To Establish a Global Process for Performing Management Systemassessments

Page 1 of 24
Document Number:Q-0900-5 / Issued:6/27/89
Subject:
General Audit Requirements / Revised:11/15/10

1.1.PURPOSE

To establish a global process for performing management systemassessments.

2.2.SCOPE

This procedure applies to all UL DQS Inc. personnel, including Designated Auditors, conducting management system audits.

3.3.APPLICABLE DOCUMENTS

Q-0000, Policy Manual

Q-0300-1, Contract Review Procedure

Q-0300-2, Procedure for Scheduling

Q-0914-4, ISO/TS 16949 Program Procedure

Q-0915-1, ISO 14001 Program Procedure

Q-0918-1, Aerospace Program Procedure

Q-0920-1, ISO 13485 Program Procedure

Q-0907-18, Submitting Reports for Certification Review

Q-0907-29, Advanced Surveillance and Reassessment Procedure

Q-0907-30, Scope writing procedure

Q-1200-1, Corrective/Preventive Actions Procedure

Q-1307-1, Issuance and control of Registration Certificate

Q-400-1, Design Control

Q-1600-1, Control of Records

Q-1800-1, Auditor/Lead Auditor Qualification Procedure

4.DEFINITIONS– See Definition Document, Q-0000-3.

5.GENERAL

This is a generic document and as such, may not contain all the requirements for auditing each specific program. The program specific procedures shall be used in conjunction with these requirements. The Annex section at the end of this procedure defines how each type of audit should be conducted.

6. PROCEDURE

6.1Customer Related Processes – Pre-audit Meeting

In order to determine the needs and requirements of the customer, a pre-audit meeting may be required for the following reasons:

a) A more in-depth understanding of the management system registration services provided by UL or the benefits of registration is needed.

b) Assistance in determining which registration programs will meet the needs of the business and ensure customer requirements are met.

c) On-site discussion of registration plans is needed due to the complexity of the organization or registration and determining any unforeseen risks associated with registration.

6.2Activities To Be Done Prior to the Visit

6.2.1 The pre-audit meeting (PA) will be scheduled once a date has been confirmed (per Q-0300-2). In cases where the customer is to be billed for the PA meeting, a sales order is to be opened and closed.

Personnel competent in the requested program will conduct the meeting. The assigned employee(s) (typically a Lead Auditor) is to contact the client and discuss logistics.

Audit plan items may include:

a) Registration Process & UL Registration Program

b) Company Structure and facility tour

c) Definition of Scope

d) Outsourced processes

e) Resource requirements (including auditor and technical experts)

f) Audit Scheduling

g) Organizational interfaces for multi-site registrations

6.3Conducting The Pre-audit Meeting

6.3.1The auditor shall conduct the pre-audit meeting and any notes which will be helpful in application review are to be submittedto the Verification Group and loaded into Easy as Lead Notes.

7.Application and Review

Competent personnel will determine if all the client’s requirements can be realized per procedure Q-0300-1. Technical Reviewers deemed competent in the program shall conduct reviews per Q-0907-18. For a new program, technicalreviewers will be qualified based on Q-0400-1 output and Q-1800-4.

8.Scheduling and Opening Assignments

Once the application has been accepted, a Sales Order shall be issued. Once the order is opened, the audit team will be scheduled in accordance with Q-0300-2.

9. Audit Process

The following generic process requirements are applicable to all audit types (Preliminary, Initial - Stage 1 & Stage 2, Continuous, Triennial (Recertification), Scope Expansions and Special). If any program specific procedures have additional requirements, they will supersede the following sections.

Activities To Be Done Prior to the Visit

9.1If a Designated Auditor (DA) is the Lead Auditor for the audit, the CS is to provide information from pre-audit discussions to the DA. All other Lead Auditors will obtain this information from Easy.

9.2The Lead Auditor shall contact the client at least 1 month prior to the audit and request the required information per program specific procedures. If the Lead determines there is insufficient documentation to proceed with the audit, the Lead will contact the client to resolve any issues and if needed, will postpone the audit based on the resolution output. The recommendation of postponement will be documented to the CS of the outcome. Program specific requirements may have different notification methods.

9.3At least 2 weeks prior to the audit, including on-site or off-site Stage 1 audits, the Lead shall prepare and provide an audit plan to the client and all team members. Template QF-0900-4 “Stage 1 agenda” will be used to develop the Stage 1 audit plan. The template is to be modified to use appropriate language for the applicable management system but include at a minimum the content list. (e.g. Change “Quality Manual” to “Environmental Policy Manual”) The audit plan reflects the scope and complexity of the audit. Audit plan may be changed as the audit progresses to ensure the achievement of the audit objective. For all audits, other than Stage 1 audits, the audit plan should include the following items, as applicable to ensured planned arrangements are realized:

a)The audit objectives and proposed scope of registration.

b)The audit criteria and any reference documents

c)The audit scope, including identification of the organizational & functional units and processes to be audited

d)The date and place where the audit is to be conducted.

e)The expected time and duration of audit activities, including meetings with the client’s management (daily wrap-up and closing) and audit team members

f)Identification and roles of the audit team members and accompanying personnel

g)Allocation of appropriate resources to critical areas of the audit

h)Identification of individuals within the organization that have significant and direct responsibility regarding the objectives and scope (customer input needed).

i)The working and reporting language of the audit.

j)Special confidentiality requirements and audit report distribution requirements

9.4The Lead assigns the team members taking into account the need for independence, competence of auditors, the effective use of resources – including roles and responsibilities, auditors in training and technical experts. For organizations that include design, the Lead Auditor shall assure that the team member qualified for the primary industry code (SIC or NACE) of the product or service being audited is assigned to audit the design function. The Lead should distribute any necessary information or documents required for the audit to the team members to conduct the audit. If checklists are used, they should not restrict the extent of audit activities, which can change as a result of information collected during the audit. Under no circumstances, will checklists, notes or any other record be left with the client.

9.5When developing the audit agenda, compliance with audit duration requirements must be maintained. Audit duration is the sum of “Man-days” spent on-site conducting the audit. An “Audit Day” is 8 working hours minimum. On-site audit activities such as opening and closing meetings and report preparation are included in an “Audit Day”. However, the onsite report preparation time is not to exceed more than 10% of the audit time in order to meet Q-0300-1 requirements.

9.6For programs other than ISO/TS 16949 and AS91XX, if more than 8 hours is spent in an audit day to audit activities being performed during an off shift, the additional hours beyond 8 hours can be counted towards the duration of another audit day. The activities audited during the off shift must be activities that are normally performed during that shift, by shift workers. Audits of administrative areas that normally only operate during 1st shift or audit of records only do not count of off shift auditing. (E.g. 9 hours are spent auditing on Day 2 of an audit including 1 hour auditing a molding operation during second shift. The extra hour can be subtracted from Day 3 to allow a 7-hour audit day). This allowance is not to be used to reduce the total calendar days audited or to reduce the billing of audit days.

9.7Where the audit will occur at a place consisting of multiple buildings, plants or facilities, such as a campus situation, the agenda will indicate the specific buildings or plants to be audited (Example: Building 1; Plant 3.). It is not necessary to include within the agenda, any building, plant, offsite or process that is outside the scope of the management system being audited.

9.8 Auditing on all shifts is required for QMS audits unless there is justification to not audit the shifts. Justification is rare, but would be considered in the following circumstances.

1. The following excerpt is verbatim out of the MD5.

Low complexity activities, e.g.

• Processes involve a single generic activity (e.g., Service only);
• Identical activities performed on all shifts with appropriate evidence of equivalent performance on all shifts based on prior audits (internal audits and CB audits);
• Where a significant proportion of staff carry out a similar simple function.

1. If you have rotating shifts (one crew works days for two weeks and then moves to nights), then you have justification for only auditing during days provided that internal controls and audits have been effectively done on each shift and show no issues due to difference in shift operations.
2. While there is some activity on midnight shift, there are no critical processes and the inspection / product release happens on day shift. You may see this sometimes where there is a heat treat process and that is the only thing running on 3rd shift. All of the process controls can be reviewed on days and the inspection happens by the 1st shift metallurgist.
3. From the low complexity activity category mentioned in #1, this could include warehouse activities where you have lots of people doing the same thing. This should be balanced against customer complaints showing that there is no significant difference in performance between the shifts.
4. There is a non-rotating weekend shift. We do not typically work weekends, so we could exclude this shift providing that internal audits have been done and the weekend operation found effective.

If there is justification for not auditing on all shifts, it shall be documented in the audit report.

When auditing all shifts, the requirement is that all shifts are audited annually.

10. Conducting the Opening meeting

Audit duration requirements (expressed in days and hours) are to be followed in the planning and performance of audits. The Lead Auditor or candidate Lead will conduct the opening meeting, which will be attended by the entire audit team. (Audit team members who are scheduled to audit offsite facilities on the first day of the audit are not required to attend the Opening Meeting at the main facility.) The Lead Auditor shall request the following client personnel attend the opening meeting: the client’s Management System Representative, appropriate Management, and the escorts. The items to be discussed at the opening meeting depend on the audit type as defined below:

Required for[1]
Opening / Topics to be discussed and confirmed
P / R / C
X / X / X / Introduction of participants, including roles
X / X / X / Thank organization for partnering with UL DQS Inc. and note attendance
X / X / X / Confirmation of audit objectives, scope and criteria
X / X / X / Confirmation of timetables and arrangements and any changes to audit plan
X / X / X / Methods and procedures used to conduct the audit, including advising auditee that audit is based on sampling and other discrepancies may exist
X / X / X / Formal communication channels between audit team and auditee (escorts)
X / X / X / Confirmation of language to be used
X / X / X / Plant personnel are aware of the visit, discuss any union issues if applicable
X / X / X / The auditee will be kept informed of audit progress
X / X / X / Resources and facilities needed by the audit team are available
X / X / X / Confirmation of matters related to confidentiality
X / X / X / Relevant work safety, emergency and security procedures for the audit team
X / X / X / Confirmation of availability, roles and identities of any guides
X / X / Allow no more than two observers during audit of production processes in order to assure an efficient and effective process approach audit.
X / X / X / Methods of reporting, including nonconformities (N/A for Prelims)
X / X / For applicable programs, determine if observations are written in the report
X / Summarize the status (open or closed) of all AR’s from the previous audit activity and confirm any AR’s to be verified on site during the audit
X / X / Explain the potential audit recommendations
X / X / Information about conditions under which the audit may be terminated
X / X / Information about the appeal and dispute systems related to the conduct and conclusions of the audit

P = Preliminary, R = Registration, C = Continuous or Triennial

11. Conducting the Audit

11.1During the audit it is the responsibility of the auditor to:

a)Determine whether the documented management system being audited meets the requirements of the reference documents and any other specified requirements called out in the Management System and has been effectively implemented.

b) Verify any exclusions are adequately justified in the documented management system. Validate the justification provided against the scope of registration to ensure that exclusions do not affect the organization’s ability or responsibility to provide product that meets customer and applicable regulatory requirements. This activity needs to be performed at every registration, conversion, scope change and upgrade audit. Issue a minor action request if exclusions are inadequately justified or not valid with the scope of registration.

c) Provide the auditee with an opportunity to improve the management system.

11.2 During the course of the audit, individual process audits are generally conducted as a means of verifying implementation of the management system. The auditor should use the following guidelines to ensure that the audit remains focused on the management system and not only on the processes that operate within it:

a) Audit the practices to the requirements of the standard.

b) Audit the documented management system to the requirements of the reference documents, specified regulations and any other requirements referenced in the Management System.

c) Seek evidence to confirm effective implementation of the management system;

d) Use of the Registered Firm Mark & Accreditation Logos - Appropriate use of the Registered Firm Mark and Accreditation logos is very important and the auditor should ask to see examples of use of the Mark and logos in advertising, catalogs, etc., to be sure that the company is using the Mark and logos in accordance with the applicable UL Registration Program Requirements. The only Accreditation logo allowed to be used, is that from the valid certificate and must meet the applicable UL Registration Program Requirements.

11.3The audit team member performing the audit in an individual department or area will introduce the audit team members on that path and their role. The auditor will define the purpose of the audit to the area personnel and may ask for a brief overview of the process(s) in the department or area. This will help to establish control for the audit team, and help to determine the scope of the audit within that department or area.

11.4The auditor will speak clearly and ask a logical sequence of questions. The auditor will listen to the client's explanations and review any pertinent documentation and objective evidence to audit whether the system is in compliance and effectively implemented. The auditor will determine whether any nonconformance’s identified warrant recording as Action Requests (AR’s).

11.5In order to categorize the discrepancy, the auditor must examine adequate objective evidence and determine what type of AR (or observation/OFI) will be raised. This includes reviewing an adequate sample size of records, considering the number of occurrences within the system, determining if the nonconformance exists in multiple functions and areas, and other indicators of a prevalent issue affecting the management system.

11.6The auditor shall record all information regarding any nonconformance (whether AR, observation or opportunity for improvement - OFI) per program specific requirements:

a. What was found?

b. Where was it found and when or how often did the condition exist?

c.What specific requirements document has not been complied with?

11.7Candidate Auditors may participate in the audit to the extent that the audit purpose and scope are being met in the scheduled man-days. Technical Advisors may be consulted by the auditor(s) or if allowed, may speak freely.

11.8Under no circumstances is the auditor to enter into a discussion that could be interpreted as consulting.

11.9Auditor Emergency

In the event an auditor must leave the audit before its completion because of illness or an emergency, a determination shall be made by the Lead Auditor and the team as to the resources necessary to complete the audit. The Lead Auditor shall explain the situation to the client and inform the client, if necessary, that the client will not incur any additional costs caused by the emergency situation (e.g. extra auditor days or travel costs). If a replacement auditor is required, the replacement auditor shall have priority over the auditor being replaced in billing to the project. Additional travel expenses caused by the emergency that cannot be billed to the project should be billed to Department travel of the replaced auditor or as instructed by the auditor’s supervisor.

11.10 Role of External Consultants During Audits

When requested by the Management Representative or Designee, an external consultant may be present during the audit. The Lead Auditor should explain to the client prior to the audit that the external consultant may only observe and not participate in the auditee role. If requested by the client, the external consultant may serve in the role of escort. If during the course of the audit the presence of the external consultant detracts from the conduct of the audit, the Lead Auditor should bring this to the attention of the Management Representative or Designee. The Lead Auditor should request that the external consultant be asked to participate only as an observer or be asked not to accompany the audit team.

11.11Use of Recording and Photographic Equipment During Audits If the client requests to record the audit on video or audio media, the Lead Auditor shall decline this request noting that the audit report will serve as the record of the audit. Authorization may be granted by QRS regional management for recording a portion of the audit for marketing purposes, which will define the limitations of what may be recorded to the audit team. It is not allowed to use photographic equipment on client's premises, without prior written client consent. This policy applies to any and all photographic equipment including cell phones, PDA's, or similar devices that also have a digital photograph capability.