www.aeconformity.

com

Overview of activities and outputs of IAF/ISO 9001

Auditing Practices Group (APG)
and
Accreditation Auditing Practices Group (AAPG)
Alex Ezrakhovich
Co-convener of APG & AAPG
Sydney, Australia

5th International Conference on Quality Management

October 2016
Tehran, Iran
Content

 What are APG & AAPG guidance documents?

 Marketplace Context
 History and overview of APG topics
 APG Topics
 AAPG Topics
 Recognition
 Conclusions

©
What are APG &AAPG guidance documents?

 By November 2016:
 40 APG documents
 12 AAPG documents

 Auditing practice available at

http://www.iso.org/tc176/ISO9001AuditingPracticesGroup
 Concerned with effective value auditing of Quality Management
Systems
 Some additional graphics and illustrations
 Not subject to a formal endorsement process by ISO and IAF ,
but produced by experts, auditors and practitioners drawn from
the ISO Technical Committee 176 and IAF
 © ISO & IAF 20XX - All rights reserved
©
Marketplace Context

 Certification shall be conducted by a

competent audit team, with adequate
resources and following a consistent
process, with the results reported in a
consistent manner.
 The value of certification is the degree of
public confidence and trust that is
established by an impartial and
competent assessment by a third-party.

©
Marketplace Context

Competing Certification
Bodies

Pressure to Loss of Lower prices

decrease prices Confidence in
Certification*

Lower added value

Cutting corners
to the client
©
The certification death spiral
Marketplace Context

 The ISO 9000 Advisory Group identified

auditor competence and the competent use
of these auditors as a critical issue when
ensuring the credibility of ISO 9001
certification.
 Auditing Practices Group established in
February 2003.

©
Marketplace Context

 The Accreditation Auditing Practices Group is constituted as an

informal group of accreditation experts, auditors and
practitioners, drawn from the ISO Policy Committee for
Conformity Assessment (ISO/CASCO), the ISO Technical
Committee 176 Quality Management and Quality Assurance
(ISO/TC 176) and the International Accreditation Forum (IAF). It
was established following the success of the ISO 9001 Auditing
Practices Group, and following a request from the IAF's
Technical Committee.
 The Co-Conveners of the Accreditation Auditing Practices
Group are Mr Fei Yang (Deputy Director, CNAS, China) and Mr
Alex Ezrakhovich (Managing Director, AEConformity Pty Ltd,
Australia).

©
Participants

Experts nominated by:-

 IAF (CABs, ABs, Industry)
 ISO TC/176(WG Interpretations, SC1, SC2, SC3)
 ISO CASCO
 IATCA (now IPC)

©
Aims of the Group

1. Development of examples of good auditing

practices related to requirements of ISO9001 and
guidelines of ISO19011
2. Development of a website where papers and
examples of auditing practice against the
requirements of ISO 9001 are posted and available
to the public without charge.
3. The information provided by the Group does not
constitute IAF or ISO endorsed benchmarks or
interpretations of the preferred way conformance to
ISO 9001 is audited.
APG-Introduction.doc

©
Disclaimer

These papers have not been subject to an endorsement

process by the International Organization for Standardization
(ISO), ISO Technical Committee 176, or the International
Accreditation Forum (IAF).

The information contained within them is available for

educational and communication purposes. The ISO 9001
Auditing Practices Group does not take responsibility for any
errors, omissions or other liabilities that may arise from the
provision or subsequent use of such information.

©
Overview of APG Guidance

• In order to give an easy overview, we group

guidelines:
• General audit approach
• Guidance on auditing specific
requirements
• Sub-group according common elements
of type A standards (ISO Guide 72)
• Professionalism
• Interpretation and clarification

©
Overview of APG Guidance:
General audit approach

©
Overview of APG Guidance:
Guidance on auditing specific requirements

©
Overview of APG Guidance: Professionalism
Interpretation and clarification

©
Auditing Practices Group Topics (1)

 General
 Adding value
 Code of Conduct and Ethics
 Cultural Aspects
 Expected Outcomes
 Impartiality
 Scope of ISO 9001, Scope of Quality Management
System and Scope of Certification
 Technical Experts
 Two stage initial certification audit

©
Auditing Practices Group Topics(2)
 Auditing General
 Added Value Audits versus Consultancy
 Audit Reports
 Audit Trail
 Checklist
 Deal with consultants
 Demonstrate conformity to the standard
 Effective use of ISO 19011
 Effectiveness
 Electronic documented information systems
 Evidence collection
 Nonconformity – Documenting
 Nonconformity – Review and closing

©
Auditing Practices Group Topics(3)

 Auditing to ISO 9001:2015 (1)

 Competence
 Context
 Customer Communications
 Customer Complaints
 Customer Feedback
 Design and Development Process
 External providers
 Improvement
 Internal audit
 Internal communication

©
Auditing Practices Group Topics

 Auditing to ISO 9001:2015 (2)

 Measurement traceability
 Monitoring and measuring resources
 Organizational Knowledge
 Policy, objectives and management review
 Processes
 Resources
 Risk Based Thinking
 Service organizations
 Statutory and Regulatory requirements
 Top management

©
Accreditation Auditing Practices Group Topics

 Introduction to the Accreditation Auditing Practices Group

 The witnessing of CAB audits by an accreditation body
 "Process Approach" based accreditation audits
 Auditor Code of Conduct and Ethics
 Criteria for Competence of AB Assessors and Assessment
Teams
 Auditing Accreditation Scopes
 Auditing the CAB Impartiality Committee

©
Accreditation Auditing Practices Group Topics

 Auditing Certification Body management systems based on

ISO 9001 (Option 1 from clause 10 of ISO/IEC 17021)
 Deployment of the Expected Outcomes Documents
 Control of CABs' foreign or remote locations
 The conduct of integrated assessments of a CAB operating
more than one MS certification scheme
 Possible indicators of CAB Performance
 Good practices for AB’s and CAB’s in the Transition to ISO
9001:2015

©
 The need for a 2 stage approach to auditing

 Auditing to ISO 9001 requires a good

understanding of the business and QMS

 The primary purpose of the 1st stage audit

 Activities performed during the 1st stage

audit
APG-2stage.doc

©
How to audit top management processes

 Identifying top management processes

 Conducting the audit
 Audit reporting

APG-AuditTopManagement.doc

©
 The role and value of the audit checklist

 Need for checklists

 The use of audit checklists
 Advantages
 Disadvantages
 Conclusion
APG-Checklist.doc

©
 The role and value of the audit checklist

It is beneficial to audit from the organization's quality management system up to the requirements.
A checklist may be used to ensure that all relevant ISO 9001 requirements addressed

ISO 9001 Requirements

C P C
Audit from the O E O Use of checklist
organization's M R M to audit from the
management system P F P requirements to
organization's L O L the organization’s
management system I R I management
to the ISO 9001 A system
A M
requirements. N
N A
C N C
E C E
and E

Organizations Management System

©
Third party auditor impartiality and conflict of
interest

 CAB commitment to impartiality

 Threats to auditor impartiality
 Safeguards to auditor impartiality
 Assessing the level of impartiality risk
 Determining the acceptability of the level of
impartiality risk
 Organizational and structural issues

©
Auditing the effectiveness of the internal audit

 Issues to evaluate:
 the competencies that are needed for and applied
to the audit
 the risk analysis performed by the organization (if
any) in planning internal audits
 the degree of management involvement in the
internal audit process
 the way the outcome of the internal audit process
is used by the organization to evaluate the
effectiveness of its QMS and to identify
opportunities for improvements.

©
Auditing Electronic-Based Management Systems
(EBMS)

 Audit Initiation and Planning

 Document Review
 On-Site Realization Activities
 Auditing the Control of Electronic Documents
 Auditing the Control of Electronic Records
 Organizational Resources
 Internal and External Electronic
Communication
 Multi-Site Management Systems
 Auditor Competence
©
The Witnessing of CAB Audits by an Accreditation
Body

 Pre-audit preparations

 During the audit

 Feedback and reporting of results

©
“Process approach" based accreditation audits

 CAB objectives

 Typical processes of CABs

 Example of questions to be asked by an AB

during a process based audit

©
Auditing the competence of quality management
system CAB auditors and audit teams

 Evaluation of auditor qualifications and competence

 Personal attributes
 Generic knowledge and skills
 Processes and products
 Size of Organizations
 Culture and Language
 Legal, statutory, and regulatory requirements
 Evaluation of competence requirements
 Deployment of a team of competent auditors

©
Copies of the guidance documents referred to in
this presentation can be obtained from:

www.iaf.nu
www.iso.org/tc176/ISO9001AuditingPracticesGroup

Comments on the papers or presentations can be

sent to the following email address:
charles.corrie@bsi-global.com

Feedback from users will be used by the ISO 9001 Auditing

Practices Group to determine whether additional guidance
documents should be developed, or if these current ones
should be revised.

©
Recognition

 The output of these group was used as an input for development of:
 ISO/IEC 17021-1, Conformity assessment — Requirements for bodies
providing audit and certification of management systems - Part 1:
Requirements
 ISO/IEC TS 17021-3, Conformity assessment — Requirements for
bodies providing audit and certification of management systems — Part
3: Competence requirements for auditing and certification of quality
management systems
 ISO 9001:2015, Quality management systems — Requirements
 Utilised in training by:
 Accreditation Bodies members of IAF
 Accredited CABs
 International Automotive Task Force – IATF
 International Aerospace Quality Group – IAQG
 Information Security Management Systems - ISO/IEC JTC 1/SC27

©
Recognition

 Translated to:
 Chinese - host: China Quality Certification Centre
 Italian - host: Associazione Italiana Cultura Qualità
 Japanese - host: Japan Association of Certification Bodies
(JACB)
 Romanian - host: Romanian Society for Quality Assurance
(SRAC)
 Russian - host: Novoe Kachestvo
 Serbian- host: Institute for Standardization of Serbia (ISS)
 Spanish - host: Instituto Colombiano de Normas Técnicas y
Certificación (ICONTEC)

©
Recognition

 ISO TC176 Resolution 6 (2012) – Auditing

Practices Group
Considering the value of the APG produced
papers and considerable experience
developed in operation of the APG ISO/TC
176 resolves to:
Maintain APG as an ad-hoc group and
requests SC 1, 2 and 3 to nominate experts
to this group.

©
Conclusions

 APG guidance help to identify typical problem areas in

Management systems areas, which need to be addressed
 Many guidance documents are re-usable for ALL
Management6 Systems with only minor changes,
especially high-level issues
 Auditing a Management System as part of the overall
management system leads in some industries to MS
specific requirement which are quality requirements
about services provided to customers
 Emerging integrated management systems need
integrated audit practice

©
INTERACTION OF STAKEHOLDER REQUIREMENTS

©
www.aeconformity.com

Thank you
!‫متشکرم‬
SALAM!
Auditing Practices Group
&
Accreditation Auditing Practices Group