ISO 9001INTERNAL AUDITORS TRAINING- 12th Feb 2010- SNSastry [Compatibility Mode]

ISO9001:2008ISO9001:2008QUALITY MANAGEMENT SYSTEM

TRAINING ON

By S N Sastry – MR IMS

1

Part-I : Overview of ISO9001:2008 Implementation

Part-II : Orientation Towards Quality Management

Part-III : Details of ISO9001:2008 Standard

Part I : Over view of Our System

Part V : Auditors Qualities, Auditing Methodology

TRAINING ON ISO9001:2008 QUALITY MANAGEMENT SYSTEM

Part -I

Overview of

2

Overview of

ISO9001:2008 Implementation


What is ISO ?

ISO stands for …

International Organisation for Standardisation.

� It is an international body, head-quartered in Geneva.

� It has members from over 150 countries including India.

3

� It has members from over 150 countries including India.

� ISO develops standards and guidelines for the industry.

� There are thousands of ISO standards on products,

services, and management systems.

� ISO publishes standards, it does not issue any certificate.

What is ISO9001:2008 ?

ISO9001:2008 is an international standard on Quality Management

Systems, released on 15th November 2008.

ISO9001:2008 spells out the requirements of a quality

management system that need to be complied with.


4

ISO9001:2008 standard replaces the old version, i.e., ISO9001:2000.

The other two standards in the series, viz., ISO9000: 2005 and

ISO9004: 2000 supplement ISO9001:2008.

management system that need to be complied with.

What are the benefits of ISO9001:2008 implementation ?

� Systems approach to management.

� Clarity in definition of authorities and responsibilities.

� Better record keeping and documentation.

� Better traceability to root causes of quality problems.

� Rectification of errors at the earliest stage.


5

� Rectification of errors at the earliest stage.

� Lesser repetition of errors.

� Reduction in the need for multiple assessments.

� Use of recognized mark (of certifying agency) on letterheads etc.

and advertisements.

� Enhanced corporate image and market positioning.

Gap Analysis: Assessment of existing quality management practices vis-a-vis ISO9001:2008 requirements.

Orientation Training: Top / Senior Management orientation on ISO9001:2008 requirements.

Documentation: Preparation of quality manuals and formats.

Implementation: Implementation of quality system as per manuals.

Steps involved in ISO9001:2008 Certification:


6

Implementation: Implementation of quality system as per manuals.

Company-wide Training: Training on ISO9001 requirements and familiarisation of Quality Manuals & Formats, Statistical Techniques, and Internal Audit.

Internal Audits: Periodic assessment of system implementation.

Pre-assessment : Initial assessment by Certifying agency.

Final Assessment: Detailed assessment by the Certifying agency and recommendation for certification.


Who are the ISO9001:2008 Certifying Agencies ?

There are over 700 certifying agencies all over the world. Some of the ISO9001Certifying Agencies are...

� American Quality Assessors (AQA)

� Bureau of Indian Standards (BIS)

� Bureau Veritas Quality International (BVQI)

7

� Bureau Veritas Quality International (BVQI)

� Det Norske Veritas (DNV)

� Indian Register of Quality Systems (IRQS)

� International Certifications Limited (ICL)

� Lloyds Register of Quality Assurance (LRQA)

� TUV India Private Limited (TUV)

� Underwriters Laboratories (UL)


How long is the ISO9001 certificate valid ?

Normally, ISO9001:2008 certificate is issued for a period of

three years.

However, an ISO9001 certified company needs to perform satisfactorily

in the surveillance audits conducted by the certifying body.

8

Surveillance audits can be …. Five half-yearly audits.


Part -II

Orientation Towards

9

Orientation Towards

Quality Management


ISO9001:2008 is all about Quality Management System.

Then what is meant by quality ?

Quality means different things to different people.

The success of an organisation is in understanding and satisfying

10

Therefore, it is important to understand the meaning of the term

QUALITY.

The success of an organisation is in understanding and satisfying

the customers’ expectations in totality.


THE EQUATION OF QUALITY

= Fitness for use +

Quality = Customer satisfaction

Conformance to specifications +

11

Conformance to specifications +

Reliable performance +

Value for money.

The challenge of every business is to ensureensure customer satisfaction in

every transaction.


What Mahatma Gandhi (the father of Indian Nation) said about What Mahatma Gandhi (the father of Indian Nation) said about

customer satisfaction ?customer satisfaction ?

“Customer is the most important visitor on our premises”.

“He is not dependent on us. We are dependent on him.”

“He is not an interruption on our work. He is the purpose of it.”

12

“He is not an interruption on our work. He is the purpose of it.”

“He is not an outsider on our business. He is a part of it.”

“We are not doing him a favour by serving him.

He is doing a favour by giving us an opportunity to do so.”


1. QUALITY

SOME DEFINITIONS

Quality is the totality of features and characteristics of a

product or service that bears on its ability to satisfy stated or

implied needs.

(This is the formal definition of Quality as per ISO9000 standard)

13

It is an indicator of category or rank related to features that cover

different sets of needs for products / services intended for the same

functional use.

2. GRADE

Please note that Quality and Grade are Not same.

(This is the formal definition of Quality as per ISO9000 standard)


3. QUALITY POLICY

It is the overall quality intentions and direction of an organisation

regarding quality, as formally expressed by top management.

4. QUALITY MANAGEMENT

SOME DEFINITIONS

14

4. QUALITY MANAGEMENT

It is that aspect of overall management function which determines

and implements the quality policy.


5. QUALITY SYSTEM

It is the organizational structure, responsibilities, procedures,

processes and resources for implementing quality management.

ISO9001:2008 standard is for quality system only.

SOME DEFINITIONS

15

ISO9001:2008 standard is for quality system only.

6. QUALITY CONTROL

It is the operational techniques and activities that are used

to fulfil requirements for quality.

Inspection / testing of incoming, in-process and final products can

be termed as quality control.


7. QUALITY ASSURANCE

All those planned and systematic actions necessary to provide

adequate confidence that a product or service will satisfy given

requirements for quality.

SOME DEFINITIONS

16

8. QUALITY AUDIT

A systemic and independent examination to determine whether

quality activities and related results comply with planned

arrangements and whether these arrangements are implemented

effectively and are suitable to achieve objectives.


QUALITY SYSTEM DOCUMENTATION

For any management system to operate effectively, there is a need

for documentation of policies, authorities and responsibilities,

procedures and guidelines, results of operations etc.

17

ISO9001:2008 standard requires that certain documentation to be

developed, established, and implemented in an organisation.

Now let us find out what are these documents ?


QUALITY SYSTEM DOCUMENTATION PYRAMID

Quality

Manual &

System

Procedures

18

Work Instructions Manual

Forms, Quality Records, Product

Specifications, Master Lists etc.

Procedures



1. QUALITY MANUAL & SYSTEM PROCEDURES

Quality manual and system procedures give broad guidelines for

implementation of each clause in the specific setup of the company.

These procedures have to be followed strictly. Non - compliance of

procedures can result in losing the certificate.

19

procedures can result in losing the certificate.

Notes :

1. Quality Manual & System Procedures are confidential documents.

Ideally, it should not be distributed to any outsiders. Clients / Auditors

may be allowed to see the documents for reference purpose only.

2. Quality Manual may be separated from System Procedures and kept

in a different folder, and distributed to customers on demand.


2. WORK INSTRUCTIONS MANUAL

Step-by-step instructions for carrying out production / service /

testing activities.

Note : Work instructions are company-specific and confidential.

3. FORMS, QUALITY RECORDS, PRODUCT SPECIFICATIONS,


20

3. FORMS, QUALITY RECORDS, PRODUCT SPECIFICATIONS,

MASTER LISTS ETC.

Quality records shall be maintained in the specified formats. Blank

form, when filled-up, becomes a record. Improper record-keeping is

a major problem in ISO9001 implementation.

Product specifications and master lists are meant for reference.

Note : Quality records are company-confidential.


Part -III

Details of

21

Details of

ISO9001:2008 Standard


ISO9001:2008 is based on process approach to Quality Management.

QMS

ProcessInputs Outputs

Controls

22

Process

Feedback

Typical QMS processes: Planning, Marketing, Purchasing, R&D,

Production, Calibration, Inspection/Testing, Management Review etc.

Inter-related processes make the Quality Management System.


Continual improvement of

Quality Management System

Customers Customers

Management

Responsibility

23

Requirements

Satisfaction

Product

Realization

Resource

Management

Measurement, Analysis

and Improvement

ProductOutput

Process-based Quality Management SystemValue-adding activities

Information flow

Input

ISO 9000:2000 Family

ISO

9000

Quality management

systems - Fundamentals

& vocabulary

Measurement

ISO

19011Audits

Guidelines

Annexes A & B for

information only

ISO

9004

Quality management

systems -

Guidelines for

performance

improvement

ISO

9001

Quality management

systems -

Requirements

Technical

Reports

PROCESS“set of interrelated or

interacting activities INPUT OUTPUT

CONTROLS

PRODUCT

PROCESS

EFFECTIVENES

S

Extent to which planned

activities are realized and

planned results achieved

ISO 9001:2000 Process Approach

A desired result is achieved more efficiently when activities and related resources are

managed as a process

interacting activities

which transforms

inputs into outputs

INPUT OUTPUT

RESOURCES

PRODUCT

PROCESS

EFFICIENCY

Relationship between the result

achieved and the resources used

Identifying,

understanding and

managing interrelated

processes as a system

contributes to the

organization’s

Process

A

Process

B

R R

R RI

II O

I

O

ISO 9001:2008 System approach to management

organization’s

effectiveness and

efficiency in achieving

its objectives

Process

C

Process

DI

CC

C C

I

I

O

O

I = INPUT

O = OUTPUT

R = RESOURCES

C = CONTROLS


ISO9001:2008 Standard is divided into eight sections as below:

1. Scope: Scope and application of the standard.

3. Terms & Definitions: Terms and definitions given in ISO9000 apply.

Wherever the term ‘Product’ is used, it can also mean ‘Service’.

2. Normative Reference: Reference to ISO9000: 2005.

4. Quality Management System: Documentation requirements.

27

4. Quality Management System: Documentation requirements.

5. Management Responsibility: (Top) management’s responsibilities.

6. Resource Management: Requirements of Resources, Personnel,

Infrastructure, and Work environment.

7. Product Realization: Requirements for departmental activities.

8. Measurement, Analysis and Improvement: About Customer

Satisfaction, Internal Audit, Corrective/Preventive actions etc.


Clause -1: SCOPE

The ISO9001:2008 standard specifies the requirements of a quality

management system where an organization …

a) needs to demonstrate its ability to consistently provide the products that meets

customer and applicable statutory and regulatory requirements.

b) aims to enhance customer satisfaction through the effective application of the

28

system and applicable statutory and regulatory requirements.

If a requirement of ISO9001:2008 cannot be applied due to the nature of

an organisation/product, it can be excluded (only from clause 7).

Note: Statutory and regulatory requirements can be expressed as legal

requirements.


Clause -2: NORMATIVE REFERENCE

The standard “ISO9000: 2005 - Quality Management Systems-

Fundamentals and vocabulary” to be referred for better understanding

of the quality management concepts applied in the ISO9001:2008

standard.

The organizations implementing ISO9001:2008 are advised to refer the

29

The organizations implementing ISO9001:2008 are advised to refer the

most recent version of ISO9000 standard.

Note: Members of ISO (like the BIS of India) and IEC maintain

registers of currently valid International standards, available to public

for reference.


Clause -3: TERMS AND DEFINITIONS

Wherever the term ‘Product’ is used, it can also mean ‘Service’.

Terms and definitions given in ISO9000 apply for ISO9001 also.

Note: The term “Organisation” denotes the firm which is

30

Note: The term “Organisation” denotes the firm which is

implementing ISO9001:2008.


Clause - 4: QUALITY MANAGEMENT SYSTEM

Sub Clause 4.1: General Requirements

The organisation shall establish, document, implement and maintain

the QMS and continually improve its effectiveness in accordance with

ISO9001:2008 requirements.

1. Determine the processes needed for the QMS and their application.

2. Determine the sequence and interaction of these processes.

31

2. Determine the sequence and interaction of these processes.

3. Determine the criteria and methods for effective process

operation and control.

4. Ensure the availability of resources & information needed for

process operation and monitoring.

5. Monitor, measure where applicable and analyse the performance.

6. Implement action plans for meeting target & continual improvement.



Sub Clause 4.2: Documentation Requirements

QMS documentation must include the following:

1. Statement of Quality Policy and Quality Objectives of the company

2. Quality Manual

3. Documented procedures and records required by ISO9001:2008

32

3. Documented procedures and records required by ISO9001:2008

4. Documents and records required for effective planning, operation, and

control of the company’s processes.

Procedures must be established, documented, implemented and maintained.

Extent of documentation depends on size of organisation, type & complexity

of activities, and the competence of personnel.

The documentation can be in any form (text, flow charts, etc.) or any type of

medium (paper, computer file, etc.)


A Quality Manual needs to be prepared, and this manual must

include the following:

1. Scope of quality management system

(what business activities are covered).

2. Details of and justification for any exclusions (E.g., Design


Sub Clause 4.2.2: Quality Manual

33

2. Details of and justification for any exclusions (E.g., Design

& Development, Process Validation etc).

3. Documented procedures (or reference to such procedures

already available in some other manual).

4. A description of the interaction between the QMS processes

(E.g., a Process Map).



Sub Clause 4.2.3: Control of Documents

QMS documents shall be controlled. A documented procedure to be

developed, defining the following controls:

1. Approval of documents for adequacy prior to issue.

2. Review, updating if required, and re-approval of documents.

3. Identification of document changes and current revision status.

34

3. Identification of document changes and current revision status.

4. Ensuring availability of latest documents at points of use.

5. Ensuring that documents remain legible & readily identifiable.

6. Identification and controlled distribution of documents of external

origin that are required for planning and operation of the QMS.

7. Prevention of unintended use of obsolete documents, and, proper

marking if they are retained for legal purposes, etc.



Sub Clause 4.2.4: Control of Records

QMS records are a special type of document, and shall be

controlled. The following requirements apply:

1. Records shall be established and maintained to provide

evidence of …

- conformity to requirements (e.g., actual value Vs specification).

35

- conformity to requirements (e.g., actual value Vs specification).

- effective operation of QMS (e.g., internal audit results).

2. Records must be legible, readily identifiable and retrievable.

3. A documented procedure must be established, defining the

controls needed for the identification, storage, protection, retrieval,

retention, and disposition of records.


Clause - 5: MANAGEMENT RESPONSIBILITY

The top management of the organisation shall demonstrate their

commitment to the development and implementation of QMS by…

- ensuring awareness of the importance of meeting requirements.

- establishing the quality policy.

- ensuring that quality objectives are established and targets are set.

36

- ensuring that quality objectives are established and targets are set.

- conducting management reviews, and

- ensuring the availability of resources.

The top management must have customer focus, and ensure that customer requirements are determined and are met with the aim of enhancing customer satisfaction.



Sub Clause 5.3: Quality Policy

Quality Policy serves as a vision statement of the organisation with

respect to customer focus.

The top management must ensure that the quality policy...

1. Is appropriate to the purpose of the organisation.

37

2. Includes a commitment to comply with requirements and

continually improve the effectiveness of QMS.

3. Provides a framework for establishing and reviewing quality objectives.

4. Is communicated and understood within the organisation.

(May be displayed in local language at office, factory, warehouse etc. )

5. Is reviewed for continuing suitability.



Sub Clause 5.4: Planning

The top management shall establish quality objectives (including those

needed to meet product requirements) at relevant functions & levels.

The top management must ensure that…

Quality objectives shall be measurable and consistent with the

quality policy of the organization.

38

The top management must ensure that…

- QMS planning is carried out in order to meet the requirements of

Clause 4.1of ISO9001:2008 and the company’s quality objectives.

- Integrity of the QMS is maintained when changes are planned and

implemented.

Departmental performance targets may be set every year as part of

QMS planning.



Sub Clause 5.5: Responsibility, Authority & Communication

Top management shall ensure that responsibilities & authorities

are defined and communicated within the organisation.

Top management shall appoint a member of the management as the

Management Representative (MR) for ISO9001 implementation.

Responsibilities & authorities of Management Representative:Responsibilities & authorities of Management Representative:

39

Responsibilities & authorities of Management Representative:Responsibilities & authorities of Management Representative:

- Ensure to establish, implement and maintain the QMS processes.

- Report QMS performance & improvement needs to Top Management.

- Promote company-wide awareness of customer requirements.

- Interact with external parties such as ISO9001 certifying agency.

Top management shall also ensure that suitable communication

processes are established for internal communication.



Sub Clause 5.6: Management Review

Top management must review the QMS performance at regular

intervals to ensure its continuing suitability, adequacy & effectiveness.

Review input (information) shall include the results of audits, customer

feedback (including customer complaints), process performance and

product conformity, status of preventive and corrective actions, follow-

40

product conformity, status of preventive and corrective actions, follow-

up actions from previous management reviews, changes that could

affect the QMS, and recommendations for improvement.

Review output shall include decisions and action plans aimed at

improvement of product / service related to customer requirements,

and effectiveness of QMS. Resource needs also to be identified.

Minutes of management reviews must be maintained.


Clause - 6: RESOURCE MANAGEMENT

Sub Clause 6.1: Provision of Resources

Organisation shall determine & provide resources needed for...

1. Implementation and maintenance of the QMS.

2. Continual improvement and effectiveness of the QMS.

3. Enhancement of customer satisfaction by meeting the

41

3. Enhancement of customer satisfaction by meeting the

customer requirements.



Sub Clause 6.2: Human Resources

Personnel whose work affect product / service quality shall be

competent with respect to the necessary education, training, skills and

experience.

Organisation shall...

1. Determine the competence requirement (for recruitment / promotion).

42

1. Determine the competence requirement (for recruitment / promotion).

2. Provide training to or re-assign the existing personnel or recruit new

people to satisfy competence requirement.

4. Ensure that the personnel are aware of the importance of their activities

and how they contribute to achievement of quality objectives.

3. Evaluate the effectiveness of training/re-assigning/recruitment).

5. Maintain the records of education, training, skills & experience.



Sub Clauses 6.3 & 6.4: Infrastructure & Work Environment

The infrastructure needed to achieve product conformity requirements

shall be determined, provided and maintained.

Infrastructure typically includes the following:

- Buildings, work space and associated utilities.

43

- Buildings, work space and associated utilities.

- Process equipment (both hardware and software).

- Supporting services such as transport, communication or information

systems.

Organisation shall also determine and manage the work environment

necessary to achieve conformity to product requirements.

Infrastructure and work environment are the Top Management’s

responsibilities, in general.


Clause -7: PRODUCT REALIZATION

Sub Clause 7.1: Planning of product realization

Quality plans shall determine (describe) the following:

1. Quality objectives and requirements of the product / service.

2. Processes, documents, and resources required for making the

A detailed plan (known as Quality Plan) for product / service realization

needs to be prepared.

44

Many customers (like auto majors, railways, etc.) demand their suppliers

to implement customer / contract-specific Quality Plans.

2. Processes, documents, and resources required for making the

product / rendering the service.

3. Verification, validation, monitoring, inspection / testing for the

product / service and the product / service acceptance criteria.

4. Quality records to be maintained at various stages of production /

service provision.



Sub Clause 7.2: Customer-related processes (Marketing and Sales)

When an enquiry is received, Sales Personnel shall determine...

1. Customer’s requirements for the product, delivery & after-sales support.

2. Requirements not stated by the customer but necessary for specified or

Effective system needs to be established for communication with

customers (marketing, enquiry & order, feedback, and complaints)

45Records of order review & amendments to be kept.

2. Requirements not stated by the customer but necessary for specified or

intended use, where known.

3. Statutory & regulatory requirements related to the product.

4. Any additional requirements determined by own organisation.

Order review shall be conducted before acceptance to ensure that

the organisation has the capability to execute the order.

Order amendments must be communicated to the persons concerned.



Sub Clause 7.3: Design and Development (D&D)

D&D planning shall determine the activities, milestones, review stages,

and the authorities and responsibilities.

D&D inputs shall cover the requirements for functionality, performance,

statutory/regulatory compliance, etc. Inputs must be reviewed.

D&D outputs shall meet the input requirements, include a bill of

46Most organisations can exclude this clause, if not applicable.

D&D outputs shall meet the input requirements, include a bill of

materials, state the product acceptance criteria, and the product

characteristics.

Stage-wise reviews shall be conducted and records maintained.

D&D verification and validation shall be carried out and the records

shall be maintained.

Design changes shall be controlled and recorded.



Sub Clause 7.4: Purchasing

Suppliers shall be selected on the basis of their ability to supply product

in accordance with the organisation’s requirements.

Records of results of evaluations and any necessary actions arising

Criteria for selection, evaluation & re-evaluation to be established.

47

Purchased product must conform to specified requirements.

Organisation must establish & implement receiving inspection or other

activities (like third-party certification) necessary for ensuring that

purchased product meets specified purchase requirements.

Records of incoming inspection must be maintained.

Records of results of evaluations and any necessary actions arising

from the evaluation shall be maintained.



Sub Clause 7.5.1 : Control of Production & Service Provision

Production & service provision must be planned and carried out

under controlled conditions.

1. Availability of information on product / service characteristics.

Controlled conditions shall include ...

48

2. Availability of work instructions (preferably in local language).

3. Use of suitable equipment (with desired process capability).

4. Availability and use of monitoring and measuring equipment.

5. Implementation of monitoring and measurement schemes.

6. Implementation of release, delivery & post-delivery activities.



Sub Clause 7.5.2 : Validation of Processes for

Production & Service Provision

Special processes like welding (where quality of output cannot be

verified by subsequent monitoring and measurement) shall be validated.

Process validation can be done by ...

49

2. Approval of equipment and qualification of personnel.

3. Use of specific methods and procedures.

4. Maintaining records of monitoring process parameters.

1. Defining criteria for process review & approval, and doing it.

Process validation can be done by ...

5. Revalidation.



Sub Clauses 7.5.3 : Identification & Traceability

7.5.4 : Customer Property

7.5.5 : Preservation of Product

Products need to be identified by suitable means (lot numbering,

tagging, etc.) throughout the manufacturing process.

Product status (OK, on-hold, rejected, etc.) needs to be established

50

Customer property (including intellectual property and personal data)

shall be identified, verified, protected and safeguarded.

Defects and losses to be reported to the customer.

Where traceability is a requirement, a unique identification (like serial

number) of the product needs to be maintained.

Product status (OK, on-hold, rejected, etc.) needs to be established

at various stages of manufacturing.

Appropriate methods shall be employed for handling, storage, packaging

and protection of the product (preservation) at various stages.



Sub Clause 7.6 : Control of Monitoring & Measuring Equipment

Monitoring and Measuring Equipment shall be selected on the basis

of measurement requirement.

Control of measuring equipment include the following:

As a thumb rule, Least count (LC) of the measuring instrument should

be less than 10% of Tolerance band.

51

1. Calibration / verification against measurement standards traceable

to International / National measurement standards.

2. Adjustment / re-adjustment as necessary (under control).

3. Affixing a calibration status sticker on the equipment.

Control of measuring equipment include the following:

4. Safeguarding from un-authorised adjustments.

5. Protecting from damage/deterioration during handling/cleaning/storage.

Calibration records must be maintained.


Clause - 8: MEASUREMENT, ANALYSIS & IMPROVEMENT

Sub Clause 8.1: General requirements

The organisation shall plan and implement the monitoring,

measurement, analysis and improvement processes needed...

1. To demonstrate conformity of the product.

2. To ensure conformity of the quality management system and

52

This shall include determination of applicable methods, including

statistical techniques and the extent of their use.

2. To ensure conformity of the quality management system and

3. To continually improve the effectiveness of the QMS.



Sub Clause 8.2.1: Customer satisfaction

Organisation shall monitor the information relating to customer

perception (not just satisfaction) as to whether the organisation has met

customer requirements.

Methods for obtaining and using the customer perception data

shall be determined. (Approaching a customer every now and then

53

Analysis of customer perception data is one of the most important

activities in ISO9001:2008 implementation.

shall be determined. (Approaching a customer every now and then

for feedback can result in dissatisfaction)

Customer perception analysis (satisfaction survey, complaints, lost

business analysis, compliments, opinion surveys, etc.) MUST be

reviewed in the subsequent Management Review meeting, and suitable

corrective & preventive actions need to be initiated.



Sub Clause 8.2.2: Internal audit

The organisation shall use a documented procedure and conduct

internal audits at planned intervals to determine whether the QMS...

1. Conforms to the requirements of ISO9001:2008 standard and

to the QMS requirements established by the organisation, and

2. Is effectively implemented and maintained.

54Internal audit records must be maintained.

2. Is effectively implemented and maintained.

Internal audits shall be planned, considering the status and

importance of processes being audited.

Audit criteria, scope, frequency and methods shall be defined.

Internal auditors must be qualified (through formal training), and they

should be independent of the area being audited.

Internal audit findings to be discussed in Management Review.



Sub Clause 8.2.3: Monitoring and measurement of processes

The organisation shall apply suitable methods for monitoring and

where applicable measurement of the QMS processes.

These methods shall demonstrate the ability of the processes to

achieve planned results.

55

When planned results are not achieved, correction and corrective action

shall be taken as appropriate to ensure conformity of the product.



Sub Clause 8.2.4: Monitoring & measurement of product

The organisation shall monitor and measure the characteristics of the

product to verify that product requirements have been met.

This shall be carried out at appropriate stages of the product

realization process in accordance with the planned arrangements.

Evidence of conformity with the acceptance criteria shall be maintained.

56

Evidence of conformity with the acceptance criteria shall be maintained.

Records shall indicate the person(s) authorizing release of product.

Product release and service delivery shall not proceed until the

planned arrangements (inspection / testing etc.) have been satisfactorily

completed, unless otherwise approved by a relevant authority, and

where applicable, by the customer.



Sub Clause 8.3 : Control of non-conforming product

The organisation shall ensure that product which does not conform

to product requirements is identified & controlled to prevent its

unintended use or delivery.

The controls and related responsibilities and authorities for dealing with

non-conforming product shall be defined in a documented procedure.

57

non-conforming product shall be defined in a documented procedure.

The organisation shall deal with non-conforming product by...

1. Taking action to eliminate the detected non-conformity.

2. Authorizing its use, release or acceptance under concession by

a relevant authority and where applicable by the customer.

3. Taking action to preclude its original intended use or application.

Records of non-conforming product disposal must be maintained.



Sub Clause 8.4: Analysis of data

Appropriate data should be collected & analyzed to demonstrate the

stability and effectiveness of the QMS and to evaluate where continual

improvement can be made. This shall include data generated as a result

of monitoring and measurement and from other relevant sources.

The analysis of data shall provide information relating to...

58

The analysis of data shall provide information relating to...

1. Customer satisfaction

2. Conformity to product requirements

3. Characteristics and trends of processes and products

(including opportunities for preventive action) and

4. Suppliers.



Sub Clause 8.5.1: Continual improvement

The organisation shall continually improve the effectiveness of the

quality management system through the use of…

1. Quality policy

2. Quality objectives

59

3. Audit results

4. Analysis of data

5. Corrective and preventive actions, and

6. Management review.



Sub Clause 8.5.2: Corrective action

Corrective actions must be taken to eliminate the cause of

non-conformities in order to prevent recurrence.

1. Reviewing non-conformities.

Needs a documented procedure defining the requirements for ...

60

1. Reviewing non-conformities.

2. Determining the causes of non-conformities.

4. Determining and implementing actions needed.

3. Evaluating the need for actions to ensure non-recurrence.

5. Records of the results of actions taken.

6. Reviewing the corrective actions taken.



Sub Clause 8.5.3: Preventive action

The organisation shall determine action to eliminate the cause of

potential non-conformities in order to prevent their occurrence.

Needs a documented procedure defining the requirements for ...

1. Determining potential non-conformities and their causes.

61

1. Determining potential non-conformities and their causes.

2. Evaluating the need for preventive action.

3. Determining and implementing actions needed.

4. Records for results of actions taken.

5. Reviewing preventive actions taken.


Part -IV

Over view of Our System

62

Over view of Our System

What is IMS at GRCD

– ISO 9001- QMS

– ISO 14001-EMS– ISO 14001-EMS

– OHSAS 18001-SMS

– SA 8000-SAS

Document status

– APEX MANUAL – GCD-M-04

– PROCEDURES– PROCEDURES

– WORK INSTRUCTION & FORMATS

CONTENTS OF APEX MANUAL

1. Introduction

2. References

3. Terms, Definition & Abbreviations

4. Requirements & Elements4. Requirements & Elements

5. Management Responsibility

6. Resource Management

7. Product Realization

8. Measurement, Analysis & Improvement

9. Ethical Governance

STATUS OF PROCEDURESS.NO. NAME OF DEPTT. REFERENCES TOTAL NO.

OF PROCEDURES

1 SYSTEM PROCEDURES SYS –P - 01 TO SYS- P - 25 25

2 PRODUCTION [MCU-I&II ( Cell,Brine, Cl2, HCl, Hypo, CSF,SBP, PAC, CSA & HB )

PRD – P – 01 TO PRD – P- 10 10

3. PROCESS & QUALITY CONTROL

QCD – P – 01 TO QCD – P - 09 09

4. MECHANICAL MMD – P- 01 TO MMD – P -03 & 044. MECHANICAL MMD – P- 01 TO MMD – P -03 & DRG – P - 01

04

5. ELECTRICAL EMD – P -01 TO EMD – P - 03 03

6. INSTRUMENT INT – P -01 TO INT – P- 04 04

7. CIVIL CMD – P – 01 TO CMD – P- 02 02

8. HR AND P&A HRD – P- 01 01

9. MARKETING MKT – P- 01 TO MKT – P- 05 05

10. STORES STR –P- 01 TO STR – P- 02 02

11. PURCHASE PUR –P- 01 TO PUR – P- 03 & ITD –P-01

04

12. SAFETY SFT –P – 01 TO SFT – P- 02 02

STATUS OF WORK INSTRUCTIONS

S.NO. NAME OF DEPTT. REFERENCES TOTAL NO. OF WI

1 SYSTEM PROCEDURES - -


PRD – W – 01 TO PRD – W- 10 10


QCD – W – 01 TO QCD –W- 09 09

4. MECHANICAL MMD –W- 01 TO MMD –W-24 & DRG –W- 01

25

5. ELECTRICAL EMD –W-01 TO EMD –W- 12 12

6. INSTRUMENT INT –W-01 TO INT –W- 08 08

7. CIVIL CMD –W– 01 TO CMD –W- 04 04

8. HR AND P&A PER –W- 01 TO PER –W- 03 01

9. MARKETING MKT – W- 01 TO MKT – W- 08 08

10. STORES STR –W- 01 TO STR – W- 09 09

11. PURCHASE - -

12. SAFETY - -

STATUS OF FORMATS & LOG SHEETSS.NO. NAME OF DEPTT. REFERENCES – FORMATS REFERENCES –LOG

SHEETS TOTAL NO OF FORMATS & LOGSHEETS

1 SYSTEM PROCEDURES SYS - F – 01 TO SYS –F- 34 - 34


PRD – F – 01 TO PRD – F- 10 PRD – L – 01 TO PRD – L- 31

41


- - -CONTROL

4. MECHANICAL MMD –F- 01TO MMD –F-14

5. ELECTRICAL EMD –F-01 TO EMD –F- 27 EMD –L-01 TO EMD –L- 05

6. INSTRUMENT INT –F-01 TO INT –F- 08 -

7. CIVIL - -

8. HR AND P&A -

9. MARKETING MKT – F- 01 TO MKT – F- 28 -

10. STORES STR –F- 01 TO STR – F- 09 -

11. PURCHASE PUR –F- 01 TO PUR –F- 15 -

12. SAFETY - -

Table of Contents

Section No.

Title ISO 9001: 2008 Cl.

ISO 14001: 2004 Cl.

OHSAS 18001: 2007 Cl.

SA 8000: 2008 Cl.

No. of Pages

0.0 Introduction - - - - 08

1.0 Foreword - - - -

2.0 Structure of manual - - - -

3.0 Manual Issue Procedure - - - -

4.0 Manual Revision, Updation & Amendment Procedure

- - - -

5.0 Company Profile - - - -5.0 Company Profile - - - -

6.0 Distribution List - - - -

1.0 Scope 1 1 1 I 02

1.1 -General 1.1 - - -

1.2 -Application 1.2 - - -

1.2.1 Exclusions under ISO 9001 7.3, 7.5.2 - - -

1.2.2 Exclusions under SA 8000 - - - 9.10

2.0 References 2 2 2 II 06

2.1 List of Standards, Manuals, Procedures, Regulatory requirements,

2 2 2 II

3.0 Terms & Definition, Abbreviations 3 3 3 III 07

3.1 Terms 3 3 3 III

3.2 Definitions 3 3 3 III

3.3 Abbreviations 3 3 3 III

4.0 Requirements &Elements. 4 4 4 IV 04

4.1 General requirements 4.1 4.1 4.1 3.44.1 General requirements 4.1 4.1 4.1 3.4

4.2 Documentation requirements 4.2 - - 1.2, 1.3 9.1(d), 9.12

4.2.1 General 4.2.1 4.4.4 4.4.4 -

4.2.2 IMS Manual 4.2.2 - - -

4.2.3 Control of documents 4.2.3 4.4.5 4.4.5 -

4.2.4 Control of records 4.2.4 4.5.4 4.5.3 9.14

5.0 Management responsibility 5 - - IV - 9

5.1 Management commitment 5.1 4.2,4.4.1 4.2,4.4.1 9.1

5.2 Customer focus 5.2 4.3.1, 4.3.2 4.3.1, 4.3.2, 4.6 -

5.3 Company Policy 5.3 4.2 4.2 9.1

5.4 Planning 5.4 4.3 4.3 9.5

5.4.1 GRCD Objectives 5.4.1 4.3.3 4.3.3 9.5

5.4.2 GRCD Planning 5.4.2 4.3.3 4.3.4 9.5

5.5 Responsibility, Authority &Communication 5.5 4.1 4.1 3.2, 9.5

5.5.1 Responsibility & Authority. 5.5.1 4.4.1 4.4.1 3.2, 9.5(a)

5.5.2 Management representative & Management Appointee.

5.5.2 4.4.1 4.4.1 3.2,9.3, 9.4

5.5.3 Communication 5.5.3 4.4.3 4.4.3 9.12

5.6 Management reviews 5.6 4.6 4.6 9.25.6 Management reviews 5.6 4.6 4.6 9.2

5.6.1 General 5.6.1 4.6 4.6 9.2

5.6.2 Review input 5.6.2 4.6 4.6 9.2

5.6.3 Review out put 5.6.3 4.6 4.6 9.2

6.0 Resource management 6 4.4.1 4.4.1 -

6.1 Provision of resources 6.1 4.4.1 4.4.1 9.11

6.2 Human resource 6.2 4.4.1 4.4.1 -

6.2.1 General 6.2.1 4.4.2 4.4.1 -

6.2.2 Training, Awareness & Competency. 6.2.2 4.4.2 4.4.2 3.3, 9.5(b), 9.5(c)

6.3 Infrastructure 6.3 4.4.1 4.4.1 3.5, 3.6

6.4 Work Environment and Occupational Health and Safety

6.4 4.4.1, 4.4.7 4.4.1, 4.4.7 3.1, 3.4, IV-3

7.0 Product realization 7 4.4, 4.4.6 4.4, 4.4.6 9.5

7.1 Planning of product realization 7.1 4.4.6 4.4.6 9.5

7.2 Customer related processes 7.2 4.4.6 4.4.6 -

7.2.1 Determination of requirements related to Product

7.2.1 4.3.1,4.3.2,4.4.6

4.3.1,4.3.2, 4.4.6

II, 3.1, 9.1(b)

7.2.2 Review of requirement related to Product 7.2.2 4.3.1,4.4.6 4.3.1,4.4.6 3.1

7.2.3 Customer Communication 7.2.3 4.4.3 4.4.3 9.10, 9.12

7.3 Design & development@ 7.3 - - -7.3 Design & development@ 7.3 - - -

7.3.1 Planning 7.3.1 - - -

7.3.2 Inputs 7.3.2 - - -

7.3.3 Outputs 7.3.3 - - -

7.3.4 Review 7.3.4 - - -

7.3.5 Verification 7.3.5 - - -

7.3.6 Validation 7.3.6 - - -

7.3.7 Changes 7.3.7 - - -

7.4 Purchasing 7.4 4.4.6 4.4.6 9.6, 9.7, 9.8

7.4.1 Purchasing process 7.4.1 4.4.6 4.4.6 9.6

7.4.2 Purchasing information 7.4.2 4.4.6 4.4.6 9.7, 9.8

7.4.3 Verification of purchased product and Access for verification

7.4.3 4.4.6 4.4.6 9.13

7.5 Production & Service provision 7.5 4.4.6 4.4.6 -

7.5.1 Control of Prodn. & Service provision 7.5.1 4.4.6 4.4.6 -

7.5.2 Validation of processes for Prodn. & service provision@

7.5.2 4.4.6 4.4.6 -

7.5.3 Identification & traceability 7.5.3 4.4.6 4.4.6 -

7.5.4 Customer property 7.5.4 4.4.6 4.4.6 -

7.5.5 Preservation of Product 7.5.5 4.4.6 4.4.6 -

7.6 Control of monitoring & Measuring Devices

7.6 4.5.1 4.5.1 9.5(d)

8.0 Measurement, Analysis & Improvement

8 4.5 4.5 9.5

8.1 General 8.1 4.5.1 4.5.1 9.5(d)

8.2 Monitoring & measurement 8.2 4.5.1 4.5.1 9.5(d)

8.2.1 Customer Satisfaction 8.2.1 4.5.1 4.5.1 9.10

8.2.2 Internal Audit 8.2.2 4.5.5 4.5.4 9.5(d)

8.2.3 Monitoring & measurement of process 8.2.3 4.5.1, 4.5.2 4.5.1 9.5(d)

8.2.4 Monitoring & measurement of products 8.2.4 4.5.1, 4.5.2 4.5.1 9.5(d)8.2.4 Monitoring & measurement of products 8.2.4 4.5.1, 4.5.2 4.5.1 9.5(d)

8.2.5 Incident Investigation - - 4.5.3 -

8.3 Control of non conforming product / Activities

8.3 4.4.7,4.5.3 4.4.7,4.5.2 9.5(d), 9.10

8.4 Analysis of data 8.4 4.5.1 4.5.1 9.5(d), 9.10

8.5 Improvement 8.5 4.2 4.2 -

8.5.1 Continual improvement 8.5.1 4.3.3, 4.2, 4.6

4.3.4 9.1(c )

8.5.2 Corrective action 8.5.2 4.5.3 4.5.2 9.10, 9.11

9.0 Ethical Governance - - - IV 04

9.1 Child Labour - - - IV-1

9.2 Forced & Compulsory Labour - - - IV-2

9.3 Freedom of Association & Right to collective Bargaining

- - - IV-4

9.4 Discrimination - - - IV-5

9.5 Disciplinary Practices - - - IV-6

9.6 Working Hours - - - IV-7

9.7 Remuneration - - - IV-8


Part -V

Auditors Qualities, Auditing

76

Auditors Qualities, Auditing Methodology

TRAINING ON MANAGEMENT SYSTEM (QMS / EMS) AUDITS

What is audit ?

Most of us are familiar with the term ‘audit’.

Typically, ‘audit’ is considered to be associated with financial

matters such as accounts, costing, taxation etc.

As a result, the very mention of ‘audit’ evokes fear, not comfort.

However, management system audits are totally different in nature,

77

However, management system audits are totally different in nature,

whether on Quality Management Systems (ISO9001:2008) or

Environment Management Systems (ISO14001:2004).

The International Organization for Standardization (ISO) has even

published a standard (ISO19011:2002) to provide guidance on how

to conduct quality / environment management system audits.


Definition of Audit

Audit is a systematic, independent and documented

process for obtaining audit evidence and evaluating it

objectively to determine the extent to which the audit

criteria are fulfilled.

Scope of Audit:

78

It may include the examination of System Adequacy and/or

Compliance, and identification of Improvement Opportunities.

Types of Audit:

1. Internal Audit

2. External Audit

3. Combined Audit

4. Joint Audit


1. Internal Audit (First Party Audit)

It is conducted by or on behalf of the organization itself for

management review and other internal purposes.

Internal audit may form the basis for an organization’s self declaration of

conformity. Independence can be demonstrated by deploying internal auditors

who are not responsible for the activity being audited.

2. External Audit (2nd / 3rd Party Audit)

79

2. External Audit (2nd / 3rd Party Audit)

Second party audits are conducted by parties having an interest in

the organization, such as customer or by other persons on their

behalf.

Third party audits are conducted by external independent auditing

organizations such as those providing registration / certification of

conformity to the requirements of ISO9001 or ISO14001.


3. Combined Audit

When a quality management system and an environmental

management system are audited together, this is termed a

combined audit.

4. Joint Audit

80

4. Joint Audit

When two or more auditing organizations co-operated to

audit a single auditee, this is termed a joint audit.


Audit Scope: Adequacy Vs Compliance

Adequacy audit (also known as “system” or “management” audit)

aims to establish the extent which the entire documented system

meets the requirements of the applicable standard.

It is a desktop exercise, based on System Documentation such as manual,

procedures, work instructions etc. Sometimes, it involve sample check on System

Procedures. This is an opportunity to seek clarification on any ambiguities and/or

81

Procedures. This is an opportunity to seek clarification on any ambiguities and/or

contradictions within the documented system itself.

Compliance Audit seeks to establish the extent to which the

documented system is implemented and observed by the workforce.

i.e., “Are the people complying with the system?”


Principles of Auditing

Audit can be an effective support tool for management by checking

the implementation status of policies & procedures, and providing

information that can help improving the process performance.

In order to ensure that the audit conclusions are relevant, and

different auditors arrive at the same conclusions in similar

82

different auditors arrive at the same conclusions in similar

circumstances, the ISO has spelt out some pre-requisites/guidelines

for the auditors and the audit process itself.

These are known as the “Principles of Auditing”.


Principles of Auditing (For Auditors)

1. Ethical conduct (the foundation of professionalism)

- Trust, integrity, confidentiality and discretion are essential to auditing.

2. Fair presentation (obligation to report truthfully and accurately)

- Audit findings, audit conclusions and audit reports must reflect truthfully and

accurately about the audited activities. Significant obstacles encountered

during the audit and unsolved diverging opinions between the audit team

83

during the audit and unsolved diverging opinions between the audit team

and the auditee are reported.

3. Due professional care (diligence and judgement in auditing)- Auditors must exercise care in accordance with the importance of the task

they perform and the confidence placed in them by audit clients and other

interested parties. Possessing the necessary competence is also an

important factor.


Principles of Auditing (For Audit Process)

1. Independence (impartiality and objectivity of audit conclusions)

- Auditors are independent of the activity being audited and are free from bias

and conflict of interest. Auditors maintain an objective state of mind

throughout the audit process to ensure that the audit findings and

conclusions will be based only on the audit evidence.

2. Evidence-based approach (the rational method for reaching

84

2. Evidence-based approach (the rational method for reaching

reliable

and reproducible audit conclusions in a systematic audit process)- Audit evidence is verifiable. It is based on samples of the information

available, since an audit is conducted during a finite period of time and with

finite resources. The appropriate use of sampling is closely related to the

confidence that can be placed in the audit conclusions.


Definition of some useful terms:

1. Audit Criteria: The set of policies, procedures or requirements

that

apply to the management system being audited.

2. Audit Evidence: Verifiable records, statement of fact or other

information (qualitative / quantitative) which are relevant to the

85

information (qualitative / quantitative) which are relevant to the

audit criteria.

3. Audit Findings: The results of evaluation of the collected audit

evidence against audit criteria which indicates conformity /

non-conformity / opportunity for improvement.



4. Audit Conclusion: It is the outcome of an audit provided by the

audit team after consideration of the audit objectives and all audit

findings.

5. Audit Client: It is the organization or person requesting an audit

(It can be the auditee itself / customer / regulatory body).

86

(It can be the auditee itself / customer / regulatory body).

6. Auditee: It is the organization being audited.

7. Auditor: He / she is a person who possesses the required

competence to conduct an audit.



8. Competence: It is the demonstrated personal attributes and ability

to apply knowledge and skills.

9. Audit Team: It is a team of one or more auditors (may include some

auditors-in-training) conducting an audit, supported (if needed) by

technical experts. One auditor of the audit team is appointed as the

audit team leader.

87

audit team leader.

10. Technical Expert: He / she is a person who provides specific

knowledge or expertise (related to the organization / process /

activity to be audited, or language / culture) to the audit team.

A technical expert does not act as an auditor.



11. Audit Program: It is a set of one or more audits planned for a

specific time frame and directed towards a specific purpose.

12. Audit Scope: It is the extent and limits of an audit, which

generally

includes a description of the physical locations organizational

88

includes a description of the physical locations organizational

units activities and processes as well as the time period covered.


Audit Management

89


Planning for Audit

The following questions should be asked while planning an audit:

1. WHO should be audited ?

2. WHY should be audited ?

3. WHAT type of audit to be conducted ?

90

4. WHAT should be the depth and scope of audits ?

5. WHEN should the audit take place ?

6. WHO will perform the audit ?

7. IS the audit schedule prepared ?


Stages of an Audit

Every management system audit has the following stages:

1. Audit Initiation

2. Document Review

3. Preparing for on-site audit

4. Conducting on-site audit

91

4. Conducting on-site audit

5. Preparing, approving and distributing the audit report

6. Audit Completion

7. Audit Follow-up


Stages of an Audit : 1. Audit Initiation

a) Appoint the audit team leaderAudit Manager (usually the MR of the QMS / EMS) should appoint an audit team leader for the specific audit.

b) Define audit objectives, scope and criteria

Any audit should be based on documented objectives, scope and audit criteria.

c) Determine the feasibility of the auditAvailability of sufficient information for audit planning, cooperation from the auditee, and adequate time and

resources to be considered. If the audit is not feasible, an alternative should be proposed to the audit client

in consultation with the auditee.

92

d) Select the audit teamAudit team should be selected on the basis of the competence needed to achieve the audit objectives.

Technical experts and trainee auditors may be included in the team. If there is only one auditor, he / sheshould perform all duties of an audit team leader. Auditors should be INDEPENDENT of the area of audit.

e) Establish initial contact (formal / informal) with the auditeeInitial contact should be made by the audit manager or the audit team leader. The purpose is to establishcommunication channels with the auditee’s representative, to confirm the authority to conduct the audit, to tell about the proposed timing and audit team composition, to request access to relevant documentsincluding records, to determine applicable site safety rules, to make arrangements for the audit, and, to agree on the presence of observers and the need for guides for the audit team.


Stages of an Audit : 2. Document Review

Auditee’s documentation should be reviewed (prior to on-site audit) in order to

determine the conformity of the system (as documented) with the audit criteria.

The documents under review may include management system documents &

records, and previous audit reports. (The size, nature, and complexity of the

organization also matters.)

Document review may be deferred until the on site activities commence, if it

93

Document review may be deferred until the on site activities commence, if it

doesn’t affect the effectiveness of the audit. In some cases, a preliminary site

visit may be conducted for on-the-spot information gathering.

If the documentation is found to be inadequate, the audit team leader should

inform the audit client, audit manager, and the auditee. Also, it needs to be

decided whether to continue OR suspend the audit until the inadequacies

in the documentation are corrected.


Stages of an Audit : 3. Preparing for on-site audit . ...

a) Prepare the audit plan

The audit team leader should prepare an audit plan covering the following:

- audit objectives, audit criteria and any reference documents

- audit scope (including the identification of the organizational & functional processes)

- dates and places where the on site audit activities are to be conducted

- expected time & duration of on site audit activities

- roles and responsibilities of the audit team members and accompanying persons

- allocation of appropriate resources to critical areas of the audit

94

- allocation of appropriate resources to critical areas of the audit

- identification of the auditee’s representative for the audit

- working & reporting language of the audit, report topics, and confidentiality issues.

- logistic arrangements (travel, on site facilities etc)

- any audit follow up actions

The plan must be reviewed and accepted by the audit client and presented to the auditee prior to

commencement of on-site audit activities. Any objections by the auditee should be resolved between

the audit team leader, the auditee and the audit client. Any revised audit plan should be agreed among

the parties concerned before continuing the audit.


Stages of an Audit : 3. Preparing for on-site audit .. ...

b) Assign work to the audit team

The audit team leader should assign responsibility to each team member for

auditing specific processes, functions, site areas, or activities.

It should be done in consultation with the audit team, also taking into account …

- the independence and competence of auditors

95

- the effective use of resources

- roles & responsibilities of auditors, auditor-in-training, and technical experts.

Changes to the work assignments may be made as the audit progresses to ensure

the achievement of the audit objectives.


Stages of an Audit : 3. Preparing for on-site audit … ...

c) Preparing work documents

The audit team members should prepare the necessary work documents in

advance for reference and for recording audit proceedings.

Work documents may include...

- checklists and audit sampling plans

- forms for recording information such as audit findings and records of meetings

96

Use of standard checklists and forms should not restrict the audit process.

Auditors may change the extent of audit activities on the basis of the information

collected during the audit.

Work documents should be retained at least until the audit completion.

Documents containing confidential / proprietary information should be suitably

safeguarded at all times by the audit team members.


Stages of an Audit : 4. Conducting on-site audit

a) Opening meeting

An opening meeting should be held with the auditee’s management

or those responsible for the functions / processes to be audited.

The purpose of an opening meeting is

97

- to confirm the audit plan

- to provide a short summary of how the audit activities will be

undertaken

- to confirm the communication channels, and

- to provide an opportunity for the auditee to ask questions.



b) Communication during the audit

The audit team should meet periodically to exchange information assess audit

progress and to reassign work between the audit team members as needed.

During the audit, audit team leader should periodically communicate the audit

progress and any concerns to the auditee and audit client as appropriate. Evidence

collected during the audit that suggests an immediate and significant risk (e.g

safety, environmental or quality) should be reported without delay.

98

safety, environmental or quality) should be reported without delay.

If the available audit evidence indicates that the audit objectives are unattainable,

the audit team leader should report the reason to the audit client and the auditee to

determine appropriate action.

Any need for changes to the audit scope which may become apparent with the

progress of on-site auditing activities should be reviewed with and approved by

the audit client and the auditee.



c) Roles and responsibilities of guides and observers

Guides and observers may accompany the audit team, but are not a part of it.

They should not influence or interfere with the conduct of the audit.

When guides are appointed by the auditee, they should assist the audit team and

act on the request of the audit team leader. Their responsibilities may include the

following …

99

- establishing contact and timing for interviews

- arranging visits to specific parts of the site or organization

- ensuring that rules concerning site safety and security procedures are known

and respected by the audit team members

- witnessing the audit on behalf of the auditee

- providing clarification or assisting in collecting information



d) Collecting and verifying information

During the audit, information relevant to the audit objectives scope

and criteria including the information relating to interfaces between

functions activities and processes should be collected by

appropriate sampling and should be verified.

100

Only those information that are verifiable may be treated as audit

evidence.

Audit evidence should be recorded.

The audit evidence is based on samples of the available

information. Therefore there is an element of uncertainty in auditing

and those acting upon the audit conclusions should be aware of this

uncertainty.



e) Generating audit findings

Audit evidence should be evaluated against the audit criteria to generate the audit

findings indicating conformity / nonconformity with audit criteria. When

specified by the audit objectives, audit findings can identify an opportunity for

improvement.

The audit team should review the audit findings at appropriate stages of audit.

Conformity with audit criteria should be summarized (usually, in a checklist) to

101

Conformity with audit criteria should be summarized (usually, in a checklist) to

indicate location, functions or processes that were audited.

Non-conformities and the supporting audit evidence should be categorized,

recorded, and reviewed with the auditee (to obtain acknowledgement that the

audit evidence is accurate and that the non-conformities are understood).

Diverging opinion about the audit evidence and/or findings needs to be resolved.

Unresolved points should be recorded.



f) Preparing audit conclusion

The audit team should confer prior to the closing meeting …

- to review the audit finding and any other appropriate information

collected

during the audit against the audit objectives

102

during the audit against the audit objectives

- to agree on the audit conclusion taking into account the

uncertainty inherent in

the audit process

- to prepare recommendations if specified by the audit objectives

and

- to discuss audit follow up if included in the audit plan.



g) Conducting the closing meeting

A closing meeting chaired by the audit team leader and attended by the auditors

and auditees should be held to present the audit finding and conclusion so that

they are understood and acknowledged by the auditee. Participants in the closing

meeting may also include the audit client and other parties.

In case of internal audits in a small organization, the audit team leader may just

communicate the audit findings and conclusions in the closing meeting.

103

communicate the audit findings and conclusions in the closing meeting.

For other audit situations, a formal closing meeting should be held, and the

minutes (including the records of attendance) should be kept.

If specified by the audit objectives, recommendation for improvement should be

presented. It should be emphasized that recommendation are not binding.


Stages of an Audit : 5. Audit Reporting . ..

a) Preparing the audit report

Audit team leader is responsible for the preparation and contents of audit report.

The audit report should provide a complete, accurate, concise, and clear record of

the audit and should include or refer to the following …

- audit objectives, audit scope, identification of the audit client

- identification of audit team leader and members

104

- identification of audit team leader and members

- the dates and places where the on site audit activities were conducted

- audit criteria, audit findings, and audit conclusion

The audit report may also include or refer to the following as required ...

- audit plan, list of auditee representatives, summary of the audit process & obstacles encountered

- confirmation of accomplishment of audit objectives within audit scope and as per audit plan

- any left-out areas specified in the audit scope, any unresolved diverging opinion

- recommendation for improvement, agreed follow up action plans

- a statement of the confidential nature of the contents, and the report distribution list.


Stages of an Audit : 5. Audit Reporting .. ..

b) Approving and distributing the audit report

The audit report should be issued within the agreed time period. If this is not

possible, the reasons for the delay should be communicated to the audit client and

a new issue date should be agreed upon.

The audit report should be dated, reviewed, and approved in accordance with

audit procedures given in the management system manuals.

105

The approved audit report should then be distributed to recipients designated by

the audit client.

The audit report is the property of the audit client. The audit team members and

all report recipients should respect and maintain the confidentiality of the report.


Stages of an Audit : 6. Audit Completion

Audit is completed when all activities described in the audit plan have been

carried out and all approved audit reports have been distributed.

Documents pertaining to the audit should be retained or destroyed by agreement

between the participating parties and in accordance with audit procedures and

applicable statutory / regulatory and contractual requirements.

Unless required by law, the audit team and those responsible for managing the

106

Unless required by law, the audit team and those responsible for managing the

audit program should not disclose the audit report or any information obtained

during the audit to any other party without the explicit approval of the audit

client.

If disclosure of the contents of an audit document is required, the audit client and

auditee should be informed as soon as possible.


Stages of an Audit : 7. Audit Follow-up

The conclusion of the audit may indicate the need for corrective

preventive or improvement action as applicable. Such actions are

usually decided and undertaken by the auditee within an agreed

timeframe and are not considered to be part of the audit. The

auditee should keep the audit client informed of the status of these

action.

107

action.

The completion and effectiveness of corrective action should be

verified. This verification may be part of a subsequent audit.

The audit program may specify follow up by members of the audit

team which add value by using their expertise. In such cases, care

should be taken to maintain independence in subsequent audit

activities.


108

Competence and Evaluation of Auditors


Competence and Evaluation of Auditors

Confidence in the audit depends on the competence of the auditors.

Competence is based on the demonstration of personal attributes

and the ability to apply the knowledge and skills gained through the

education, work experience, auditor training, and audit experience.

Auditors should develop, maintain, and improve their competence

109

Auditors should develop, maintain, and improve their competence

through continual professional development and regular

participation in audit.

Let us now look at the following aspects in detail...

1. Personal attributes

2. Knowledge and skill

3. Education & work experience, audit training & experience

4. Maintenance and improvement of competence

5. Auditor evaluation


Auditors > 1. Personal attributes

Every auditor should possess the following personal attributes:

a) Ethical : i.e., is fair, truthful, sincere, honest and discreet

b) Open minded : i.e., willing to consider alternative ideas or points of view

c) Diplomatic : i.e., tactful in dealing with people

d) Observant : i.e., actively aware of physical surrounding and situation

110

d) Observant : i.e., actively aware of physical surrounding and situation

e) Perceptive : i.e., instinctively aware of and able to understand situation

f) Versatile : i.e., adjusts readily to different situation

g) Tenacious : i.e., persistent, focussed on achieving objectives

h) Decisive : i.e., reaches timely conclusion based on logical reasoning / analysis

i) Self reliant : i.e., acts independently but interacts effectively with others


Auditors > 2. Knowledge and skill

QMS / EMS auditors need to possess generic and specific knowledge & skills.

Generic knowledge and skill:

a) An auditor should be able to ...

- apply audit principles, procedures, and techniques

- plan and organize the work effectively and within the agreed time schedule

- prioritize and focus on matter of significance, choose appropriate samples

- collect information through effective interviewing, listening, observing and

reviewing documents records / data, and verify the accuracy of information

111

reviewing documents records / data, and verify the accuracy of information

- confirm the sufficiency and appropriateness of audit evidence to support

audit finding and conclusion

- assess the factors that can affect the reliability of audit finding and conclusion

- use work document to record audit activities, prepare the audit report

- maintain the confidentiality and security of information, and

- communicate effectively using linguistic skill or through an interpreter



Generic knowledge and skill:

b) An auditor should be able comprehend the system documentation and apply

the audit criteria. The knowledge and skill requirements are…

- the application of management systems to different organizations

- interaction between the components of the management system

- quality / environmental management system standards, applicable

112

- quality / environmental management system standards, applicable

procedures and other management system documents used as audit criteria

- recognizing differences between and priority of the reference documents

- application of the reference documents to different audit situations, and

- information system and technology for authorization security distribution and

control of document, data, and record.



Generic knowledge and skill: ...

c) Auditor should have the ability to comprehend the organization’s operational

context, such as ...

- organizational size, structure, functions, and relationship

- general business processes and related terminology, and

- cultural and social customs of the auditee

113

d) Auditor should have the awareness about the applicable laws, regulations, and

other requirements that apply to the organization being audited, such as ...

- local regional and national codes laws and regulation

- contract and agreement

- international treaties and convention and

- other requirement to which the organization subscribes.



Generic knowledge and skill requirements of Audit Team Leaders:

Audit team leaders should have additional knowledge and skill in audit leadership

to facilitate the efficient and effective conduct of an audit.

Audit team leader should be able to …

- plan the audit and make effective use of resources during the audit

- represent the audit team in communication with the audit client and auditee

114

- represent the audit team in communication with the audit client and auditee

- organize and direct audit team members

- provide direction and guidance to auditors in training

- lead the audit team to reach the audit conclusion

- to prevent and resolve conflicts, and

- to prepare and complete the audit report



Specific knowledge and skill requirements of QMS auditors:

Persons auditing a Quality Management System (based on ISO9001:2008 or

other QMS standard) must have the following skills/knowledge.

a) Knowledge of quality related method and techniques such as ...

- quality terminology

- quality management principles and their application, and

115

- quality management principles and their application, and

- quality management tools and their application

b) Knowledge of processes and products (including services), such as …

- sector-specific terminology

- technical characteristic of processes and products including services, and

- sector-specific processes and practices



Specific knowledge and skill requirements of EMS auditors:

Persons auditing an Environment Management System (based on ISO14001 or

other EMS standard) must have the following skills / knowledge.

a) Knowledge of environmental management methods and techniques such as ...

- environmental terminology

- environmental management principles and their application, and

- environmental management tools

116

- environmental management tools

b) Environmental science and technology related issues such as ...

- the impact of human activities on the environment

- interaction of ecosystem

- environmental media

- management of natural resources

- general methods of environmental protection



Specific knowledge and skill requirements of EMS auditors: ...

c) Technical and environmental aspects of operations, such as …

- sector specific terminology

- environmental aspects and impacts

- methods for evaluating the significance of environmental aspects

117

- critical characteristic of operational processes products and services

- monitoring and measurement technique, and

- technologies for the prevention of pollution


Auditors > 3. Education, Work experience, Auditor training, Audit experience

a) Requirements for Auditors:

Education: They should have completed an education sufficient to acquire the knowledge

and skill required to become auditors.

Work Experience: They should have work experience that contributes to the development

of the knowledge and skill. This work experience should be in technical managerial or

professional position involving the exercise or judgement problem solving and

communication with other managerial or professional personnel peers customers and/or

other interested parties. Part of the work experience should be in a position where the

118

other interested parties. Part of the work experience should be in a position where the

activities undertaken contribute to the development of knowledge and skill in…

- the quality management field for quality management system auditors and

- the environmental management field for environmental management system auditors.

Auditor Training: They should have completed auditor training that contributes to the

development of the knowledge and skill, which may be provided by the person’s own

organization or by an external organization.

Audit Experience: Must have audit experience gained under the direction and guidance of

an auditor who is competent as an audit team leader in the same discipline.



b) Requirements for Audit Team Leaders:

Basic Requirements:

Education: Same as prescribed for Auditors

Work Experience: Same as prescribed for Auditors

Auditor Training: Same as prescribed for Auditors

Audit Experience: Same as prescribed for Auditors

119


Additional Requirements:

An audit team leader should have acquired additional audit experience gained

while acting in the role of an audit team leader under the direction and guidance

of another auditor who is competent as an audit team leader.



c) Requirements for Auditors who perform both QMS and EMS audit:

Basic Requirements:

Education: Same as prescribed for Auditors

Work Experience: Same as prescribed for Auditors

Auditor Training: Same as prescribed for Auditors


120


Additional Requirements:

Auditors who perform both Quality Management System and Environmental Management

System audit should have ...

- the training and work experience needed to acquire the knowledge & skill for both the

disciplines and

- conducted audit covering the QMS / EMS under the direction and guidance of an auditors

who is competent as an audit team leader in that discipline.


Auditors > 4. Maintenance and Improvement of Competence

Continual professional development

- Auditors must maintain and improve their knowledge, skill, and personal

attributes continually. This can be achieved through additional work experience,

training, private study, coaching, seminars and conferences etc.

- Changes in the needs of the individual and the organization, the practice of

auditing, standards, and other requirements should also be taken into account.

121

- Auditors should demonstrate their continual professional development.

Maintenance of auditing ability

- Auditors need to maintain and demonstrate their auditing ability through regular

participation in audits of quality and/or environmental management system.


Auditors > 5. Auditor Evaluation

The evaluation of auditors and audit team leaders should be planned,

implemented, and recorded in accordance with audit system procedures.

Evaluation process must provide some objective, consistent, fair, and reliable

outcome; and should identify the training and other skill enhancement needs.

In general, the auditor evaluation takes place at the following stages:

- Initial evaluation of person who wish to become auditor

122

- Evaluation of the auditor as part of the audit team selection process, and

- Continual evaluation of auditor performance to identify needs for maintenance

and improvement of knowledge and skill.

Now, let us look at the four-step evaluation process suggested in the

ISO19011:2002 standard.


Auditors > 5. Auditor Evaluation > The Evaluation Process

Step 1 of 4: Identify the personal attributes, knowledge & skill requirements

- Consider the nature and complexity of the management system to be audited

- Keep in view, the extent of audit program and certification requirement (if any)

- Consider the level of confidence required in the program

Step 2 of 4: Set the evaluation criteria

- It may be quantitative (such as the number of audit conducted, hours of audit

training) or qualitative (such as the performance of skill in the training sessions)

123

training) or qualitative (such as the performance of skill in the training sessions)

Step 3 of 4: Select the appropriate evaluation method

- Evaluation should be undertaken by a person or a panel using one or more of

the method selected from those given in the table (see the next slide)

Step 4 of 4: Conduct the evaluation activity

- Here we compare the information collected about the person (to be evaluated)

against the evaluation criteria set in Step - 2.


Auditors > 5. Auditor Evaluation > Methods

Some of the auditor evaluation methods suggested in the ISO19011 standard:

Method

Review of

records:

Feedback (+ve / -

ve):

Objective

To verify the auditor’s

background

To find the perception

about the auditor’s

performance

Typical Activities

Analysis of records of education,

training, employment, audit experience

Questionnaires, testimonials,

complaints, performance evaluation,

peer review

124

Interview:

Observation:

Testing:

Post-audit review:

performance

To evaluate skills, personal

attributes, knowledge etc.

To evaluate the ability to

apply knowledge and skill

To evaluate knowledge &

skill

To provide information where

direct observation may not be

possible or appropriate

peer review

Face to face and telephone interview

Role playing, witnessed audits, on-the-

job performance

Oral & written test, psychometric testing

Review of audit reports and discussion

with the audit client, auditee, colleagues

and with the auditor.


CONCLUDING REMARKS

Coming to the end of this training session, you have learned about various aspects of ISO9001:2008.

And, learning has no meaning unless the knowledge is utilized in a proper manner.

I urge you to Strengthen Our Quality Management System

125

I urge you to Strengthen Our Quality Management System (QMS) ithat satisfies the requirement of ISO9001:2008 and ensures customer satisfaction.

.

Thank You !

ISO 9001INTERNAL AUDITORS TRAINING- 12th Feb 2010- SNSastry [Compatibility Mode]

Documents

Transcript of ISO 9001INTERNAL AUDITORS TRAINING- 12th Feb 2010- SNSastry [Compatibility Mode]