Audit

Process
Heba Hamdy
MQM,HHMG,CLA,OHSA,CSP,DCPS,
ECSRT,TOT,BCPS
 Table of contents

Principles Management
01 Of auditing
02 Of audit program

Implementation How
03 Of audit program
04 To conduct indivdual
audit
 What is quality audit?

• systematic, independent and documented process for obtaining objective

evidence and evaluating it objectively to determine the extent to which the audit
criteria are fulfilled.
• The term systematic means the facility must plan and document its system for
auditing.
• Audits are structured and formally evaluated.
 Auditing terms

• Audit evidence

records, statements of fact or other information which are relevant to the audit
criteria and verifiable.

• Audit criteria

set of policies, procedures or requirements used as a reference against which

audit evidence.
 Audit objectives
01 02
Judging Determine
conformity effectiveness
Between Meeting
implementation requirements or
and documentation standards

03 04

opportunities Meeting
Laws and
For continual
regulations
improvement
requirements
Benefits of Quality Management Audits

Provide
Improves patient Improves staff
opporunities awareness,
For continual
improvement
confidence and trust participation, and
motivation

Increases Demonstrates Provides

operational Management information for
performance commitment management
 Audit Types

First Party Second Party Third Party

carried out by an carried out by one conducted by a Certification
organization on itself to organization on another, body to evaluate
confirm to management originally came from the organization’s quality system
that their documented idea of an organization documentation, as well as,
quality management auditing its suppliers implementation, for the
system is working purpose of giving certificate
effectively
 Auditing Principles

Fair Presentation Ethical Conduct

2
The obligation to report 1 auditor behavior that reflects
trust, integrity, confidentiality
truthfully and accurately

Due Professional
Audit 3 Care
Evidence approach 5 Auditors must exercise care related
to the task and the confidence
placed in them by the auditee and
The rational method for reaching other interested parties.
reliable and reproducible audit
conclusions in a systematic audit 4 Independence
process. Forms the basis for
impartiality of the audit and
objectivity of the audit
conclusions
 Auditor Personal Attributes
Ethical Observant
1 fair, truthful, sincere, actively aware of physical 4
honest and discreet surroundings and activities

Open-minded Perceptive
2
willing to consider
alternative ideas or points
instinctively aware of and able 5
to understand situations
of view

Diplomatic Versatile
3 tactful in dealing with adjusts readily to different 6
people situations
 Auditor Personal Attributes
Tenacious
7 persistent, focused on
achieving objectives

Decisive
8 reaches timely
conclusions based on
logical reasoning and
analysis

Self-reliant
9 acts and functions
independently while
interacting effectively with
others
 Audit program

program Plan
Series of internal audits
for an organization for individual audit
management system

Audit program Audit Plan

 Audit Frequency

Status
Refers to the past history of weakness, problems, and
customer complaints. Increase the audit frequency to
improve control and confidence

Importance
Refers to the criticality of the process or activity
to the quality of the service Also reflects top
management’s priorities

Audits
Refers to the results of previous internal and external
audit results
 Audit Frequency

About audit
• The complete quality management system must be
audited at least once a year.

• Weak areas or activities must be audited more often.

• Top management determines the frequency of

internal audits with the help of the auditors

• Audit frequency is also determined by contractual or

regulatory requirements, as well as, significant
changes in ownership, policies, processes,
technology, control systems, documentation.
 Audit Program Procedures
Planning
scheduling audits 1

Assuring
the competence of
auditors
2

Selecting
3 appropriate audit teams and
assigning their roles and
responsibilities

4 Conducting
Audits
 Audit Program Procedures
follow-ups
Conducting audit follow-
ups, if necessary
5

records
Maintaining audit
program records
6

Monitoring
7 the performance and
effectiveness of the audit
program

8 Reporting
to top management on the
overall achievements
 Audit Program Records
Records should be maintained to demonstrate the implementation of the audit program and should
include the following:

individual audit

 audit plans
 audit and
nonconformity reports
 corrective and
preventive action reports
 audit follow-up reports Program
 Results of the audit
program review
 Audit Program
monitoring and reviewing

• The implementation of the audit program should be monitored and at

appropriate intervals, reviewed to assess whether its objectives have been met
and to identify opportunities for improvement. The results should be reported to
top management.
• Performance indicators should be used to monitor characteristics such as:
 Ability of the audit team to implement the audit plan
 Conformity with audit program and schedules
 Feedback from auditees and auditors
 Individual audit ( Audit cycle )

planning

Activities
 Audit plan

Objectives Criteria

what is to be accomplished by the used as a reference against which

audit : conformity is determined :
1) Determining degree of conformity of 1) Applicable policies and procedures
the QMS with audit criteria 2) laws and regulations
2) ensure compliance with statutory, 3) management system requirements
regulatory and contractual 4) Accreditation standards
requirements.
3) Evaluating effectiveness of the QMS
4) Identifying areas for potential
improvement of the QMS
 Audit plan

Audit scope

describes the extent and boundaries of the audit

Determining the feasibility of the audit

1) Sufficient and appropriate information for planning the

audit(document review)
2) Adequate cooperation from the auditee
3) Adequate time and resources
 Audit plan

Opening Meeting

Immediately before the audit begins, It must be well prepared by the Auditor.

The benefits:

a. They can establish good audit environment between auditors and auditees,
b. facilitate the smooth running of the audit.
c. serve as an opportunity to put them at ease and clear up any misconceptions.
 Audit plan

Audit Methods

Describe briefly the methods that the auditors will use to gather objective evidence,
such as: interviews……observations…….document …… record reviews…… and
trend analysis.

Reporting methods

The method of recording nonconformities, and of presenting the audit report will
need to be explained.
 Audit Strategies

 Process audit
The auditors follow a specific order or set of processes through the system and
examine controls of each process along the way.

require the auditor to look at the following aspects of process management:

a. Controls over inputs, outputs and the value-added activities within a process
b. Use of the PDCA methodology,
c. Evidence of measurable objectives for each process and metrics to track
performance to them
 Department audit
consider all the activities in a particular department without reference to overall workload
and may include a number of processes within a department.
 Preparing work documents

 The audit team members should review the information relevant to

their assignments and prepare work documents as necessary for
reference and for recording audit proceedings.

 Such work documents may include:

 A copy of Standard.
 Checklists
 Forms for recording information such as:
 Supporting evidence
 Audit findings
 Records of meetings
 Check list

 Checklist Preparation (It is a memory aid)

the auditor will need to be selective. Therefore the results of research

need to be documented in a manner that can be used easily during the
audit. A checklist meets this requirement.
A well designed checklist will have:
• Activities to be investigated.
• Requirements, with references.
• Sequence of the investigation
• The purpose of the checklist is to gather information during the course
of an audit that the auditor will need to justify the audit findings and
conclusion.
Check list
 Check list
Checklist Benefits Checklist Disadvantages
$ Identifies relevant samples. × Can become a tick list
$ Defines a formal audit process. × May be full of yes-no questions
$ Helps maintain the pace of audit. × If not on checklist, will not look at area
$ Keeps audit objectives clear. × May stifle initiative and process analysis
$ Reduces workload on auditor during audit.

$ Assures auditee of auditor professionalism.

$ Provide space for audit notes

$ Guarantees helpful research.

$ Act as audit record.

$ The checklist helps the auditor to ensure the
depth and continuity of the audit,
$ It will save time during an audit

$ It helps the auditor to come to an informed

judgement.
 Audit Activities
01 02

Conducting Verifying
Opening And collecting
meeting information

03 04

Generating Preparing
Audit
Audit findings
conclusions
 Communicating during the audit
Auditing deals with people and a good auditor
must know how to interact and get the
information from people in an effective manner
 Audit interviews

The Auditor Interviews the auditee

a. Within a short time the auditor needs to have developed a degree of rapport
with the auditee
b. Obtain the facts essential to the investigation are remaining objective.
c. If these facts are indicative of a lack of management control in the area, then
the auditor needs to be tactful in the way these findings are presented.
“"I keep six honest serving men,
they taught me all I knew, their
names are What and Why and
When and How and Where and
Who."

—(Rudyard Kipling)
 Collecting information
Process for collecting information to reaching audit conclusions
.

Sources of Collect by appropriate

information sampling and verifying

Audit evidence

Evaluate against
audit criteria
Audit findings

Reviewing Audit
conclusion
 Audit Evidence
 The purpose of an audit is to collect audit evidence to permit audit findings and
by evaluating the evidence against audit criteria and then reviewing all individual
findings to reach an overall audit conclusion about the degree of conformity and
effectiveness of the quality management system.

 Auditors must not allow their opinions or prejudices to influence decisions.

 The evidence must be capable of being verified and may be:

 Information, records, or statements of fact
 Qualitative (non-numerical) or quantitative (numerical)
 Based on observation, measurement, or test
 Techniques to obtain objective evidence

Observe Interview
Operations People
• for identification, status, • that manage, perform, and verify
condition, flow, and operation of activities
facilities, materials, product, • with responsibility and authority for
equipment, processes, and tasks work

Evaluate Review
Results Documents
• pertaining to processes and activities
• to summarize and analyze the
• for details of why, who, what, when,
audit observations and where
• to determine the effectiveness
of the quality system
 Audit Sampling
• Objective evidence is obtained by sampling processes, people, documents, and records
• It is based on a small representation of the audited activities
• Not finding nonconformities does not equate to total assurance of control

complexity volume risk past problems audit time span

• Collect the sample on a random basis

• Don’t let the auditee select the samples and possibly bias the representation
• Don’t dig deeper, or select another sample, if first sample doesn’t find
nonconformities
• If no nonconformities are found, move on to the next area of the audit
 Generating Audit Findings
.

• Audit evidence should be evaluated against the audit criteria to generate the audit
findings.
• Audit findings can indicate either conformity or nonconformity with audit criteria.
• When specified by audit objectives, audit findings can identify an opportunity for
improvement.

 audit findings of conformity and their supporting evidence should also be

recorded.
 They should be reviewed with the auditee to obtain acknowledgement that the
audit evidence is accurate and that they are understood.
 Taking Notes
 Only the most experienced auditors make sufficient notes of all the relevant things
seen and heard during an audit.

 The auditors must record enough information to make an informed judgment based on
an adequate set of notes containing considerable facts.

 Notes need to be taken of references to documents, item identification, batch

numbers, job numbers, statements, who said them, job titles, relevant questions
asked, etc. This information needs to be legible and needs to be retrievable.

 Much of it might be referenced in subsequent audits, either in the next department to

be visited, or in a department to be visited by another member of the audit team.

 It will also be used in the verbal and written reports to the auditee for the purpose of
defining areas of nonconformity or raising points for discussion.
 Reaction of Auditees

Diversionary Volunteered
Inferior
tactics information patience and politeness,
Do not get angry, Only experienced auditors
will tend to make the right and where appropriate,
be firm yet polite
decision here be empathetic.

Hostility Authority Internal conflicts

use a little tact in smoothing
ignore any rudeness must insist firmly, but
the situation, without getting
from the auditee politely
involved
 Nonconformity
What is nonconformity?

 A condition adverse to Quality

 The non-fulfillment of a requirement

Good practices for writing nonconformities

1) When the auditor and the auditee understand the problem and how serious it is.
2) It should be written down by the auditor and agreed to by the auditee.
3) It is not good practice to complete the form during the interview.
4) Do not rush in writing of the nonconformity statement. The auditee should agree
with the facts at this point (and certainly before the auditors leave the area for
another part of the audit).
 Nonconformity

Rules for the recording of nonconformities

1) Exact observation of the facts.

2) Where was it found?
3) What was found?
4) Why it is a nonconformity?
5) What is the objective evidence of the nonconformity?
6) Who was involved?
7) Use local terminology.
8) Make it helpful.
 Auditee actions in response to a nonconformity
Correction: action to eliminate a detected
nonconformity
Corrective action: action to eliminate the cause
of a detected nonconformity

The essential features of corrective action are:

1. Identification of nonconformity
2. Establish responsibility for controlling the pertinent
process
3. Collect data to establish root cause for the
nonconformity
4. Analyze the data and establish corrective action
5. Monitor effectiveness of this action, including
internal auditing
6. Revise the action if ineffective
7. Record all the actions taken
8. Amend system documentation, as necessary
 Audit Summary
• The audit results should be summarized for presentation to
management.

• Start by presenting the positive.

• Provide sincere and factual feedback on the: (QMS strengths,

Departments, processes, resources, controls, documentations )

• Nonconformity findings may be grouped by functional area

(department), clause of the standard, and severity level (major,
minor, or concern).

• Findings could also be categorized by type of failure, for example,

intent (defined processes and documentation), implementation
(practices), or effectiveness (results).
 Audit Report

 The report of the audit should provide a complete,

accurate, concise and clear record of the audit.
 It is the major output of the audit process and may be
read and used by people who were not at the audit.
 The audit report must give a balanced picture
of the whole audit not merely the
nonconformities found.
 The report will be used by various people to initiate
corrective actions and evaluate and address any
recommended opportunities for improvement.
 Suggestions for Improvement
The audit team should provide improvement
suggestions relating to:

 Areas of concern where controls are in place and

conforming with requirements, but in the auditor’s
experience and judgment, appear weak and likely to
lead to a nonconformity in the future.
 Opportunities where organizations can more
effectively or efficiently manage, perform or control
an activity or process, based on the auditors
experience with similar situations in other
organizations.
 It should be understood that the organization has no
obligation to implement such suggestions, but it must
be aware of the risks of not doing so.
Internal audits’ records retained will
include at least the following:
• Reference and date of the audit
• Department/office/section audited
• Audit scope and objective
• Names of auditor(s), audit plan, and audit
checklists plus nonconformities
• Auditor notes
• Audit summary and conclusions
• Corrective actions taken.