Audit Committee and Internal Audit- Implications on Audit Quality
Performance Based Internal Quality Audit Guide
-
Upload
suranto2000 -
Category
Technology
-
view
4.710 -
download
1
description
Transcript of Performance Based Internal Quality Audit Guide
INTERNAL QUALITY AUDIT (IQA) GUIDANCE
1111 INTRODUCTIONINTRODUCTIONINTRODUCTIONINTRODUCTION
2222 AUDIT PREPARATIONAUDIT PREPARATIONAUDIT PREPARATIONAUDIT PREPARATION
3333 CONDUCTING THE AUDITCONDUCTING THE AUDITCONDUCTING THE AUDITCONDUCTING THE AUDIT
4444 REPORT MAKINGREPORT MAKINGREPORT MAKINGREPORT MAKING
5555 REQUIREMENT AREA OF APPLICABILITY LISTREQUIREMENT AREA OF APPLICABILITY LISTREQUIREMENT AREA OF APPLICABILITY LISTREQUIREMENT AREA OF APPLICABILITY LIST
2
INTRODUCTIONINTRODUCTION
AUDITsystematic, independent and documented process for obtaining audit evidence (3.3) and evaluating it objectively to determine the extent to which the audit criteria (3.2) are fulfilled
NOTE 1 Internal audits, sometimes called first-party audits, are conducted by, or on behalf of, the organization itself for management review and other internal purposes, and may form the basis for an organization’s self-declaration of conformity. In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.
AUDIT CRITERIAset of policies, procedures or requirements
NOTE Audit criteria are used as a reference against which audit evidence (3.3) is compared.
AUDIT FINDINGresults of the evaluation of the collected audit evidence (3.3) against audit criteria (3.2)
NOTE Audit findings can indicate either conformity or nonconformity with audit criteria or opportunities forimprovement.
I. TERM & DEFINTION
3
INTRODUCTIONINTRODUCTION
II. AUDIT FINDING CRITERIA
NC – Non Compliance:
OBS – Observation:
CP – Compliance:
1. Documentation & practice comply with ISO requirement with some weakness(es) identified regarding auditor experience or practice in others area.
2. Any practice which could become best practice for others area .
1. The absence, or failure to implement & maintain 1 or more of quality management system requirement (ISO 9001) , or
2. Deviation between practice or actual with procedure, or 3. Condition which rise doubt base on evidence about the quality or process performance such as; Un
tolerable nonprime product frequently (> 2 cases / 3 month) pass to customer, > 3 last consecutive of KPI achievement failure, etc.
Comply with ISO requirement or document
4
INTRODUCTIONINTRODUCTION
a) interviews with employees and other persons;
b) observations of activities and the surrounding work environmental and conditions;
c) documents, such as policy, objectives, plans, procedures, standards, instruction, licenses and
permits specifications, drawings, contracts and orders;
d) records, such as inspection records, minutes of meeting, audit reports, records of monitoring
programs and the results of measurements;
e) data summaries, analyses and performance indicators;
f) information on the auditee's sampling programs and on procedures for the control of sampling and
measurement processes;
g) reports from other sources, for example, customer feedback, other relevant information from
external parties and supplier ratings;
h) computerized databases and web sites.
III. SOURCE OF INFORMATION
The option of source of information to find out and collect evidence for evaluating compliance degree, include;
5
INTRODUCTIONINTRODUCTION
IV. AUDIT TRIANGLE
REQUIREMENTSREQUIREMENTSREQUIREMENTSREQUIREMENTS
IMPLEMENTATIONIMPLEMENTATIONIMPLEMENTATIONIMPLEMENTATIONDOCUMENTDOCUMENT
COMLIANCE
ADEQUACY
The finding could be major for
external audit
Lower severity
6
AUDIT PREPARATIONAUDIT PREPARATION
1. Understanding source of information2. Knowing the applicable KPI of area being audited3. Knowing the achievement or issue/failure of KPIs4. Knowing the activities and understanding applicable document regarding the
issue or failure
Step Should Be Done:1. Contact commercial teams or VP/manager of area being audited2. Learning the applicable documents / conduct document review3. Identify document weaknesses if possible4. Identify critical point of document
I. UNDERSTANDING PROCESS OF AREA BEING AUDITED
7
AUDIT PREPARATIONAUDIT PREPARATION
Applicable form; FRM.QAS.06
1. Availability of applicable KPI2. Availability of action plan and its progress monitoring and further action follow up3. Availability of KPIs achievement monitoring data, Identify KPIs failure or negative
trends if any4. Availability of problem data affecting KPIs achievement, especially the failure or
negative trend. 5. Availability of cause analysis, Action selection and its result evaluation (CARR/PAR
implementation) of significant problem.6. Availability applicable document related to KPI failure or negative trend, or its related
improvement action (for confirmation only)7. Check the compliance of DR process of applicable document if any changes
II. CHECKLIST MAKING - GENERAL
Part 1 – Off site / KPI Related / Process Owner Audit
Item to be included as point check are consisted of 2 but as integral part, and made based on previous process understanding :
Note:For HR please see different checklist guidance
8
AUDIT PREPARATIONAUDIT PREPARATION
II. CHECKLIST MAKING – GENERAL (Continued)
Part 2 – On Site / Implementation Check 8. Critical point of applicable/related document (please write down all critical point of
the document/procedure as point check)9. Check the training record or DR understanding of the users if any deviation10. Actual condition for non human jobs, such as: Process spec, Tools type, tools
condition, etc11. Record of working result or process parameter monitoring12. Availability of cause analysis and or action for any deviation
9
AUDIT PREPARATIONAUDIT PREPARATION
1. Availability of position competence criteria2. Availability of competence record of all employees 3. Availability of competence evaluation record, especially for new hired, mutation, or
promotion process4. Availability of training/action plan & record as applicable for any deviation from
competence criteria5. Availability of training/action effectiveness evaluation record.6. Training management and hiring procedure as any problem in previous point (please
write down the critical point of the these procedure.
II. CHECKLIST MAKING – HR only
Note:Sampling approaches, New person/position or record of employees which identified lack of competence during audit at others area.
10
AUDIT PREPARATIONAUDIT PREPARATION
1. Availability of method to identify/determine customer needs/requirement2. Availability of record regarding the monitoring of perception of customer satisfaction,
(please identify the most critical concern and inform related area auditors to check its achievement)
3. Availability of record regarding the review of customer needs / concern4. Availability of system or action plan for ensuring the fulfillment of critical customer
needs/concern5. Availability of action plan progress monitoring and its required action
II. CHECKLIST MAKING – Customer Satisfaction Related Processes (additional)
Note:Could integrated with other process, and so the checklist are integrated
11
AUDIT PREPARATIONAUDIT PREPARATION
1. Availability of audit plan and management review schedule2. Availability of record of audit result and management review result3. Availability of monitoring system of finding and management review action4. Timely of closing the finding (internal and external) and management review action,
and it required action or others note5. Critical point of internal audit or management review procedure6. Critical point of document control procedure
II. CHECKLIST MAKING – QMS Only
Note: the item to be covered should be determined based on audit scope or objective, for example: if the focus of audit is:1. management review in checklist only state the management review
matter, and so other ways2. Document control, in checklist only state critical point of document
control procedure.
12
CONDUCTING THE AUDITCONDUCTING THE AUDIT
a) introduction to auditee and explain purposes of your coming;
b) Confirm his/her role, ask the persons you intended for as required
c) Reemphasize the improvement opportunity identification aim of audit ;
I. Greeting / Opening the Audit
This is essentials for ensuring the validity of evidence by interviewing the wrong person
(auditee), and making auditee feel free and open to talk. Bellow are the minimum step prior
detail interview with auditee.
II. Conducting Audit / Gathering Audit Evidence
Please follow the point check in the checklist by considering the source of information to
determine audit method, which might include:
a) Interview or activity observation (For interview: Please see interview guidance & Questioning Guidance)
b) Process parameter observation
c) Data or Record review
13
1. Introduce & explain the purpose of your coming as required
2. Request to auditee to explain their KPI/Business plan goal
3. Request to auditee to explain the method & tools of monitoring KPI achievement
4. Ask the evidence of monitoring result
5. Identify un achieved or negative trend KPI, if none ask auditee to explain;
a. The problems considered critical / have significant impact, then go to #6
b. The improvement considered having significant contribution, than go to #7
6. Ask auditee to explain its cause, improvement action, Its result & further action as
required
7. As report or evidence, identify the needs for document revision/creation, such as:
Changes of working method, Specification, equipment that lead working method
changes, etc.
8. Identify the possibility of become best practice or having weaknesses, challenge
auditee for clarification.
9. Ask auditee to show the document, write down its number or changes to check the
implementation.
III. Guidance of Auditing Process Owner / Desk Audit
Note: Italic text might lead to finding whether NC, negative observation, or positive observation
CONDUCTING THE AUDITCONDUCTING THE AUDIT
14
1. Introduce & explain the purpose of your coming as required
2. ask auditee to explain his/her area responsibilities,
3. Select the activity you intended for check refer to checklist or result of previous audit
with manager, ask auditee to explain how to perform
4. Compare with required by standard/document/checklist as applicable
5. Ask auditee to explain why doing that if any deviation, please do not mention the
deviation
6. Ask question about which document is applicable to the jobs, and ask to show
7. Let he/she to know the deviation, explain the losses experienced or contact his/her
supervisor to explain.
8. Notify auditor for HR area or document control as applicable, for further verification.
IV. Guidance of Implementation / Field Auditing
Note: Italic text might lead to NC
CONDUCTING THE AUDITCONDUCTING THE AUDIT
15
1. Introduce & explain the purpose of your coming as required
2. Explain about competence issue
3. Ask auditee to show the competence record of employee having competence issue.
Verify the intended issue
4. If lack of intended competency, ask auditee to show the competence evaluation of
the employee to fill his/her position.
5. If not available ask more sample of employee evaluation result.
6. Ask auditee to show the record of action plan to address evaluation result and its
result evaluation.
7. If no action plan, ask auditee to show general employee development plan and its
implementation status & monitoring
V. Guidance of HR Auditing
If any competence issue from other area audit, then use trace backward audit
Note: - Italic text might lead to NC, especially #5 & # 7 might become major- If no trigger issue the audit just follow the check list by asking record sample to
auditee take up to 3 new hired / new posted employee (trace forward)
CONDUCTING THE AUDITCONDUCTING THE AUDIT
16
1. Introduce & explain the purpose of your coming as required
2. Explain about awareness issue
3. Ask auditee to show the record of understanding related to intended document
4. If not available, ask auditee to show ask more sample of other document
understanding record.
VI. Guidance of Auditing Document Controller
If any lack awareness issue during other area audit
Note: - Italic text might lead to NC, especially #4 might become major
If no issue, the audit just follow critical point check in checklist by verifying record sample sample
CONDUCTING THE AUDITCONDUCTING THE AUDIT
17
VII. Guidance of Probing The Problem
When find any problem, please try to probe deeper to find the real problem for ensuring the determination of right PIC, area responsible, and effectiveness of action. Since the first problem might only symptom. Such the bellow case:
Employee setting the temperature deviate from spec
Bellow are the list of possible real problem:a. Ineffective training managementb. Ineffective equipment maintenance which caused setting difficultyc. Lack of management commitment about resource provisiond. Ineffective document control systeme. Ineffective communication system, since the problem not forwarded to
responsible areaf. etc
CONDUCTING THE AUDITCONDUCTING THE AUDIT
18
VIII. Guidance of Find a Potential Finding
a. Try to probe refer to probing guidanceb. Take copy of evidence or write the data of evidencec. Find out related losses/benefits of the finding, might from previous experience
by asking employee supervisor, asking process customer external or internal as required.
In order make value added finding, knowing the real problem and having evidence between finding and losses or benefits is essentials. Bellow are the step after identify potential finding.
Give marker / identification to the potential finding notes in audit note for easier report making.
CONDUCTING THE AUDITCONDUCTING THE AUDIT
19
a) interviews should be held with persons from appropriate levels and functions
performing activities or task within the scope of that audit;
b) interviews should be conducted during the normal working hours and, where
practical, at the normal workplace of the person being interviewed;
c) every attempt should be made to put the person being interviewed at ease prior to
and during the interview;
d) the reason for the interview and any note taking should be explained;
e) interviews can be initiated by asking the persons to describe their work;
f) questions that bias the answers (i.e. leading questions) should be avoided;
g) the results from the interview should be summarized and reviewed with the
interviewed person;
h) the interviewed persons should be thanked for their participation and cooperation.
IX. GUIDANCE – CONDUCTING INTERVIEW
Interviews are one of the important means of collecting information and should be carried out
in a manner adapted to the situation and the person interviewed. However, the auditor
should consider the following:
CONDUCTING THE AUDITCONDUCTING THE AUDIT
20
REPORT MAKINGREPORT MAKING
I. GUIDANCE – COMPILING AUDIT RESULT
Audite not should be compiled in appropriate manner to make report which understandable
by auditee and traceable for the future follow up process, bellow are the step:
1. Sort identified potential finding its associate evidence2. Evaluate with applicable audit criteria, try to closest ISO requirement as possible for
NC.3. Determine the finding category 4. Update the criteria of applicable point check in checklist, write the problem into note/
Comment column5. Contact MR for any issue
Problem &its evidence
Audit Criteria
Finding Finding CategoryCategory
21
REPORT MAKINGREPORT MAKING
II. GUIDANCE – FINDING STATEMENT WRITING(REPORT MAKING)
In order to make report which understandable by auditee and traceable for the future follow
up process, finding statement should consist the component bellow :
Problem – Statement of the problem encountered, suggested the statement of
weakness against ISO requirement section, eg:
Ineffectiveness of training management…Lack of evidence for ensuring the competence of employee…Unable to convince the provision of competence employee….
Location – Statement of area where the evidence observed, eg: MCL entry…Warehouse team…CPL lab….
Objectives evidence – Statement of evidences founded, eg: Operator A have no competence evaluation report an, and not well understand how to set temperature X…
Reference – Statement of the audit criteria not fulfilled, eg: This not comply with ISO 9001 requirement clause 6.2
Note:The sequence can be randomized, such as POLR, RPOL, RPLO, etc.
22
REPORT MAKINGREPORT MAKING
II. GUIDANCE – FINDING STATEMENT WRITING(REPORT MAKING)
continuedSample of correct statement:
It is observed that training management not effective as it founded at MCL entry area 3 operator (a,b,c) unable to set the temperature station x correctly, and they have no competency evaluation record. It’s not comply with ISO 9001 requirement clause 6.2
Incomplete Statement
Training management not effective at MCL entry area. It’s not comply with ISO 9001 requirement clause 6.2 (no objective evidence, debatable by auditee, & difficult to address the right employee)
MCL entry operator unable to set the temperature station x correctly, and they have no competency evaluation record. (no problem statement uneasy to catch bigger issue, No clear evidence, no reference to judge the NC)
23
REQUIREMENT AREA OF APPLICABILITY LISTREQUIREMENT AREA OF APPLICABILITY LIST
No. Requirement No. Applicable Area
1 4 General
2 5 General
3 6.1 General
4 6.2 HR
5 6.3 Maintenance, MFG, IT
6 6.4 MFG, Maintenance, W/H
7 7.1 General
8 7.2 Sales, MO, PPIC, Finance
9. 7.3 Product Development
10. 7.4 Purchasing
11. 7.5.1 General
No. Requirement No. Applicable Area
12. 7.5.2 MFG
13. 7.5.3 MFG, W/H
14. 7.5.4 Exclude
15. 7.5.5 W/H, MFG
16. 7.6 Maintenance, MFG
17. 8.2.1 CS
18. 8.2.2 General
19. 8.2.3 General
20. 8.3 MFG, W/H
21 8.4 General
22 8.5 General