Audit Quick Reference

Audit Requirements (Reference: ISO 9001:2000, 8.2.2)
1. Conduct audits at planned intervals / 6. Select impartial and objective auditors
2. Assess for conformity and effectiveness / 7. Document an audit procedure covering
3. Plan the audit program to consider: / responsibilities and requirements for:
- status and importance of audited areas / - audit planning and execution
- previous audit results / - audit reporting and recordkeeping
4. Determine the audit criteria and scope / 8. Ensure timely corrective action by auditee
5. Define the audit frequency and methods / 9. Verify corrective actions and report results
Audit Activities (Reference: ISO 19011:2002, 6.2-6.8)
(Audit Initiation) – ISO 19011:2002, 6.2
1. Clarify the reason for the requested audit / 4. Determine the feasibility of the audit
2. Appoint the audit team leader / 5. Select the audit team members
3. Define objectives, scope, and criteria / 6. Establish initial contact with the auditee
(Document Review) – ISO 19011:2002, 6.3
1. Review documents before onsite audit / 5. Defer until onsite audit if not detrimental
2. Take into account audit objective and scope / 6. Determine conformity with audit criteria
3. Consider organization size and complexity / 7. Report any documentation concerns
4. Include relevant documents and records / 8. Decide to continue audit or postpone it
(Audit Preparation) – ISO 19011:2002, 6.4
1. Prepare audit plan as basis for agreement / 4. Assign work to the audit team members
2. Use plan to schedule and control the audit / 5. Prepare process diagram and audit checklist
3. Keep flexible to permit changes during audit / 6. Confirm audit arrangements and logistics
Process Diagram

(Audit Execution) – ISO 19011:2002, 6.5
1. Hold opening meeting and explain objective / 12. Follow trails to other areas based on scope
2. Define the role of guides and observers / 13. Check the facts (use other sources)
3. Interview people at their workplace / 14. Record the evidence (checklist notes)
4. Put the person at ease (lower anxiety) / 15. Make tentative conclusions (no secrets)
5. Explain your purpose (what you want) / 16. Give opportunity to discuss other subjects
6. Ask about job and applicable documents / 17. Avoid consulting on cause and solution
7. Use open-ended questions (5 Ws and H) / 18. Thank for time and cooperation
8. Verify responses (confirm understanding) / 19. Review progress periodically with audit team
9. Remember to ask for proof (show me) / 20. Compare audit evidence to audit criteria
10. Observe activities and examine records / 21. Generate findings and prepare conclusions
11. Take random, yet representative samples / 22. Conduct closing meeting and report results
Requirement Sources: / Evidence Sources:
1. Standard (e.g., ISO 9001:2000) / 1. Interviews (personnel statements)
2. Company (policies and procedures) / 2. Observations (demonstrated practices)
3. Customer (contracts and orders) / 3. Documents (plans, procedures, specs)
4. Legal (statutes and regulations) / 4. Records (tests, minutes, completed forms)
Audit Objectives:
1. Verify conformity with requirements
2. Judge effectiveness of quality system
3. Identify opportunities for improvement
Three Dimensional Audit:
1. Front: Intent (plan for process)
2. Side: Practice (implementation of intent)
3. Top: Result (effectiveness of practice)

(Audit Reporting) – ISO 19011:2002, 6.6
1. Prepare audit report per audit procedure / 3. Ensure it is complete, correct, clear, concise
2. Include in any nonconformity statements: / 4. Approve audit report per audit procedure
- requirement (with source) / 5. Issue audit report in agreed timeframe
- problem (with evidence) / 6. Distribute to client-designated recipients
(Audit Completion) – ISO 19011:2002, 6.7
1. Ensure all activities in plan are carried out / 3. Keep or destroy documents per agreements
2. Ensure the audit report has been distributed / 4. Remember audit not “closed” until F/U audit
(Follow-Up Audit) – ISO 19011:2002, 6.8
1. Notify auditee if need for corrective action / 4. Ask auditee to notify you of completed action
2. Agree with the proposed corrective action / 5. Verify action was effective to avoid problem
3. Ensure action is taken in agreed timeframe / 6. Close out the nonconformity based on action
Audit Principles (Reference: ISO 19011:2002, 4)
1. Carry out the audit in an ethical manner / 4. Conduct an impartial and objective audit
2. Present truthful, fair, and accurate results / 5. Base conclusions on verifiable evidence
3. Perform audit with due professional care
Audit Questions
1. What is the primary purpose of this process? / 9. How is the process monitored and controlled?
2. Who is the manager (owner) of the process? / 10. What are its outputs and who receives them?
3. What are its inputs and who supplies them? / 11. Do these outputs meet the requirements?
4. How do you know if these inputs are good? / 12. What do you do if the outputs are not right?
5. What are your responsibilities in the process? / 13. What are the process quality objectives?
6. How do you know what to do? / 14. How is the process performance measured?
7. What training and skills are needed? / 15. Please show me the records you maintain.
8. Please show me how you do it. / 16. How could this process be improved?
Audit Definitions (Reference: ISO 19011:2002, 3 and ISO 9000:2000)
Audit: systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.
Criteria: set of policies, procedures, or requirements against which audit evidence is compared.
Evidence: verifiable records, statements of fact, or other information relevant to audit criteria.
Findings: results of the evaluation of collected audit evidence against audit criteria.
Program: set of one or more audits planned for a specific timeframe and directed to specific purpose.
Plan: description of the activities and arrangements for an audit.
Scope: extent and boundaries of an audit.
Nonconformity: non-fulfillment of a requirement.
Corrective Action (Reference: ISO 9001:2000, 8.5.2)
1. Determine if similar deficiencies exist / 6. Implement planned corrective action
2. Implement immediate fix (correction) / 7. Reflect changed process in documentation
3. Identify root cause of nonconformity / 8. Verify the action was an effective solution
4. Develop action to prevent recurrence / 9. Record the results of the investigation
5. Assign responsibilities and due dates / 10. Inform audit function of completed action
Audit Program (Reference: ISO 19011:2002, 5)
1. Assign responsibility for the audit program / 5. Communicate audit program to organization
2. Establish objectives for the audit program / 6. Provide resources to carry out these audits
- meet requirements for system certification / 7. Conduct audits within specified timeframes
- verify conformity to contract requirements / 8. Keep records as evidence of audit program
- assess compliance to legal requirements / 9. Monitor audit program against objectives
- contribute to improvement of system / 10. Evaluate and develop auditor performance
- evaluate the capability of suppliers / 11. Initiate corrective and preventive actions
3. Establish procedures to conduct the audits / 12. Identify improvements for audit program
4. Prepare annual schedule of planned audits
Audit Status
Conducted = Audit carried out according to plan / Completed = Audit report and other records filed
Reported = Approved audit report distributed / Closed = Corrective actions verified as effective
Audit Strategy
Vertical: Assess processes within department / Horizontal: Assess process across departments
Clause: Assess a clause across departments / Trace: Follow a transaction through the system
Audit Checklist (Reference: ISO 19011:2002, 6.4.3)
Benefits
1. Establishes the audit sampling plan / 7. Prepares audit team to conduct the audit
2. Provides balanced audit coverage / 8. Allows lead auditor to evaluate planning
3. Helps acquire objective evidence / 9. Controls the audit pace (time manager)
4. Encapsulates the audit methodology / 10. Keeps focus on audit objective and scope
5. Guides auditor on timing and content / 11. Serves as memory aid (confidence builder)
6. Serves as repository for audit notes / 12. Become the record of investigated areas
Format
Reference: Specific source of requirement - clause or section number
Requirement: Applicable requirements to look at – standard, company, customer, and legal
Evidence: Expected evidence to look for – statements, observations, documents, and records
Checklist Example
Reference (Source of Requirement): / “Look for” Expected Evidence:
ISO 9001:2000, 4.2.3.a / 1. Statements – Understanding of process
2. Observation – Demonstration of process
“Look at” Requirement: / 3. Documents – Covered in required procedure
Approve documents for adequacy before issue / 4. Records – Document approvals
Plus information from “turtle” diagram à / Inputs, Outputs, Resources, Methods, Measures
Audit Notes (Reference: ISO 19011:2002, 6.5.4)
1. Explain why you are taking the notes / 4. Use statements as requirement or evidence
2. Note what was heard, seen, and read / 5. Spot different answers for audit follow-up
3. Jot down specific facts and references / 6. Determine activities for further investigation
Opening Meeting (Reference: ISO 19011:2002, 6.5.1)
Purpose
1. Confirm audit plan and arrangements / 4. Create sense of trust and cooperation
2. Describe audit process and methods / 5. Give insight on management support
3. Explain roles of guides and observers / 6. Provide time for auditee questions
Topics
1. Introductions (auditors, auditee, and guides) / 8. Communications (auditee kept informed)
2. Attendance (sign-in sheet, if used) / 9. Reporting (plan and classification scheme)
3. Objective (reason for audit) / 10. Confidentiality (non-disclosure of information)
4. Scope (coverage of audited areas) / 11. Logistics (work space and needed resources)
5. Criteria (applicable requirements) / 12. Meetings (briefings and closing meeting)
6. Agenda (auditor assignments and times) / 13. Safety and Security (site requirements)
7. Methods (audit process and sampling) / 14. Questions (audit clarifications)
Interview Techniques (Reference: ISO 19011:2002, 6.5.4)
1. Talk to people performing work within scope / 5. Avoid leading questions and biased results
2. Conduct interviews in normal working hours / 6. Share interview results with audited person
3. Explain reasons for the audit and note-taking / 7. Thank for participation and cooperation
4. Start by asking persons to describe their work / 8. (See other techniques under Audit Execution)
Audit Sampling (Reference: ISO 19011:2002, 6.5.4)
1. Ensure random, yet representative sample / 5. Select own sample of people; documentation
2. Select small, balanced view of process / 6. Use sufficient sample to reach judgment
3. Base size on volume, time, and past issues / 7. Remember evidence is based on samples
4. Consider risk and complexity of the process / 8. Explain uncertainty introduced by sampling
Closing Meeting (Reference: ISO 19011:2002, 6.5.7)
Purpose
1. Present balanced summary and conclusions / 4. Resolve any misunderstandings or errors
2. Report any nonconformities or concerns / 5. Ensure clear understanding of audit results
3. Identify possible areas for improvement / 6. Seek agreement on report and findings
Topics
1. Introductions (for any new attendees) / 8. Summary (findings by area and clause)
2. Attendance (sign-in sheet, if used) / 9. Nonconformities (requirements and evidence)
3. Thanks (for time and cooperation) / 10. Acknowledgments (signed forms and report)
4. Scope (reminder if audit coverage) / 11. Agreements (on corrective action schedule)
5. Disclaimer (limited sample in brief time) / 12. Report (expected date, if not provided)
6. Criteria (applicable requirements) / 13. Follow-up (next steps, e.g., surveillance visit)
7. Positives (strengths and conforming areas) / 14. Thanks (courtesy and hospitality)
Auditor Traits (Reference: ISO 19011:2002, 7.2 and QE19011S:2004)
1. Ethical (truthful, fair, and honest) / 6. Versatile (adjusts to situations)
2. Open Minded (considers other viewpoints) / 7. Tenacious (persistent and focused)
3. Diplomatic (tactful with people) / 8. Decisive (reaches timely conclusions)
4. Observant (actively aware of surroundings) / 9. Self-reliant (acts independently)
5. Perceptive (understands situations) / 10. Willing (interested in being an auditor)
Audit Benefits
1. Verifies conformity to requirements / 5. Increases quality awareness of organization
2. Initiates needed corrective actions / 6. Reduces risk of product or service failures
3. Evaluates effectiveness of system / 7. Provides information for management review
4. Identifies opportunities for improvement / 8. Satisfies requirement of Standard for audits

This Audit Quick Reference may not be reproduced, stored electronically, or transmitted in any form without the prior written permission of the author, <>.

© 2005 <www.WhittingtonAssociates.com> V1.R2

Page 1 of 4