aet9907c.ppt 2004-03-13 1 auditing and certifications of qms auditing and certification of quality...

AET9907C.PPT2004-03-13 1

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMS

AUDITING AND CERTIFICATION OF AUDITING AND CERTIFICATION OF QUALITY MANAGEMENT SYSTEMSQUALITY MANAGEMENT SYSTEMS

bybyDr. Anwar El-TawilDr. Anwar El-Tawil

ISOISO

AET9907C.PPT2004-03-13 2

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSISO Standards for Auditing QMSISO Standards for Auditing QMS

Previously, three standards existed for auditing QMS:

ISO 10011/1, 2 and 3

A JWG between ISO/TC 176 and ISO/TC 207 has prepared a common auditing standard

ISO 19011

for auditing QMS and EMS

Common auditing standard does not mean that there must be one audit of QMS and EMS

AET9907C.PPT2004-03-13 3

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSWhat is an Audit?What is an Audit?

Audit « a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which agreed criteria are met »

(ISO 9000)(ISO 9000)

AET9907C.PPT2004-03-13 4

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSObjectives of QMS AuditObjectives of QMS Audit

To determine conformity of QMS to requirements

To determine effectiveness of QMS

To identify areas for improvement

To permit certification/registration of organization

To meet legal requirements (e.-g. for manufacturers of medical devices)

AET9907C.PPT2004-03-13 5


Types of QMS AuditTypes of QMS Audit

Internal audits (first-party audits):

Audits conducted by, or on behalf of, the Organization itself for internal purposes

Internal audits can form the basis for an orgnization’s self-declaration of conformity

AET9907C.PPT2004-03-13 6


Types of QMS Audit (cont.)Types of QMS Audit (cont.)

External audits (second- and third party audits):

Second-party audits are conducted by parties interested in the Organization (e.g. customers)

Third-party audits are conducted by external, independent certifiers/registrars

AET9907C.PPT2004-03-13 7


Principles of Auditing (ISO 19011)Principles of Auditing (ISO 19011)

Principles relating to auditor character:

Ethical conduct - foundation of professionalism

Fair presentation - obligation to report truthfully and accurately

Due professional care - reasonable care in auditing

AET9907C.PPT2004-03-13 8


Principles of Auditing (ISO 19011) (cont.)Principles of Auditing (ISO 19011) (cont.)

Principles relating to audit process:

Independence - basis for impartiality and objectivity in conclusion

Evidence - rational basis for reaching conclusion

AET9907C.PPT2004-03-13 9

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSParties involved in QMS AuditParties involved in QMS Audit

Provision of data/information

Provision of data/information

Determination of audit objectives

and criteria

Determination of audit objectives

and criteria

Audit ReportAudit Report

AuditeeAuditee

ClientClient

AuditorAuditor Determination of audit scope

Determination of audit scope

Conduct of the audit

Conduct of the audit

AET9907C.PPT2004-03-13 10


Audit ProcessAudit Process

Initiating the Audit

Document Review

Preparing for on-site audit activities

On-site Audit Activities

Reporting on Audit

Audit Follow-up

Audit completed

AET9907C.PPT2004-03-13 11

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSInitiating the Audit Initiating the Audit

Determine audit objectives, scope, and criteria Objectives can be:

checking conformity to ISO 9001, checking capability to ensure compliance with

laws, regulations and/or contractual requirements,

identifying areas of potential improvement Scope is defined in terms of

location organizational units activities and processes

Establish audit feasibility

AET9907C.PPT2004-03-13 12

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSInitiating the Audit (cont.) Initiating the Audit (cont.)

Establish audit team and appoint its leader based on:

audit objectives, scope, criteria, location and duration

overall competence of audit team by:

identifying knowledge and skills needed

selecting audit team with needed knowledge and, if necessary, including technical

experts acting under the direction of an auditor

language and cultural environment of audit

independence of audit team and avoidance of conflict of interest

Contact auditee

AET9907C.PPT2004-03-13 13


Document Review Document Review

Review QMS documents including records and previous audit reports

The review is done by the audit team leader or by one or more auditors

A preliminary on-site visit can be necessary to get an overview of available information

If the QMS documentation is found inadequate,the auditclient should be informed

No further resources should be spent on the audit until such concerns are resolved

AET9907C.PPT2004-03-13 14

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSPreparing for On-site AuditPreparing for On-site Audit

An audit plan should be prepared including: Audit objectives, scope and criteria Dates and places of on-site audit Organizational and functional units to be audited Expected time and duration of audit including

meetings with auditee’s management and audit team meetings

Audit team work assignments taking into account auditor independence, competence and responsibilities of auditors,auditors-in-training and technical experts

AET9907C.PPT2004-03-13 15


Working Documents for On-site AuditWorking Documents for On-site Audit

Working documents used by audit team include: Audit procedures, checklists and audit sampling

plans; Forms for recording information, supporting

evidence, records of audit findings and meetings Work documents and records should be retained

at least until audit completion Work documents involving confidential information

should be safeguarded

AET9907C.PPT2004-03-13 16

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSOn-site Audit Activities - Opening MeetingOn-site Audit Activities - Opening Meeting

Objectives To confirm audit plan To clarify how audit will be performed To establish communication with auditee

Participation Auditee’s management

Staff responsible for audited functions, if appropriate

Audit team whose leader should chair meeting

Main Issues Introduction of participants and their role Audit objectives, scope, criteria and timetable Audit methods, language, confidentiality and reporting

AET9907C.PPT2004-03-13 17


Collecting information:• document review• interviews• site visits

Collecting information:• document review• interviews• site visits

CriteriaCriteria

On-site Audit Activities - Collecting InformationOn-site Audit Activities - Collecting Information

Verification

Review

Audit conclusions

Information

Audit evidence

Audit findings

AET9907C.PPT2004-03-13 18

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSPossible Sources of Information for the AuditPossible Sources of Information for the Audit

Interviews Observation of activities, work environment and conditions Documents, for example

Q Policy, Q objectives and Q plans Procedures, instructions, licences and permits, Specifications, drawings Contracts, orders

Records such as Inspection records, reports

Minutes, logbook of customer complaints, audit reports

Data summaries, analyses and performance indicators

AET9907C.PPT2004-03-13 19


On-site Audit Activities - Closing Meeting (I)On-site Audit Activities - Closing Meeting (I)

Preparation

Audit team should confer prior to the closing meeting to: Review audit findings Reach consensus on audit conclusions Agree on roles and tasks for closing meeting

Participation Auditee’s management and responsible staff

Audit team whose leader should chair the meeting

AET9907C.PPT2004-03-13 20


On-site Audit Activities - Closing Meeting (II)On-site Audit Activities - Closing Meeting (II)

Main Issues

Presentation of audit findings and conclusions

Acknowledgement by auditee and agreement on

corrective action plan

Resolving diverging opinions

If specified, presentation of recommendations for

improvement

AET9907C.PPT2004-03-13 21


Audit ReportAudit Report

Should contain audit conclusions on: Conformance of QMS to criteria Effective implementation and maintenance of QMS Effectiveness of management review process

Report should also identify

units audited audit client audit team

dates and places of audit audit criteria

audit findings

AET9907C.PPT2004-03-13 22


Audit Report (cont.)Audit Report (cont.) Audit report can also include:

Agreed audit objectives, scope and plan auditee’s key representatives summary of audit process including obstacles met statement regarding confidential nature of report any agreed follow-up actions any unresolved divergences between auditors and

auditee recommendations for improvement, if specified in

objectives Distribution

to recipients designated by audit client

AET9907C.PPT2004-03-13 23

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSCompetence of QMS AuditorsCompetence of QMS Auditors

QMS auditors should have knowledge and skills in:

Audit procedures, tools and methods

Management systems and their standards

Organizational situations

Applicable laws

Quality techniques (terminology, principles and tools, for ex. statistical tools, FMEA)

Sector-specific products and processes

AET9907C.PPT2004-03-13 24

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSQualifications of QMS AuditorsQualifications of QMS Auditors

Auditors should have ( minimum recommended)

sufficient education (secondary),

technical, managerial or professional work experience (5 y.)part of which is in QM (2 y.),

auditor training (40 hours),

audit experience (4 complete audits - 20 hours)

Auditor ’s personal attributes: observation, tenacity, independence, realism, ethics, diplomacy, cool under stress, oral and written expression

AET9907C.PPT2004-03-13 25

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSQMS Lead AuditorsQMS Lead Auditors

Lead auditors should demonstrate necessary knowledge and skills to lead and manage the audit:

planning organizing directing

performing reporting

Lead auditors should have performed additional audits (3 complete audits in 15 days) as lead auditor under supervision of a competent lead auditor

Lead auditors should be able to reach audit conclusions on overall capability of QMS

AET9907C.PPT2004-03-13 26

AUDITING AND CERTIFICATIONS OF QMSAUDITING AND CERTIFICATIONS OF QMSCertification ProcessCertification Process

Pre-assessmentPre-assessmentPre-assessmentPre-assessment

Initial visitInitial visitInitial visitInitial visit

Audit preparationAudit preparationAudit preparationAudit preparation

The Audit(s)The Audit(s)The Audit(s)The Audit(s)

Corrective ActionsCorrective ActionsCorrective ActionsCorrective Actions

SurveillanceSurveillanceSurveillanceSurveillance

Certificate grantedCertificate grantedCertificate grantedCertificate granted

AET9907C.PPT2004-03-13 27


Some Certification IssuesSome Certification Issues

Interpretation of ISO 9000 – National Committees,

ISO/TC 176

Credibility of certifier (see slide 28)

Accreditation programmes (see slide 28)

Cross – border recognition (see slides 29-32)

Certification costs

AET9907C.PPT2004-03-13 28


• Accreditation Confidence in competencecompetence and impartialityimpartiality of certifier

• Accrediation is carried out to check conformance of QMS Certifiers with ISO Guide 62 (future ISO/IEC 17021)

• Accreditation Bodies should conform to ISO Guide 61 (future ISO/IEC 17011)

Accreditation of QMS CertifiersAccreditation of QMS Certifiers

AET9907C.PPT2004-03-13 29


Objective: One-Stop Assessment Accepted Worldwide

Possible Approaches

Mutual Recognition Agreements (MRAs) between two certifiers

Multilateral Recognition between certifiers

International Recognition between accreditors

Cross-border Acceptance of CertificatesCross-border Acceptance of Certificates

AET9907C.PPT2004-03-13 30


Country XCountry X Country YCountry Y

Certifier ACertifier A Certifier BCertifier BMRAMRA

Supplier 1Supplier 1 Supplier 2Supplier 2

DisadvantagesDisadvantages– Limited recognition– MRAs are time consuming and costly to establish

and maintain

Mutual Recognition Agreements (MRA)Mutual Recognition Agreements (MRA)

AET9907C.PPT2004-03-13 31


Examples: IQNet, IIOC, itqs, Regional

CQSCQS

DeltaDelta

TÜVTÜVBayernBayern

itqsitqsitqsitqs IQNetIQNetIQNetIQNet

QMIQMI

DQSDQS

APCERAPCERNSAINSAIAENORAENOR

FCAVFCAV KEMAKEMA

AFAQAFAQBSIBSI

bureaus of shippingbureaus of shippingand consultantsand consultants

Disavantage:Disavantage: Incomplete coverage of worldIncomplete coverage of world

IIOCIIOCIIOCIIOC

SQSSQS

ÖQSÖQS

Multilateral Recognition between CertifiersMultilateral Recognition between Certifiers

SGSDNV

BVQI

AET9907C.PPT2004-03-13 32


Mutual Recognition Mechanism(Peer Evaluation/Multilateral Agreement)

Mutual Recognition Mechanism(Peer Evaluation/Multilateral Agreement)

Country BCountry BCountry ACountry A Country CCountry C

AA AA

CCCC CC CC CC

SS SS SS SS SS SS SS SS SS

S:S: Supplier Supplier C:C: Certifier Certifier A:A: Accreditor Accreditor

International Recognition System (IAF)International Recognition System (IAF)

AET9907C.PPT2004-03-13 33


Traditionally, NSBs carried out Product Certification This involved the company quality system

(ISO System No 5)

With the advent of ISO 9000 then 14000 NSBs either started a certification/registration system, or

co-established such as system with other bodies

As Accreditation became widespread, some NSBs established an accreditation system

others co-established such systems with other bodies

Role of NSBs in Certification & AccreditationRole of NSBs in Certification & Accreditation

AET9907C.PPT2004-03-13 34


To ensure competencecompetence (technical and administrative) and impartialityimpartiality

To avoid conflict of interest Consultancy on Management Systems and

certification should not be combined

Certification and Accreditation should not be combined

Laboratory Accreditation and running a lab should not be combined

Conditions for NSBs to be engaged inConditions for NSBs to be engaged inCertification & AccreditationCertification & Accreditation