Upload
bennett-cory-haynes
View
235
Download
2
Tags:
Embed Size (px)
Citation preview
Paul Hardiman and Rob BrownSMMT IF
Planning and
organising an audit
ObjectivesHow to:
– Effectively plan an audit based on organization processes
– Best utilize the audit time available
– Process what you see during an audit to make decisions
– Analyze and synthesize data / metrics
– Modify priorities based on situational awareness
BackgroundISO/TS16949 auditor qualification and development uses six
essential auditing criteria, defined in an “auditor competency criteria booklet:
Essential auditing criteria
• Process Approach
Demonstrates priority is given to questioning the organisation’s identification of processes, their sequence and interactions, and performance against the objectives / measures defined, with focus on the processes which directly impact the customer
• Customer, regulatory, industry requirements
Demonstrates that these requirements are integrated into a process based audit. Effectively audit the organisation’s process for gathering, communicating and implementing these requirements.
Essential auditing criteria
• Prioritisation
Demonstrates priority is given to questioning the process objectives and performance, and focus on issues that have the greatest impact on the customer
• Focus on performanceIdentifies issues/trails around the organisation’s process for setting objectives/ targets, what plans are in place to ensure targets are met, and corrective action plans where objectives/targets are not being met
Essential auditing criteria
• Knowledge/Application of AS9100, AS9110 and AS9120 requirements (and associated checklists)
Demonstrates knowledge and application of the requirements within a process based audit
• Analyse and Synthesize data
Demonstrates the ability to collect and analyse data, and draw accurate conclusions based upon the data. Synthesize isolated but connected data in order to draw conclusions.
Audit plan outputs: ISO17021• the audit objectives;
• the audit criteria and reference documents;
• the audit scope, including identification of the organizational and functional units and processes to be audited;
• the dates and locations where the on-site audit activities are to be conducted including visits of temporary sites as appropriate;
• the expected time and duration of on-site audit activities, including meetings with the client’s management and audit team meetings;
• the roles and responsibilities of the audit team members and accompanying persons; and
• the allocation of appropriate resources.
Audit plan: ISO17021
• The audit plan information may be contained in a single document or in several documents
• Any objections to the audit plan by the client should be resolved between the certification body, the audit team leader and the client.
• Any revised audit plan should be agreed among the parties concerned before continuing the audit.
• PLANNING APPLIES TO ALL TYPES OF AUDITS (Stage 1, stage 2, surveillance and recertification)
ISO17021 Stage 1 Purpose
• the client’s preparedness for stage 2 audit;• gather information to help plan the stage 2 audit• establish the sufficiency of the audit program and
resources
• Also can be used to gather knowledge of types of regulatory requirements that apply
ISO17021 Stage 2 Purpose
• the implementation of the management system;• the capability of the management system to be
effective in ensuring continual compliance with customer, statutory and regulatory requirements and in meeting its specified objectives; and
• the extent of conformity of the client’s management system with the requirements of the management system standard within a defined scope.
Planning an effective process based audit
• What information you would need to gather prior to the audit to help you effectively plan an audit
• Give examples
Audit planning
The audit programme shall be planned taking into consideration:
• status and importance of the processes and areas to be audited
• results of previous audits
Process Approach
0.2 Process approach
This International Standard promotes the adoption of a process approach when developing, implementing and improving the effectiveness of a quality management system, to enhance customer satisfaction by meeting customer requirements.
INPUTCustomer who
has a need
OUTPUTCustomer who has a need met
Input
Step
1
Step
2
Step
3
Step
“N”
Output
Processes
Plan audit based on processes not departments
PLANNINGDepartment preparemedium term
plan
Set up theproductionprogram
plancapacities
organizeplanningoperation
Set upbudget
SALESDepartment
Visitprospective customers
manageorders
negotiatecontract
forecast sales
Understandrequirements
PRODUCTIONDepartment
Supply
Operator maintenance
Manufacture
Inspection
SHIPPINGDepartment
Approve transporters
Controldeliveryquality
Organizedelivery
Manage stockinput
Negotiatesuppliercontract
GENERAL MANAGEMENT
Methods
Remote SupportingFunction
Customer receives product
Customer needs
product
Plan to audit interaction with support processes
Design & DevelopmentRequirement Definition & Communicate
Risk -Determine & Communicate
Configuration Control
V & V Approach
Producibility
Sales Planning Engineering Purchasing Production Inspection Shipping
Sales Planning Engineering Purchasing Production Inspection Shipping
Customer
Organisation
Auditing customer- organisation - supplier interactions
Suppliers
RISK!
RISK!
Case study
“First contact”
Best practice in audit planning
Approach« Top-Down »
P
D
AC PDCA
feedback system
The «V » cycle and the audit
Strategy
Risk analysis
Planning the activities
Improvement actions
Analysis/ review
Improvement actions
Reporting
Collect and analyse Information
Operations and recording
Top management
Process owners
PolicyObjectives
Resources
Participants
The « V » cycle
Top management
Process owners
Participants
Site Audit
Preparing to audit a process
With WHAT?
(EQUIPMENT/INSTALLATIONS)
With WHO?
(TRAINING,
KNOWLEDGE,
SKILLS)
RE
QU
IRE
ME
NT
S
SA
TIS
FA
CT
ION
INPUT OUTPUT
PROCESS
What Results?
(PERFORMANCE
INDICATORS)
HOW ?(INSTRUCTIONS,
PROCEDURESMETHODS)
Customer Who
has a Need
Customer Who
has a Need Met
INCLUDING SUPPORT
PROCESSES ?
Act PlanPlan
DoDoCheckCheck
PHILOSOPHY
Continual
Improvement
The CAPDo approach to auditing
CStart with a questions about performance, what is expected, what are the process objectives, what is the actual performance?
Start with a questions about performance, what is expected, what are the process objectives, what is the actual performance?
A How is data being analysed and what improvement actions are being taken?
How is data being analysed and what improvement actions are being taken?
Do Is the process being carried out as planned? Has the quality system been implemented at all levels
Select samples based on performance/risk
Is the process being carried out as planned? Has the quality system been implemented at all levels
Select samples based on performance/risk
P How is the control of the process planned within the quality system. How are the controls reviewed when problems are encountered?
How is the control of the process planned within the quality system. How are the controls reviewed when problems are encountered?
With WHAT?
(EQUIPMENT/INSTALLATIONS)
With WHO?
(TRAINING,
KNOWLEDGE,
SKILLS)
RE
QU
IRE
ME
NT
S
SA
TIS
FA
CT
ION
INPUT OUTPUT
PROCESS
HOW ?(INSTRUCTIONS,
PROCEDURESMETHODS)
Customer Who
has a Need
Customer Who
has a Need Met
INCLUDING SUPPORT
PROCESSES ?
Start With
Performance
Case study
“On-site”
Summary
• Audit plans should be based on the organisation’s processes
• Audit plans should consider process sequence and interaction
• Gather essential information prior to audit• Audit plans should be reviewed/updated when
changes occur/ are identified• Modify priorities based on performance data
Information for audit planning• Scope of activities (product range, design responsibility
etc)• Site details and any remote support functions• Site layout• Number of employees (by site and remote location)/ audit
days• Customers• Organization’s identified processes• Process owners• Objectives (Key performance indicators)• Current performance data• Last external audit findings (if applicable)
Information for audit planning• Internal audit findings, and management review results• Regulatory/Statutory requirements• Significant risks
For surveillance and recertification any information on:• Organisation changes including organisation structure,
new capabilities, staffing levels, customer base changes (aviation, defence, space), and contract volumes
• Customer Satisfaction/ Perception Status (Returns, Complaints, etc.)
• New Risks