Paul Hardiman and Rob BrownSMMT IF

Planning and

organising an audit

ObjectivesHow to:

– Effectively plan an audit based on organization processes

– Best utilize the audit time available

– Process what you see during an audit to make decisions

– Analyze and synthesize data / metrics

– Modify priorities based on situational awareness

BackgroundISO/TS16949 auditor qualification and development uses six

essential auditing criteria, defined in an “auditor competency criteria booklet:

Essential auditing criteria

• Process Approach

Demonstrates priority is given to questioning the organisation’s identification of processes, their sequence and interactions, and performance against the objectives / measures defined, with focus on the processes which directly impact the customer

• Customer, regulatory, industry requirements

Demonstrates that these requirements are integrated into a process based audit. Effectively audit the organisation’s process for gathering, communicating and implementing these requirements.

Essential auditing criteria

• Prioritisation

Demonstrates priority is given to questioning the process objectives and performance, and focus on issues that have the greatest impact on the customer

• Focus on performanceIdentifies issues/trails around the organisation’s process for setting objectives/ targets, what plans are in place to ensure targets are met, and corrective action plans where objectives/targets are not being met

Essential auditing criteria

• Knowledge/Application of AS9100, AS9110 and AS9120 requirements (and associated checklists)

Demonstrates knowledge and application of the requirements within a process based audit

• Analyse and Synthesize data

Demonstrates the ability to collect and analyse data, and draw accurate conclusions based upon the data. Synthesize isolated but connected data in order to draw conclusions.

Audit plan outputs: ISO17021• the audit objectives;

• the audit criteria and reference documents;

• the audit scope, including identification of the organizational and functional units and processes to be audited;

• the dates and locations where the on-site audit activities are to be conducted including visits of temporary sites as appropriate;

• the expected time and duration of on-site audit activities, including meetings with the client’s management and audit team meetings;

• the roles and responsibilities of the audit team members and accompanying persons; and

• the allocation of appropriate resources.

Audit plan: ISO17021

• The audit plan information may be contained in a single document or in several documents

• Any objections to the audit plan by the client should be resolved between the certification body, the audit team leader and the client.

• Any revised audit plan should be agreed among the parties concerned before continuing the audit.

• PLANNING APPLIES TO ALL TYPES OF AUDITS (Stage 1, stage 2, surveillance and recertification)

ISO17021 Stage 1 Purpose

• the client’s preparedness for stage 2 audit;• gather information to help plan the stage 2 audit• establish the sufficiency of the audit program and

resources

• Also can be used to gather knowledge of types of regulatory requirements that apply

ISO17021 Stage 2 Purpose

• the implementation of the management system;• the capability of the management system to be

effective in ensuring continual compliance with customer, statutory and regulatory requirements and in meeting its specified objectives; and

• the extent of conformity of the client’s management system with the requirements of the management system standard within a defined scope.

Planning an effective process based audit

• What information you would need to gather prior to the audit to help you effectively plan an audit

• Give examples

Audit planning

The audit programme shall be planned taking into consideration:

• status and importance of the processes and areas to be audited

• results of previous audits

Process Approach

0.2 Process approach

This International Standard promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements.

INPUTCustomer who

has a need

OUTPUTCustomer who has a need met

Input

Step

1

Step

2

Step

3

Step

“N”

Output

Processes

Plan audit based on processes not departments

PLANNINGDepartment preparemedium term

plan

Set up theproductionprogram

plancapacities

organizeplanningoperation

Set upbudget

SALESDepartment

Visitprospective customers

manageorders

negotiatecontract

forecast sales

Understandrequirements

PRODUCTIONDepartment

Supply

Operator maintenance

Manufacture

Inspection

SHIPPINGDepartment

Approve transporters

Controldeliveryquality

Organizedelivery

Manage stockinput

Negotiatesuppliercontract

GENERAL MANAGEMENT

Methods

Remote SupportingFunction

Customer receives product

Customer needs

product

Plan to audit interaction with support processes

Design & DevelopmentRequirement Definition & Communicate

Risk -Determine & Communicate

Configuration Control

V & V Approach

Producibility

Sales Planning Engineering Purchasing Production Inspection Shipping

Sales Planning Engineering Purchasing Production Inspection Shipping

Customer

Organisation

Auditing customer- organisation - supplier interactions

Suppliers

RISK!

RISK!

Case study

“First contact”

Best practice in audit planning

Approach« Top-Down »

P

D

AC PDCA

feedback system

The «V » cycle and the audit

Strategy

Risk analysis

Planning the activities

Improvement actions

Analysis/ review

Improvement actions

Reporting

Collect and analyse Information

Operations and recording

Top management

Process owners

PolicyObjectives

Resources

Participants

The « V » cycle

Top management

Process owners

Participants

Site Audit

Preparing to audit a process

With WHAT?

(EQUIPMENT/INSTALLATIONS)

With WHO?

(TRAINING,

KNOWLEDGE,

SKILLS)

RE

QU

IRE

ME

NT

S

SA

TIS

FA

CT

ION

INPUT OUTPUT

PROCESS

What Results?

(PERFORMANCE

INDICATORS)

HOW ?(INSTRUCTIONS,

PROCEDURESMETHODS)

Customer Who

has a Need

Customer Who

has a Need Met

INCLUDING SUPPORT

PROCESSES ?

Act PlanPlan

DoDoCheckCheck

PHILOSOPHY

Continual

Improvement

The CAPDo approach to auditing

CStart with a questions about performance, what is expected, what are the process objectives, what is the actual performance?

Start with a questions about performance, what is expected, what are the process objectives, what is the actual performance?

A How is data being analysed and what improvement actions are being taken?

How is data being analysed and what improvement actions are being taken?

Do Is the process being carried out as planned? Has the quality system been implemented at all levels

Select samples based on performance/risk

Is the process being carried out as planned? Has the quality system been implemented at all levels

Select samples based on performance/risk

P How is the control of the process planned within the quality system. How are the controls reviewed when problems are encountered?

How is the control of the process planned within the quality system. How are the controls reviewed when problems are encountered?

With WHAT?

(EQUIPMENT/INSTALLATIONS)

With WHO?

(TRAINING,

KNOWLEDGE,

SKILLS)

RE

QU

IRE

ME

NT

S

SA

TIS

FA

CT

ION

INPUT OUTPUT

PROCESS

HOW ?(INSTRUCTIONS,

PROCEDURESMETHODS)

Customer Who

has a Need

Customer Who

has a Need Met

INCLUDING SUPPORT

PROCESSES ?

Start With

Performance

Case study

“On-site”

Summary

• Audit plans should be based on the organisation’s processes

• Audit plans should consider process sequence and interaction

• Gather essential information prior to audit• Audit plans should be reviewed/updated when

changes occur/ are identified• Modify priorities based on performance data

Information for audit planning• Scope of activities (product range, design responsibility

etc)• Site details and any remote support functions• Site layout• Number of employees (by site and remote location)/ audit

days• Customers• Organization’s identified processes• Process owners• Objectives (Key performance indicators)• Current performance data• Last external audit findings (if applicable)

Information for audit planning• Internal audit findings, and management review results• Regulatory/Statutory requirements• Significant risks

For surveillance and recertification any information on:• Organisation changes including organisation structure,

new capabilities, staffing levels, customer base changes (aviation, defence, space), and contract volumes

• Customer Satisfaction/ Perception Status (Returns, Complaints, etc.)

• New Risks