address the following: a) planning and scheduling audits; b) assuring the competence of auditors and audit team leaders; c) selecting appropriate audit teams and assigning their roles and responsibilities; d) conducting audits; e) conducting audit follow-up, if applicable; f) maintaining audit programme records; g) monitoring the performance and effectiveness of the audit programme; h) reporting to top management on the overall achievements of the audit programme. For smaller organizations, the activities above can be addressed in a single procedure. 5.4 Audit programme implementation The implementation of an audit programme should address the following: a) communicating the audit programme to�relevant parties; b) coordinating and scheduling audits and other activities relevant to the audit programme; c) establishing and maintaining a process for the evaluation of the auditors and their continual professional� development, in accordance with respectively 7.6 and 7.5;

/0'0S��9��&3�RB�� "�� "��+#��$�76��&��3�:��<?�!�%�?�#��z(3

��X�p�4�\��A�T:��%&��'��<��?8��tJ�� &��

�� 61+4�j�\�� <�� y \�tJ�� 7�M��A�� %��.� ��: ��

�)�N��4�A�T:��7?�*�:�� \�%��>�� )�3�� A3�� A��<�� #�_�� A��#��

��:�� "��+#$�Y��U��<�� y�\�� I�(��5�� \�� 7�M��#@U�� D8��8��#�T��%��

'0'0S��RB��F�&%��9��&3�� /�>��/4�z(3z��4�"��+#$�� }�� p��4u�� 7�?�� {�6_��j\��A��%��.��7?��.� ��%�� #��y \�&��U�� 3�:�� <�� #� &�� @'�

�)�<�$��-T��\�� 7�?��# '��y�\ ��# '��<>��/�.��V'��M$��\�� "��+#$�J(T$�~�� D8��t\�� "��+#$�%��.��4��#��|\��M��t�(+8��I�D��7M��%&��8��'�#3&�� )3��

�� "��+#��$�T�� 61+F��m� ��A>�3�%#�s ��%�1<�� D��

��D��# '��'��

4.5�9��&3�J�KE��}��m �� "��+#$��<��/�>3�/4�z(3�p�

�4u��<M��Y�#KU�$�� "��+#$�I�`�'�. ��j\��#@X��61+F�� 7�?�� T<��

�� "��+#�$��7M ��.� �y \�#3�6 ��A��#�7��)�� 7�?��7?�~��:��'�

<�7��K�)��<��5.7�,�6.7�� 7?�.��


��b342002:19011�n%�� M�� # ��o�

12

d) conducting audits; e) conducting audit follow-up, if applicable; f) maintaining audit programme records; g) monitoring the performance and effectiveness of the audit programme; h) reporting to top management on the overall achievements of the audit programme. For smaller organizations, the activities above can be addressed in a single procedure. 5.5 Audit programme records Records should be maintained to demonstrate the implementation of the audit programme and should include the�following: a) records related to individual audits, such as

- audit plans, - audit reports, - nonconformity reports, - corrective and preventive action�reports, and - audit follow-up reports, if applicable; b) results of audit programme review; c) records related to audit personnel covering subjects such as - auditor competence and performance evaluation,

- audit team selection, and - maintenance and improvement of competence. Records should be retained and suitably safeguarded. 5.6 Audit programme monitoring and reviewing The implementation of the audit programme should be monitored and, at appropriate intervals, reviewed to assess� whether its objectives have been met and to identify opportunities for�improvement. The results should be reported� to top management. Performance indicators should be used to monitor characteristics such as - the ability of the audit teams to implement the audit plan,

- conformity with audit programmes and schedules, and - feedback from audit clients, auditees and auditors.

�\�� 7�?��# '��5�y�\�<>��/�.��V'��M$� ��# '��5��\�� "��+#$�J(T$�~�� D8��5�t\�� "��+#$�%��.��4��#��5��|\��M��t�(+8��I�D��7M��%&��8��'�#3&�� )3��

�� "��+#��5��m� ��A>�3�%#�s ��%�1<�� D��$�T�� 61+F�

�D��# '��'�5��

S0S��9��&3��;�� "��+#$��<��i�l� ��J(T��7?�~��:��z(3

��X��7?�� :3�/4�z(3��p��4u��#�� $��7M ��J(T��p�=H�� 6@ �� #3&�� $�6��?�#3&�� i�: ��I��?4�#3&��N��I��?F �<>��/�.��V'�� M$� ��#3&�� ju�� "��+#$�"N� +��y \��6s�� #0$� ��7M �� J(T��

�=H��?�l��p� ��U��)��A��%��.� �� #�&�� @'

�%��>��#3�6��7?�~��:��n��J(T��$�~�� D8��z(3�A�k�/�>�o5�

��

S0T��9��&3��.%�&��&��

��7?� m M �#�� "��+#$� ��<�� #�� z(3�m��4� ��:�� )�� <�� <�t� �#

� A�T: ��w#� �3�:�� !��'�"N� <�� )3�� s�<3��7M��%&��8��

�P N�`@� ��#�� U�� #LR�� _ �'� z(3�� 7�?�!�=H�p�

� �� 6@��<��7?�� 3#�%&�� I�� "��+#�$��b �8�� )�� A3�� #U�� AN�$t� A�� %��#�� 3�s ��

�A��)�7?�� # '5 �"��#$� �� U�� A�T:�� N�� :�: �� I�MZ�

��

��b342002:19011�n%�� M�� # ��o�

��%�� M�� # \�Certified translation © ISO19011: 2002�]��:�� :��S��

13

The audit programme review should consider, for example, a) results and trends from monitoring, b) conformity with procedures, c) evolving needs and expectations of interested parties, d) audit programme records, e) alternative or new auditing practices, and f) consistency in performance between audit teams in similar situations. Results of audit programme reviews can lead to corrective and preventive actions and the improvement of the audit programme. 6 Audit activities 6.1 General This clause contains guidance on planning and conducting audit activities as part of an audit programme. Figure 2� provides an overview of typical audit activities. The extent to which the provisions of this clause are applicable� depends on the scope and complexity of the specific audit and the intended use of the audit conclusions.

� �?�#�� /4� z(3� �� "��+#$� �7?� �M �#�� !��7?��73��!�I�H��=��p�

�4�o��(�'��#��"N� +��j�oz��U�$��b �8��9�o��<M��Y�#KZ��%#�s ��M�� D8�5��o�� "��+#$�J�(T��o�� # '��73��4�%�3�(��&��o��$�1 ��a�� #�A�$��U�� T�'�

��R�� /4� A>�3� �� "��#$� �7?� �M �#�� "N� <�"��#$� �� U�� A�T:�� N�� :�: �� I�MZ�

�� T��*I��

1.6U�VVV@� ��61+4� ��<�� {�6_ �� 7?� �<�� :3

� �6M3�� "��+#$� A�� b(.� �� n� =>1��2�o�� E�#L��6�� M3�� 7�� 6�<�� 61+Z�� 3�&

��7?�� 7�?��M�� &��I�(��7?��<��q #s�� "N� +��_ �'�A��

�


��b342002:19011�n%�� M�� # ��o�

14

��:�W ��.%�&��F�&%� n3.6o�\ �J(T��$�%&��8��*+4��N�O��M �#�

�� #�3�M��T<��$�� 3��.��3�:��

�$ "��3��*I��@� n4.6o�

\ �� 6@��?�\ �� 3#��2?4��7?�=�M��S3t��\ =�M��N�O��?'

�$ "��3��*I��J�KE n5.6o�

\��D� 8��T7(��?�\ �� <O4�I�`�8��\ �A��#��A3�L#��RT��&��4�\ ��<��: ��7M��S� �\ �� "N� +�&��'�\ �� J@��?'�\7(��?�� _��T

��&-&#E�$-X E��"�@��@� n6.6o�

\ ��?'�� #3#�\ �� #3#��S3t�� ?'

��!�"L�� n6.7��o

��.3��F�&%� n6.8o

��)"@�F�3 n2.6 o � �\ �� 3#��N&�A��M��\ &��M��I�(��Y��4�a3#M�� 7�?��\ �� 7�?��# '��+�>�'��3�:��\ �� 3#�&�� @'�\ ��7?�� ) 3�� (��$��N��I�`�8��# '

-appointing the audit team leader

Initiating the audit (2.6)

-defining audit objectives, scope and criteria .

-determining the feasibility of the audit.

-selecting the audit team.

-establishing initial contact with the auditee.

-reviewing relevant management system documents, including records, and determining Their adequacy with respect to audit criteria .

Conducting document review (6.3)

Preparing for the on-site audit activities (6.4)

-establishing initial contact with the auditee.

-Assigning work to the audit team. -preparation work documents.

-conducting opening meeting

Conducting for the on-site audit activities (6.5)

-communication during the audit

-roles and responsibilities of guides and observers -collecting and verifying information

-generating audit findings

-preparation audit conclusions

-conducting closting meeting

Preparation, approving and distributing the audit report

(6.5) -preparing the audit report

-approving and distribution the audit report

Completing the audit (6.7)

Conducting audit follow-up (6.8)

��Y ()�7��%Z "K��C��F[%��@�&��.E\��.3��!�"@��]��1��RK.E��)+�"��&� �_�#K��$H��

)�5L�/(��%Z "K��*I��-a��

NOTE'The dotted lines indicate that any audit follow-up actions are usually not considered to be part of the audit.

Figure 2 — Overview of typical audit activities

��b342002:19011�n%�� M�� # ��o�


15

6.2 Initiating the audit 6.2.1 Appointing the audit team leader Those assigned the responsibility for managing the audit programme should appoint the audit team leader for the� specific audit.�Where a joint audit is conducted, it is important to reach�agreement among the auditing organizations before the� audit commences on the specific responsibilities of each organization, particularly with regard to the authority of the� team leader appointed for the audit. 6.2.2 Defining audit objectives, scope and criteria Within the overall objectives of an audit programme, an individual audit should be based on documented�objectives, scope and criteria. The audit objectives define what is to be accomplished by the audit and may include the following: a) determination of the extent of conformity of the auditee's management system, or parts of it, with audit criteria; b) evaluation of the capability of the management system to ensure compliance with statutory, regulatory and�contractual requirements; c) evaluatation of the effectiveness of the management system in meeting its specified objectives; d) identification of areas for potential improvement of the management system.� The audit scope describes the extent and boundaries of the audit, such as physical locations, organizational units,�activities and processes to be audited, as well as the time period covered by the audit.� The audit criteria are used as a reference against which conformity is determined and may include applicable� policies, procedures, standards, laws and regulations, management system�requirements, contractual requirements� or�industry/business sector codes of conduct. The audit objectives should be defined by the audit client. The audit scope and criteria should be defined between�the audit client and the audit team leader in accordance with audit programme procedures. Any changes to the�audit objectives, scope or criteria should be agreed to by the same parties.� Where a combined audit is to be conducted, it is important that the audit team leader ensures that the audit� objectives, scope and criteria are appropriate to the nature of the combined audit.

/0T��F�3�� 1.2.6�C��.E��:��-&B� ��

�A��M�� "��+#$�%&��'�A?�A��-T��7?��s�<3�N�� # '��<?�� 3#5�� x# 1�� # '� �<?,��-�� = �� /4� �s�<3�

��@��-��=.��-T��3�:��I�D� ��'��'�� 67T$��7M 3��N�� 3#�5�

��

2.2.6�,-&.E��.��!��Q��2� ��

�I�(��O��Y��4�m��/�>3�/4�z(3�= �<��=.�"��+#�� M�� Y��F�� &�K'� �� O�� &��M�� O�� $� m��:�� s�<3�� Y�� :�� ,�

��X��A�2 ��/4�A>�3��p��4u�3�:��%&��8��*+��$�6��u��(��$��<��b ��4�

�� &��M��S��7?�� ) 3�� j\��76 �� '� ��.0��7?�%&��8�� *+�%&��)��

��3��M ��*< ��+�+��y \�%��:��m��76 ��7��%&��8��*+��M�)��\�#3�6 ��K�<��3�:��%&��8��*+��S��

�S��=H�� 7�?��D�� I�(��a`3�� 7�M�� 61+U��%01<�� D��q &U�� 7?

��7?�� ) 3!�� 7��%��:��<�b��%��G��.��$�6�� S #�.� �� #�3�M�� _ T�

��T�� #�3�M�� G7�� =�1�� z��U��%&��8�� *+� ��76 �� iN��7�� A�+�� B�6��4� �?�< �� <�� .�7�� M ��76 ��

I��?U�5��I�(�� 4� �� Y��4� �� =��?� ��:3�� =��?��:�� #�3�M��N�� 3#�

�� "��+#$�z��U��K�,��#��s��W4�[�D��V'��+��$�) 3�/��z(��#��M��4�m��(�� Y��

Y�#KU�5��.0 3�/4��s�<��x# 1��# '��<?��N��#�3�M�� m��(�� Y��4� /�� A�� 3#

x# 1�� M��6��<��


��b342002:19011�n%�� M�� # ��o�

16

6.2.3 Determining the feasibility of the audit The feasibility of the audit should be determined, taking into consideration such factors as the�availability of \ sufficient and appropriate information for planning the audit, \ adequate cooperation from the auditee, and \ adequate time and resources.�Where the audit is not feasible, an alternative should be proposed to the audit client, in consultation with the�auditee. 6.2.4 Selecting the audit team When the audit has been declared feasible, an audit team should be selected, taking into account the competence�needed to achieve the objectives of the audit. If there is only one auditor, the auditor should perform all applicable�duties of an audit team leader. Clause 7 contains guidance on determining the competence needed and describes� processes for evaluating auditors.� In deciding the size and composition of the audit team, consideration should be given to the following: a) audit objectives, scope, criteria and estimated duration of the audit; b) whether the audit is a combined or joint audit; c) the overall competence of the audit team needed to achieve the objectives of the audit; d) statutory, regulatory, contractual and accreditation/certification requirements, as applicable; e) the need to ensure the independence of the audit team from the activities to be audited and to avoid conflict of�interest; f) the ability of the audit team members to interact effectively with the auditee and to work together; g) the language of the audit, and an understanding of the auditee’s particular social and cultural characteristics;� these issues may be addressed either by the auditor's own skills or through the support of a technical expert. The process of assuring the overall competence of the audit team should include the following steps: \ identification of the knowledge and skills needed to achieve the objectives of the audit; \ selection of the audit team members such that all of the necessary knowledge and skills are present in the�audit team.� If not fully covered by the auditors in the audit team

3.2.6��-�(E��P��%�� &�� ?8�� A�Ml�� # '� ��+�>�'� �3�:�� z(3

�=H��=��M��A�$�#��p�� {�6_ ��.��<��7M�� 7?�� ) 3�� (��2?4�A��Y�.�/��M�5 � ��.��&��h��

�=D�|�# �'�z(�� # 8��+�>�'�x�<��A>3�)��V'� ��$�=3�$��7?�� ) 3�� (��S��&��15�

�4.2.6��-&B�F�b@��<��

�&�� @'� z(3� m+v� �� # '� ��+�>�'� �.0�� V'�%��>�� &�� ?8�� A�Ml�� 3#� ��2?4

�� Y��4�t�(+8��$�76��!��#� 3�)��V'��D�� ,�� <>�� >$� �� m�7M��N��3#�

�� 5�%#�� :��n��o�%��>��3�: ��L&8��7?A��)��7�?�G��.�a`��$�76��!�&#�3� ��<?��

��&�� ?8�� Sl�� /�� z(3� �� 3#� )�*<�� )(D�&�� ?8�� p�

�4\�� Y��4�uI�(��u�&��M��u��3#3�� %# ��

�� 7� j\��{��#��4��: �� /�.��V'��y \�Y��4� ��: �� $�76�� 3#�� M��%��>��

�� u� ��+�+��u� ��* +8��\�%��1��z��6�� -T�� ,

��<>��/�.��V'�� ?8��y�\�2?U� ��J� �8�� .0 �� :��A�� 3#� �

�� 9��t8�� S<�� 7?� S �#�� 61+U��` @8�5��

��\��S��%��>$� �M��=�M��7?�� 3#��2?4�%&��7?�� ) 3�� (��

t\�)��7?�S �#��$�w�_�� S� (�� )�� M �#�� s��H��)�`N�`@��!�/�<M��/4�A>��?�l��

��'�)?��IJ@�A��4�A��7��`_1��&��6��$��<��#��_��

��3#�� M�� %��>�� .0�� 7�?� �7?� �� :�� /4� z(3�� 6_��7?�� p�

� �Y��4��: ��%�76��&��7M��a3#M��

� ��)�� #� 3� A3�� =H�� 3#� ��2?��&�� @'��7M�� =.�/�>�� /4� A>�3� �&�� 3&�#2��

��3#�7��A��2<��A��<��#�_��6��$�� T��

��b342002:19011�n%�� M�� # ��o�


17

The necessary knowledge� and skills may be satisfied by� including technical experts. Technical experts should operate under the direction of an auditor.� Auditors-in-training may be included in the audit team, but should not audit without direction or guidance. Both the audit client and the auditee can request the replacement of particular audit team members on reasonable�grounds based on the principles of auditing described in clause 4. Examples of reasonable grounds include conflict� of interest situations (such as an audit team member having been a former employee of the auditee or having provided consultancy services to the auditee) and previous unethical behavior. Such grounds should be�communicated to the audit team leader and to those assigned responsibility for managing the audit programme,� who should resolve the issue with the audit client and auditee before making any decisions on replacing audit team members. 6.2.5 Establishing initial contact with the auditee The initial contact for the audit with the auditee may be informal or formal, but should be made by those assigned� responsibility for managing the audit programme or the audit team leader. The purpose of the initial contact is a) to establish communication channels with the auditee’s representative, b) to confirm the authority to conduct the audit, c) to provide information on the proposed timing and audit team composition, d) to request access to relevant documents, including records, e) to determine applicable site safety rules, f) to make arrangements for the audit, and g) to agree on the attendance of observers and the need for guides for the audit team.

��Y�#L'�h:��A��<��#�_��=�M3�/4�z(3�5 ��'��2<3�/4�A>�3�z3&� ��A3� �� A��4� m� �� /��$� �� $� ��3F� /4� z(3�A>��

��L&'��

�A>�3��7?�� ) 3�� (�� =��?�A��J.#��2?U�I�� '��763�/4�j��U�w�_�� 3

�%#�� :l�� 7?��<��n4� o�7H�4�p� ��6<�� j��U��A�� n�=H�� p�� 3#� �2?�/�.

��3� �4� ��7?� �� ) 3� � �� (�� &�a]��7?�� ) 3�� (��'��3&�1 �'��@�)3�� $�o

��$�T��K�_�� x�7T�� 5�=�� /4�z(3�j��U��=H�� '�N��%&��'� A?� A��-T�� FR�� '�� 3#�

��7>1�� =D�%��?v$��3�/4�z(3�� 9�+#$�V�_�'�=��7?�� ) 3��(�� =��?�S�

�� 2?4�I�� 8��&�#��W4.

S0/0T��3�R:��"�� !�+E�� F�&%�� -�R�� c�c�)@

�) 3�� (��A�$�I�`�8��/�>3�/4�A>��A��=��A�� # '�z(3�m<>�� &�#�r��4� ��&� ��

��4�� "��+#$�%&��'�A?�A��RT��N�� 3#��N��I�`�8��A��q #s��p�

�4u ��(��A�7H��S��I�`�'��#��i ��7?�) 3��j\�� 7�?��?#L��7?��.0 ��y \��3#� A3�>�� |# �� h�� A?� ��7M�� #��

�� \�� $� ��tJ�� N�O�� 7?� I�`:�� .� |�# �'�

�J(T��y�\�S��$��JT��?��3�:�� \�� 7��# ��=�?� t\��A�#1��&�2D�I�D� ��8��3#�m� � �� :�

��


��b342002:19011�n%�� M�� # ��o�

18

6.3 Conducting document review Prior to the on-site audit activities the auditee’s documentation should be reviewed to determine the conformity of the system, as documented, with audit criteria. The documentation may include relevant management system documents and records, and previous audit reports. The review should take into account the size, nature and complexity of the organization, and the objectives and scope of the audit. In some situations, this review may be deferred until the on-site activities commence, if this is not detrimental to the effectiveness of the conduct of the audit. In other situations, a preliminary site visit may be conducted to obtain a suitable overview of available information. If the documentation is found to be inadequate, the audit team leader should inform the audit client, those assigned responsibility for managing the audit programme, and the auditee. A decision should be made as to whether the audit should be continued or suspended until documentation concerns are resolved. 6.4 Preparing for the on-site audit activities 6.4.1 Preparing the audit plan The audit team leader should prepare an audit plan to provide the basis for the agreement among the audit client, audit team and the auditee regarding the conduct of the audit. The plan should facilitate scheduling and coordination of the audit activities. The amount of detail provided in the audit plan should reflect the scope and complexity of the audit. The details may differ, for example, between initial and subsequent audits and also between internal and external audits. The audit plan should be sufficiently flexible to permit changes, such as changes in the audit scope, which can become necessary as the on-site audit activities progress. The audit plan should cover the following: a) the audit objectives; b) the audit criteria and any reference documents; c) the audit scope, including identification of the organizational and functional units and processes to be audited; d) the dates and places where the on-site audit activities are to be conducted; e) the expected time and duration of on-site audit activities, including meetings with the auditee’s management�and audit team meetings;

�'0T�.%�&��:�W �� S��$� �� 61+4� ��$� =�� !��N�O�� M �#�� z(3

�S��N�O��*+��$�6��3�: ��) 3�� (�� N�O�� A�2 �� /4� A>�3� �N�O�� G7�� !�� #�3�M�

�� #3&��%&��8��*+�J(��$�T��!��M��K�� )(D� �7?� ��<$� ) 3� �N�O�� M �#�� # '� ��

�� I�(��Y��4��.��%01<��M��5�� # '��M��7?�G�V�#OR3�)�� V'�,�=� 0��A>�3�

��61+4� 4�� /4� ��'� a�� M$� ��N�O�� M �#��S��$� �� !3b$� �� t�(3��#@4�a��%&�

�V'��!�%#� ��7M��A?�&�`��Sl��S��7��N�� A��=.��J$'�m�7M��.�#�r��N�O��/4�� N��A��(�� "��+#$�%&��'�A?�A��-T�� =��?�&�#��V�_�'��:��G7��s�<3�� 7?�� ) 3��

� �4� �� &�#� �8�$� ��'��7>1�� =D� A�:�� m��3'�N�O��5

��

4.6��$ "��3��*I��@�� 1.4.6��*<��@�� 7?�N��0.�� 6@�Sl�� 3#�

��(�� 3#� �� =��?�A�$� ��7?�� ) 3�� !�/4�z(3�� # '��<?�6_�� G7�� =�T�� 61+4� ��T<��

�� 6@� �� =�� .� �>M��=�� a7 _�� M�� &��uJH��\�

�� A�$��4�� N�� A�$��6@�)T �� /4�z(3�� !� � &�_�� 7@��

�#��s ��# v$�i�T��.��+�#�$�� !��=H�� I�(�� #�s �� !�i�`��

�� 61+4��<�� S��3&�#l��X�� 6@��6s��/4�z(3�p�

�4�o�� Y��4��j�o��M #��N�O�� #�3�M��9� o� �� I�(�� !��* ��D�� 3�:��G�V�� $

�� 7�M��]��7?�� ) �5��o��$�� 61+4��<��) �� S�� y��o�S��=>$�� 61+4��< ��S�� h��!��$

��7?�� ) �� (��%&��'�S��?�� 8��G�V�� 3#��?�� '��

y��o��=>$�� 61+4��< ��S�� h��S��!��$��7?�� ) �� (��%&��'�S��?�� 8��G�V

�� 3#��?�� '��

�%�� M�� # ��\�Certified translation © ISO19011: 2002��:��S�� ]��:��

��b342002:19011�n%�� M�� # ��o�

19

f) the roles and responsibilities of the audit team members and accompanying persons; g) the allocation of appropriate resources to critical areas of the audit. The audit plan should also cover the following, as appropriate: h) identification of the auditee’s representative for the audit; i) the working and reporting language of the audit where this is different from the language of the auditor and/or�the auditee; j) the audit report topics; k) logistic arrangements (travel, on-site facilities, etc.); l) matters related to confidentiality; m) any audit follow-up actions. The plan should be reviewed and accepted by the audit client, and presented to the auditee, before the on-site� audit activities begin.�Any objections by the auditee should be resolved between the audit team leader, the auditee and the audit client. Any revised audit plan should be agreed among the parties concerned before continuing the audit. 6.4.2 Assigning work to the audit team The audit team leader, in consultation with the audit team, should assign to each team member responsibility for� auditing specific processes,�functions, sites, areas or activities. Such assignments should take into account the� need for the independence and competence of auditors and the effective use of resources, as well as different� roles and responsibilities of auditors, auditors-in-training and technical experts.�Changes to the work assignments�may be made as the audit progresses to ensure the�achievement of the audit objectives.

� �� o�w�_LU�� 3#� ��2?4��-T��&��4�/��#��

�t�o�� 7�� #:��K�<�7��<��&��P �`_��/�.� �V'� � ��X�� <�� 6@� �6s�� /4� z(3��

��<��|�o��7?�� ) �� (��=H��3�:��E�o��?'��s��=��M ��s��3�:�� #3&��!�/�.��V'

�) �� (�� s�� A�� s�� A�$� YJ @'� x�<��7?�� 5��

��o�� #3#��?�l�� x� o� �3&��8�� # �� n�%#� �� J��T �� #�T��

S��$��I�o��3#T��$��7M ��D��<��o�� M$� �$��_��I��?U��

� �M �#�� z(3�=��?� =�� A�� 7?� �� 6_��=�� 7?��( ��) �� (7�� 3��) 3��

�S��$�� 61+4��3��$5�� ) 3�� (��z+� �A��q �# ?'�W4�#�]��V'�

� z(3� ��7?q �# ?8�� I�D� ��8��3#� �N�� A�$��7?�� )�� (�� =��?��!�W4��

�Y�#KU��A�$� ��7?� �� z(3� � �� 6_$�=3�M�� 7�?�&�#� �'�=��<M��5�

� �/080T5".��3��-&B�,�)LE�

� �� 3#� �N�� 3� ��2?4� S�� &��1 ��$m�3#��S3t� $�A�� 3#��2?4�A��2?�=.��7?�=�M��

�� C�D��4�S�� 4�aN�]��4� �<�M��7�?��7?��61+4��4��K�<�!�&�� ?8��Sl��z(3�S3t� ��<?��

��&��7�� I�M�� _ �8�� A�� %��.�� J� �'�A��7�� -T�� 7 _�� &��U�� '� ��l8�$

�A��<�� #�_��A3#� ��h:��A��F�!,�A>��A��W4�[��D'�A�� .0 7�� 7�?�� <?��#��s

�� Y��4�t�(+'5� �

��b342002:19011�n%�� M�� # ��o�


20

6.4.3 Preparing work documents The audit team members should review the information relevant to their audit assignments�and prepare work� documents as necessary for reference and for recording audit proceedings. Such work documents may include \ checklists and audit sampling plans, and \� forms for recording information, such as supporting evidence, audit findings and records of meetings.�The use of checklists and forms should not�restrict the extent of audit activities, which can change as a result of�information collected during the audit.� Work documents, including records resulting from their use, should be retained at least until audit completion.� Retention of�documents after audit completion is described in�6.7. Those documents involving confidential or proprietary information should be suitably�safeguarded at all times by the audit team�members. 6.5 Conducting on-site audit activities 6.5.1 Conducting the opening meeting An opening meeting should be held with the auditee’s management or, where appropriate, those responsible for� the functions or processes to be audited. The purpose of an opening meeting is a) to confirm the audit plan, b) to provide a short summary of how the audit activities will be undertaken, c) to confirm communication channels, and d) to provide an opportunity for the auditee to ask questions. Practical help — Opening the meeting In many instances, for example internal audits in a small organization, the opening meeting may simply consist of�communicating that an audit is being conducted and explaining the nature of the audit. For other audit situations, the meeting should be formal and records of the attendance should be kept. The meeting�should be chaired by the audit team leader, and the following items should be considered, as appropriate:

'080T�5".��:�W�� @�� 7M�� M �#�� 3#� � ��2?4� �7?� z(3�=�M�� N�O�� ?'�� )��'� =.�� $� ��7M ��

#�.��3&�#2��S J(�� 7�?��X��A�2 ��/4�A>��A��=�M��N�O��p�

� ��P :��N��$��6@��<�M�� "N� +��%�?�T��U��=H��7M��=�(T ��9V��+

��7��J(�� 5�� =�M�� N�O�� 7?��: �� z(3�u�"N� +�G�V� �� $�

�=�(T ��u=�U��7?�� 7�?�A�� +8�� D�!�� mMl��)O�� +'��M$��N�O�� 7?��: ��

�%#��\��: ��z(3��3#��h+�.��N�O��7?�=�� A�� 4� S�� A�4� /�>�� F� �4

�� 3#��2?45��

S0T��$ "��3��*I��J�KE� 1.5.6��d��B��D)��#@ ��

�� ) �� (��%&��'�S��D� '��T7 ��?�z(3��A?� A��-T�� S�� ?� ) 3� �<>�� /�.� �V'�� 7?

� ��7?� �� ) �� 7�M��aN�]��!�q #s��D� 8��T7(��A��p�

�4u�� 6@��.��j\�A?�S3#��P _7��)3��.�� 61+4��<��y \�I�`�8��<��7?��.0 ��u�� (7��#��i<��|#K�A��7?�� ) ��

�7-�U�5��

!�O��R)"@�7�VVD)��e��B� �� 7@�� # '� =�� 7H�U�� A�� 3�M�� A�� K�T�$� ��D� 8�� T7(�� /�> �� %#�s �� 01<�� M��K�|#L��# '�) ��m+0$��(��&�6@'5�

� �

�4�B�� 8�� ?� z(�� #@X�� a�� &�� h�� J�(T ��$�~�� D8�� &�%&�`$

m�!��?�� 8��G7��4#3��N�� 3#�� !�z(3��U��%�?�#��/�>�8��<?p�

�


��b342002:19011�n%�� M�� # ��o�

21

a) introduction of the participants, including an outline of their roles; b) confirmation of the audit objectives, scope and criteria; c) confirmation of the audit timetable and other relevant arrangements with the auditee, such as the date andtime for the closing meeting, any interim meetings between the audit team and the auditee's management, and�any late changes; d) methods and procedures to be used to conduct the audit, including advising the auditee that the audit evidence�will only be based on a sample of the information available and that therefore there is an element of�uncertainty in auditing; e) confirmation of formal communication channels between the audit team and the auditee; f) confirmation of the language to be used during the audit; g) confirmation that, during the audit, the auditee will be kept informed of audit progress; h) confirmation that the resources and facilities needed by the audit team are available; i) confirmation of matters relating to confidentiality; j) confirmation of relevant work safety, emergency and security procedures for the audit team; k) confirmation of the availability, roles and identities of any guides; l) the method of reporting, including any grading of nonconformities; m) information about conditions under which the audit may be terminated; n) information about any appeal system on the conduct or conclusions of the audit. 6.5.2 Communication during the audit Depending upon the scope and complexity of the audit, it can be necessary to make formal arrangements for�communication within the audit team and with the auditee during the audit. The audit team should confer periodically to exchange information, assess audit progress, and to reassign work�between the audit team members as needed. During the audit, the audit team leader should periodically communicate the progress of the audit and any concerns�to the auditee and audit client, as appropriate. Evidence collected during the audit that suggests an immediate and�significant risk (e.g. safety, environmental or quality)

�4�o�A�.&�1��)3��!)�<��=.�&��?�|#L�G�V��$��j�o�� #�3�M��I�(��Y��4��.0�� 9� o��(�� S�� #@U��# �� <�b�� I��(�� .0�

� ��7?� �� ) �� !��T7(�� h�� 3&�� =H��%&��'�� 3#�A�$� �#@4��?�� '�W4�� _��

��(��4#6��#�s��34��5�� o��# '� �� _ T �� z��U�� #6�� |#L

�� !��7?�� ) �� (��J$'�G�V��$��7M�� A�� {�� <�?� �7?� �<�� =�� /0$

�%#� ��!�� .0 ��?�# <?�� <M3��5�� o�� I�`�8�� <�� .0�� 3#� A�$� ��#�

�� 7?�) �� (��o�� 7�?��<O4��_ �'�) �� s7��.0��t� o�m+4��7?��.0 ��u�� # '�IJ@�\��J$'�) ��

�F�4�� &�6 $��7?�� ) �� (��(��I�0$��|�o��#��7?��.0 ��3#��tJ��J��T ��&��

�� E�o��7M��3#T$��7M ��D��<��7?��.0 ��o�� 3#��JT$��_��# 8��7?��.0 ��

��&��6��A�U��# '��x�o�)�&��4��3�:��A��#��#��7?��.0 ��I�o�#3&�� ?'��3#K�|#L�!G�V��$�� &��3�:��

��$�6��?�F�D��o�� s�'��?� T�� Y�#*��|#L�� /� � o��4� �� # '� ��3#K� A�� )7* �� 3#K� |#L

�m(N� +�2.5.6��F�KW��!�+E��

�� M�� &��I�(��7?��<$,��3&�#l�/�>3��#��2?4�A�$�I�`�� &��#��%��?'�� 3

�� # '��<O4� ��7?�� ) �� (��A�$��!��)�<�$� �� M� (3� /4� �� 3#� ��2?4� �7?�z(3�� )��7M�� I�� * <�� 3&�� `$��3#��2?4��7?��S3t��%��?'�� # '��

�!�G�� :��h?��V'5 � ��<O4�� 7?�z(3� �� # '�N��J$'� �� 3#�

� ��7?� �� ) �� (�� !� �3&�� `$� !�a��$�� =��?�4�� (��$�=.�1��34�� !

��:7��M��5��G� ��!�� (#� L +� �[G+� �F�0�� '��)� @�/ 0�

�'(19��+#��q�)��+#��S��A�

�

��b342002:19011�n M�� # ��%��o�


22

should be reported without delay to the auditee and, as appropriate, to the audit client. Any concern about an issue outside the audit scope should be noted and reported to the audit team leader, for possible communication to the audit client and auditee. Where the available audit evidence indicates that the audit objectives are unattainable, the audit team leader should report the reasons to the audit client and the auditee to determine appropriate action. Such action may include reconfirmation or modification of the audit plan, changes to the audit objectives or audit scope, or termination of the audit. Any need for changes to the audit scope which can become apparent as on-site auditing activities progress should�be reviewed with and approved by the audit client and,as appropriate, theauditee. 6.5.3 Roles and responsibilities of guides and observers Guides and observers may accompany the audit team but are not a part of it. They should not influence or interfere�with the conduct of the audit. When guides are appointed by the auditee, they should assist the audit team and act on the�request of the audit�team leader. � Their�responsibilities may include the following: a) establishing contacts and timing for interviews; b) arranging visits to specific parts of the site or organization; c) ensuring that rules concerning site safety and security procedures are known and respected by the audit team�members; d) witnessing the audit on behalf of the auditee; e) providing clarification or assisting in collecting information. 6.5.4 Collecting and verifying information During the audit, information relevant to the audit objectives, scope and criteria, including�information relating to�interfaces between�functions, activities and processes, should be collected by appropriate sampling and should be verified. Only information that is verifiable may be audit evidence. Audit evidence should be�recorded.�The audit evidence is based on�samples of the available information. Therefore there is an element of uncertainty�in auditing, and those acting upon the audit conclusions should be aware of this uncertainty.Figure 3 provides an overview of the process, from collecting�information to reaching audit conclusions.

��7?� �� ) 3� � �� (7�� 6$'� /��$� ��rJ$'� z(��9&�@� &��4� �� =.�1�� A�� V'�� =��M��

�� 6+�!��<?��J$8�� *DJ��z(��N��3#�� !�� ) 3�� (7��rJ$'��<��&#��

�� =��?��7?�� U�� &�L4� �V'��#�r� �� Y��4� /4� ��'� %#� ��

��: ��<>��!��7M��N��G�V�A?��J$8�� 3#��A?�4��3�: �� =�M3�� h3�� (7��m$��

�z��<��# 8��!��4�� 6@�/�>3��# 8��4��m73�M�#��s�� s�'��4�m��(��4�� Y��4�.�

��

��<O4� 4#63� �� I�(��=3�M��4� �M �#��s�<3�� z��K� S�� G�V�!� S�� 7?� �� 61+4

m�7?��S��2 �U��<?��mM��m ��`��5��

3.5.6C��&"��C-��&"�� D�� "1)�� +� "+ Y� �� _��5�� "#� �$ ��

T ��1S��86$�+�� e7��8��_9�� h=6��d�,1�� 6�+� h�� d�� G� �� * �� +#� ��_9�� Y� ��4��8�� 89��%&��1� ��"#+�� ' ��S�� Y� ��d?n2

�'��G ��]��8��1qS��-1�&�+�� #o?�5�R��G��50!��L�4�� L��1�� +�Lb`'7!6 ��g�1 ��'( &��d�T J�L�E��T��_��>��`��C�1��,��G+�� ,�� 7��

��]��L�d�� G+�g�1 ��S4��N�0��>��(`�� 4��6��4� �� "�� 2�Y� Y� �� "1$��

�� 89��8��>��2`�8� ��' ��S ��+�L��1�� j�Q1��> �

4.5.6 ��cK��#(�� )."��$�"�E� ��&��M��Y��0$��7M ��7M��/v�� <O4

�� u�aN�]��=@�� $��7M ��7M��G�V��$�� 7�M�� 61+U��u��<�� <�M��$� ��M� � z(3�

�<��: ��!�{�� <��: ��) 3�� 7M�� =�� =�(T�� z(3�� =�� /�>�� !��D� ��7M�7��<�M��7?�� =�� M3��

� � &�� 7?��23��FR�� G1��A�� G�V� ��@03� /4� z(3� �� J@� /�M23� A3��

�&�� ?8��

3�� =>1�� il�n3� o�S� � A�� $� ��7�M7�� 3�&�� J_��I�� D��7M��


��b342002:19011�n�%�� M�� # �o�

23

�

��7M��S� �<�M��$��<��: ��<�� Collecting by appreciate sampling

and verifying

�� J@�

Audit conclusion

�� J@��

Sources of Information

�

�� #�3�M��K�)��

Evaluating against audit criteria

�

�yyyyyM �#��

Reviewing

�

�/��#$n=��o �� Audit evidence

�

"N� + �� Audit findings

Figure 3 — Overview of the process from collecting information to reaching audit conclusions Methods to collect information include − interviews, − observation of activities, and − review of documents.

�5LI��43�6�C��F�3��)".)��-a�E"��;f��! � ��R�d�� )."��$��X��7M��S� � #K�=�1��p�

� ��`_1��FJ$�� 61+F��*DJ� � ��N�O��M �#� �

��b342002:19011�n%�� M�� # ��o�


24

Practical help — Sources of information The sources of information chosen may vary according to the scope and complexity of the audit and may include the following: a) interviews with employees and other persons; b) observations of activities and the surrounding work environment and conditions; c) documents, such as policy, objectives, plans, procedures, standards, instructions, licenses and permits, specifications, drawings, contracts and orders; d) records, such as inspection records, minutes of meetings, audit reports, records of monitoring programmes and the results of measurements; e) data summaries, analyses and performance indicators; f) information on the auditee’s sampling programmes and on procedures for the control of sampling and measurement processes; g) reports from other sources, for example, customer feedback, other relevant information from external parties and supplier ratings; h) computerized databases and web sites. Practical help — Conducting interviews Interviews are one of the important means of collecting information and should be carried out in a manner adapted�to the situation and the person interviewed. However, the auditor should consider the following: a) interviews should be held with persons from appropriate levels and functions performing activities or tasks�within the scope of the audit; b) interviews should be conducted during the normal working hours and, where practical, at the normal workplace�of the person being interviewed; c) every attempt should be made to put the person being interviewed at ease prior to and during the interview; d) the reason for the interview and any note taking should be explained; e) interviews can be initiated by asking the persons to describe their work; f) questions that bias the answers (i.e. leading questions) should be avoided; g) the results from the interview should be summarized and reviewed with the interviewed person; h) the interviewed persons should be thanked for their participation and cooperation.

��@�D")��R)"@�!�O��7�� )."��+� �/'��K�#�s ��/4�A>��A��%&� _��7M��&��`�

�� :��/4�A>��A�� 7�?��M�� &��X��7?�p

�

� 4u�w�_LU��A��]��S�� `_1��J$�� # '��A3#@X��

j\��#]��6�:��=�M��-�$��61+U��*DJ��y \{6_�� %01<�� =H�� N�O��# 8��

��+�VU�� P @#�� 7M �� 76��M��#��.

�\��?�� 8��#l�:�� J(��=H��J(T��"N� +��#��"��#$�J(�� #3&��.

��y�\��U��#LR��J�7: ��+��P _7��. �\��7M�� ) 3�� (��<�?��@4�"��#$�I�D��

��<�M�� @4� ��# '� ��#�� # 8�� I�D�� 7?��

t\�W4&� I�H�� =�� 7M� �#@4� &��`�� A�� #3&�� &��A�� &�_��Y�#KU��A��7M��/�$b��.

|\��>�1��7?�S��#��>��A��+��%�?��M�.

��@�D")��R)"@�!�O��7��+fI��;3�#"��F�&%�

��M�� =N�� D'� �M3� ��`_1�� J$�� # '� /'�S�� z��< �� 3#6$� ) �� /4� z(3�� 7M�� S� � ��/4�z(3�� 7$�� # '�mM��) 3��P _1��a��

�&�� ?8��F��S23�p

�#o�� L�d�� _9�� r �0YJ�� g�� 50!��E�FG��,�8 ��+��H!CP��)X�6 ��M��f1��+�L��1�S ��

�� - ��b`�� L��+�� 50!�� L�d�� _9��

�� X��o��)X�6��"��[G+�o�"�$��\�C��2 ��/ 0!��

�`� ��-.��/ 0!��9��L?+�& ��O.4�_9��)F��=��d�� d�6e#�+#��)��=��

(`L�� .*#+��50!��d�� _)X�s�Y�_9��2`�MN14�/ 0!��,1��"74��50!��4�� d 4��$ ��

�� )F�+`��6��L�4�G��G�(1��qXJ��(��4R��_9��D`��8��+��85�0��_9��50!��L�4�� I��C�

��g�/ 0!��s`�8C+��+�r �0YJ��E�! ��$!��=�1��_9��


��b342002:19011�n%�� M�� # ��o�

25

6.5.5 Generating audit findings Audit evidence should be evaluated against the audit criteria to generate the audit findings. Audit findings can�indicate either conformity or nonconformity with audit criteria. When specified by the audit objectives, audit findings�can identify an opportunity for improvement.�The audit team should meet as needed to review the audit findings at appropriate stages during the audit.� Conformity with audit criteria should be�summarized to indicate locations, functions or processes that were audited.�If included in the audit plan, individual audit�findings of conformity and their supporting evidence should also be�recorded.�Nonconformities and their supporting audit evidence should be recorded.�Nonconformities may be graded. They�should be reviewed with the auditee to obtain acknowledgement that the audit evidence is�accurate,and that the�nonconformities are�understood. Every attempt should be made to resolve any diverging opinions concerning the�audit evidence and/or findings, and unresolved points should be recorded. 6.5.6 Preparing audit conclusions The audit team should confer prior to the closing meeting a) to review the audit findings, and any other appropriate information collected during the audit, against the audit�objectives, b) to agree on the audit conclusions, taking into account the uncertainty inherent in the audit process, c) to prepare recommendations, if specified by the audit objectives, and d) to discuss audit follow-up, if included in the audit plan. Practical help — Audit conclusions Audit conclusions can address issues such as a) the extent of conformity of the management system with the audit criteria, b) the effective implementation, maintenance and improvement of the management system, and c) the capability of the management review process to ensure the continuing suitability, adequacy, effectiveness�and improvement of the management system.�If specified by the audit objectives, audit conclusions can lead to recommendations�regarding improvements,�business relationships, certification/registration or future auditing activities.

5.5.6��9:��g ;f��z(3��A>�3� Q>�� #�3�M�� K� �� =�� )��

��$�6��'�� "N� +�#�1��!�� "N� +�wJ_ �'��:��/4�A>��A��!�� #�3�M��S��$�6��?��4�� G�V�/�.� �� V'�A�T: ��w#�� "N� +

4�z(3�� !�� Y��M �#�� 3#�S� (3� /�� 7�?��<O4��7 _��=D�#�� "N� +5�

�7�� z(3� �� #�3�M�� S�� $�6 ��'� #�1�� `�_

��V'�� !)��7?�� )�� 7�M��aN�]��A.��F��3�#�� "N� <�� /0$� �� 6@� �� m��'� �&�1�� /�.��234�)�7�(T��z(3�G�V��7?�A�#�� F��$�6 7��)�7�(T��z(3�G�V��7?�A�#�� U��$�6 ��?�5

�#�� &��z(3��$�6 ��?�� (��S��)� M��?� /4�� =�� A�� .0 7�� 7?� �� )�� YJ @8�� =D� z(3�� !m�� F�� il�� $�6 ��z(3��m(N� +� �4� �� =��$� �7M 3� ��#*<��

��7D�) 3�)�� E��<��=��T�5��

6.5.6��;<��@�� _��T7(��=�� 3#��2?4�S� (3�/4�z(3�!��}�p��4�o�m$��7M ��#@4��7M��34�� "N� +��M �#�,�

�� Y��0$�� +&��M� �)��j� o� �� "N� +� �7?� ��8�!� S��@U��&�� ?8��

�� 7�?��# '��.0 ��?�# <?��9�o?'�� !�� Y��4�A�l�G�V�/�.��V'�� o� �� M$� �� 1��<�� !��6@� A�l� �� /�.� �V'

��5�

��4�;+3��3+4��=��'��?"��X��?�l��7�� J@�q #M ��/4�A>�3��p�

#`�� 'E�(R��,��C��4�H��- ��b`��,��C��)H��=6�S&�+�=��& ��+�'E�(R��`�E�� XG� �� 'E�(R�� ,��C� �� 'E ��

�'E�(R��,��C��S&�+��+��+��)X�6�� N�*�"W��Z�[�� B� 2��%5C��[G��S&�� r 1504� L��N1�� G� ��!�� "#� �86$ ��L�(�8Y� �� O15&��+� O� �J�� 4� L��+

�H ��)��S�� H!C#�+#��X��L��N�1 ��4� ��

��b342002:19011�n%�� M�� # ��o�


26

6.5.7 Conducting the closing meeting A closing meeting, chaired by the audit team leader, should be held to present the audit findings and conclusions in such a manner that they are understood and acknowledged by the auditee, and to agree, if appropriate, on the timeframe for the auditee to present a corrective and preventive action plan. Participants in the closing meeting should include the auditee, and may also include the audit client and other parties. If necessary, the audit team leader should advise the auditee of situations encountered during the audit that may decrease the reliance that can be placed on the audit conclusions. In many instances, for example internal audits in a small organization, the closing meeting may consist of just communicating the audit findings and conclusions. For other audit situations, the meeting should be formal and minutes, including records of attendance, should be kept. Any diverging opinions regarding the audit findings and/or conclusions between the audit team and the auditee should be discussed and if possible resolved. If not resolved, all opinions should be recorded. If specified by the audit objectives, recommendations for improvements should be presented. It should be emphasized that�recommendations are not binding. 6.6 Preparing, approving and distributing the audit report 6.6.1 Preparing the audit report The audit team leader should be responsible for the preparation and contents of the audit report. The audit report should provide a complete, accurate, concise and clear record of the audit, and should include or�refer to the following: a) the audit objectives; b) the audit scope, particularly identification of the organizational and functional units or processes audited and�the time period covered; c) identification of the audit client; d) identification of audit team leader and�members; e) the dates and places where the on-site audit activities were conducted; f) the audit criteria; g) the audit findings; h) the audit conclusions.

7.5.6��f��D)��#@� �q #M�� 3#� �N�� N#$� �� _�� T7(�� M�

� �� (7�� i�T3� j�7�0$� m �J@�� "N� +�) 3��I�MZ��6@�)3��7?��$� ��7?��

�D� �� h�� /�.� �V'� ��N�� : : �� !�/4� z(3��34��4�� =��?��(��&�2D�� _��T7(��A�2 �

��#@4�Y�#K4�� 3#� �N��7?�z(3�� !�G��%&�#l��4&� �V'�!�� ) 3�� (��7�3�/4�h� ��a�� 30$� ��7?�

��J@� �7?� �� ?8�� =�7� �� R�� 7�?��

��

� %#�H.� F�D� �� !� %#�s�� %;1<�� 7@�� .�!�� "N� <$�A��<M��J$'� �7?� �� _�� T7(��# ��

�m �J@��

�� _��T7(��?�z(��#@U�� F�D��43#6$��&��3��=�(T��&��!�A3#l�:��=�(T��

�) 3� � �� (�� 3#� A�$� ��&X�� hl&�M�� V'�m �J@�� "N� +�w�`_$��7?�� !�z(�

�m7D��YJ @8��1��<�u��<>��/�.��V'�uV'��m7D�) 3�)��G�V�=�(T��z(��

��A�T: ��)3��z(3\� �V'�� Y��4�h`+

��7?u��b7��#�r�� /4��7?��.0 ��

6.6��&-&#E�$-X E��"�@��@��

1.6.6��&-&#E��@�� N��I�-T�� 3#�� #3#�� ?'�A?�

m��3� :�� /�>3� /4� z(3�� #3#��`_7�� J��.��:l��.��m��'�#�13��4��X��7?�� :3�/4�A>��A

��4u�� Y��4��j\��7�M�� D�� 3�:�� `@� ��

�� 7?� �� ) 3� � �� ]�� *< ��%�� #s T��

y \��3�:��z��K�� \��3�:��N�� 3#��2?4��y�\1+U��3&��A.��4��S��$��6��\�� #�3�M��t\�� "N� +��|\�� J@�


��b342002:19011�n%�� M�� # ��o�

27

The audit report may also include or refer to the following, as appropriate: i) the audit plan; j) a list of auditee representatives; k) a summary of the audit process, including the uncertainty and/or any obstacles encountered that could decrease the reliability of the audit conclusions; l) confirmation that the audit objectives have been accomplished within the audit scope in accordance with the audit plan; m) any areas not covered, although within the audit scope; n) any unresolved diverging opinions between the audit team and the auditee; o) recommendations for improvement, if specified in the audit objectives; p) agreed follow-up action plans, if any; q) a statement of the confidential nature of the contents; r) the distribution list for the audit report. 6.6.2 Approving and distributing the audit report The audit report should be issued within the agreed time period. If this is not possible, the reasons for the delay�should be communicated to the audit client and a new issue date should be agreed.�The audit report should be dated, reviewed and approved in accordance with audit programme procedures.�The approved audit report should then be distributed to recipients designated by the audit client.�The audit report is the property of the audit client. The audit team members and all report recipients should respect�and maintain the confidentiality of the report. 6.7 Completing the audit The audit is completed when all activities described in the audit plan have been carried out and the approved audit�report has been distributed.�Documents pertaining to the audit should be retained or destroyed by agreement between the participating parties�and in accordance with audit programme procedures and applicable statutory, regulatory and contractual�requirements.�Unless required by law, the audit team and those responsible for�managing the audit programme should not�disclose the contents of documents, any other information obtained during the audit, or the audit report, to any�other party without the explicit approval of the audit client and,�where�appropriate, the approval of the auditee. If disclosure of the contents of an audit document is required, the audit client and auditee should be informed as soon as possible.

m��'�#�13��4��F��7?�#3#� �� :3�/4�A>��A� ��E\�� 6@��W\��7?�� )�� (��A�7H��$��N��x\��M��4� �.0 ��?�G�V�� 7�M��P _7�

�� ?8�� A�� =7�� /4� A>�� A�� %�� h+�.� � �� J@��7?�

�I\��&�K'�� Y��4��:��7?��.0 ��K�� 6_��

��\�� h+�.�� 6s��) 3�)�� D��<��/\��3#�A�$�#*<�� m7D�) 3�)��YJ @8�

��(�� 5��\��Y��4� A�l� G�V� /�.� �V'� A�T: ��$� ��

�� 5 �B\� ��6@�G�V��7?� ��8��)��V'�� M$��Y\��3� :��M��K��3#T��w\��N�� #3#��S3t��

/0T0T��&-&#E��$-X E��"�@�� m�7?�� h�� #3#��&��'�z(3,��V'��

�� =��?��'�j��U��J$'�z(��<>��#�r�G�V�/�. M��7?� ��8��#@4� ��!�#3#��3&�� :3�/4�z(3��

�� ?'�� m M �#�� # 8� ��K�"��+#$�� 5

��D� �� K�mM3t�� z(3� �� #3#�� ?'� �<?�� =��?�

�z(3�� =��M�� @� ��>7�� M3�� #3#�� /'�3#� ��)7T��A��=.�� 3#��2?4��7?��# :3�/4�#

��7?��:3�m 3#�5� �

7.6�� +'�3��61+U��S�� <��A�� +8��) 3� ��<?�� =� >

�� #3#��S3t�� 6_$��:l��

��

� �� $� ��_�� N�O�� 4� !��$� ~�� D8�� A>�� <��P 7_ ��4� !�� 7�?�Y�#K4�A�$� �� K

��K��+�+�� 76 �� "��+#$� z��U� ��3��M ��*< ��5

�

�� "��+#$�%&��'�A?�A��-T�� 3#��7? �I�`:�� )�� 7M�� 4� �N�O�� 34� �3� :�� 1'� ��?�� /��$� C��O� Y#K� WU� �� IJ@� ��7?

)�� (�� =.��A��:3# ��7?�� !��+�+�� )� ��6�� D� ��$��N�O�� D'� �3� :�� 1v

�� !�� )�� (�� =��?��J$'�z(�A>��h��B#�0$��7?�

��b342002:19011�n%�� M�� # ��o�


28

6.8 Conducting audit follow-up The conclusions of the audit may indicate the need for corrective, preventive or improvement actions, as�applicable. Such actions are usually decided and undertaken by the auditee within an agreed timeframe and are not considered to be part of the audit. The auditee should keep the audit client informed of the status of these�actions. The completion and effectiveness of corrective action should be verified. This verification may be part of a�subsequent audit. The audit programme may specify follow-up by members of the audit team, which adds value by using their�expertise. In such cases, care should be taken to maintain independence in subsequent audit activities. 7 Competence and evaluation of auditors 7.1 General Confidence and reliance in the audit process depends on the competence of those conducting the audit. This competence is based on the demonstration of ` the personal attributes described in 7.2, and ` the ability to apply the knowledge and skills described in 7.3 gained through the education, work experience, auditor training and audit experience described in 7.4. This concept of competence of auditors is illustrated in Figure 4. Some of the knowledge and skills described in 7.3�are common to�auditors of quality and environmental management systems, and some are specific to auditors of�the individual disciplines. Auditors develop, maintain and improve their competence through continual professional development and regular�participation in audits (see 7.5). A process for evaluating auditors and audit team leaders is described in 7.6.

8.6��.3��I�M0$� �� :�� J@� #�1�� /4� A>�3

� �<�T:�� 4� ��N��4� ��:�: �� !� ��:7�� K� 5��(��6��$��<��3�:��) 3�I�MU�� ) 3��

�A�� b � #� M�F�� 7?� �� <�t� %# � IJ@� ��7?��K�D'� ��7?�� ) 3� � �� (�� 7?�� 7�?

�I�MU��G7��<��a��$�� =��?5 �

��.��:�: ��I�MU��G7��I�� .'�A��: ��z(3��!�� 7�?�A��b �/�>3��: �� 5

��3#� ��2?4� �� 7?� P <3� /4� �� "��+#�� A>�3��M$� ��$�� !�A��%�� "��+#�7��a�23��

�)��#�@��F�:��G7��=H��!��J� �8��7?��*�:��?�#3�� 61+4�5�

h0�C�#�"��#E��F�G�1.7U�VVV@� �

�%��.� �7?� �� 7�?� �� 3�� ?8�� H�� a�� 7?� �<�� %��>�� < $� /��3�A3�� G-��4

�&��]'p��

� ��T��)�&��<��%&�.��`_1��2.7� �

� �� :l�� &�� #M�� 6�� 7?� %&��)�&��<��3.7� !��#�@��)�7M ��$� ��$�T .'�)�� =�M��

�� %&�.�� #�@�� 7?� z3&� ��)�&��<��4.7

�)�&�=>1��il��A��%��>�� 4�5� �� <�� &�� #M�� B��+4� � M$� /4� �DJ3�

� � � � � �<��3.7�%��(�� %&��'� ��*+4� �� .# 1�� -��%&��'� ��*+4�� !w�@� ��2M$��*<��B�+��$�

m�7?�� #(3��5��#3�6��7?��*�:��)��.�#3�6 $�/��3

��* <��`$��T��<��#3�6 ��IJ@�A�� 7�?��n��<��#*+'5.7�o��

�=>1��3�6.7��A��)��7�M��N�� #��


��b342002:19011�n%�� M�� # ��o�

29

i��3 ��c��B&.� ��(��3

4.3.7

��c��B&.� ��VV@

2.3.7 , 1.3.7

�� VV% ��c��B&.� ��(�� %

3.3.7

��).��5".��&�<��"��=-��E��&�<��4.7�

�VV�+fI��VVV+��2.7�

�5LI��44�6��F�L��U c��

L��VVVVVV�F�

Competence

Figure 4 - Concept of competence�

Quality

Quality-specific Knowledge and skills

7.3.3

Education Work Auditor Audit experience training experience

7.4

Personal attributes 7.2�

Environmental

Environmental-specific Knowledge and skills

7.3.4

Generic Knowledge and skills

7.3.1and 7.3.2

��b342002:19011�n%�� M�� # ��o�


30

7.2 Personal attributes Auditors should possess personal attributes to enable them to act in accordance with the principles of auditing described in clause 4. An auditor should be: a) ethical, i.e. fair, truthful, sincere, honest and discreet; b) open-minded, i.e. willing to consider alternative ideas or points of view; c) diplomatic, i.e. tactful in dealing with people; d) observant, i.e. actively aware of physical surroundings and activities; e) perceptive, i.e. instinctively aware of and able to understand situations; f) versatile, i.e. adjusts readily to different situations; g) tenacious, i.e. persistent, focused on achieving objectives; h) decisive, i.e. reaches timely conclusions based on logical reasoning and analysis; and i) self-reliant, i.e. acts and functions independently while interacting effectively with others. 7.3 Knowledge and skills 7.3.1 Generic knowledge and skills of quality management system and environmental management�system auditors Auditors should have knowledge and skills in the following areas. a) Audit principles, procedures and techniques: to enable the auditor to apply those appropriate to different audits�and ensure that audits are conducted in a consistent and systematic manner. An auditor should be able \ to apply audit principles, procedures and techniques, \ to plan and organize the work effectively, \ to conduct the audit within the agreed time schedule, \ to prioritize and focus on matters of significance, \ to collect information through effective interviewing, listening, observing and reviewing documents, recordsand data,

2.7��"D��VV�+fI�� A��)�<>�� `_1��`��A��7��#�� 3� /��z(3

� 3� ��$�=�M�� S�� L�%#�� %&�.n4�o

��/�>3�/4�z(3�p�� 4\� J@�� V�p��m$� �O��A>�3��F��?�/�>3� /4� �<M�$

��3b+��<��`7_��j\�=�M��i � �p��I�7D�I��M �'��7?�/�>3�/4��<M�$

�m73�$�#*<�� 4�y \��7$�p��A3#@X��S��=��M ��7$��/�>3�/4��\�� *DJ�� p��*DJ��7?� �&�� /�>3� /4� �<M�$

��3�<M$�m��D�A��61+U��M��6��-��y�\�� p��a��)��7?��&��/�>3�/4��<M�$��\��7�0 �p��a��7?�)7�0 ��7?��&��/�>3�/4��<M�$

��7 _��t�\��#$�H�p��Y��U��t�(+'��7?�#$�H3�/4��<M�$�[\��&�#��V�_�'��7?��&��7��h��= 3�/4��<M�$�

��#�T� �� J�7: �� 7?� %�� M�� "N� <7�� :��6<��

E�\��m��$�J� T�p��=?�� m<>�3��J� T��=�M3�/4��<M�$A3#@X��S��%��>$5�

�3.7��c"��B&."��

1.3.7�� R#�"�� .�� c"�� B&."��

�F�(��#M��&��$�/��S � 3�/4�z(3��X�p�� #o�L�d�� G+�U(�)��L��6�� 6��Z�[+

��0 �� L��1�� 'd��$4� �8��)H�� $ ��= ��X+��H6��H4�Vd�� G�� "�� 7��+�

9�+��E(�� "1$��"#�_��\ ��6�� _��XJ�+� L�d�� G+� U(�)�� )H�

�� >�\ 'd��$4�� 6�+�K�H0�>� \ �� d�� G�6�T��O+ 9��Z�.��> � \ ��8��E1�?��T��+��1�+J��d�H�G>� \ �L�d�� O�*� �� 'd��$4� L��1�� g �

�+� �� +� k� �XR�+� ��50!��L�C��)��+�L�9S��+��e1��>�


��b342002:19011�n%�� M�� # ��o�

31

− tto understand the appropriateness and consequences of using sampling techniques for auditing, − tto verify the accuracy of collected information, −� tto confirm the sufficiency and appropriateness of audit evidence to support audit findings and conclusions, − tto assess those factors that can affect the reliability of the audit findings and conclusions, − tto use work documents to record audit activities, −� tto prepare audit reports, − tto maintain the confidentiality and security of information, and − tto communicate effectively, either through personal linguistic skills or through an interpreter. b) Management system and reference documents: to enable the auditor to comprehend the scope of the audit� and apply audit criteria. Knowledge and skills in this area should cover − tthe application of management systems to different organizations, − tinteraction between the components of the management system, − tquality or environmental management system standards, applicable procedures or other management� system documents used as audit criteria, −recognizing differences between and priority of the reference documents, −� tapplication of the reference documents to different audit situations, and − tinformation systems and technology for,�authorization, security, distribution and control of documents,�data and records. c) Organizational situations: to enable the auditor to comprehend the organization's operational context. Knowledge and skills in this area should cover − torganizational size, structure, functions and relationships, − tgeneral business processes and related terminology, and −cultural and social customs of the auditee. d) Applicable laws, regulations and other requirements relevant to the discipline: to enable the auditor to work�within, and be aware of, the requirements that apply to the organization being audited. Knowledge and skills in�this area should cover \ local, regional and national codes, laws and regulations, \ contracts and agreements, \ international treaties and conventions, and \ other requirements to which the organization subscribes.

� �� <�M�� j�7�4� I��M �'�=T7T�� NJ��)��3� /4��

� ��M� �)�� 7M��A��: �� =�� NJ�� 3��.� �7?� ��.0 ��"N� +� )?��

�� J@� � �� "N� +� ��`�� 7?� #OR�� =��M�� )��

�m �J@� � �� 61+4�=�(T ��=�M��N�O��I��M �' � �� #3&��?' � ��7M��A�4��3#��7?�~��:�� m��&��IJ@�A��/�.��%��>$�A3#@U��S��[�: ��

�IJ@�A��3�s7��) # �5

j\��M #��N�O��%&��8��*+4�� p�.��A>� 3�� /4� z(3�� #�3�M�� 6�� )�� A�=�1��

��X��6�<��&��#M��p�� *< ��a7 _��%&��8��*+4��6�� %&��8��*+�#��<?�A�$�=?�� %&��'� )*<�� %&��'� )*+�� %��(��

��#@U��%&��8��*+4��N�O��6 ��# 8��-�� 7��#�3�M�.��_ T��5

�� A�� M #�� N�O�� A�$� YJ @8�� 7?� Y#M ��

��3��U��6M� � �� a��a7 _��M #��N�O��6� � S3t� ��A�X��O� 7��7M�� <>��*+4�

J(T��+��N�O��#��5 y \��*< ��a��p�)��)��A��A>� 3�Q>�

� /4� z(3� �&�� #M�� *< 7�� 7�M��=�1��X��p

�

� �%01<��J?��aN�]��A3�>��)(D�� _��:76 ��I��?U��%&��8��M��7�M��

�G��$ � �H�� M�� ) 3� � �� (7�� ?�� 8��

��7? ��\��_�� #@X�� +�>�� iN��7�� A�+��

� ��*<�� q #�$� p�&�K'� �� =�M�� A�� A>� 3� Q>��G�� .&��/�>3�/4��7?�� ) 3�� (��D��F��6s��/4�z(3��6�<��&��#M��p

� ��7�8��7:��Y�#?U��iN��7��A�+�� 8��M�� 8��M�� %01<��$��@��#@4��76 ��W4 �

��b342002:19011�n%�� M�� # ��o�

�%�� M�� # ��\�Certified translation © ISO19011: 2002��]��:�� :��S��

32

7.3.2 Generic knowledge and skills of audit team leaders Audit team leaders should have additional knowledge and skills in audit leadership to facilitate the efficient and�effective conduct of the audit. An audit team leader should be able \ to plan the audit and make effective use of resources during the audit, \ to represent the audit team in communications with the audit client and auditee, \ to organize and direct audit team members, \ to provide direction and guidance to auditors-in-training, \ to lead the audit team to reach the audit conclusions, \ to prevent and resolve conflicts, and \ to prepare and complete the audit report. 7.3.3 Specific knowledge and skills of quality management system auditors Quality management system auditors should have knowledge and skills in the following areas. a) Quality-related methods and techniques: to enable the auditor to examine quality�management systems and to� generate appropriate audit findings and conclusions. Knowledge and skills in this area should cover \ quality terminology, \ quality management principles and their application, and \ quality management tools and their application (for example statistical process control, failure mode and�effect analysis, etc.). b) Processes and products, including services: to enable the auditor to comprehend the technological context in�which the audit is being conducted. Knowledge and skills in this area should cover \ sector-specific terminology, \ technical characteristics of processes and products, including services, and \sector-specific processes and practices. 7.3.4 Specific knowledge and skills of environmental management system auditors Environmental management system auditors should have knowledge and skills in the following areas. a) Environmental management methods and techniques: to enable the auditor to examine environmental� management systems and to generate appropriate audit findings and�conclusions. Knowledge and skills in this� area should cover

2.3.7��c��.��B&."��j&B� � �7: 3� /4� z(3%��M��$� �� #��&�� #

�A�� G�V� )�<>�3� �>�� 7�?� %�� l8��%��.��T$�� 7�M$��!�/�>3�/4�z(3��N��

��7?��&�� 3#p �

� ��7�?��<O4��&��7��=H�U�� _ �8�� {�6_�� 5

� �� =��M$� I�`�8�� 3#� =H�3� /4��7?�� ) 3�� (��

� �� 3#��2?4�m� ��)�*<� � �z3&� ��h:��A��L&'��m� � $�� J@��'�I��7�� 3#�%�� =.�1��=:3��S<�3�/4 � �� #3#��I��> �'��?'

3.3.7��c�� ++f�� B&."�� R#��

��#M��$� %��(�� %&��'� )*+� �� 7: 3� /4� z(3��X��F�(��&��p

�

� 4u%��(��$��7M ��<��N�`D8�� #6�� p�A>� 3�Q>��"N� +��'�I��%��(��%&��'��*+��P :�A��

�� J@�� %��(��$��_��:76 �� 6��%��(��%&��'�� 6��%��(��%&��'��4�n��#��I�H��=��7?

��'�)�7T��=�7: ��=1��K�<��N�`D'��7�M��o55

�ju��_��<�2 ��( <��7�M�� p�A>� 3�Q>�� # '� �<?� � ��<> �� )�� A��

�X��E��<��&��#M��6s��/4�z(3��p��

� �A�M��B�6�$��_��:76 �� _��<�2 ��( <��7�M7��<��w��_�� A�M��B�6��&��7�?

4.3.7��c�� ++f�� B&."��R#�� "#� _9�- �� "1$��L�E�8 ��+� �q�)�� 'E�(G� ��C� ��

��]��L?�9 �� #o�� q�)�� 'E�(R� ��6�� _��XJ�+� u�H��$ �� 3$�

�I��C� E� NG+� �q�)�� 'E�(G� � �C�� / &��

�O�9 �� .2� �� L�E�8 ��+� �� +� �� N�*+

��]��H<��"#�_9��


��b342002:19011�n%�� M�� # ��o�

33

environmental terminology, `tenvironmental management principles and their application, and `tenvironmental management tools (such as environmental aspect/impact evaluation, life cycle assessment,� environmental performance evaluation, etc.). b) Environmental science and technology: to enable the auditor to comprehend the fundamental relationships between human activities and the environment. Knowledge and skills in this area should cover `tthe impact of human activities on the�environment, `tinteraction of ecosystems, `tenvironmental media (e.g. air, water, land), `tmanagement of natural resources (e.g. fossil fuels, water, flora and fauna), and `tgeneral methods of environmental protection. c) Technical and environmental aspects of operations: to enable the auditor to comprehend the interaction of the�auditee’s activities, products, services and operations with the environment. Knowledge and skills in this area�should cover `tsector-specific terminology, `tenvironmental aspects and impacts, `tmethods for evaluating the significance of environmental aspects, `tcritical characteristics of operational processes, products and services, `tmonitoring and measurement techniques, and `ttechnologies for the prevention of pollution. 7.4 Education, work experience, auditor training and audit experience 7.4.1 Auditors Auditors should have the following education, work experience, auditor training and audit experience. a) They should have completed an education sufficient to acquire the knowledge and skills described in 7.3. b) They should have work experience that contributes to the development of the knowledge and skills described� in 7.3.3 and 7.3.4. This work experience should be in a technical, managerial or professional position involving� the exercise of judgement, problem solving, and communication with other managerial or professional� personnel, peers, customers and/or other interested parties. Part of the work experience should be in a position where the activities undertaken contribute to the�development of knowledge and skills in \ the quality management field for quality management system auditors, and

\ ��-��$��_��:76 �� \ ��-��%&��8��6�� \ ��4��-��%&��8��6��n)��=H��%&��'��

U��)��%��:��%&��)��-��-��,��'�555o �ju��-�� <>��)7?��p�)��A��A>� 3�Q>�

��-��/�T+8��61+4�A�$� ��U��JM��,�/4�z(3��X��E��<��I�(��&��#M��6s��p

� ��-��7?�/�T+8��61+4�#�O0� � ��-��*+4�A�$�=@�� =?�� -��{N�n�q &U��=H��o � � ��M��6�� &�� %&��'� n�� 3#�:�� =H�

��<��+��:��:��o � ��-��3��(��M�� #6��

��7�M7�� <�� -��)��y � � p��A>� 3�Q>�( <��7?��(��61+4�A�$�=?�� )��A��

��#M�� 6s�� /4� z(3�� -�� S�� 7�M�� _��X��I�(��&��p�

� �A�M��B�6��:76 � � ��-��#�O0��)�� m�-��)��)�� #K � ��_��( <��7�M7�� #:��w��_�� <��z��U��#� � �� <> �� #6��[�7 ��S<� �

4.7�� ).�� &�f��)".��&�<�� C�#�"�� =-��E�� 1.4.71 #�"��

�z3&� �� =�M�� %#�@�� )�7M �� A��7�� #� 3� /4� z(3�� %#�@��

� 4u�)�� i�T�� >�� &�� 4� �� +�>3� /4��<��%&�.��%#�_��#M��7?�I�`:��$3.7��

��j�\�#3�6�� )��T�� =�M�� %#�@� )�3�� /�>3� /4�

� �<�� %&�.�� )��#�@�� )� #M�3.3.7�,�4.3.7��3�� <� aN�t�� =�M�� %#�@� /�>�� /4� z(3��=D�� LU�� 7?� )>:�� &�� G�V� �� $� ��<��

� A��<�� A3#@X��w�_LU�$� I�`�8�� =.�1��%��J�M��#�*<��#@4��<�M��Y�#K4�W4��4��

�/0$�i�T3�Sl��/�>3�/4�z(3�=�M��%#�@�A��b ��&��#M��#3�6��61+U��)��T�p�

�� %��(��%&��'��*+4��%��(��%&��'�I�(��

��-��%&��8��I�(��-��%&��'��*+4��

��b342002:19011�n%�� M�� # ��o�


34

`the environmental management field for environmental management system auditors. c) They should have completed auditor training that contributes to the development of the knowledge and skills�described in 7.3.1 as well as in 7.3.3 and 7.3.4. This training may be provided by the person's own�organization or by an�external organization. d) They should have audit experience in the activities described in clause 6. This experience should have been�gained under the direction and guidance of an auditor who is competent as an audit team leader in the same�discipline. NOTE The extent of direction and guidance (here and in 7.4.2, 7.4.3 and Table1) needed during an audit is at the�discretion of those assigned the responsibility for managing the audit programme and the audit team leader. The provision of�direction and guidance does not imply constant supervision and does not require someone to be assigned solely to the task. 7.4.2 Audit team leaders An audit team leader should have acquired additional audit experience to develop the knowledge and skills�described in 7.3.2. This additional experience should have been gained while acting in the role of an audit team�leader under the direction and guidance of another auditor who is competent as an audit team leader. 7.4.3 Auditors who audit both quality and environmental management systems Quality management system or environmental management system auditors who wish to become auditors in the�second discipline a) should have the training and work experience needed to acquire the knowledge and skills for the second�discipline, and b) should have conducted audits covering the management system in the second discipline under the direction�and guidance of an auditor who is competent as an audit team leader in the second discipline. An audit team leader in one discipline should meet the above recommendations to become an audit team leader in�the second discipline.

\ ��-��%&��8��I�(��-��%&��'��*+4��5 y \�)��T3�� z3&�� 4� �� +�>3�/4�z(3� �

� �<�� %&�.�� &�� #M��#3�6�� 1.3.7��'��l8�$3.3.7�,�4.3.7��A��z3&� �� A>

�� &�@�� A��4�%01<��G7 �3��P _1��#�3�/4��

��\�%&�.��61+Z�� %#�@�)�3��/�>3�/4�z(3��%#��6�%#�_�� 7?� ��7 D��/�>3�/4�z(3��

%��.��+�m��L&'��m� ��h:��N��3#�� I�(��5�

�� d;�� 7 �� /'� ��L&8�� m� �n��<�� <?

2.4.7�,�3.47�I��(��1�o��/�>3�� <O4�j�76�� %&��'�"��+#$�A?�A��-T�� FR��Y# ��h:��

��N�� 3#�5��<�l��<M3F��L&8��m� � ��/'��#��$��#��=�M3�/4��234�z76 3F��#� T��Y�#L8�5�

��

2.4.7��-&B�� #� 3� /4� z(3�� N�� %#�@� �� 3#�

��<�� %&�.�� &�� #M�� #3�6 �� l8�2.3.7� ��

� &��m �&�� <?� ��7?� = D� �� /�>3� /4� z(3��N��%��.�m��#@��Y�#L'��%��h:�� 3#�N��

��3#�� 5��

3.4.7�� 1 #�"�� 1 #�-�C-J��

��r#3�A3��-��%&��'�)*+��%��(��%&��'�)*+��/'��/4�z(3��+�H��*<��A��:�`3�/��

�

� 4u��tJ��=�M�� %#�@��z3&� ��)�3�� /�>3� /4�z(3��&��#M��j�T .8��*<��+�H��

��

j\3� /4��*+4� �6s�� # v$� �� +�>� �� %&��8��*<��m�� m� �� Y�#L'�h:�� +�H��

�%��.�N�� 3#��*<��+�H��5�

�/'�N�� 3#��*<��m��#� 3�/4�z(3�I�U��i�`3�Q>�� J?4�%&�.�� N�� 3#��

��*<��+�H��

�


��b342002:19011�n%�� M�� # ��o�

35

�

��

��@�AB1�C�D��#��E��63�+��F� �@��34�G$7��@�H+(�F� �@�I�3(��F�$6�;+��=��3J�++�F�#��@>�F!�*K�

�:�C�#�"��-&B�� C��K��C��;G�RB��"�� "�� 3 )*"��+��

��=H�� =H��3�+�H��7D#��)�7M��

n��#*+4�*DJ��o�)�7M ��

��=H�� =H��5��<��

�n��*DJ��#*+42o��<��B��(�

%#�_��

��=H��/� <��+�H��*<�� T<��$��n��*DJ��#*+43o��

/� <��<T��A��=�U��7?��T�_��

��=�M��%#�@�%��(��%&��'�I�(�

4�-��

��=H��247?�z3&��?��

�+�H��*<�� T<��$��n��*DJ��#*+44o��

40�� 7?�z3&��?�� 7?�z3&� ��

3��7��.�� 8�15�=�U��7?��3�

.��=�M3�N��3#��m� ��Y�#L'�h:��N��

��3#��.�n�#*+4��*DJ��5�o��/4��?�#3�

�/�>��IJ@�h�� A��#�@U��A� <T��

4�� 8��7��.��15��=�U��7?��3�

�Y�#L'��m� ��h:��+�H��*<��N��3#��.�n��#*+4

��*DJ��5�o��/�>��/4��?�#3��A� <T��IJ@�h��

A��#�@U��

4�� 8��7��.��20�h:��.�=�U��7?��3�

�Y�#L'��m� ��h:��z3&� ��..��N��3#��n�

��*DJ��#*+45�o��/4��?�#3��<T��IJ@�� /�>�

%#�@U��OJH��

�� %#�@�

��d;�1�7��)�7M ��*+�A��b ��+�H��)�7M ��,��N�� $8��7D#��M$��03��I�@��=��m��> �'�) 3��3�� 4��M��(7��=O��M��4��M��(��

��d;�2�7�3�+�H��7D#��M$��<��7M��7D#��)�4��P _1��/�.��V'��D��M$�%#�_��<��?�=�7��A>�3��d;�3�7��S��h��+��$�T .'�A>�3�)*<��A��+�H��*<��=�M��%#�@I�U��*<��d;�4�7�A��<��$��:l��6_��.��6s3�� =��>�� 3.6��'�6.6�� %#�@�/4��DJ3��

%&��8��*<��<$��.��6s��/4�z(3�

7.4.4 Levels of education, work experience, auditor training and audit experience Organizations should establish the levels of the education, work experience, auditor training and audit experience�an auditor needs to gain the knowledge and skills appropriate to the audit programme by applying Steps 1 and 2 of the evaluation process described in 7.6.2. Experience has shown that the levels given in Table 1 are appropriate for auditors conducting certification or similar�audits. Depending on the audit programme, higher or lower levels may be appropriate.

�=�M�� #�@�� )�7M �� 3� T�� 01<�� #�� /4� z(3�9� :3� �� 7�� %#�@�� A�� z3&��

�� #M��6 $� z3&� �� "��+#�� <�� &�� 6_��n1� o� �n2� o�%#�� %&�.��)�� 7�M�

2.6.75�

� I��(�� %�� 3� T�� /4�%#�_��il��n1�o��4� ��1�� /�:<�3� A3�� A��7�� NJ�� <��K��2�_<��4� ��?��3� T�� /�>�� 7O��

�+#�� "�

��b342002:19011�n�� # ��%�� M��o�


36

Table 1 — Example of levels of education, work experience, auditor training and audit experience�for auditors conducting certification or similar audits

Parameter Auditor Auditor in both

disciplines Audit team leader

Education �

Secondary education (see Note 1)

Same as for auditor

Same as for auditor

Total work experience �

5 years (see Note 2)

�

Same as for auditor �


Work experience in quality or�environmental�management�field

�

At least 2 years of the total 5 years

�

2 years in the second discipline (see Note 3)

�


Auditor training �

40 h of audit training �

24 h of training in the second discipline (see Note 4)


Audit experience �

Four complete audits for a total of at least 20 days of audit experience as an auditor-in-training under the�direction and guidance of an�auditor competent as an�audit team leader (see Note 5). The audits should be completed within the last three consecutive years

�

Three complete audits for�a�total of at least 15 days of�audit experience in the second discipline under the�direction and guidance of an�auditor competent as an�audit team leader in the�second discipline (see� Note 5). The audits should be completed within the last two�consecutive years

�

Three complete audits for a�total of at least 15 days of�audit experience acting in�the role of an audit team�leader under the direction and guidance of an auditor competent as an audit team leader (see Note 5). The audits should be completed within the last twoconsecutive years

�

NOTE 1 Secondary education is that part of the national educational system that comes after the primary or elementary stage, but that is�completed prior to entrance to a university or similar educational institution. NOTE 2 The number of years of work experience may be reduced by 1 year if the person has completed appropriate post-secondary education. NOTE 3 The work experience in the second discipline may be concurrent with the work experience in the first discipline. NOTE 4 The training in the second discipline is to acquire knowledge of the relevant standards, laws, regulations, principles, methods�and�techniques. NOTE 5 A complete audit is an audit covering all of the steps described in 6.3 to 6.6. The overall audit experience should cover the entire�management system standard.

�

M�� # ��%��\�Certified translation © ISO19011: 2002�]��:�� :��S��

��b342002:19011�n # ��%�� M��o�

37

7.5 Maintenance and improvement of competence 7.5.1 Continual professional development Continual professional development is concerned with the maintenance and improvement of knowledge, skills and�personal attributes. This can be achieved through means such as additional work experience, training, private study, coaching, attendance at meetings,�seminars and conferences or other relevant activities. Auditors should�demonstrate their continual professional development. The continual professional development activities should take into account changes in the needs of the individual�and the organization, the practice of auditing, standards and other requirements. 7.5.2 Maintenance of auditing ability Auditors should maintain and demonstrate their auditing ability through regular participation in audits of quality�and/or environmental�management systems. 7.6 Auditor evaluation 7.6.1 General The evaluation of auditors and audit team leaders should be planned, implemented and recorded in accordance�with audit programme procedures to provide an outcome that is objective, consistent, fair and reliable. The�evaluation process should identify training and other skill enhancement�needs. The evaluation of auditors occurs at the following different stages: ` the initial evaluation of persons who wish to become auditors; ` the evaluation of the auditors as part of the audit team selection process described in 6.2.4; ` the continual evaluation of auditor performance to identify needs for maintenance and�improvement of�knowledge and skills. Figure 5 illustrates the relationship between these stages of evaluation. The process steps described in 7.6.2 may be used in each of these stages of evaluation.

�5.7�cK�D(E��F�L��R)@�k�(��1.5.7�&- *��&"�D"��RKc"��

�A�T:�� 7?� �*�:��$#� T�� <��#3�6 �� <M3� ��`_1�� `�� &�� #M�� 5��:�� A>�3�� l8�� #�_��.�=N�� %�M$� ��&�� z3&� ��

��<�� ?�� 8�� &�2D�� )�7M �� `_1�� $� �7 �� V� �#@U�� 61+U�� #��R��5��<�� #3�6 �� 7?� )��&�� &��]'� A�� 7?�

#� T��#�s�� %�?�#�� #� T�� <�� #3�6 �� 61+4� �7?�z(3

��*<��#U�� D'�!��# '� #K#�s�� #@U��76 ��.�

��

2.5.7��#��R)@�k�(�� I��?4� �� )��&�� 7?� �*�:�� A�� 7?�%&��'�)*+��%��(��%&��'�)*+��* <��T��$

�-��5�

6.7��C�#�"��#E�1.6.7@��U�VVV �)��/'A��%��<��m6�6_��z(3�� #�

� �� "��+#$� ��# 8� ��K� m7�(T��6?8�"N� +�m�?�l�� 7?� �� ?8��A>�3�� ?�/�>��!��7�?��

�/4�z(3�)�� :��z3&� ��'��34�� D��.0 ��#@4%&��.�

��A��)��z(3��=D�#�� 7 _��p�

� �/�� /��r#3� A3�� w�_LZ�� N�� $8�� )��

�A��:�`3�� 3#� &�� @'� ��7�?� A�� b(.� A�� )��

��<��%&�.��\�\f� � �~��:7�� D8��3�: ��A��U�#� T��)��

��#3�6��&��#M��7?5 � ��3��)�&�=>1��il5�)�� 7��7 _��=D�#��A�$��JM��

��<��%&�.��7�M��6@�/'2.6.7�A>��A��)�� =D�#��=.��_ T��/4�

��

��b342002:19011�n%�� M�� # ��o�


38

��F�VVVL��&VVV- *E Development of

competence

�N�� $8��)��

Initial evaluation (7.6)�

~��:��#3�6��%��>��7?�

Maintenance and improvement Of competence�

(5.7)

��3#�&�� @'Q��

Auditing team selection (6.2.4) �

�� Auditing�

�n�%#��6o�

�5LI��45�6�C�3��;.��5d�&��#��

��

Auditor

#�3�M�� T��#�r

Criteria not met

#�3�M�� T�

Criteria

met

#�3�M�� T�

Criteria

met

#�3�M�� r�� T��#�

Criteria not met

�&�� @'�) 3�)�

Not selected


��b342002:19011�n%�� M�� # ��o�

��Z��#� T��)��

Continual evaluation Of performance�

(6.7)�

39

7.6.2 Evaluation process The evaluation process involves four main steps. Step 1 — Identify the personal attributes, and the knowledge and skills to meet the needs of the audit programme In deciding the appropriate knowledge and skills, the following should be considered: − the size, nature and complexity of the organization to be audited; − the objectives and extent of the audit programme; − certification/registration and accreditation requirements; − the role of the audit process in the management of the organization to be audited; − the level of confidence required in the audit programme; − the complexity of the management system to be audited. Step 2 — Set the evaluation criteria The criteria may be quantitative (such as the years of work experience and education, number of audits conducted,�hours of audit training) or qualitative (such as having demonstrated�personal attributes, knowledge or the�performance of the skills, in training or in the workplace). Step 3 — Select the appropriate evaluation method Evaluation should be undertaken by a person or a panel using one or more of the methods selected from those in�Table 2. In using Table 2, the following should be noted: \ the methods outlined represent a range of options and may not apply in all situations; \ the various methods outlined can differ in their reliability; \ typically, a combination of methods should be used to ensure an outcome that is objective, consistent, fair and�reliable. Step 4 — Conduct the evaluation In this step the information collected about the person is compared against the criteria set in Step 2. Where a�person does not meet the�criteria, additional training, work and/or audit experience are required, following which�there should be a re-evaluation.

2.6.7��#��)"@ ��

��T�N&��6@��M$&4��7?�)�� 7�?�=� 1�

� *f��1 N � �-�(E��"D��B&."�� +fI��9��&3��%��dl3�F�B )��c"��

��

�M��#3#� ��<��&��#,��X��%�?�#��z(3��p�� ) 3� � �� %01<�� M�� M��]�� )(D

��7?. � �� "��+#$��Y��4.� �� =�(T ��1��i<��76 �� ?8��. � ��7?��%01<��%&��'�� 7�?�&�� "��+#$��$�76��H�� T�� ) 3�� %&��8��*+��M�� 7?�.� �

�� *f��2 �N$H��#��&�-�.��

� ��.� �� &��M�� /�>3� �� n�=�M�� %#�@� ��<��=H��z3&��?�� $�� #��?��)�7M ��

� �� o,� ��.� /�>3� �� 4�� n� &��]'�� =H��T��#M��4��`_1��A.��4�z3&� ��U��&�

=�M��5��

�� *f��3�N��K"��#��#-&>��<��)�� A>�3��3�/4��3#K�A��_ T��-��4�P _L�

�I��(�� #6��G7��A�� &�� @'�) 3�#H.4n2o!��<?��I��(��_ �'n2�o��X��*DJ��z(3p�

�� '�&�1�� #6��=H��?��(��A��&�� @8��A�

a��=.��7?��6<��F��A>��5�� ?� �� I�(�� '� &�1�� #6�� a7 _�

��7?�� ?8� � ��'�I��7�� 7 _�� #6��A��"3b��_ �'�z(3

"N� +��7?�� ?8��A>�3��?�/�>��4��:��5

��6��B4�C<��/��L�I��#�� '1H0�� V.2� �� L��1�� "W��8�� 9��O1��

� �� / 0!��8�CE�� '(1 1 �� g�� '1H0��@2� A�=CW�� 4� / 0!�� 6�� [G+

�� '�)*�+#�� '�)*�+#��QG�_�E ��G�v��&��-�*#�'��= ��2 �4+��QG.

�

��b342002:19011�n%�� M�� # ��o�


40

��O+ 9��jQ1��12+�w ��*�(�� I��C�)��8��e1�+�� L�1H*��)H��M��O1��O�;��12��]�+3 ��@��2�<I��#��M�N��

�

�3::::=�2� %�:::::-2� I��#��M�N�

�M�f1��+� _�E ��+� �� L�9X� ��&�

�� '�)*+�

� ��*��&�� L��9S��

�k1 ��+� ��qXJ�� s�F+� x#�� k�H�XG

�d�(J��+�-+�$!��+�L�(�8!��+�r �0YP�

��6��+�

4�S�� d�(#�O1��L��1��1�� 4�9�R��x#��)�S��+��

�L�e(�& ��+� =1�� 8 +� ��50!�� L�4��

��C1��

�O�5�R�� L�E�8�+� ��50!�� L��5��

��+�E�)�*R�� +� L��1�� &�

�)S�$��QG�L��1��O15&��+�

��50!��4��

�O1��d�(J�+�� ' 2�!�+�E�+(J��g�D1�

��f1��)F�

��)H��'E ��+��50!��L��5��

L�E�8 ��+��

L��

�L�E�)�*G+� ��&��+� ��8�!�� L�E�)�*R�

��S�6��'E �

�� +� ��50!�� L��5��

�8��)H�+�L�E�8 ��+�

�E�)�*R��

�� g�� y��6��+� ��

��8�� 89��+� ��

�� d��T��+�

�� "1$�� m�� L��1�� 1��

�)X�6��z�+#��6$ ��z�'�Y�) ��

�� 4��

An example of how the steps of the evaluation process might be applied and documented for a hypothetical internal audit programme is illustrated in Table 3.

Table 2 — Evaluation methods

Evaluation method Objectives Examples

Review of records

To verify the background of the auditor

Analysis of records of education, training, employment and audit experience

Positive and negative feedback

To provide information about how the performance of the auditor is perceived

Surveys, questionnaires, personal references, testimonials, complaints, performance evaluation, peer review

Interview To evaluate personal attributes and communication skills, to verify information and test knowledge and to acquire additional information

Face-to-face and telephone interviews

Observation To evaluate personal attributes and the ability to apply knowledge and skills

Role playing, witnessed audits, on the- job performance

Testing To evaluate personal attributes and knowledge and skills and their application

Oral and written exams, psychometric testing

Post-audit review To provide information where direct observation may not be possible or appropriate

Review of the audit report and discussion with the audit client, auditee, colleagues and with the auditor

�


��b342002:19011�n%�� M�� # ��o�

41

��)��

��7�M7��<��-�

�

�-�� <>��7?

�

�-��%&��'�z��4��#K

�

��_��G�V��$��( <��7�M��

�

%��(��$��7M ��<��z��U��#6��

�

�#@X��76 ��iN��7��A�+��

�

��

%01<�7��7 _��a

�

%&��8��*+4

��M �#��N�O��

��# 8��

� �� 7��<��z��U��

�

��`_1��`��

�

�F�L��

\��

�%�1<�7��-��)��b��7?�%&��

��#�O0��

�n��M��2M$�S��7M��&��I�H��=��7?

�-��7?�S�� #�O0 ��

��# '�)��7?�%&��

��&�6��=M��&

��-�$��6��

��2M.�%#�@�m3��

��&�6��=M��&��3#

�

�#K��_ �v$�%01<��a�.�)��7?�%&��

��_ �'��%��(��#��S<�

��-��)��

�

Q-��F��)��#K�)��7?�%&��

�

�)�M�<��#K��( <��3�:��7?�%&��

�N��<��_ T��)��

�

��7@��%��(��#��#K�a��7?�%&��

��&�� @8��7�M��76 ��A�$�b�� 7?�%&��

�N��<��

�

�)��3�:��7?�%&��

�iN��7��A�+��6�

�-��7��9#_�� ( <��7�M��$��7M ��

�

��?�A�l�%��>$�=�M��7?��&��

��%01<��O�

��<3�>��

�

��7M ��b U��6��7?�%&��

�%&��8��*+0$

��# 8�� >��

�

��7@��# ��K�� # '��7?�%&��

$�I�`�8��

=�M��A.��4��A��#M��J�b��

�

��7$��A��i � ��J@4��V

��M ��T:��x�&�8�$�b�� 3��*DJ��

m�7?�� M3��&�#��zD��G�� ?�#��

�

�� *f��

�416�

��c"��B&."��+

fI��+��

��A3b_��7@��z3&��=�> �'��/�>3

��_ �'��67@�

��

�[�7 ��#��S<��<�� =�?�%#�@�m3��

=O��-�$�S�<��

�

�-��)��z3&� ��=�> �'��/�>3

�

�{�6_��a]��.�9� +8��{�6_��=�?��/�>3

��7�?

��_��T�4��=�?��/�>3

�

%��(��#��#K��6��z3&� ��I��> �'

��A.��4�I��M �'�&��]'

�&�� @8��# '��=�M

�N��<��

�

��J?�� A�+��3&��%&��I��> �'

��7?��#��) 3�� 7�M��61+U�$

�

��%�D��<��A?�=�3F��$�%�1<��=�M��

��#L'��]�

�

�%&��8��*+4�� .��# 8��)��%��#�

� ��#�3�M��Y��0$��7M ��

��

�

��OJO��4��/�>3��7@��z3&��I��> �'

��

�7@��3#��2M.�

�

=�M��A.��S<��4

�� *f��

�426�

� ��#��VV�.�

"N� <��%&�� :��z3&� ��J(��M �#�

�a�]� ��J(��z3&� ��M �#�

�

a�]� ��J(��M �#�

�

z3&� ��J(��M �#�

�

��3��

�f��c"��B&."��

�

#�a�]� ��J(��M �

�

z3&� ��J(��M �#�

��*DJ��

�

�� 3��f��c"��B&."��

�

z3&� ��J(��M �#�

�a�]b ��J(��M �#�

�

z3&� ��J(��M �#�

�&�� @8�

��`_1��J$��

�

z3&� ��J(��M �#�

��*DJ��

�#�*<��M �#�

�

��.��c"��B&."��

�

��F��)��

�

�� *f��

�436�

��#��j&>

��@�A

3�1��3��(A�+��E��+��3+4�I��#�� L��

�

��b342002:19011�n%�� M�� # ��o�


42

Rev

iew

of t

rain

ing

reco

rds,

cou

rse

cont

ent a

nd re

sults

R

evie

w o

f tra

inin

g an

d em

ploy

men

t rec

ords

Rev

iew

of e

mpl

oym

ent

reco

rds

Rev

iew

of t

rain

ing

reco

rds

Rev

iew

of e

mpl

oym

ent

reco

rds

Rev

iew

of t

rain

ing

reco

rds

Obs

erva

tion

Rev

iew

of t

rain

ing

reco

rds

Rev

iew

of e

mpl

oym

ent

reco

rds

Rev

iew

of t

rain

ing

reco

rds�

Test

ing

Inte

rvie

w

Rev

iew

of t

rain

ing

reco

rds

Obs

erva

tion

Pee

r rev

iew

Per

form

ance

eva

luat

ion

Ste

p 3

Eva

luat

ion

met

hods

Com

plet

ed a

n in

-hou

se tr

aini

ng c

ours

e on

m

ater

ials

sto

rage

, mix

ing,

use

, dis

posa

l and

thei

r en

viro

nmen

tal i

mpa

cts.

C

ompl

eted

trai

ning

in th

e E

mer

genc

y R

espo

nse

Pla

n an

d ex

perie

nce

as a

mem

ber

of th

e em

erge

ncy

resp

onse

team

.

Six

mon

ths

of w

ork

expe

rienc

e in

pol

lutio

n pr

even

tion

and

cont

rol i

n a

sim

ilar m

anuf

actu

ring

envi

ronm

ent.

Com

plet

ed tr

aini

ng in

env

ironm

enta

l per

form

ance

ev

alua

tion.

Wor

ked

in th

e pr

oduc

tion

plan

ning

as

proc

ess

plan

ning

cle

rk.

Wor

ked

in th

e se

rvic

e de

part

men

t.

Com

plet

ed tr

aini

ng in

the

appl

icat

ion

of q

ualit

y co

ntro

l met

hods

. D

emon

stra

ted

wor

k pl

ace

use

of in

-pro

cess

and

fin

al te

stin

g pr

oced

ures

.

Com

plet

ed a

trai

ning

cou

rse

on th

e la

ws

rele

vant�to

the

activ

ities

and

pro

cess

es to

be

audi

ted.

Wor

ked

for

the

orga

niza

tion

for

at le

ast o

ne y

ear

in�a

su

perv

isor

y ro

le

Rea

d an

d un

ders

tood

the

proc

edur

es in

the

Man

agem

ent S

yste

m M

anua

l rel

evan

t to

the

audi

t�ob

ject

ives

, sco

pe a

nd c

riter

ia.

Com

plet

ed a

n in

tern

al a

udito

r tr

aini

ng c

ours

e.

Per

form

ed th

ree

audi

ts a

s a

mem

ber

of a

n in

tern

al

audi

t tea

m.

Sat

isfa

ctor

y pe

rfor

man

ce in

the

wor

kpla

ce.

S

tep

2 E

valu

atio

n cr

iteri

a

Abi

lity

to r

ecog

nize

the

orga

niza

tion’

s en

viro

nmen

tal a

spec

ts�

and

thei

r im

pact

s (e

.g. m

ater

ials

, the

ir re

actio

ns w

ith o

ne�

anot

her

and

pote

ntia

l im

pact

on

the

envi

ronm

ent i

n th

e ev

ent

of s

pilla

ge o

r re

leas

e).

Abi

lity

to a

sses

s th

e em

erge

ncy

resp

onse

pro

cedu

res

appl

icab

le to

env

ironm

enta

l inc

iden

ts.

Abi

lity

to u

nder

stan

d ho

w th

e po

llutio

n pr

even

tion

and

cont

rol�

met

hods

use

d by

the

orga

niza

tion

addr

ess

the

orga

niza

tion’

s si

gnifi

cant

env

ironm

enta

l asp

ects

.

Abi

lity

to u

nder

stan

d m

etho

ds fo

r ev

alua

ting

envi

ronm

enta

l pe

rfor

man

ce.

Abi

lity

to id

entif

y th

e pr

oduc

ts, t

heir

man

ufac

turin

g pr

oces

s,

spec

ifica

tions

and

end

-use

.

Abi

lity

to d

escr

ibe

the

in-h

ouse

qua

lity

cont

rol m

etho

ds.�A

bilit

y to

diff

eren

tiate

bet

wee

n re

quire

men

ts fo

r in

-pro

cess

an

d fin

al te

stin

g.

Abi

lity

to id

entif

y an

d un

ders

tand

the

appl

icat

ion

of th

e re

leva

nt la

ws

and

regu

latio

ns r

elat

ed to

the

proc

esse

s,

prod

ucts

and

/or

disc

harg

es to

the

envi

ronm

ent.

Abi

lity

to o

pera

te e

ffect

ivel

y w

ithin

the

orga

niza

tion’

s cu

lture

an

d or

gani

zatio

nal a

nd r

epor

ting

stru

ctur

e.

Abi

lity

to a

pply

the

rele

vant

par

ts o

f the

Man

agem

ent S

yste

m�

Man

ual a

nd r

elat

ed p

roce

dure

s.

Abi

lity

to c

ondu

ct a

n au

dit a

ccor

ding

to in

-hou

se p

roce

dure

s,�

com

mun

icat

ing

with

kno

wn

wor

kpla

ce c

olle

ague

s.

Eth

ical

, ope

n-m

inde

d, d

iplo

mat

ic, o

bser

vant

, per

cept

ive,

ve

rsat

ile, t

enac

ious

, dec

isiv

e, s

elf-

relia

nt.

Ste

p 1

Per

sona

l attr

ibut

es, a

nd k

now

ledg

e an

d sk

ills

Tech

nica

l and

env

ironm

enta

l as

pect

s of

ope

ratio

ns

Env

ironm

enta

l sci

ence

and

te

chno

logy

Env

ironm

enta

l man

agem

ent

met

hods

and

tech

niqu

es

Env

iron

men

tal-s

peci

fic k

now

ledg

e an

d sk

ills

Pro

cess

es a

nd p

rodu

cts,

in

clud

ing

serv

ices

Qua

lity-

rela

ted

met

hods

and

te

chni

ques

Qua

lity-

spec

ific

know

led

ge a

nd s

kills

App

licab

le la

ws,

reg

ulat

ions

and

ot

her

requ

irem

ents

Org

aniz

atio

nal s

ituat

ions

Man

agem

ent s

yste

m a

nd

refe

renc

e do

cum

ents

Aud

it pr

inci

ples

, pro

cedu

res

and

tech

niqu

es

Gen

eric

kno

wle

dge

and

skill

s

Per

sona

l attr

ibut

es

Are

as o

f com

pete

nce

Tabl

e 3

— A

pplic

atio

n of

the

eval

uatio

n pr

oces

s fo

r an

aud

itor

in a

hyp

othe

tical

inte

rnal

aud

it p

rogr

amm

e

��b342002:19011�n%�� M�� # ��o�

bot.gov.krdbot.gov.krd/sites/default/files/Documents/ISO-19011-تدقيق نظم...

Documents

Transcript of bot.gov.krdbot.gov.krd/sites/default/files/Documents/ISO-19011-تدقيق نظم...