Delegate Manual For 90012015 [PDF]

Zitiervorschau

TVE INTERNATIONAL ACADEMY PVT. LTD.

LEAD AUDITOR TRAINING QUALITY MANAGEMENT SYSTEM (ISO 9001:2015)

IRCA REGISTERED COURSE 17980

DELEGATE MANUAL

TVE International Academy Pvt. Ltd. 21/26B, Kamarajar Street, K.K. Nagar, Trichy – 620 021. Contact No: 0431 – 4051364 Email: [email protected] (www.tvecert.org)

Quality Management Systems Auditor / Lead Auditor Training Course

This manual, any documentation related thereto (with the exception of any national or international standards referred to herein) and the information disclosed therein, is confidential and proprietary to TVE. This information

may

not be

used by

or

disclosed to others for any purpose except as specifically authorized in writing by TVE The recipient, by accepting this document agrees that neither the document, the information disclosed therein nor any part thereof shall be reproduced or transferred to other documents nor used or disclosed to others for any other purpose except as specifically authorized in writing by TVE.

(Copyright) 2015 an unpublished work by TVE – All rights reserved.

Quality Management Systems Auditor / Lead Auditor Training Course Delegate Manual (17980)

TVE CERT

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

COURSE INTRODUCTION

We TVE CERT is very glad to introduce this 5 days Lead Auditor Training course. TVE CERT is one of the leading & fast growing Certification & Training bodies in India. TVE CERT operates as a Certification and Training body, organized according to international standard ISO/IEC 17021:2011 in India and across the globe.

All our course presenters are highly qualified and experienced in Quality Management System Design, implementation, and have good experiences of QMS Certification Assessment and Trainings. All sessions are made interesting and interactive by encouraging the delegate participation. Delivery will include Presentations by lectures, Practical workshops, Role plays, Mock Audits etc., leaded by highly experienced and Qualified Tutors.

The course containing each day is divided into four sessions with a lunch break. The morning session is again divided into two sessions with one tea break. Then following the lunch break the afternoon session is again divided into two sessions with one tea break.

The course material is divided into number of Chapters and Exercises. Each chapter will provide enough information based on the learning objectives of that chapter. Also there are practical exercises pertaining to the chapters (wherever relevant). The outputs of the exercises are a part of the formal continuous assessment and will therefore be marked. Although the exercises are group exercises individual score to the delegate will be based on their overall

TVE CERT

8

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

participation, involvement in the relevant chapter presentation and in the exercise. A mock audit – Role play will be conducted on Days 4 & 5 of the Training for the delegates to demonstrate the skills learned and understood during the course. All sessions are interactive and delegate participation is encouraged.

Attendance for the full duration of the course is mandatory and poor time keeping must be avoided. Delegates are not encouraged for taking leave or permissions during the 5 days of the training Course.

Expected Prior Knowledge Requirements

Prior knowledge Before starting this course, you must inform students that they are expected to have the following prior knowledge:

a) Management systems 

The Plan, Do, Check, Act (PDCA) cycle



The core elements of a management system and

the

interrelationship

management objectives,

between

responsibility, planning,

top

policy,

implementation,

measurement, review and continuous improvement.

b) Quality management 

The fundamental concepts and the seven quality management principles (see ISO 9000):

TVE CERT

9

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

 Customer focus  Leadership  Engagement of people  Process approach  Improvement  Evidence-based decision making  Relationship management. 

The relationship between quality management and customer satisfaction.

c) ISO 9001

Knowledge of the requirements of ISO 9001 and the commonly used quality management terms and definitions, as given in ISO 9000, which may be gained by completing an IRCA Certified QMS Foundation Training course or equivalent.

LEARNING OBJECTIVES

2.1 Briefly describe what students will know and be able to do by the end of the course.

On completion successful students will have the knowledge and skills to: Knowledge

2.1.1 Explain the purpose of a quality management system, of quality management systems standards, of

management

system

audit,

of

third

party

certification and the business benefits of improved performance of the quality management system (see 3.1).

TVE CERT

10

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

2.1.2 Explain the role and responsibilities of an auditor to plan, conduct, report and follow-up a quality management system audit in accordance with ISO 19011, and ISO/IEC 17021, as applicable (see 3.2).

Skills

2.1.3 Plan, conduct, report and follow-up an audit of a quality management system to establish conformity (or otherwise) with ISO 9001 and in accordance with ISO 19011, and ISO/IEC 17021, as applicable (see 3.3).

Course Assessment

The outputs of the exercises are a part of the formal continuous assessment and will therefore be marked. In order to pass the course a delegate must pass the continual assessment and the written examination as well.

Continual Assessment

Delegates will be assessed throughout the course. The outputs of the exercises are a part of the formal continual assessment and will therefore be marked. Although the exercises are group exercises individual score to the delegate will be based on their overall participation, involvement in the relevant chapter presentation and in the exercise.

Delegates who are late at unavoidable circumstances may at the tutor's decision receive additional one to one instruction. However this should be considered during the breaks and aft this time. Poor timekeeping, irrespective of cause, will be reflected in the appropriate the full days session & care should be taken that this may not disturb the routine class timings. Still repetitive poor timekeeping will result in failure.

TVE CERT

11

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

The overall pass mark for the continual assessment is 60% and should score minimum 50% in individual exercises also. Delegates who fail in the individual exercises are required to resubmit the exercises.

Final Examination

Delegates will have to write the closed book written examination on Day 5 of the course. A total of 2 hours will be available for the Examination.

There are 4 sections to the exam:

Section 1 (10 marks) Section 2 (20 marks) Section 3 (30 marks) Section 4 (30 marks)

The pass mark is 70% and delegates are expected to achieve at least 50% in each section.

Delegates who fail the written exam (but have otherwise successfully completed the course) shall be allowed to retake (an exam) within 12 months of the initial exam. The delegates will be provided with ―Certificate of Successful Completion‖ on successful completion of the course which will be valid for 3 years for registration in IRCA from the end of the course. The delegates will be provided with ―Certificate of Attendance‖ if not been successful in the exam or the continual assessment but have satisfied the course TVE CERT

12

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

attendance requirements. These certificates shall not be accepted by IRCA for Auditor registration.

Auditor Registration as per IRCA Scheme

IRCA provide a Quality Management Systems Auditor Certification Scheme (the QMS Scheme) to provide confidence to accredited certification bodies and to business and industry that auditors certified to this scheme are competent.

The scheme is intended for: 

Quality auditors, e.g. those employed by third party certification bodies / registrars, or by purchasing organizations



Quality practitioners, e.g. quality consultants, quality managers and other quality personnel



Employees conducting quality management system audits within their own organization i.e. Internal Standards

The QMS 2015 Scheme has six grades of certification:



QMS 2015 Provisional Internal Auditor



QMS 2015 Internal Auditor



QMS 2015 Provisional Auditor



QMS 2015 Auditor



QMS 2015 Lead Auditor



QMS 2015 Principal Auditor

TVE CERT

13

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

The certification is based on considering the following criteria

A. Education B. Work experience C. Auditor Training D. Auditing Experience

For information concerning the process for certification with IRCA as a Lead Auditor, visit the IRCA Website at http://www.irca.org.

Complaints and Appeals

All delegates have the right to make a complaint or an appeal. The delegates will be provided with the process for the same upon request.

QMS Standard

The delegates will be provided with the copies of ISO 9001:2015 standard for reference during the course.

Delegates Introduction

The course introduction is next followed by Delegate introduction .The delegates are expected to introduce themselves about their Academic Background, Technical Knowledge / Career experiences.

Note: This will help the tutor on identifying right teams in forming Groups/Teams for Practical Exercises.

TVE CERT

14

Issue Date: SEP 2015

Welcome to your CQI and IRCA Certified Quality Management System Auditor/Lead Auditor Training Course TVE International Academy Pvt. Ltd. has been independently assessed and approved by the CQI and IRCA. This means they have the processes and systems in place to deliver certified courses to the highest standard.

About the CQI and IRCA The CQI is the only chartered professional body dedicated entirely to quality. IRCA is its specialist division dedicated to management system auditors. Find out more about the CQI and IRCA at www.quality.org We hope you enjoy your course

www.quality.org/training

Quality Management Systems Auditor / Lead Auditor Training Course

PURPOSE, BENEFITS & PRINCIPLES OF QMS

1. Quality Management System A Quality Management System (QMS) is a set of policies, processes and procedures required for planning and execution (production / development / service) in the core business area of an organization. (i.e. areas that can impact

the organization's

ability to meet

customer

requirements.)ISO 9001:2015 is an example of a Quality Management System.

A QMS integrates the various internal processes within the organization and intends to provide a

process approach for project execution. A Process

Based QMS enables the organizations to identify measure, control and improve the various core business processes that will ultimately lead to improved business performance.

2. Evolution of ISO - Evolution of Standards

MILSTANDARDS - 1960s

ISO 9001 – 1stEdition - 1987 ISO 9001 – 2ndEdition - 1994 ISO 9001 - 3rdEdition - 2000

BS 5755 - 1960s

ISO 9001 - 4th Edition 2008 ISO 9001 - 5th Edition – 2015

ISO 9001 - 1980s

TVE CERT

16

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3. Purpose of Quality Management System Quality management systems can assist organizations in enhancing customer satisfaction. Customers require products with characteristics that satisfy their needs and expectations. These needs and expectations are expressed in product specifications and collectively referred to as customer requirements Customer requirements may be specified contractually by the customer or may be determined by the organization itself. In either case, the customer ultimately determines the acceptability of the product. Because customer needs and expectations are changing, and because of competitive pressures and technical advances, organizations are driven to improve continually their products and processes. The quality management system approach encourages organizations to analyse customer requirements, define the processes that contribute to the achievement of a product which is acceptable to the customer, and keep these processes under control. A quality management system can provide the framework for continual improvement to increase the probability of enhancing customer satisfaction and the satisfaction of other interested parties. It provides confidence to the organization and its customers that it is able to provide products that consistently fulfill requirements

4. Benefits of Quality Management System: 

Assess the overall context of the organization to define who is affected by their work and what the customers expect from the organisation. This will enable to clearly state the organisations objectives and identify new business opportunities.

TVE CERT

17

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



Put the customers first, making sure the organization consistently meet their needs and enhance their satisfaction. This can lead to repeat custom, new clients and increased business for your organization.



Work in a more efficient way as all the processes will be aligned and understood by everyone in the business or organization. This increases productivity and efficiency, bringing internal costs down.



Meet the necessary statutory and regulatory requirements.



Expand into new markets, as some sectors and clients require ISO 9001 before doing business.



Identify and address the risks associated with the organization..

TVE CERT

18

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

INTRODUCTION TO AUDITING 1. What is Audit? Systematic, Independent and documented process for obtaining ―audit evidence‖ and evaluating it objectively to determine the extent to which ―audit criteria‖ are fulfilled.

Note: Independent does not necessarily mean external to the organization in many cases particularly in smaller organizations. Independence can be demonstrated by the freedom from responsibility for the activity being audited.

Also Audit can be defined as an official inspection of an organization's Management system, Management processes, and product or in terms of financial aspects and evaluating it to find to what extent the objectives are met.

The audit criteria used may be set of policies, procedures or requirement of any ISO standards.

Type of Audits

2. Internal or First Party Audit

First party audits, or internal audits, are used by companies to evaluate the effectiveness of their own quality performance that is to identify deficiencies and inaccuracies within the system.

TVE CERT

19

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3. External or Second Party Audit

The second party audit is generally known as the vendor quality assurance audit. The purpose of such an audit is to determine whether a vendor conforms to some specified contractual procedures imposed by a customer.

The objectives are: 1. Qualification and assessment of vendors 2. Customer‗s requirement that the organization shall audit their vendors 3. Ensure that vendors continue to maintain and improve their quality system 4. Resolve quality problems / issues.

4. External Third Party Audit

Third party audits are conducted by an independent body (certification body) and can either be voluntary, as in the case of a certification audit, or compulsory, as required by laws and regulations. Unlike an internal audit, the third party audit focuses

on

conformance

with

the

standard

and

implementation.

5. Stage 1 Audit

The purpose of the stage 1 audit is to evaluate the quality system is in compliance with a standard. a. Document review to be completed in off-site, but in most cases they are combined with an Initial Visit.

TVE CERT

20

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

6. Stage 2 Audit The purpose of the stage 2 audit is to evaluate the implementation,

including

effectiveness,

of

the

client's

management system. The stage 2 audit shall take place at the site(s) of the client.

7. Follow-up Audit

Any Major Non conformities require a follow up audit to verify the effectiveness of the corrective action taken.

8. Re-Certification Audit

The Re-Certification audit includes an onsite audit that requires the following 

Verify the Full management system



Demonstrated

commitment

to

maintain

the

effectiveness and improvement of the management system 

Enhance overall performance



Verify the achievement of the organization‘s policy and objectives

9. Additional Audits

The client shall be informed if an additional full audit, an additional limited audit, or documented evidence (to be confirmed during future surveillance audits) will be needed to verify effective correction and corrective actions.

TVE CERT

21

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

10. Surveillance Audit

Surveillance audits are on-site audits, but are not necessarily full system audits, and shall be planned together with the other surveillance activities so that the certification body can maintain confidence that the certified management system continues to fulfill requirements between recertification audits. The surveillance audit programme shall include, at least

11. Extensions to Scope

The certification body shall, in response to an application for extension to the scope of a certification already granted, undertake a review of the application and determine any audit activities necessary to decide whether or not the extension may be granted. This may be conducted in conjunction with a surveillance audit.

12. Short-notice Audits

It may be necessary for the certification body to conduct audits of certified clients at short notice to investigate complaints, or in response to changes, or as follow up on suspended clients. In such cases

a. the certification body shall describe and make known in advance to the certified clients the conditions under which these short notice visits are to be conducted, and

b. the certification body shall exercise additional care in the assignment of the audit team because of the lack of opportunity for the client to object to audit team members.

TVE CERT

22

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

13. Multi-site Audit

Where multi-site sampling is utilized for the audit of a client's management system covering the same activity in various locations, the certification body shall develop a sampling programme to ensure proper audit of the management system. The rationale for the sampling plan shall be documented for each client.

14. Audit Trails

An audit trail is the sequence of paperwork that validates or invalidates the whole process of an organization. Also it is an indicator of good internal controls instituted by a firm, and forms the basis of objectivity. 

Audit carried on step by step with sequential process from beginning to the end



Reviewing again by various cross –references procedures/Documents



Audit Trail can be carried out either in forward and backward direction of process sequence.



Audit follows a trail (e.g. estimate, contract, work ticket, form, checklist, material and product) through the business from origination to completion.

15. Auditing statutory and regulatory requirements

ISO 9001 requires an organization to identify and control the statutory and regulatory requirements applicable to its products (including services). It is up to the organization how to do this within its QMS.

TVE CERT

23

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

The organization should demonstrate that the statutory and regulatory requirements applicable to its products / services have been properly identified, are available and easily retrievable.

Auditors need to be aware of the general and specific statutory and regulatory requirements applicable to the products/ services included within the scope of the QMS. During the audit preparation phase, auditors should obtain relevant information from internal or external sources with respect to these statutory and regulatory requirements. This will allow them to make a judgment on the suitability of the QMS to address such requirements. These requirements need to be identified and integrated in the resource management and product realization activities of the organization.

During the audit phase, auditors should



ensure that the organization has a methodology in place for identifying, maintaining and updating all applicable statutory and regulatory requirements



ensure that these statutory and regulatory requirements are utilized as ‗process inputs‘ while monitoring ‗process outputs‘ for compliance with requirements



ensure that any claimed compliance to standards, statutory and regulatory

requirements

etc.

are

properly

demonstrated

by

the

organization 

if evidence is found, during the audit, that specific information regarding statutory and regulatory requirements has not been taken into account, the auditors should issue a nonconformity



auditors should also issue a nonconformity if a non compliance with such requirements is directly identified

TVE CERT

24

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Auditors should avoid making statements about what statutory or regulatory requirements are applicable to the products / services of the organization, or about methods of compliance, because of the possibility of liability.

Nonconformities should be issued only in situations where identification has been made of system deficiencies or of direct violations in respect of statutory and regulatory requirements applying to the products/ services of the organization.

However, if non conformance with other kinds of statutory requirements (e.g. health and safety, environment, etc.) is co-incidentally, detected during the audit, this fact cannot be ignored by the audits. It should be reported without delay to the auditee and, if required, to the audit client.

If auditors become aware of any deliberate legal non-compliance that could affect the image and credibility of the QMS before, during, or after the audit (including, for example, breach of antitrust law, labour law, health and safety or environmental regulations) then this should be taken into consideration and investigated further, as appropriate. Apart from the regulatory authority‘s action, it is for the auditors to assess the effectiveness of the QMS in meeting customer requirements

(stated

or

generally

implied)

and

report

this

to

the

certification/registration body management to take appropriate actions.

TVE CERT

25

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

CERTIFICATION AND ACCREDITATION This chapter explains the organization and role of the Accreditation Body and the Certification Body.

1. Accreditation Body- Definition

Third-party attestation related to a conformity assessment body conveying formal demonstration of its competence to carry out specific conformity assessment tasks.

2. Accreditation Process

Accreditation is a formal, third party recognition of competence to perform specific tasks. It provides a means to identify a proven, competent evaluator so that the selection of a laboratory, inspection or certification body is an informed choice. Accreditation means the evaluator can demonstrate to its customer that it has been successful at meeting the requirements of international accreditation standards.

Usually the reason for getting something independently evaluated is to confirm it meets specific requirements in order to reduce risks. Obvious examples are product failure, health risks, company reputation or to meet legal or customer requirements. Anything or anyone can be evaluated - products, equipment, people, management systems or organizations.

Accreditation body means the evaluators: testing and calibration laboratories, inspection and certification bodies have been assessed against internationally recognized standards to demonstrate their competence, impartiality and performance capability.

TVE CERT

26

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3. Certification Body – Definition

The certification body has been assessed against internationally recognized standards to demonstrate its competence, impartiality and performance; capability. The certification body will make its services accessible to all applicants based on their requirements.

4. Certification Process

There are three steps to complete a Certification process 

Application



Document review& Contract agreements



Audit and certification.

a. Application

Applicant need to submit the application form for requesting certification the point of registration

b. Document Review & Contract Agreements

The auditor conducts the Document Review using the audit form and the management system documentation. During the process, the auditor will contact you to discuss the document review and/or for clarification or to request additional information

If applicable, the applicant needs to supply the necessary information enabling the auditor to finish the review.

TVE CERT

27

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

The applicant application is reviewed for the scope of accreditation by the certification body and then final offer with contract agreements were made with the applicant.

c. Audit & Certification

Once the Certification Body verifies that all documentation has been submitted, an independent auditor performs a content review of the documentation followed by a project site visit. Following the site visit, the auditor compiles a final report. The certification body then reviews the auditor report, notifies the team of the audit results and certifies the project accordingly. Certification Process – Flow Diagram

TVE CERT

28

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

5. Certification Body – Examples

These are the few examples of Certification Bodies. 

TVE Certification Services Pvt. Ltd.,



Bureau Veritas Certification (India) Pvt. Ltd.



DNV



TUV SUD South Asia Pvt. Ltd.

6. Benefits of Third - Party Accredited Certification:

There are many reasons why you should use the services of an accredited certification body: 

To win the new business opportunities in both the public and private sector;



To access into overseas markets as the certificates issued by bodies that are accredited by an IAFMLA signatory are recognized and accepted throughout the world;



Help to identify best practice since the certification body is required to have appropriate knowledge of your business sector;



Reduction in the need for central and local government to employ their own specialist assessment personnel.



Reduction in bureaucracy and lighter touch regulation.



Public trust



Control costs with the help of knowledge transfer since accredited certification bodies can be a good source of impartial advice;



Offer market differentiation and leadership by showing to others credible evidence of good practice;



To reduce the risk faced by the procurement department by taking the guesswork out of choosing a certification body that it closely meets your requirements;

TVE CERT

29

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



Demonstrate due diligence in the event of legal action;



Accreditation provides the assurance for Government to rely on commercial providers of evaluation and inspection services.

 Enhancing business efficiency by reducing the necessity to re-audit the business & reduces paper work QMS – Sample Certificate

TVE CERT

30

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

QUALITY MANAGEMENT PRINCIPLES, PROCESS APPROACH 1. Introduction One of the definitions of a ―principle‖ is that it is a basic belief, theory or rule that has a major influence on the way in which something is done. ―Quality management principles‖ are a set of fundamental beliefs, norms, rules and values that are accepted as true and can be used as a basis for quality management. The QMPs can be used as a foundation to guide an organization‘s performance improvement. They were developed and updated by international experts of ISO/TC 176, which is responsible for developing and maintaining ISO‘s quality management standards.

This document provides for each QMP 

Statement : Description of the principle



Rationale : Explanation of why the principle is important for the organization



Key benefits : Examples of benefits associated with the principle



Typical actions : Examples of typical actions to improve the organization‘s performance when applying the principle

The seven quality management principles are QMP 1 - Customer focus QMP 2 - Leadership QMP 3 - Engagement of people QMP 4 - Process approach QMP 5 - Improvement QMP 6 - Evidence-based decision making

TVE CERT

31

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

QMP 7 - Relationship management

These principles are not listed in priority order. The relative importance of each principle will vary from organization to organization and can be expected to change over time.

QMP 1 - Customer focus

Statement

The primary focus of quality management is to meet customer requirements and to strive to exceed customer expectations.

Rationale

Sustained success is achieved when an organization attracts and retains the confidence of customers and other interested parties. Every aspect of customer interaction provides an opportunity to create more value for the customer. Understanding current and future needs of customers and other interested parties contributes to sustained success of the organization.

Key benefits 

Increased customer value



Increased customer satisfaction



Improved customer loyalty



Enhanced repeat business



Enhanced reputation of the organization



Expanded customer base



Increased revenue and market share

TVE CERT

32

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Typical Actions 

Recognize direct and indirect customers as those who receive value from the organization.



Understand customers‘ current and future needs and expectations.



Link the organization‘s objectives to customer needs and expectations.



Communicate

customer

needs

and

expectations

throughout

the

organization. 

Plan, design, develop, produce, deliver and support goods and services to meet customer needs and expectations.



Measure and monitor customer satisfaction and take appropriate actions.



Determine and take actions on interested parties‘ needs and expectations that can affect customer satisfaction.



Actively manage relationships with customers to achieve sustained success.

QMP 2 – Leadership

Statement

Leaders at all levels establish unity of purpose and direction and create conditions in which people are engaged in achieving the organization‘s quality objectives.

Rationale

Creation of unity of purpose and direction and engagement of people enable an organization to align its strategies, policies, processes and resources to achieve its objectives.

TVE CERT

33

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Key benefits 

Increased effectiveness and efficiency in meeting the organization‘s quality objectives



Better coordination of the organization‘s processes



Improved communication between levels and functions of the organization



Development and improvement of the capability of the organization and its people to deliver desired results

Typical Actions 

Communicate the organization‘s mission, vision, strategy, policies and processes throughout the organization.



Create and sustain shared values, fairness and ethical models for behaviour at all levels of the organization.



Establish a culture of trust and integrity.



Encourage an organization-wide commitment to quality.



Ensure that leaders at all levels are positive examples to people in the organization.



Provide people with the required resources, training and authority to act with accountability.



Inspire, encourage and recognize people‘s contribution.

QMP 3 - Engagement of people

Statement

Competent, empowered and engaged people at all levels throughout the organization are essential to enhance its capability to create and deliver value.

TVE CERT

34

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Rationale

To manage an organization effectively and efficiently, it is important to involve all people at all levels and to respect them as individuals. Recognition, empowerment and enhancement of competence facilitate the engagement of people in achieving the organization‘s quality objectives.

Key benefits  Improved understanding of the organization‘s quality objectives by people in the organization and increased motivation to achieve them  Enhanced involvement of people in improvement activities  Enhanced personal development, initiatives and creativity  Enhanced people satisfaction  Enhanced trust and collaboration throughout the organization  Increased attention to shared values and culture throughout the organization

Typical Actions  Communicate with people to promote understanding of the importance of their individual contribution.  Promote collaboration throughout the organization.  Facilitate open discussion and sharing of knowledge and experience.  Empower people to determine constraints to performance and to take initiatives without fear.  Recognize

and

acknowledge

people‘s

contribution,

learning

and

improvement.  Enable self-evaluation of performance against personal objectives.  Conduct surveys to assess people‘s satisfaction, communicate the results, and take appropriate actions. TVE CERT

35

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

QMP 4 - Process approach

Statement

Consistent and predictable results are achieved more effectively and efficiently when activities are understood and managed as interrelated processes that function as a coherent system.

Rationale

The

quality

management

system

consists

of

interrelated

processes.

Understanding how results are produced by this system enables an organization to optimize the system and its performance.

Key benefits  Enhanced ability to focus effort on key processes and opportunities for improvement  Consistent and predictable outcomes through a system of aligned processes  Optimized performance through effective process management, efficient use of resources, and reduced cross-functional barriers  Enabling the organization to provide confidence to interested parties as to its consistency, effectiveness and efficiency

Typical Actions  Define objectives of the system and processes necessary to achieve them.  Establish

authority,

responsibility

and

accountability

for

managing

processes.

TVE CERT

36

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

 Understand the organization‘s capabilities and determine resource constraints prior to action.  Determine

process

interdependencies

and

analyse

the

effect

of

modifications to individual processes on the system as a whole.  Manage processes and their interrelations as a system to achieve the organization‘s quality objectives effectively and efficiently.  Ensure the necessary information is available to operate and improve the processes and to monitor, analyse and evaluate the performance of the overall system.  Manage risks that can affect outputs of the processes and overall outcomes of the quality management system. QMP 5 – Improvement

Statement

Successful organizations have an ongoing focus on improvement.

Rationale

Improvement is essential for an organization to maintain current levels of performance, to react to changes in its internal and external conditions and to create new opportunities.

Key benefits  Improved process performance, organizational capabilities and customer satisfaction  Enhanced focus on root-cause investigation and determination, followed by prevention and corrective actions

TVE CERT

37

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

 Enhanced ability to anticipate and react to internal and external risks and opportunities  Enhanced

consideration

of

both

incremental

and

breakthrough

improvement  Improved use of learning for improvement  Enhanced drive for innovation

Typical Actions 

Promote establishment of improvement objectives at all levels of the organization.



Educate and train people at all levels on how to apply basic tools and methodologies to achieve improvement objectives.



Ensure people are competent to successfully promote and complete improvement projects.



Develop and deploy processes to implement improvement projects throughout the organization.



Track, review and audit the planning, implementation, completion and results of improvement projects.



Integrate improvement considerations into the development of new or modified goods, services and processes.



Recognize and acknowledge improvement.

QMP 6 - Evidence-based decision making

Statement

Decisions based on the analysis and evaluation of data and information are more likely to produce desired results.

TVE CERT

38

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Rationale

Decision making can be a complex process, and it always involves some uncertainty. It often involves multiple types and sources of inputs, as well as their interpretation, which can be subjective. It is important to understand cause-andeffect relationships and potential unintended consequences. Facts, evidence and data analysis lead to greater objectivity and confidence in decision making.

Key benefits  Improved decision-making processes  Improved assessment of process performance and ability to achieve objectives  Improved operational effectiveness and efficiency  Increased ability to review, challenge and change opinions and decisions  Increased ability to demonstrate the effectiveness of past decisions

Typical Actions  Determine, measure and monitor key indicators to demonstrate the organization‘s performance.  Make all data needed available to the relevant people.  Ensure that data and information are sufficiently accurate, reliable and secure.  Analyse and evaluate data and information using suitable methods.  Ensure people are competent to analyse and evaluate data as needed.  Make decisions and take actions based on evidence, balanced with experience and intuition.

TVE CERT

39

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

QMP 7 - Relationship management

Statement

For sustained success, an organization manages its relationships with interested parties, such as suppliers.

Rationale

Interested parties influence the performance of an organization. Sustained success is more likely to be achieved when the organization manages relationships with all of its interested parties to optimize their impact on its performance. Relationship management with its supplier and partner networks is of particular importance.

Key benefit  Enhanced performance of the organization and its interested parties through responding to the opportunities and constraints related to each interested party  Common understanding of goals and values among interested parties  Increased capability to create value for interested parties by sharing resources and competence and managing quality-related risks  A well-managed supply chain that provides a stable flow of goods and services

Typical Actions  Determine relevant interested parties (such as suppliers, partners, customers, investors, employees, and society as a whole) and their relationship with the organization.

TVE CERT

40

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

 Determine and prioritize interested party relationships that need to be managed.  Establish relationships that balance short-term gains with long-term considerations.  Pool and share information, expertise and resources with relevant interested parties.  Measure performance and provide performance feedback to interested parties, as appropriate, to enhance improvement initiatives.  Establish collaborative development and improvement activities with suppliers, partners and other interested parties.  Encourage and recognize improvements and achievements by suppliers and partners.

2. Process approach a. General

The process approach involves the systematic definition and management of processes,

and

their interactions, so as to achieve the intended results in

accordance with the quality policy and strategic direction of the organization.

Management of the processes and the system as a whole can be achieved using the PDCA cycle with an overall focus on risk-based thinking aimed at taking advantage of opportunities and preventing undesirable results.

The application of the process approach in a QMS enables: 

understanding and consistency in meeting requirements



the consideration of processes in terms of added value



the achievement of effective process performance



improvement of processes based on evaluation of data and information

TVE CERT

41

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Figure 1 gives a schematic representation of any process and shows the interaction of its elements.

The monitoring and measuring checkpoints, which are necessary for control, are specific to each process and will vary depending on the related risks.

Starting Point

End Point

Activities

Sources of inputs

Inputs

Predecessor Processes

Matter, Energy, Information, e.g. in the form of materials, resources, requirements

Outputs

Matter, Energy, Information, e.g. in the form of product, service, decision

Receivers of Outputs

Subsequent Processes

Possible controls and check points to monitor and measure Performance

Figure 1 — Schematic representation of the elements of a single process

TVE CERT

42

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

b. What is the process approach?

All organizations use processes to achieve their objectives. A process: 

set of interrelated or interacting activities that use inputs to deliver an intended result

NOTE: Inputs and outputs may be tangible (e.g. materials, components or equipment) or intangible (e.g. data, information or knowledge) The process approach includes establishing the organization‘s processes to operate as an integrated and complete system.  The management system integrates processes and measures to meet objectives  Processes define interrelated activities and checks, to deliver intended outputs  Detailed planning and controls can be defined and documented as needed, depending on the organization‘s context.

TVE CERT

43

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

c. Risk‐based thinking, PDCA and the process approach

Figure 2 — Representation of the structure of this International Standard in the PDCA cycle

These three concepts together form an integral part of the ISO 9001:2015 standard. Risks that may impact on objectives and results must be addressed by the management system. Risk‐based thinking is used throughout the process approach to:

TVE CERT

44

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

 Decide how risk (positive or negative) is addressed in establishing the processes to improve process outputs and prevent undesirable results  Define the extent of process planning and controls needed (based on risk)  improve the effectiveness of the quality management system  maintain and manage a system that inherently addresses risk and meets objectives

PDCA is a tool that can be used to manage processes and systems. PDCA stands for: P Plan: set the objectives of the system and processes to deliver results (―What to do‖ and ―how to do it‖) D Do: implement and control what was planned C Check: monitor and measure processes and results against policies, objectives and requirements and report results A Act: take actions to improve the performance of processes

PDCA operates as a cycle of continual improvement, with risk‐based thinking at each stage.

d. What are the possible benefits?  A focus on the more important (―high‐risk‖) processes and their outputs  improved understanding, definition and integration of interdependent processes  systematic

management

of

planning,

implementation,

checks

and

improvement of processes and the management system as a whole.  better use of resources and increased accountability  more consistent achievement of the policies and objectives, intended results and overall performance

TVE CERT

45

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

 process approach can facilitate the implementation of any management system  enhanced customer satisfaction by meeting customer requirements  enhanced confidence in the organization.

The practical steps in using a process approach in ISO 9001:2015 are explained below in table.

e. The process approach in ISO 9001:2015

In accordance with the requirements of ISO 9001 the following sequence of actions provides examples of how an organization may choose to build and control the processes of its quality management system. Performance can be managed and improved by applying the Plan‐Do‐Check‐Act (PDCA) cycle. This applies equally to the system as a whole, to individual processes and to operational activities.

Steps in the process approach

What to do?

Guidance

PLAN Define the context of the organization

The organization should identify its responsibilities, the relevant interested parties and their relevant requirements, needs and expectations to define the organization‘s intended purpose.

Gather, analyze and determine external and internal responsibilities of the organization to satisfy the relevant requirements, needs and expectations of the relevant interested parties. Monitor or communicate frequently with these interested parties to ensure continual understanding of their requirements, needs and expectations.

Define the scope, objectives and policies of the organization

Based on the analysis of the requirements, needs and Expectations establish the scope, objectives and policies that are relevant for the organization‘s quality

The organization shall determine the scope, boundaries and applicability of its management system taking into consideration the internal and external context and interested party requirements. Decide which markets

TVE CERT

46

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

management system.

Determine the processes in the organization

Determine the sequence of the processes

the organization should address. Top management should then establish objectives and policies for the desired outcomes.

Determine the processes needed to meet the objectives and policies and to produce the intended outputs.

Management shall determine the processes needed for achieving the intended outputs. These processes include management, resources, operations, measurement, analysis and improvement. Determine how the processes Define and describe the network of flow in sequence and processes and their interaction. interaction. Consider the following:  The inputs and outputs of each process (which may be internal or external).  Process interaction and interfaces on which processes depend or enable.  Optimum effectiveness and efficiency of the sequence.  Risks to the effectiveness of process interaction. Note: As an example, realization processes (such as those needed to provide the products or services delivered to a customer) will interact with other processes (such as the management, measurement, procurement in the provision of resources). Process sequences and their interactions may be developed using tools such as modeling, diagrams, matrices and flowcharts.

Define people or remits who take process ownership and accountability

TVE CERT

Assign responsibility authority for each process.

47

and Top Management should organize and define ownership, accountability, individual roles, responsibilities, working groups, remits, authority and ensure the competence needed for the effective definition, implementation, maintenance and improvement of each process and its interactions. Such individuals or remits are usually referred to as the Process Owners.

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

To manage process interactions it may be useful to also establish a management system team that has a system overview across all the processes and may include representatives from the interacting processes and functions. Define the need for documented information

Determine those processes that Processes exist within the need to be formally defined and organization. They may be formal or how they are to be documented. informal. There is no catalogue or list of processes that have to be formally defined. The organization should determine which processes need to be documented on the basis of risk‐ based thinking, including, for example:  The size of the organization and its type of activities.  The complexity of its processes and their interactions.  The criticality of the processes.  The need for formally accountability of performance. Processes can be formally documented using a number of methods such as graphical representations, user stories, written instructions, checklists, flow charts, visual media or electronic methods including graphics and systemization. However, the method or the technology chosen are not the goals. They can be used to describe processes, which are the means to achieve the goals. Effective and organized processes can then deliver consistent and accountable operations and the desired objectives and results which can then be improved. Note: For more guidance see the ISO 9000 Introduction and Support Package module Guidance on the Documented Information Requirements of ISO 9001:2015

TVE CERT

48

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Define the interfaces, risks and activities within the process

Determine the activities needed to achieve the intended outputs of the process and risks of unintended outputs.

Define the required outputs and inputs of the process. Determine the risks to conformity of products, services and customer satisfaction if unintended outputs are delivered. Determine the activities, measures and inherent controls required to transform the inputs into the desired outputs. Determine and define the sequence and interaction of the activities within the process. Determine how each activity will be performed. Ensure that the management system as a whole takes account of all material risks to the organization and users. Note:In some cases the customer may specify requirements not only for the outputs but also for the realization of a process.

Define the monitoring and measurement requirements

Determine where and how monitoring and measuring should be applied. This should be both for control and improvement of the processes and the intended process outputs. Determine the need for recording results.

Identify the validation necessary to assure effectiveness and efficiency of the processes and system. Take into account such factors as:  Monitoring and measuring criteria.  Reviews of performance  Interested parties‘ satisfaction.  Supplier performance.  On time delivery and lead times.  Failure rates and waste.  Process costs.  Incident frequency.  Other measures of conformity with requirements.

DO Implement

TVE CERT

Implement actions necessary to The organization should perform achieve planned activities and activities, monitoring, measures results. and controls of defined processes and procedures (which may be automated), outsourcing and other methods necessary to achieve planned results.

49

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Define the resources needed

Determine the resources needed Examples of resources include: for the effective operation of each • Human resources. process. • Infrastructure. • Environment. • Information. • Natural resources (including knowledge). • Materials. • Financial resources. CHECK

Verify the process against its planned objectives

Confirm that the process is effective and that the characteristics of the processes are consistent with the purpose of the organization.

The organization should compare outputs against objectives to verify that all the requirements are satisfied. Processes are needed to gather data. Examples include measurement, monitoring, reviews, audits and performance analysis.

ACT Improvement

Change the processes to ensure Act on the findings to ensure that they continue to deliver the improvement of process intended outputs effectiveness. (NOTE: Organizations may also wish to improve process efficiency, though it is not a requirement of ISO 9001 to do so). Corrective action as a result of process failure should include the identification and elimination of the root causes of the problems. ‗System Thinking‘ recognizes that an event in one process may have a cause or effect in a dependent process. Causes and the effects may not be within the same process. Problem solving and improvement typically follows the essential steps of:  define

TVE CERT

50

the

problems

Issue Date: SEP 2015

or

Quality Management Systems Auditor / Lead Auditor Training Course

objectives  collect and analyze the data on the problem and relevant processes  select and implement the preferred solutions  evaluate the effectiveness of the solutions.  incorporate the solutions into the routine Even when planned process outputs are being achieved and requirements fulfilled, the organization should still seek to improve process performance, customer satisfaction and reputation. This can be achieved, for example, by small‐step continual improvement (―Kaizen‖), breakthrough improvements and/or by innovation.

TVE CERT

51

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

TVE CERT

52

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

ISO 9001 Terminologies For the purposes of this document, the following terms and definitions apply.

3.01 organization 

Person or group of people that has its own functions (3.25)

with

responsibilities,

authorities

and

relationships to achieve its objectives (3.08)

3.02 Interested party 

person or organization (3.01) that can affect, be affected by, or perceive themselves to be affected by a decision or activity

EXAMPLE Customers (3.26), owners, people in an organization (3.01), suppliers (3.27), bankers, unions, partners or society that may include competitors or opposing pressure groups.

3.03 requirement 

Need or expectation that is stated, generally implied or obligatory

3.04 management system set of interrelated or interacting elements of an organization (3.01) to establish policies (3.07) and objectives (3.08) and processes (3.12) to achieve those objectives

TVE CERT

53

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3.05 top management person or group of people who directs and controls an organization (3.01) at the highest level

3.06 effectiveness extent to which planned activities are realized and planned results achieved

3.07 policy intentions and direction of an organization (3.01), as formally expressed by its top management (3.05)

3.08 objective result to be achieved

3.09 risk effect of uncertainty on an expected result

3.10 competence ability to apply knowledge (3.53) and skills to achieve intended results

3.11 documented information information (3.50) required to be controlled and maintained by an organization (3.01) and the medium on which it is contained

TVE CERT

54

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3.12 process set of interrelated or interacting activities which transforms inputs into outputs (3.46)

3.13 performance measurable result

3.14 outsource (verb) make an arrangement where an external organization (3.01) performs part of an organization‘s function (3.25) or process (3.12)

3.15 monitoring determining (3.67) the status of a system (3.31), a process (3.12) or an activity

3.16 measurement process (3.12) to determine (3.67) a value 3.17 audit systematic and independent process (3.12) for obtaining objective evidence (3.61) and evaluating it objectively to determine the extent to which the audit criteria (3.60) are fulfilled

3.18 conformity fulfillment of a requirement (3.03)

TVE CERT

55

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3.19 nonconformity non-fulfillment of a requirement (3.03)

3.20 corrective action action to eliminate the cause of a nonconformity (3.19) and to prevent recurrence

3.21 continual improvement recurring activity to enhance performance (3.13) 3.22 correction action to eliminate a detected nonconformity (3.19)

3.23 involvement engagement in, and contribution to, shared objectives (3.08)

3.24 context of the organization business environment combination of internal and external factors and conditions that can have an effect on an organization's (3.01) approach to its products (3.47), services (3.48) and investments and interested parties (3.02) Note 1 to entry: The concept of context of the organization is equally applicable to not-for-profit or public service (3.48) organizations (3.01) as it is to those seeking profits. Note 2 to entry: In English this concept is often referred to by other phrases such as business environment, organizational environment or ecosystem of an organization (3.01).

TVE CERT

56

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3.25 function role to be carried out by a designated unit of the organization (3.01) 3.26 customer person or organization (3.01) that could or does not receive a product (3.47) or a service (3.48) is intended for or required by this person or organization

3.27 supplier provider person or organization (3.01) that provides a product (3.47) or a service (3.48)

EXAMPLE Producer, distributor, retailer or vendor of a product (3.47) or a service (3.48) or information (350). 3.28 improvement activity to enhance performance (3.13) 3.29 management coordinated

activities

to

direct

and

control

an

organization (3.01) 3.30 quality management management (3.29) with regard to quality (3.37) 3.31 system set of interrelated or interacting elements

TVE CERT

57

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3.32 infrastructure system (3.31) of facilities, equipment and services (3.48) needed for the operation of an organization (3.01)

3.33 quality management system management system (3.04) with regard to quality (3.5.2) 3.34 quality policy policy (3.07) related to quality (3.37) 3.35 strategy planned activities to achieve an objective (3.08). 3.36 object entity anything perceivable or conceivable EXAMPLES Product (3.47), service (3.48), process (3.12), person, organization (3.01), system (3.31), resource. 3.37 quality degree to which a set of inherent characteristics (3.65) of an object (3.36) fulfills requirements (3.03) 3.38 statutory requirement obligatory requirement (3.03) specified by a legislative body 3.39 regulatory requirement obligatory requirement (3.03) specified by an authority mandated by a legislative body

TVE CERT

58

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3.40 defect nonconformity (3.19) related to an intended or specified use 3.41 traceability ability to trace the history, application or location of an object (3.36)

3.42 innovation process (3.12) resulting in a new or substantially changed object (3.36) 3.43 contract binding agreement 3.44 design and development set of processes (3.12) that transforms requirements (3.03) for an object (3.36) into more detailed requirements 3.45 quality objective objective (3.08) related to quality (3.37)

3.46 output result of a process (312)

TVE CERT

59

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3.47 product output (3.46) that is a result of activities where none of them necessarily is performed at the interface between the provider (3.27) and the customer (3.26) 3.48 service intangible output (3.46) that is the result of at least one activity necessarily performed at the interface between the provider and the customer 3.49 data facts about an object (3.36) 3.50 information meaningful data (3.49)

3.51objective evidence data (3.49) supporting the existence or verity of something

3.52 information system network

of

communication

channels

used

within

an

organization (3.01)

3.53 knowledge available collection of information (3.50) being a justified belief and having a high certainty to be true

TVE CERT

60

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3.54 verification confirmation, through the provision of objective evidence (3.51), that specified requirements (3.03) have been fulfilled

3.55 validation confirmation, through the provision of objective evidence, that the requirements (3.03) for a specific intended use or application have been fulfilled 3.56 feedback opinions, comments and expressions of interest in a product, a service or a complaints-handling process

3.57 customer satisfaction customer‘s (3.26) perception of the degree to which the customer‘s expectations have been fulfilled

3.58 complaint expression of dissatisfaction made to an organization (3.01), related to its product (3.47) or service (3.48), or the complaints-handling process (3.12) itself, where a response or resolution is explicitly or implicitly expected 3.59 audit programme set of one or more audits (3.17) planned for a specific time frame and directed towards a specific purpose

TVE CERT

61

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3.60 audit criteria set of policies (3.07), documented information (3.11) or requirements (3.03) used as a reference against which audit evidence (3.61) is compared 3.61 objective / audit evidence records, statements of fact or other information (3.50), which are relevant to the audit criteria (3.60) and verifiable

3.62 audit findings results of the evaluation of the collected audit evidence (3.61) against audit criteria (3.60)

3.63 concession permission to use or release (3.64) a product (3.47) or service (3.48) that does not conform to specified requirements (3.03)

3.64 release permission to proceed to the next stage of a process (3.12)

3.65 characteristic distinguishing feature Note 1 to entry: A characteristic can be inherent or assigned. Note 2 to entry: A characteristic can be qualitative or quantitative. Note 3 to entry: There are various classes of characteristic, such as the following:

a) physical

(e.g.

mechanical,

electrical,

chemical

or

biological

characteristics); b) sensory (e.g. related to smell, touch, taste, sight, hearing);

TVE CERT

62

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

c) behavioural (e.g. courtesy, honesty, veracity); d) temporal (e.g. punctuality, reliability, availability). e) ergonomic (e.g. physiological characteristic, or related to human safety); f)

functional (e.g. maximum speed of an aircraft)

3.66 performance indicator performance

metric

characteristic

(3.65)

having

significant impact on realization of the output (3.46) and customer satisfaction (3.57) EXAMPLES Nonconformities (3.19) per million opportunities, first time capability, nonconformities per unit.

3.67 determination activity to find out one or more characteristics (3.65) and their characteristic values

3.68 review determination (3.67) of the suitability, adequacy or effectiveness (3.06) of an object (3.36) to achieve established objectives (3.08)

3.69 measuring equipment measuring

instrument,

software,

measurement

standard, reference material or auxiliary apparatus or combination thereof necessary to realize a measurement (3.16) process (3.12).

TVE CERT

63

Issue Date: SEP 2015

64

Quality Management Systems Auditor / Lead Auditor Training Course

CONTEXT OF THE ORGANIZATION This chapter deals about the clause requirement Context of the Organisastion

1. Understanding the organization and its context

The organization shall 

determine external and internal issues that are relevant to its purpose and its strategic direction and that affect its ability to achieve the intended result(s) of its QMS.



monitor and review information about these external and internal issues.

2. Auditing Guidance - Context of the Organisastion

Issues can include positive and negative factors or conditions for consideration. 

External context includes  legal,

technological,

competitive,

market,

cultural,

social

and

economic environments, whether international, national, regional or local.  relationships with and perceptions/values of external stakeholders 

Internal context includes  policies, objectives and strategies  corporate culture  governance, objectives and strategies  resources (people, capital, time, processes, system technologies)  information

systems,

information

flows

and

decision-making

processes (both formal and informal)

TVE CERT

65

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3. Understanding the needs and expectations of interested parties Due to their effect or potential effect on the organization‘s

ability

to

consistently

provide

products and services that meet customer and applicable statutory and regulatory requirements,

The organization shall: 

determine the interested parties that are relevant to the QMS



determine the requirements of these interested parties that are relevant to the QMS

Monitor and review information about these interested parties and their relevant requirements.

4. Auditing Guidance - Understanding the needs and expectations of interested parties

Sub clause 4.2 specifies requirements for the organization to determine the interested parties that are relevant to the QMS and the requirements of those interested parties.

However, 4.2 does not imply extension of QMS requirements beyond the scope of this International Standard. As stated in the scope, this International Standard is applicable where an organization needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and aims to enhance customer satisfaction.

There is no requirement in this International Standard for the organization to consider interested parties where it has decided that those parties are not

TVE CERT

66

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

relevant to its QMS.

It is for the organization to decide if a particular requirement of a relevant interested party is relevant to its QMS.

5. Determining the scope of the quality management system

The organization shall determine the boundaries and applicability of the QMS to establish its scope.

When determining this scope, the organization shall consider:   

the external and internal issues referred to in 4.1; the requirements of relevant interested parties referred to in 4.2; the products and services of the organization.

The organization shall apply all the requirements of this International Standard if they are applicable within the determined scope of its QMS.

The scope of the organization‘s QMS  shall be available and be maintained as documented information.  shall state the types of products and services covered, and provide justification for any requirement of this International Standard that the organization determines is not applicable to the scope of its QMS.

Conformity to this International Standard may only be claimed if the requirements determined as not being applicable do not affect the organization‘s ability or responsibility to ensure the conformity of its products and services and the enhancement of customer satisfaction.

TVE CERT

67

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

6. Auditing Guidance – Determining the scope of the quality management system

This International Standard does not refer to ―exclusions‖ in relation to the applicability of its requirements to the organization‘s quality management system.

However, an organization can review the applicability of requirements due to the size or complexity of the organization, the management model it adopts, the range of the organization‘s activities and the nature of the risks and opportunities it encounters.

The requirements for applicability are addressed in 4.3, which defines conditions under which an organization can decide that a requirement cannot be applied to any of the processes within the scope of its QMS.

The organization can only decide that a requirement is not applicable if its decision will not result in failure to achieve conformity of products and services.

7. Quality management system and its processes

a. The organization shall establish, implement, maintain and continually improve a Q M S , including the processes needed and their interactions, in accordance with the requirements of this International Standard.

The organization shall determine the processes needed for the QMS and their application throughout the organization and shall determine 

the inputs required and the outputs expected from these processes



the sequence and interaction of these processes

TVE CERT

68

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



apply the criteria and methods (including monitoring, measurements and related performance indicators) needed to ensure the effective operation and control of these processes



resources needed for these processes and ensure their availability

The organization shall



assign the responsibilities and authorities for these processes;



address the risks and opportunities as determined in accordance with the requirements of 6.1



evaluate these processes and implement any changes needed to ensure that these processes achieve their intended results



improve the processes and the QMS.

b. To the extent necessary, the organization shall: 

maintain documented information to support the operation of its processes



retain documented information to have confidence that the processes are being carried out as planned.

8. Summary

1.

Has the organization determined external and internal issues?

2.

Has the organization determined the interested parties relevant to the QMS?

3.

Has the organization determined the requirements of the interested parties are relevant to the QMS?

4.

Has the organization monitored and reviewed the information about the interested parties are relevant requirements?

TVE CERT

69

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

5.

Has the organization determined the boundaries and applicability of the QMS to establish its scope?

6.

Has the organization considered the external and internal issues when determining the scope?

7.

Has the organization considered the relevant interested parties needs and expectations?

8.

Has the organization considered the organization‘s units, functions and physical boundaries when determining the scope?

9.

Has the organization considered its products and services when determining the scope?

10.

Has the organization considered the authority and ability to exercise control and influence when determining the scope?

11.

Has the organization maintained the documented information?

12.

Has the organization determined the inputs required and the outputs expected from these processes?

13.

Has the organization determined the sequence and interaction of these processes?

14.

Has the organization determined and apply the criteria and methods needed to ensure the effective operation and control of these processes?

15.

Has the organization determined the resources needed for the theses processes?

16.

Has the organization assigned the responsibilities and authorities of these processes?

17.

Has the organization addressed the risks and opportunities as determined in accordance with the requirements of 6.1?

18.

Has the organization evaluate these processes and implement any changes needed to ensure that these process achieve their intended results?

19.

TVE CERT

Has the organization improve the processes and the QMS?

70

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

20.

Has the organization maintained documented information to support the operation of its processes?

21.

Has the organization retained documented information to have confidence that the processes are being carried out as planned?

TVE CERT

71

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

LEADERSHIP This chapter deals about the clause requirement - Leadership 1. Leadership and commitment

Top management shall demonstrate leadership and commitment with respect to the Q M S by: 

taking accountability for the effectiveness of the QMS



ensuring that the quality policy and quality objectives are established for the QMS and are compatible with the context and strategic direction of the organization



ensuring the integration of the QMS requirements into the organization‘s business processes



promoting the use of the process approach and risk-based thinking



ensuring that the resources needed for the QMS are available



communicating the importance of effective QM and of conforming to the QMS requirements



ensuring that the QMS achieves its intended results



engaging, directing and supporting persons to contribute to the effectiveness of the QMS



promoting improvement



supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility.

NOTE Reference to ―business‖ in this International Standard can be interpreted broadly to mean those activities that are core to the purposes of the organization‘s existence, whether the organization is public, private, for profit or not for profit.

TVE CERT

72

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

2. Auditing Guidance - Top Management

Following are the methods of the evaluating top management commitment The auditor can ask relevant questions during the interview with the top management that 

Seek to obtain evidence of top management‘s awareness of and commitment to quality and its relevance to the organization's overall objectives and management system,



Establish evidence of conformity to the ISO 9001 requirements for management responsibility.

The auditor/audit team should be constantly looking for opportunities to collect and verify the answers received from top management

This includes 

The availability and relevance of policies and objectives



The establishment of linkage between the policies and objectives and are effective and understood throughout the organization



Confirming if the policies and objectives are appropriate for continual improvement of the quality management system and for the achievement of customer satisfaction.



Confirming if top management are involved in management reviews.

3. Customer focus Top

management

shall

demonstrate

leadership

and

commitment with respect to customer focus by ensuring

TVE CERT

73

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

that:



customer and applicable statutory and regulatory requirements are determined, understood and consistently met



the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed



the focus on enhancing customer satisfaction is maintained.

4. Policy a. Developing the quality policy Top management shall establish, implement and maintain a quality policy that: 

is appropriate to the purpose and context of the organization and supports its strategic direction



provides a framework for setting quality objectives

includes a commitment to 

satisfy applicable requirements



continual improvement of the QMS.

b. Communicating the quality policy The quality policy shall: 

be available and be maintained as documented information



be communicated, understood and applied within the organization



be available to relevant interested parties, as appropriate.

TVE CERT

74

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

5. Auditing Guidance – Quality Policy

The quality policy and its effective deployment can only be truly assessed based on the overall results of the audit.

Audit methods should include: •

Interviewing Top Management to understand their approach and commitment to quality

•

Evaluating, through the records of management review, the commitment and

involvement

of

Top

Management

in

the

establishment,

implementation, monitoring and updating of the quality policy •

Assessing

whether Management

has

effectively ―translated‖ the

quality policy into the local languages •

Conducting interviews with personnel to verify if they have the required awareness, understanding and knowledge of the way the organization‘s quality policy relates to their own activity

•

Seeking evidence of effective distribution of the quality policy by appropriate communication.

6. Organizational roles, responsibilities and authorities

Top management shall ensure that the responsibilities and authorities for relevant roles are assigned, communicated and understood within the organization.

Top management shall assign the responsibility and authority for: a) ensuring 

QMS conforms to the requirements of this International Standard



processes are delivering their intended outputs

TVE CERT

75

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



promotion of customer focus throughout the organization;



integrity of the QMS is maintained when changes to the QMS are planned and implemented.

b) reporting on the performance of the QMS and on opportunities for improvement (see 10.1), in particular to top management; NOTE: The term Management representative removed

7. Summary

1.

Does the top management demonstrate leadership & commitment with respect to the QMS policy?

2.

Is the top management ensured accountability for the effectiveness of the QMS?

3.

Does the top management ensure that the quality policy and quality objectives are compatible with the strategic direction and the context of the organization?

4.

Does the top management promotes the use of the process approach and risk-based thinking?

5.

Has the top management ensured that the resources needed for the QMS are available?

6.

Has the top management communicated the importance of effective quality management and of conforming to the quality management system requirements?

7.

Has the top management ensured that the quality management system achieves its intended results?

8.

Does the top management engage in directing and supporting person to contribute to the effectiveness of the QMS?

9.

TVE CERT

How the top management promotes improvement?

76

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

10.

Does the top management support other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility?

11.

Does the top management demonstrate leadership and commitment with respect to customer focus by ensuing customer and applicable statutory and regulatory are determined?

12.

Does the top management demonstrate leadership and commitment with respect to customer focus ?

13.

Does the top management demonstrate leadership and commitment with respect to customer focus by ensuing the risks and opportunities that can affect conformity of products and services?

14.

Does the top management demonstrate leadership and commitment with respect to customer focus by ensuring the ability to enhance customer satisfaction are determined and addressed?

15.

Has the top management established, implemented and maintained a quality policy?

16.

Is the Quality policy appropriate to the purpose and context of the organization?

17.

Does the quality policy support its strategic direction?

18.

Does the quality policy provide a framework for setting quality objectives?

19.

Does the quality policy include a commitment to satisfy applicable requirements?

20.

Does the quality policy include a commitment to continual improvement of the QMS?

21.

Is the quality policy communicated, understood and applied within the organization?

22.

Is the quality policy available and maintained as documented information?

23.

Is the quality policy available to relevant interested parties as appropriate?

TVE CERT

77

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

24.

Has the top management ensured the responsibilities and authorities for relevant roles are assigned?

25.

Has the top management ensured the responsibilities and authorities for relevant roles are communicated and understood within organization?

26.

Has the top management assigned the responsibility and authority thereby ensuring the QMS conforms to the requirements of ISO 9001:2015?

27.

Has the top management assigned the responsibility and authority for ensuring the processes are delivering their intended outputs?

28.

Has the top management assigned the responsibility and authority for reporting on the performance of the QMS and on opportunities for improvement in particular to top management?

29.

Has the top management assigned the responsibility and authority for ensuring the promotion of customer focus throughout the organization?

30.

Has the top management assigned the responsibility and authority for ensuring that the integrity of the QMS is maintained when changes to the QMS are planned and implemented?

TVE CERT

78

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

RISK BASED THINKING & PLANNING This chapter deals about the requirements of Risk Based Thinking & the clause requirement Planning

1. Risk-based thinking ISO 9001:2015 is to establishes a systematic approach to considering risk, rather than treating ―prevention‖ as a separate component of a quality management system. Risk is inherent in all aspects of a quality management system. There are risks in all systems, processes and functions. Risk-based thinking ensures these risks are identified, considered and controlled throughout the design and use of the quality management system. In previous editions of ISO 9001, a clause on preventive action was separated from the whole. By using risk-based thinking the consideration of risk is integral. It becomes proactive rather than reactive in preventing or reducing undesired effects through early identification and action. Preventive action is built-in when a management system is risk-based. Risk-based thinking is something we all do automatically in everyday life. Example: If I wish to cross a road I look for traffic before I begin. I will not step in front of a moving car. Risk-based thinking has always been in ISO 9001 – this ISO 9001:2015 builds it into the whole management system. In ISO 9001:2015 risk-based thinking needs to be considered from the beginning and throughout the system, making preventive action inherent to planning, operation, analysis and evaluation activities.

TVE CERT

79

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Risk-based thinking is already part of the process approach. Not all the processes of a quality management system represent the same level of risk in terms of the organization‘s ability to meet its objectives. Some need more careful and formal planning and controls than others. Example: To cross the road I may go directly or I may use a nearby footbridge. Which process I choose will be determined by considering the risks. Risk is commonly understood to have only negative consequences; however the effects of risk can be either negative or positive. In ISO 9001:2015 risks and opportunities are often cited together. Opportunity is not the positive side of risk. An opportunity is a set of circumstances which makes it possible to do something. Taking or not taking an opportunity then presents different levels of risk. Example: Crossing the road directly gives me an opportunity to reach the other side quickly, but if I take that opportunity there is an increased risk of injury from moving cars. Risk-based thinking considers both the current situation and the possibilities for change. Analysis of this situation shows opportunities for improvement: • a subway leading directly under the road • pedestrian traffic lights, or • diverting the road so that the area has no traffic

TVE CERT

80

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

2. Where is risk addressed in ISO 9001:2015? The concept of risk-based thinking is explained in the introduction of ISO 9001:2015 as an integral part of the process approach. ISO 9001:2015 uses risk-based thinking in the following way: Introduction - the concept of risk-based thinking is explained Clause 4 – the organization is required to determine its QMS processes and to address its risks and opportunities Clause 5 – top management is required to  Promote awareness of risk-based thinking  Determine and address risks and opportunities that can affect product /service conformity Clause 6 – the organization is required to identify risks and opportunities related to QMS performance and take appropriate actions to address them Clause 7 – the organization is required to determine and provide necessary resources (risk is implicit whenever ―suitable‖ or ―appropriate‖ is mentioned) Clause 8 – the organization is required to manage its operational processes (risk is implicit whenever ―suitable‖ or ―appropriate‖ is mentioned) Clause 9 – the organization is required to monitor, measure, analyse and evaluate effectiveness of actions taken to address the risks and opportunities Clause 10 – the organization is required to correct, prevent or reduce undesired effects and improve the QMS and update risks and opportunities

TVE CERT

81

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3. Why use risk-based thinking? By considering risk throughout the system and all processes the likelihood of achieving stated objectives is improved, output is more consistent and customers can be confident that they will receive the expected product or service. Risk-based thinking: •

improves governance

•

establishes a proactive culture of improvement

•

assists with statutory and regulatory compliance

•

assures consistency of quality of products and services

•

improves customer confidence and satisfaction

Successful companies intuitively incorporate risk-based thinking.

4. A Risk Assessment - QMS a. Introduction  With the release of the new ISO 9001:2015 standard, QMS in all kind of organizations are going to face several changes.  This presentation intends to assess in one methodology in order to accomplish with the new ISO requirements.

b. ISO 9001:2015 Requirements  Determine external and internal issues that affect its ability to achieve the intended result(s) of its QMS.

TVE CERT

82

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

 Identify the processes needed and their interactions  Processes identification needs:  Inputs and Outputs  Sequence and interactions  Measuring methods  Resources  Responsibilities and authorities  Risk and opportunities  Methods of monitoring  Opportunities of improvement 

Risk and opportunities in Processes  Identify the Risk and opportunities in process  Plan actions to address them  Implement the actions





Identification of Risk related to the QMS 

Give assurance that the QMS can achieve the intended result



Prevent or Reduce, undesired effects (Non conformities)



Achieve continual improvement

Planning actions to address risk  integrate and implement the actions into its QMS processes  evaluate the effectiveness of these actions.  This actions shall be proportionate to the potential impact on the conformity of products and services

TVE CERT

83

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

c. Process Management 

A process consists of a set of activities that are performed in coordination.



They are set in an organizational and technical environment.



Each process can stand by itself but they can interact each other

Starting Point

End Point

Activities

Sources of inputs

Inputs

Predecessor Processes

Matter, Energy, Information, e.g. in the form of materials, resources, requirements

Outputs

Matter, Energy, Information, e.g. in the form of product, service, decision

Receivers of Outputs

Subsequent Processes

Possible controls and check points to monitor and measure Performance

Figure 1 — Schematic representation of the elements of a single process

TVE CERT

84

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

d. Risk Management 

Risk: The combination of the probability of an event and its consequence



Consequences can be positive or negative



Risk management: systematic process of understanding, evaluating and addressing these risks to maximize the chances of objectives being achieved

Likelihood

Very likely

Likely

Unlikely

Acceptable risk Medium 2 Acceptable risk Low 1 Acceptable risk Low 1

What is the chance it will Minor happen?

Unacceptable risk High 3 Acceptable risk Medium 2 Acceptable risk Low 1

Unacceptable risk Extreme 5 Unacceptable risk High 2 Acceptable risk Medium 2

Moderate

Major

Impact TVE CERT

85

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

e. Integrating Risk into Process Management 

Identify in each process (input / output) the hazards and the harms



Assess the consequence and the probability



Define an acceptance criteria



Define the acceptance or the mitigation



Identify the cost of mitigation and control



Monitor new harms for the process

f. Examples of Risk in process

Effectiveness Productivity

Risk

Employees are doing more tasks Reducing Throughput

Time

time

Efficiency Effectiveness

TVE CERT

Things are done right

86

Employees are doing tasks Reducing transaction cost

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

g. Turtle Diagram Methodology

Several methodologies are used to implement, audit and report potential Risk into the organization QMS process

Outputs

Inputs

Measure(s)

Customer

Supplier

Process

Materials / Equipment

Process Support

Competence / Skills Training

Advantages  Quick identification of process inputs / outputs, controls and resources.  High level of detail  Ease identification of interactions between process  Accomplish with the new ISO 9001:2015 standard

TVE CERT

87

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

h. Identification of major risk in process

Key process Inputs Key Process Outputs Key Process Activities

Major Risk

Key Personnel involved Process effectiveness measurement Process Objectives

i. Process Risk Assessment

Identify the activity, the potential Hazard and the undesired Outcome

Asses the risk (Likelihood and impact)

Set a control measure

Set a responsible

Define a due date

TVE CERT

88

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

j. Process Risk Assessment Matrix:

Process Risk Assessment Activity

TVE CERT

Hazard

Undesired

Risk Assessment

Control

Identified

Outcome

Likelihood

Measure

Impact

89Issue Date: SEP 2015

Responsible

Due Date

Quality Management Systems Auditor / Lead Auditor Training Course

k. Risk Management Plan  Once the organization has set the Process Risk Management it should develop a risk management plan for those potential risk that can affect its QMS intended results 1 Select the Intended QMS outcome (Conformity)

2 Define the hazard and the potential non desired outcome (Non Conformity)

3 Define other areas to be affected

4 Assess the risk

5 Define the risk treatment actions in place

6 Identify the residual risk

7 Identify the potential residual non desired outcomes

8 Define additional actions to be taken

9 Identify the resources required to assess the risk

10 Define the risk owner

TVE CERT

90

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

l. Risk Management Matrix:

RISK MANAGEMENT Risk Assessment Desired

Hazard

Undesired

Outcome

Identified

Outcome

Primary Action

Likelihood

Impact

Plan

Potential Residual

Undesired

Additional

Risk

Residual

actions

Outcome

m. Benefits of Risk Assessment  Helps to set the strategic and business planning  Makes the use of resources effective  Reduces the undesired outcomes  Can improve the possibility of find new opportunities in the QMS  Enhance communication between process  Holds Stakeholders  Helps focus internal audit programme

TVE CERT

91Issue Date: SEP 2015

Resources

Risk Owner

Quality Management Systems Auditor / Lead Auditor Training Course

n. Challenges Challenges to be faced are  Actual

QMS

are

based

in

―heavy‖

documentation  Few organizations knows the risk assessment methodology  Fewer organizations are prepared to change their actual QMS  Identify the degree of ―depth‖ of the risk assessment  New changes in the ISO 9001:2015 final standard

5. Planning Actions to address risks and opportunities When planning for the QMS, the organization shall consider the issues referred to in 4 . 1 and the requirements referred to in 4 . 2 and determine the risks and opportunities that need to be addressed to: 

give assurance that the QMS can achieve its intended result(s)



enhance desirable effects



prevent, or reduce, undesired effects



achieve improvement.

The organization shall plan: 

actions to address these risks and opportunities



how to  integrate and implement the actions into its QMS processes (see 4.4)  evaluate the effectiveness of these actions.

Actions taken to address risks and opportunities shall be proportionate to the potential impact on the conformity of products and services.

TVE CERT

92

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

NOTE Options to address risks can include  avoiding risk  taking risk in order to pursue an opportunity  eliminating the risk source  changing the likelihood or consequences  sharing the risk, or  retaining risk by informed decision. Opportunities can lead to the  adoption of new practices  launching new products  opening new markets  addressing new clients  building partnerships  using new technology and  other

desirable

and

viable

possibilities

to

address

the

organization‘s or its customers‘ needs

6. Quality objectives and planning to achieve them

The organization shall establish quality objectives at relevant functions, levels and processes needed for the QMS.

The quality objectives shall: 

be consistent with the quality policy



be measurable



take into account applicable requirements



be relevant to conformity of products and services and to enhancement of customer satisfaction

TVE CERT



be monitored and communicated



be updated as appropriate.

93

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

The organization shall maintain documented information on the quality objectives.

6.2.2 When planning how to achieve its quality objectives, the organization shall determine: 

what will be done



what resources will be required



who will be responsible



when it will be completed



how the results will be evaluated.

7. Auditing Guidance - Quality Objectives

Auditors need to verify that the organization‘s overall quality objectives have been defined, that they reflect the quality policy, are substantially coherent, aligned and compatible with the overall business objectives, including customer expectations. If this is not the case, the auditors should further evaluate Top Management commitment to quality.

The fulfilment of quality objectives needs to be measurable and documented.

The auditors should obtain evidence of the way

the

cascaded

quality

objectives

throughout

the

are

suitably

organization‘s

structure and processes, linking the general strategic objectives to management objectives and down to specific operational activities.

It is recommended that the documented quality objectives should be examined at the documentation review stage of the audit.

TVE CERT

94

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Evidence of that the organization has assigned responsibility to the personnel the resources needed to meet their objectives should be obtained at all levels of the organization.

Auditors should verify that the overall performance of the organization reflects the aims of the quality policy and reasonably meets the quality objectives and aims for continual improvement. Auditors should ensure the fulfilment of objectives can be measured in a quantitative or qualitative manner. They should also remember that there is a clear link between the dynamic aspects of revising the quality policy and the quality objectives and the commitment of the organization to continual improvement.

8. Planning of changes

When the organization determines the need for changes to the QMS, the changes shall be carried out in a planned manner (see 4.4). The organization shall consider the: 

purpose of the changes and their potential consequences



integrity of the QMS



availability of resources



allocation or reallocation of responsibilities and authorities

9. Summary 1. Has the top management considered the issues refereed (4.1) understanding the organization and its context? 2. Has the top management considered the issues refereed (4.2) understanding the needs and expectations of interested parties? 3. Has the organization determined the risks and opportunities giving assurance that the QMS can achieve its intended results? 4. Has the organization determined the risks and opportunities to enhance desirable effects?

TVE CERT

95

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

5. Has the organization determined the risks and opportunities prevent, or reduce, undesired effects? 6. Has the organization determined the risks and opportunities to achieve improvements? 7. Has the organization planned actions to address these risks and opportunities? 8. Has the organization planned how to integrate and implement the actions into its QMS system processes? 9. Has the organization planned to evaluate the effectiveness of these actions? 10.

Is the action taken to address risks and opportunities proportionate to the potential impact on the conformity of products and services?

11. Does this action taken includes eliminating the risk source, changing the likelihood or consequences, sharing the risk or retaining risk by informed decision? 12.

Do the opportunities lead to the adoption of new practices, launching new products, opening new markets?

13. Does the opportunities lead to addressing new clients, building partnerships, using new technology, and other desirable and viable possibilities? 14. Has the organization established quality objectives at relevant functions, levels and processes needed for the QMS? 15. Are the quality objectives consistent with quality policy? 16. Are the quality objectives measurable? 17. Does

the

quality

objectives

take

in

to

account

applicable

requirements? 18. Are the quality objectives relevant to conformity of products and services and the enhancement of customer satisfaction? 19. Are the quality objectives monitored, communicated and updated as appropriate? 20. Does the organization maintain documented information? 21. Has the organization planned how to achieve its quality objectives?

TVE CERT

96

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

22. Has the organization determined what will be done? 23.

Has the organization determined what resources are required?

24. Has the organization determined who are all responsibility? 25. Has the organization determined how the results are evaluated? 26. Has the organization determined the need for changes to the QMS & the changes are carried out in a planned manner? 27. Has the organization considered the purpose of the changes and their potential consequences? 28. Has the organization considered the integrity of the QMS? 29. Has the organization considered the availability of resources? 30. Has the organization considered the allocation or reallocation of responsibilities and authorities?

TVE CERT

97

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

SUPPORT This chapter deals about the clause requirement - Support

1. Resources The organization shall determine and provide the resources needed for the establishment, implementation,

maintenance

and

continual

improvement of the QMS.

The organization shall consider:  the capabilities of, and constraints on, existing internal resources  what needs to be obtained from external providers 2. People

The organization shall determine and provide the persons necessary for the effective implementation of its QMS and for the operation and control of its processes.

3. Infrastructure

The organization shall determine, provide and maintain

the

infrastructure

necessary

for

the

operation of its processes and to achieve conformity of products and services. NOTE Infrastructure can include:

TVE CERT



buildings and associated utilities



equipment, including hardware and software



transportation resources



information and communication technology

98

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

4. Environment for the operation of processes The organization shall determine, provide and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services. NOTE A suitable environment can be a combination of human and physical factors, such as: 

social (e.g. non-discriminatory, calm, non-confrontational)



psychological

(e.g.

stress-reducing,

burnout

prevention,

emotionally

protective) 

physical (e.g. temperature, heat, humidity, light, airf low, hygiene, noise)

These factors can differ substantially depending on the products and services provided.

5. Monitoring and measuring resources a. General

The organization shall determine and provide the resources needed to ensure valid and reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements.

The organization shall ensure that the resources provided: 

are suitable for the specific type of monitoring and measurement activities being undertaken



are maintained to ensure their continuing fitness for their purpose

The organization shall retain appropriate documented information as evidence of fitness for purpose of the monitoring and measurement resources.

TVE CERT

99

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

b. Measurement Traceability

When measurement traceability is a requirement, or is considered by the organization to be an essential part of providing confidence in the validity of measurement results, measuring equipment shall be: 

calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards; when no such standards exist, the basis used for calibration or verification shall be retained as documented information



identified in order to determine their status



safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results.

The organization shall determine if the validity of previous measurement results has been adversely affected when measuring equipment is found to be unfit for its intended purpose, and shall take appropriate action as necessary. 6. Auditing Guidance – Monitoring and Measuring Resources

The following information is provided as guidance for auditing the processes associated with control of monitoring and measuring equipment, and to assist in the evaluation of justifications for the exclusion of clause 7.1.5.2 from the scope of an organization‘s quality management system.

In the auditing of monitoring and measuring processes, it is important for auditors to understand the difference between ―monitoring‖ and ―measuring‖:

Monitoring implies observing, supervising, keeping under review (using

TVE CERT

100

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

monitoring equipment); it can involve measuring or testing at intervals, especially for the purpose of regulation or control.

Measuring considers the determination of a physical quantity, magnitude or dimension (using measuring equipment). The auditors should evaluate the following 

How the organization validates that ―the monitoring and measuring equipment‖ is consistent with the monitoring and measurement requirements.



How the organization assures the information validity and the consistency of the results.



The competence of those responsible for using ―the monitoring and measuring equipment‖

From the description above, the organization should be able to decide whether or not all or part of the requirements of clause 7.1.5.2 may be excluded. It is stressed that just because an organization does not have measuring equipment that needs to be calibrated does not mean that it can automatically exclude compliance with the whole of clause 7.1.5.2 to do so would require that it also does not do any monitoring or measurement and that it does not use any monitoring or measuring equipment.

7. Organizational Knowledge

In 7.1.6, this International Standard addresses the need to determine and manage the knowledge maintained by the organization, to ensure that it can achieve conformity of products and services.

Requirements regarding organizational knowledge were introduced for the purpose of:

TVE CERT

101

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

a) safeguarding the organization from loss of knowledge, e.g. 

through staff turnover



failure to capture and share information

b) encouraging the organization to acquire knowledge, e.g.  learning from experience 

mentoring



benchmarking

The organization shall determine the knowledge necessary for the operation of its processes and to achieve conformity of products and services.

This knowledge shall be maintained and be made available to the extent necessary.

When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates.

NOTE 1. Organizational knowledge is knowledge specific to the organization. It is gained by experience. It is information that is used and shared to achieve the organization‘s objectives. 2. Organizational knowledge can be based on: a) internal sources Examples  intellectual property  knowledge gained from experience  lessons learned from failures and successful projects  capturing

and

sharing

undocumented

knowledge

and

experience

TVE CERT

102

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

 the results of improvements in processes, products and services

b) external sources Examples  standards  academia  conferences  gathering knowledge from customers or  external providers

8. Competence

The organization shall: 

determine

the

necessary

competence

of

person(s) doing work under its control that affects the performance and effectiveness of the QMS 

ensure that these persons are competent on the basis of appropriate education, training, or experience



where

applicable,

take

actions

to

acquire

the

necessary

competence, and evaluate the effectiveness of the actions taken 

retain

appropriate

documented

information

as

evidence

of

competence. NOTE Applicable actions can include, for example, the provision of training to, the mentoring of, or the re- assignment of currently employed persons; or the hiring or contracting of competent persons.

TVE CERT

103

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

9. Awareness The organization shall ensure that persons doing work under the organization‘s control are aware of 

the quality policy



relevant quality objectives



their contribution to the effectiveness of the QMS, including the benefits of improved performance



the implications of not conforming with the QMS requirements.

10. Auditing Guidance – Resource Management

Auditors should verify that the resources needed to implement, maintain and improve the

quality

adequately

management managed.

This

system

are

means

that

appropriate resources are to be identified, planned, made available, used, monitored and changed as necessary by the organization.

It is recommended that the management of resources is not audited in isolation. Irrespective of the way the organization is structured and identifies its processes, auditors should be able to verify the adequacy and effective management of the re- sources to achieve planned results. It is important for auditors to verify whether the organization has evaluated past and present performance (e.g. using cost-benefit analysis, risk assessment) when deciding what resources are to be allocated.

Management of resources can be evaluated by interviews with top management and other responsible personnel to check that suitable processes are in place. This needs however to be supported by objective

TVE CERT

104

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

evidence collected throughout the audit. Evidence can be obtained at different stages of the audit – reviewing inputs, process performance and outputs. This has to be carried out when auditing all the processes and related system and process documentation, such as •

management commitment and responsibilities

•

management review process

•

product realization processes including the control of nonconforming products, corrective and preventive actions and continual improvement.

Auditors should verify that the human resources, infrastructure (energy, water, facilities and equipment maintenance, communications, information technology, etc.), and the work environment (temperature, lighting, vibration, noise, etc.) have been provided and maintained in a way consistent with the quality policy and objectives as well as contributing to conformity to product requirements. If it is found that effective management of resources has not been taken into consideration by the organization which may result in not satisfying product related requirements, this should be treated as a nonconformity, the magnitude of which should be related to the associated risk.

11. Communication

The

organization

shall

determine

the

internal

and

external

communications relevant to the Q M S , including:

TVE CERT



on what it will communicate



when to communicate



with whom to communicate



how to communicate



who communicates.

105

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

12. Auditing Guidance –Communication

The auditor should observe the following communicating information within the organization 

Management led communication in work areas



Team briefings and other meetings such as those for recognition of achievement



Notice boards



E-mail, intranet and web sites



Company or in house magazine/newsletter



Staff meetings



Individual notices or letters

The auditor may ensure the effectiveness of the organization‘s internal communication processes by: 

Interviewing employees



Evaluating the causes of nonconformities and the organization‘s corrective action processes.



Evaluating

the

relevance

and

significant

dates

of

displayed

information. 

Examining the feedback mechanisms within the organization, e.g. one-to- one interviews or reviews, employee surveys etc.



Evaluating training and induction programs within the organization.



Viewing

minutes

of

meetings

containing

items

of

internal

communication.

TVE CERT

106

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

13. Documented information a. General

The

organization‘s

QMS

shall

include

documented information: 

required by this International Standard



determined by the organization as being necessary for the effectiveness of the QMS.

NOTE

The extent of documented information for a QMS can differ from one organization to another due to the: 

size of organization and its type of activities, processes, products and services;



complexity of processes and their interactions;



competence of persons.

b. Creating and updating When creating and updating documented information, the organization shall ensure appropriate: 

identification and description (e.g. a title, date, author, or reference number)



format (e.g. language, software version, graphics) and media (e.g. paper, electronic)



review and approval for suitability and adequacy

TVE CERT

107

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

c. Control of documented information

Documented information required by the QMS and by this International Standard shall be controlled to ensure it is : 

available and suitable for use, where and when it is needed



adequately protected (e.g. from loss of confidentiality, improper use,

or loss of integrity).

For the control of documented information, the organization shall address the following activities, as applicable: 

distribution, access, retrieval and use



storage and preservation, including preservation of legibility



control of changes (e.g. version control)



retention and disposition.

Documented information 

of external origin determined by the organization to be necessary for the planning and operation of the QMS shall be identified as appropriate, and be controlled.



retained as evidence of conformity shall be protected from unintended alterations.

NOTE Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.

TVE CERT

108

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

14. Auditing Guidance – Requirements of Documented Information of ISO 9001:2015

a. Introduction Two of the most important objectives in the revision of the ISO 9000 series of standards have been: a) to develop a simplified set of standards that will be equally applicable to small as well as medium and large organizations, and b) for the amount and detail of documentation required to be more relevant to the desired results of the organization‘s process activities. ISO 9001:2015 Quality management systems – Requirements has achieved these objectives, and the purpose of this additional guidance is to explain the intent of the new standard with specific regard to documented information. ISO 9001:2015 allows an organization flexibility in the way it chooses to document its quality management system (QMS). This enables each individual organization to determine the correct amount of documented information needed in order to demonstrate the effective planning, operation and control of its processes and the implementation and continual improvement of the effectiveness of its QMS.

It is stressed that ISO 9001 requires (and always has required) a ―Documented quality management system‖, and not a ―system of documents‖. b. What is documented information? ‐ Definitions and references

The term Documented information was introduced as part of the common High Level Structure (HLS) and common terms for Management System Standards (MSS).

The definition of documented information can be found in ISO 9000 clause 3.8.

TVE CERT

109

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Documented information can be used to communicate a message, provide evidence of what was planned has actually been done, or knowledge sharing. The following are some of the main objectives of an organization‘s documented information a) Communication of Information - As a tool for information transmission and communication. The type and extent of the documented information will depend on the nature of the organization‘s products and processes, the degree of formality of communication systems and the level of communication skills within the organization, and the organizational culture.

b) Evidence of conformity - Provision of evidence that what was planned has actually been done. c) Knowledge sharing d) To disseminate and preserve the organization‘s experiences. A typical example would be a technical specification, which can be used as a base for design and development of a new product or service.

It must be stressed that, according to ISO 9001:2015 clause 7.5.3 Control of documented information requirements, documents may be in any form or type of medium, and the definition of ―document‖ in ISO 9000:2015 clause 3.8.5 gives the following examples: − paper − magnetic − electronic or optical computer disc − photograph − master sample

TVE CERT

110

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

c. ISO 9001:2015 Documentation Requirements ISO 9001:2015 clause 4.4 Quality management systems and its processes requires an organization to “maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confident that the processes are being carried out as planned.”

Clause 7.5.1 General explains that the quality management system documentation shall include:

a) documented information required by this International standard b) documented information determined by the organization as being necessary for the effectiveness of the quality management system

The note after this Clause make it clear that the extent of the QMS documented information can differ from one organization to another due to the: a) size of organization and its type of activities, processes, products and services b) complexity of processes and their interactions c) competence of persons All the documented information that forms part of the QMS has to be controlled in accordance with clause 7.5 Documented information.

d. Guidance on Clause 7.5 of ISO 9001:2015 The following comments are intended to assist users of ISO 9001:2015 in understanding the intent of the general documented information requirements of the International Standard. Documented information can refer to:

TVE CERT

111

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

a) Documented information needed to be maintained by the organization for the purposes of establishing a QMS (high level transversal documents). These include: 

The scope of the quality management system (clause 4.3)



Documented information necessary to support the operation of processes (clause 4.4)



The quality policy (clause 5.)



The quality objectives (clause 6.2)



This documented information is subject to the requirements of clause 7.5

b) Documented information maintained by the organization for the purpose of communicating the information necessary for the organization to operate (low level, specific documents). See 4.4. Although ISO 9001:2015 does not specifically requires any of them, examples of documents that can add value to a QMS may include: 

Organization charts



Process maps, process flow charts and/or process descriptions



Procedures



Work and/or test instructions



Specifications



Documents containing internal communications



Production schedules



Approved supplier lists



Test and inspection plans



Quality plans



Quality manuals



Strategic plans



Forms

Where it exists, all such documented information, is also subject to the requirements clause 7.5. TVE CERT

112

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

c) Documented information needed to be retained by the organization for the purpose of providing evidence of result achieved (records). These include: 

Documented

information

to the extent necessary to

have

confidence that the processes are being carried out as planned (clause 4.4) 

Evidence of fitness for purpose of monitoring and measuring resources (clause 7.1.5.1)



Evidence of the basis used for calibration of the monitoring and measurement

resources (when no international or national

standards exist) (clause 7.1.5.2) 

Evidence of competence of person(s) doing work under the control of the organization that affects the performance and effectiveness of the QMS (clause 7.2)



Results of the review and new requirements for the products and services (clause 8.2.3)



Records needed to demonstrate that design and development requirements have been met (clause 8.3.2)



Records on design and development inputs (clause 8.3.3)



Records of the activities of design and development controls (clause 8.3.4)



Records of design and development outputs (clause 8.3.5)



Design and development changes, including the results of the review and the authorization of the changes and necessary actions (clause 8.3.6)



Records of the evaluation, selection, monitoring of performance and re‐evaluation of external providers and any and actions arising from these activities (clause 8.4.1)



Evidence of the unique identification of the outputs when traceability is a requirement (clause 8.5.2)

TVE CERT

113

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



Records of property of the customer or external provider that is lost, damaged or otherwise found to be unsuitable for use and of its communication to the owner (clause 8.5.3)



Results of the review of changes for production or service provision, the persons authorizing the change, and necessary actions taken (clause 8.5.6)



Records of the authorized release of products and services for delivery to the customer including acceptance criteria and traceability to the authorizing person(s) (clause 8.6)



Records of nonconformities, the actions taken, concessions obtained and the identification of the authority deciding the action in respect of the nonconformity (clause 8.7)



Results of the evaluation of the performance and the effectiveness of the QMS (clause 911)



Evidence of the implementation of the audit programme and the audit results (clause 9.2.2)



Evidence of the results of management reviews (clause 9.3.3)



Evidence of the nature of the nonconformities and any subsequent actions taken (clause 10.2.2)



Results of any corrective action (clause 10.2.2)

Organizations are free to develop other records that may be needed to demonstrate conformity of their processes, products and services and quality management system. Where they exists, all such records are also subject to the requirements clause 7.5.

TVE CERT

114

Issue Date: SEP 2015

115

116

Quality Management Systems Auditor / Lead Auditor Training Course

15. Summary

1. Has the organization determined and provided the resources needed for the establishment, implementation, maintenance and continual improvement? 2. Has the organization considered the capabilities of, and constraints on, existing internal resources? 3. Has the organization considered what needs obtained from external providers? 4. Has the organization determined and provided the persons necessary for the effective implementation of its QMS and for the operation and control of its processes? 5. Has the organization determined, provided and maintained the infrastructure necessary for the operation of its processes and to achieve conformity of products and services? 6. Has the organization included buildings and associated utilities? 7. Has the organization included equipments? 8. Has the organization included hardware and software? 9. Has the organization included transportation resources? 10. Has the organization included information and communication technology? 11. Has the organization determined, provided and maintain the environment necessary for the operation of its processes and to achieve conformity of products and services? 12. Has the organization considered suitable environment such as human and physical factors? 13. Has the organization considered social, psychological and physical factors? 14. Has the organization determined and provided the resources needed to ensure valid and reliable results when monitoring or measuring is used to verify the conformity of products and services to requirements?

TVE CERT

117

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

15. Has the organization ensured the suitable resources provided suitable for the specific type of monitoring and measurement activities being undertaken? 16. Has the organization ensured the resources provided maintained to ensure their continuing fitness for their purpose. 17. Has the organization retained appropriate documented information as evidence of fitness for purpose of the monitoring and measurement resources? 18. Has the organization‘s measurement traceability is a requirement, or is considered by the organization to be an essential part of providing confidence in the validity of measurement results? 19. Has the organization measuring equipments are calibrated or verified? 20. Has the organization measuring equipments calibrated or verified at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards? 21. Has the organization retained the documented information of calibrated or verified equipments? 22. Are the equipments safeguarded from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results? 23. How the organization, considered any changes need and trends from current knowledge? 24. How the organisation determined to acquire or access any necessary additional knowledge and required updates? 25. Has the organization considered organizational knowledge from experience and any specific knowledge to the organization? 26. Is the organization knowledge considered from internal sources? 27. Is the organization knowledge considered from external sources? 28. Has the organization determined the necessary competence of persons doing work under its control that affects the performance and effectiveness of the QMS? 29. Has the organization ensured that these persons are competent on the

TVE CERT

118

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

basis of appropriate education, training, or experience? 30. How the organization taken actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken? 31. Has the organization retained appropriate documented information as evidence of competence? 32. Does the Applicable action include the provision of training to, the mentoring of, or the re- assignment of currently employed persons; or the hiring or contracting of competent persons? 33. Has the organization ensured that persons doing work under the organization‘s control are aware of the quality policy and relevant quality objectives? 34. Has the organization ensured that persons doing work under the organization‘s control are aware of their contribution to the effectiveness of the QMS, including the benefits of improved performance? 35. Has the organization ensured that persons doing work under the organization‘s control are aware of the implications of not conforming with the quality management system requirements? 3 6 . Has the

organization

determined

the

internal

and

external

internal

and

external

internal

and

external

communications relevant to the Q M S ? 37. Does the

organization

determine

the

communication on what it will communicate? 38. Does the

organization

communication

when

determine to

the

communicate

and

with

whom

to

communicate? 39. Has the organization included documented information required by international standard? 40. Has the organization included documented information determined by the organization for the effectiveness of the QMS? 41. Has

the

organization

ensured

appropriate

identification

and

description when creating and updating documented information?

TVE CERT

119

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

42. Has the organization ensured appropriate format and media when creating and updating documented information? 43. Has the organization ensured appropriate review and approval for suitability and adequacy when creating and updating documented information? 44. Has the organization ensured the documented information is available and suitable for use? 45. Has the organization ensured the documented information is adequately protected? 46. Has the organization addressed the distribution, access, retrieval and use of documented information? 47. Has the organization addressed the storage, preservation and legibility? 48. Has the organization addressed the control of changes, retention and disposition? 49.

Are the external origin documented informations (QMS) identified and controlled?

TVE CERT

120

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

OPERATION This chapter deals about the clause requirement - Operation

1. Operational planning and control The organization shall plan, implement and control the processes (see 4.4) needed to meet the requirements for the provision of products and services, and to implement the actions determined in Clause 6, by 

determining the requirements for the products and services



establishing criteria for  the processes  the acceptance of products and services



determining the resources needed to achieve conformity to the product and service requirements



implementing control of the processes in accordance with the criteria



determining and keeping documented information to the extent necessary: 1) to have confidence that the processes have been carried out as planned 2) to demonstrate the conformity of products and services to their requirements

NOTE ―Keeping‖ implies both the maintaining and the retaining of documented information. The output of this planning shall be suitable for the organization‘s operations.

The organization shall 

control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary



TVE CERT

ensure that outsourced processes are controlled (see 8.4)

121

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

2. Requirements for products and services a. Customer communication Communication with customers shall include: 

providing information relating to products and services



handling

enquiries,

contracts

or

orders,

including changes 

obtaining customer feedback relating to products and services, including customer complaints



handling or controlling customer property



establishing specific requirements for contingency actions, when relevant

b. Determining the requirements related to products and services When determining the requirements for the products and

services

to

be

offered

to

customers,

the

organization shall ensure that the: 

requirements for the products and services are defined, including:  any applicable statutory and regulatory requirements  those considered necessary by the organization



organization can meet the claims for the products and services it offers.

TVE CERT

122

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

c. Review of requirements related to products and services The organization shall ensure that it has the ability to meet the requirements for products and services to be offered to customers. The organization shall conduct a review before committing to supply products and services to a customer, to include: 

requirements specified by the customer, including the requirements for delivery and post- delivery activities



requirements not stated by the customer, but necessary for the specified or intended use, when known



requirements specified by the organization



statutory and regulatory requirements applicable to the products and services



contract or order requirements differing from those previously expressed

The organization shall ensure that contract or order requirements differing from those previously defined are resolved.

The customer‘s requirements shall be confirmed by the organization before acceptance, when the customer does not provide a documented statement of their requirements. NOTE - In some situations, such as internet sales, a formal review is impractical for each order. Instead, the review can cover relevant product information, such as catalogues or advertising material.

The organization shall retain documented information, as applicable on:

TVE CERT



the results of the review



any new requirements for the products and services

123

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

d. Changes to requirements for products and services

The organization shall ensure that relevant documented information is amended, and that relevant persons are made aware of the changed requirements, when the requirements for products and services are changed. 3. Auditing Guidance – Customer communication

Customer feedback is a process. It needs to be audited as a process, not as a ―clause of the standard‖.

An

evaluation

also

needs

to

be

performed on the way in which the process is managed (see ISO 9001 clause 4.1.c), and its ability to provide meaningful information with which to judge the overall effectiveness of the QMS. The way in which the organization obtains this feedback (―the method‖) is up to the organization to define.

The auditor should therefore be aware of the many factors that can affect the organization‘s approach, and should recognize that there is no fixed ―recipe‖.

Due consideration should be given to factors such as: 

organization size and complexity



degree of sophistication of products and customers



risks associated with the product



diversity of customer base

The auditor needs to be aware of the specific characteristics of the organization‘s products that are likely to impact customer satisfaction. Throughout the audit the auditor should be alert for indications that may suggest customer satisfaction or dissatisfaction which could serve as input into the audit of the customer feedback process. Good sources of such

TVE CERT

124

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

information may include, for example: 

Goods returned by the customer



Warranty claims



Revised invoices



Credit notes



Articles in the media



Consumer websites



Direct observation of, or communication with, the customer (for example in a service organization)

4. Design and Development of Products and Services

a. Design and Development Planning

To effectively plan the design and development process, the organization must: 

Clearly define the stages involved in the design and development process.



Identify how the review and verification of the design will take place.



Describe

clear

responsibility

and

authority for the people doing this work. 

See that design information flows effectively among the various groups having a role in designing, selling, managing, manufacturing, and servicing the products.



Keep design and development plans up to date.

b. Design and Development Inputs

Determine the product requirements, including:

TVE CERT



what it does and how well it must perform,



legal and regulatory requirements,

125

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



pertinent information from similar designs,



other pertinent requirements.

c. Design and Development controls

The controls applied to the Design and Development process shall ensure the reviews verification and validation.  Design and Development review

Review the design and development work products to: 

determine if the design meets the design input requirements



identify and problems with the design



propose solutions to identified design problems

Include representatives from each function concerned with the design and development stage being reviewed. Keep records of the reviews.  Design and Development Verification

Verify, according to your plan, that the design output meets design input requirements. Record the results of these verification activities.  Design and Development Validation

Validate the operation of the resulting product under actual operating conditions. If the product has multiple uses, validate operation for each intended use. The methods for validation defined in the design output

TVE CERT

126

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

should be followed. Whenever possible, the validation of a product or service should be performed prior to delivery to the customer. Record the results of these validation activities.

d. Design and Development Outputs The output of design and development must include sufficient information to verify that design output meets design input requirements. In addition, it must: 

include the information need to purchase component materials, manufacture the product, and service the product.



specify how to determine if the product has acceptable performance,



highlight safety and usage considerations.

e. Control of Design and Development Changes

The Organisation needs to Identify, document, review, and approve all design changes before carrying them out. Evaluate the impact of the changes on the present design of the product. Also should keep records of the review.

5. Auditing Guidance - Design and Development The objective of auditing the design and development process is to determine whether it is managed and controlled to enable products to meet their intended use and specified requirements. It is necessary to note that for service organizations, the approach to design and

development may

be

different

from

―traditional‖ manufacturing

organizations. Before discussing in detail the way in which the design and development process should be audited it is vital for the auditor to understand what is meant by the phrase ―Design and development‖. By misunderstanding this

TVE CERT

127

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

concept, many organizations have wrongly excluded this process from their quality management system. ISO 9001clause 7.3 refers only to design and development of products and services. In some organizations it can be beneficial, but not required, to apply the same methodology to design and development of processes. Product design and development is the set of processes for transforming requirements

for

the

product

(for

example

specifications,

statutory

requirements and specific or implied customer requirements) into specified product characteristics (―distinguishing features of the product‖). ISO 9000 Clause 3.5.1 gives the following examples of product characteristics. 

physical

(e.g.

mechanical,

electrical,

chemical

or

biological

characteristics) 

sensory (e.g. related to smell, touch, taste, sight, hearing)



behavioral (e.g. courtesy, honesty, veracity)



temporal (e.g. punctuality, reliability, availability)



ergonomic (e.g. physiological characteristic, or related to human safety)



functional (e.g. maximum speed of an aircraft)

In order for the auditor to determine if the organization is in fact involved in design and development, auditors need to establish who is responsible for defining the characteristics of the product or service together with how and when this is carried out. Note - This may apply to original design or ongoing design changes Generally, the design and development process consists of the stages shown in Figure below. Each stage has specific deliverables that cover both the commercial and technical aspects of design and development of a product. In some cases, organisations might be able to justify the exclusion of certain subclauses or individual requirements from their QMS, without necessarily excluding the entire clause. For an organisation with a long established and

TVE CERT

128

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

well validated product design, for example, the organisation might only need to ensure that design changes are managed in accordance with the requirements of clause 7.3. Auditors should verify that any exclusions are valid.

D E S I G N

Need for products and processes identified 8.3.1

Design and development planning ISO 9001 8.3.2

Design and development changes 8.3.6

C O N T R O L S

Design and development inputs ISO 9001 8.3.3

Design and development process

Design and development outputs ISO 9001 8.3.5

Completed design or development

Outline of the Design and Development Process

Auditors should establish what design and development projects have been, and are currently being, undertaken. Auditors should select a sufficient number of projects to be able to audit all stages of the design process.

Guidance for auditing the various stages of the design and development

TVE CERT

129

Issue Date: SEP 2015

8 . 3 . 4

Quality Management Systems Auditor / Lead Auditor Training Course

process is given below but it should be noted that it might not be possible to audit all stages for all the projects selected.

a. Auditing the need for design and development

The need for design and development is generated from a number of sources including 

the organization‘s strategic planning



market intelligence and research



service reports



customer feedback and demand



new or changed statutory and regulatory requirements



process changes



new technology



suppliers

Auditors should evaluate whether organizations have in place, and perform, activities for the review of such needs. Whilst it is not a requirement of the standard it is useful to review how the decision to proceed with design and development is taken, i.e. have risks and cost implications been considered and have all relevant functions (internal or external) been consulted.

b. Auditing design and development planning

The following issues should be considered when auditing the planning function

TVE CERT



what is the overall flow of the design planning process?



how is it described?



what resources and competencies are required?

130

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



what part of the design will be outsourced?



who is responsible and are the authorities defined?



how are (internal and external) interfaces between various groups identified and managed?



are the required verification, validation and review points defined?



are the main milestones and timelines identified?



is the implementation and effectiveness of the plan monitored?



is the plan updated and communicated to all relevant functions as necessary?

c. Auditing design and development inputs

When auditing the design and development inputs, auditors should develop an understanding of how the organization identifies its own inputs based on 

the organization‘s products and processes



financial, environmental, health and safety issues



organizational risks and impacts



customer‘s requirements and expectations



statutory and regulatory requirements applicable to the product

Auditors should evaluate the risks, the possible implications for customer satisfaction and issues that the organization may encounter if some relevant inputs are not considered.

d. Auditing the design and development controls

The controls applied to the Design and Development process shall ensure the reviews verification and validation.

TVE CERT

131

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

 Auditing the design and development process and design reviews

Auditors should verify that the overall design and development process is controlled in accordance with

the

organization‘s

original

plan

being

reviewed and that the design and development reviews take place at appropriate planned stages. The following issues should be considered by auditors when examining the review process 

do reviews occur at planned stages throughout the design process?



are

the

reviews

carried

out

in

a

systematic

way

involving

representatives of the functions concerned with the stage(s) being reviewed? 

have all original and any new inputs been considered ?



are the original outputs still relevant or have revised outputs been identified?



have revised inputs and outputs been reviewed and approved by those with the relevant responsibility and authority (including the customer where appropriate)?



does the output demonstrate the suitability, adequacy and effectiveness of the designed product?



are the relevant design objectives being achieved?



are there adequate records of reviews?

 Auditing design and development verification

Design and development verification is aimed at providing assurance that the outputs of a design and development activity have met the input requirements for this activity.

TVE CERT

132

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Verification can comprise activities such as 

performing alternative calculations



comparing a new design specification with a similar proven design specification



undertaking demonstrations including prototypes, simulations or tests and



reviewing documents prior to issue

Auditors should determine that the design and development verification activities should provide confidence that 

required verifications are planned and that verification is performed as appropriate during the design and development process



the completed design or development is acceptable and the results are consistent with and traceable to the initial requirements



the completed design or development is the result of implementation of a proper sequence of events, inputs, outputs, interfaces, logic flow, allocation of timing, etc



the design or development provides safety, security, and compliance with other requirements and design inputs



evidence is available to demonstrate that the verification results and any further actions have been recorded and confirmed when actions are completed.

Auditors should determine that only verified design and development outputs have been submitted to the next stage, as appropriate.  Auditing design and development validation

Design and development validation is the confirmation by examination, and the provision of evidence, that the

TVE CERT

133

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

particular requirements for specific intended use are fulfilled. In other words, is the validation process capable of checking that the final product and/or service will meet, or does meet, the customer‘s needs when it is in use?

Validation methods should be specified as part of the design and development planning process, although these could be modified during the realization of design and development.

For many products and/or services, validation is relatively simple process. An example could be a new design of office furniture, which could be validated by the testing of prototypes, followed by testing of initial samples of the finished product.

Auditors should ensure that 

there are records to confirm that the validations have been carried out



the validation was carried out in accordance with the planned arrangements for validation



the validation indicates that the resulting product is capable of meeting the requirements of the specification



wherever practical, the validation has been carried out prior to delivery or implementation; and that



there are records of any actions necessary to correct non-compliance with the design and development inputs and the reasons for these deviations.

Where validation cannot be carried out prior to delivery or implementation, auditors should ensure that these activities are carried out at the earliest opportunity, such as when commissioning a complex plant or factory, and that this is communicated to the client. Auditors should determine that only validated design and development outputs have been submitted for customer use.

TVE CERT

134

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

e. Auditing design and development outputs

The design and development outputs should comply with the identified needs in order to ensure that the resulting product can fulfil its intended use. Outputs can include information relevant to the following 

marketing, sales and purchasing



production



quality assurance



information for service provision and maintenance of the product after delivery

and, should be provided in a form that enables verification and validation activities to be performed.

Auditors should obtain evidence from the projects selected to confirm that 

information regarding the completion of design and development stages is available



the design and development process has been completed for the stage under review



design and development outputs have been confirmed

h. Auditing design and development changes

Design and development changes made during the design process need to be controlled. Auditors should consider the following 

are the sources and requests for changes properly identified and communicated?



TVE CERT

is the impact of any change evaluated?

135

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



is any additional design proving or testing undertaken where appropriate?



are the effects of the changes on constituent parts and product already delivered evaluated?



has appropriate approval been given before a change is implemented (this could include statutory or regulatory approval or approval by the client)?



are the changes fully documented and do records include information regarding any necessary additional actions?

6. Control of externally provided processes, products and services a. General The

organization

shall

ensure

that

externally

provided processes, products and services conform to requirements.

The organization shall determine the controls to be applied to externally provided processes, products and services when: 

products and services from external providers are intended for incorporation into the organization‘s own products and services



products and services are provided directly to the customer(s) by external providers on behalf of the organization



a process, or part of a process, is provided by an external provider as a result of a decision by the organization.

The organization shall determine and apply criteria for the  evaluation  selection

TVE CERT

136

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

 monitoring of performance and  re-evaluation of external providers

based on their ability to provide processes or products and services in accordance with requirements. The organization shall retain documented information of these activities and any necessary actions arising from the evaluations.

b. Type and extent of control

The organization shall ensure that externally provided processes, products and services do not adversely affect the organization‘s ability to consistently deliver conforming products and services to its customers. The organization shall: 

ensure that externally provided processes remain within the control of its QMS



define both the controls that it intends to apply to an external provider and those it intends to apply to the resulting output



take into consideration:  the potential impact of the externally provided processes, products

and

services

on

the

organization‘s

ability

to

consistently meet customer and applicable statutory and regulatory requirements  the effectiveness of the controls applied by the external provider 

determine the verification, or other activities, necessary to ensure that the externally provided processes, products and services meet requirements.

TVE CERT

137

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

c. Information for external providers

The organization shall ensure the adequacy of requirements prior to their communication to the external provider.

The organization shall communicate to external providers its requirements for: 

the processes, products and services to be provided;



the approval of  products and services  methods, processes and equipment  the release of products and services



competence, including any required qualification of persons



the external providers‘ interactions with the organization



control and monitoring of the external providers‘ performance to be applied by the organization



verification or validation activities that the organization, or its customer, intends to perform at the external providers‘ premises.

7. Auditing Guidance - Control of externally provided processes, products and services All forms of externally provided processes, products and services are addressed in 8.4, e.g. whether through:

TVE CERT



purchasing from a supplier



an arrangement with an associate company



outsourcing processes to an external provider

138

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Outsourcing always has the essential characteristic of a service, since it will have at least one activity necessarily performed at the interface between the provider and the organization. The controls required for external provision can vary widely depending on the nature of the  processes  products and  services. The organization can apply risk-based thinking to determine the type and extent of controls appropriate to  particular external providers and  externally provided processes  products and services

When developing a management system, many organizations will have put in place systems to control the purchasing of products and the verification of purchased products in a way in which they consider satisfies the requirements of Clause 8.4 of ISO 9001. Similarly, Auditors may consider it sufficient to confirm compliance by checking that an approved external providers list is upto-date, that orders have been placed only with approved suppliers and activities necessary for ensuring that meeting specified purchase requirements have been carried out.

In many instances, however, that may not be sufficient to ensure that purchased products simply meet original specifications in all respects. In such instances, it would be preferable to review the wider processes for procurement management and the supply chain.

In auditing the process for the management of procurement, the following should be considered:-

TVE CERT

139

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



Procurement starts during the design and development of a product when a specification is prepared



Inter-departmental discussions take place to ensure that potential external providers can provide a product that meets the design specification at the required cost



The

organization

should

ensure

that

the

specified

purchase

requirements are correct prior to their communication to the supplier; 

Statutory & regulatory requirements have been included in the purchase requirements; and



The degree of risk associated with a component product and the controls required to ensure that it meets the design specification have been assessed

Practical suggestions of ways in which to confirm that the above points have been considered are:-



Confirm that the specification quoted in a purchase order is the same as the specification contained in the design (or the specification received from the customer)



Identify whether or not there were discussions between the organization and potential external providers regarding the design specification of critical components during the design process or prior to an order being placed



Was there some form of ―approval‖ of the specification before the final specification/order was confirmed to the external providers?



Does the purchase order contain or refer to any statutory or regulatory requirements?

In many cases, audits of the evaluation and selection of external providers simply consists of a review of the organization‘s approved supplier list and whether this list has been reviewed at regular intervals. In many cases this

TVE CERT

140

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

may not be sufficient to ensure that the organization has effective control of all of those suppliers within its supply chain.

8. Production and service provision a. Control of production and service provision The organization shall implement production and service provision under controlled conditions. Controlled conditions shall include, as applicable: 

the availability of documented information that defines:  the characteristics of the products to be produced, the services to be provided, or the activities to be performed  the results to be achieved



the availability and use of suitable monitoring and measuring resources



the implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met

  

the use of suitable infrastructure and environment for the operation of processes the appointment of competent persons, including any required qualification the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the resulting output cannot be verified by subsequent monitoring or measurement

TVE CERT



the implementation of actions to prevent human error



the implementation of release, delivery and post-delivery activities.

141

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

b. Identification and traceability The organization shall use 

suitable means to identify outputs when it is necessary to ensure the conformity of products and services.



identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision.



control the unique identification of the outputs when traceability is a requirement,

and

shall

retain

the

documented

information

necessary to enable traceability.

c. Property belonging to customers or external providers The organization shall exercise care with property belonging to customers or external providers while it is under the organization‘s control or being used by the organization.

The organization shall identify, verify, protect and safeguard customers‘ or external providers‘ property provided for use or incorporation into the products and services.

When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider and retain documented information on what has occurred. NOTE A customer‘s or external provider‘s property can include

TVE CERT



material,



components,



tools and equipment,

142

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



premises,



intellectual property and



personal data.

d. Preservation

The organization shall preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements. NOTE

Preservation can include 

identification



handling



contamination



control



packaging



storage



transmission or transportation, and



protection

e. Post-delivery activities

The organization shall meet requirements for postdelivery activities associated with the products and services.

In determining the extent of post-delivery activities that are required, the organization shall consider: 

statutory and regulatory requirements



the potential undesired consequences associated with its products and services



TVE CERT

the nature, use and intended lifetime of its products and services

143

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



customer requirements



customer feedback

NOTE Post-delivery activities can include 

actions under warranty provisions,



contractual obligations such as maintenance services, and



supplementary services such as recycling or final disposal.

f. Control of changes The organization shall 

review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements.



retain documented information describing the results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review.

9. Release of products and services

The organization shall implement planned arrangements, at appropriate stages, to verify that the product and service requirements have been met.

The release of products and services to the customer shall not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer.

The organization shall retain documented information on the release of products and services. The documented information shall include:

TVE CERT



evidence of conformity with the acceptance criteria



traceability to the person(s) authorizing the release. 144

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

10. Control of nonconforming outputs

The organization shall 

ensure that outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery.



take appropriate action based on the nature of the nonconformity and its effect on the conformity of products and services. This shall also apply to nonconforming products and services detected after delivery of products, during or after the provision of services.



deal with nonconforming outputs in one or more of the following ways:  correction  segregation, containment, return or suspension of provision of products and services  informing the customer  obtaining authorization for acceptance under concession.

Conformity to the requirements shall be verified when nonconforming outputs are corrected. The organization shall retain documented information that: 

describes the nonconformity



describes the actions taken



describes any concessions obtained



identifies the authority deciding the action in respect of the nonconformity.

TVE CERT

145

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Summary 1. Has the organization planned, implemented and controlled the processes needed to meet the requirements for the provision of products and services? 2. Has the organization implemented the actions determined in Clause 6 (planning)? 3. Has the organization determined the requirements for the products and services? 4. Has the organization established criteria for the processes and the acceptance of products and services? 5. Does the organization determine the resources needed to achieve conformity to the product and service requirements? 6. Does the organization implement control of the processes in accordance with the criteria? 7. Does the organization determine and keeping documented information to the extent necessary? 8. Does the organization have confidence that the processes have been carried out as planned? 9. Does the organization demonstrate the conformity of products and services to their requirements? 10. Does the organization maintain and the retaining of documented information? 11. Is the output of this planning suitable for the organization‘s operations? 12. Does the organization control planned changes and review the consequences of unintended changes, taking action to mitigate any adverse effects, as necessary? 13. Has the organization ensured that outsourced processes are controlled? 14. Does the organization communication with customers include providing information relating to products and services? 15. Does the organization communication with customers include

TVE CERT

146

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

handling enquiries, contracts or orders, including changes? 16. Does the organization communication with customers include obtaining customer feedback relating to products and services, including customer complaints? 17. Does the organization communication with customers include handling or controlling customer property? 18. Does the organization communication with customers include specific requirements for contingency actions, when relevant? 19. Does the organization ensures the requirements for the products and services are defined? 20. Does the organization ensure any applicable statutory and regulatory requirements? 21. Does the organization meet the claims for the products and services it offers? 22. Does the organization ensure that it has the ability to meet the requirements for products and services, offered to customers? 23. Does the organization conduct a review before committing to supply products and services to a customer? 24. Does the organization ensure requirements customer, including

the

requirements

for

specified delivery

by and

the post-

delivery activities? 25. Does the organization ensure requirements not stated by the customer, but necessary for the specified or intended use, when known? 26. Does the organization ensure requirements specified by the organization? 27. Does the organization ensure statutory and regulatory requirements applicable to the products and services? 28. Does the organization ensure contract or order requirements differing from those previously expressed? 29. Does the organization ensure that contract or order requirements differing from those previously defined are resolved? 30. Does the organization confirm the customer‘s requirements before

TVE CERT

147

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

acceptance, when the customer does not provide a documented statement of their requirements? 31. Does the organization provide internet sales review, that cover relevant product information like catalogues or advertising materials? 32. Does the organization retain documented information on the results of the review? 33. Does the organization retain documented information on any new requirements for the products and services? 34. Does the organization ensure that relevant documented information is amended, and that relevant persons are made aware of the changed requirements, when the requirements for products and services are changed? 35. Has the organization ensured that externally provided processes, products and services conform to requirements? 36. Has the organization determined the controls to be applied to externally provided processes, products and services? 37. Has the organization determined the controls for products and services from external providers are intended for incorporation into the organization‘s own products and services? 38. Has the organization determined the controls for products and services are provided directly to the customer(s) by external providers on behalf of the organization? 39. Has the organization determined the controls a process, or part of a process, is provided by an external provider as a result of a decision by the organization? 40. Has the organization determined and applied criteria for the evaluation, selection, monitoring of performance, and re-evaluation of external providers, based on their ability to provide processes or products and services in accordance with requirements? 41. Does the organization retain documented information of these activities and any necessary actions arising from the evaluations? 42. Does the organization ensure that externally provided processes,

TVE CERT

148

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

products and services do not adversely affect the organization‘s ability to consistently deliver conforming products and services to its customers? 43. Does the organization ensure that externally provided processes remain within the control of its QMS? 44. Does the organization define both the controls that it intends to apply to an external provider and those it intends to apply to the resulting output? 45. Does the organization take into consideration the potential impact of the externally provided processes, products and services on the organization‘s ability to consistently meet customer and applicable statutory and regulatory requirements? 46. Does the organization take into consideration the effectiveness of the controls applied by the external provider? 47. Does the organization determine the verification, or other activities, necessary to ensure that the externally provided processes, products and services meet requirements? 48. Does the organization ensure the adequacy of requirements prior to their communication to the external provider? 49. Does the organization communicate to external providers its requirements for the processes, products and services to be provided? 50. Does the organization communicate to external providers its requirements for the approval of products and services? 51. Does the organization communicate to external providers its requirements for approval of methods, processes and equipment? 52. Does the organization communicate to external providers its requirements for the approval of the release of products and services? 53. Does the organization communicate to external providers its requirements competence, including any required qualification of persons?

TVE CERT

149

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

54. Does the organization communicate to external providers its requirements,

the

external

providers‘

interactions

with

the

organization? 55. Does the organization communicate to external providers its requirements, control and monitoring of the external providers‘ performance to be applied by the organization? 56. Does the organization communicate to external providers its requirements, verification or validation activities that the organization, or its customer, intends to perform at the external providers‘ premises. 57. Has the organization implemented production and service provision under controlled conditions? 58. Has the organization controlled conditions included the availability of documented information that defined the characteristics of the products to be produced, the services to be provided, or the activities to be performed? 59. Has the organization controlled conditions included the availability of documented information that defined the results to be achieved? 60. Has the organization controlled conditions included the availability and use of suitable monitoring and measuring resources? 61. Has

the

organization

controlled

conditions

included

the

implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met? 62. Has the organization controlled conditions included the use of suitable infrastructure and environment for the operation of processes? 63. Has the organization controlled conditions included the appointment of competent persons, including any required qualification? 64. Has the organization controlled conditions included the validation, and periodic revalidation, of the ability to achieve planned results of the processes for production and service provision, where the

TVE CERT

150

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

resulting output cannot be verified by subsequent monitoring or measurement? 65. Has

the

organization

controlled

conditions

included

the

included

the

implementation of actions to prevent human error? 66. Has

the

organization

controlled

conditions

implementation of release, delivery and post-delivery activities? 67. Does the organization use suitable means to identify outputs when it is necessary to ensure the conformity of products and services? 68. Does the organization identify the status of outputs with respect to monitoring and measurement requirements throughout production and service provision? 69. Does the organization control the unique identification of the outputs when traceability is a requirement? 70. Does the organization retain the documented information necessary to enable traceability?. 71. Does the organization exercise care with property belonging to customers or external providers while it is under the organization‘s control or being used by the organization? 72. Does the organization identify, verify, protect and safeguard customers‘ property provided for use or incorporation into the products and services? 73. Does the organization identify, verify, protect and safeguard external providers‘ property provided for use or incorporation into the products and services? 74. Does the organization retain documented information on what has occurred, When the property of a customer or external provider is lost, damaged or otherwise found to be unsuitable for use, the organization shall report this to the customer or external provider? 75. Does the customer‘s or external provider‘s property include material, components, tools and equipment, premises, intellectual property and personal data?

TVE CERT

151

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

76. Does the organization preserve the outputs during production and service provision, to the extent necessary to ensure conformity to requirements? 77. Does the Preservation include identification, handling, contamination control, packaging, storage, transmission or transportation, and protection? 78. Does

the

organization

meet

requirements

for

post-delivery

activities associated with the products and services? 79. Does

the

organization

consider

organization

consider

statutory

and

regulatory

potential

undesired

requirements? 80. Does

the

the

consequences associated with its products and services? 81. Does the organization consider the nature, use and intended lifetime of its products and services? 82. Does the organization consider customer requirements? 83. Does the organization consider customer feedback? 84. Does the Post-delivery activity include actions under warranty provisions? 85. Does the Post-delivery activity include contractual obligations such as maintenance services? 86. Does the Post-delivery activity include supplementary services such as recycling or final disposal? 87. Does the organization review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements? 88. Does the organization retain documented information describing the results of the review of changes, the person(s) authorizing the change, and any necessary actions arising from the review? 89. Has the organization implemented planned arrangements, at appropriate

stages,

to

verify

that

the product and service

requirements have been met? 90. How the organization ensured the release of products and services

TVE CERT

152

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

to the customer shall not proceed until the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, as applicable, by the customer? 91. Does the organization retain documented information on the release of products and services? 92. Does the documented information include

evidence of conformity

with the acceptance criteria? 93. Does the documented information include traceability to the person(s) authorizing the release? 94. Does the organization ensure that outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery? 95. Does the organization take appropriate action based on the nature of the nonconformity and its effect on the conformity of products and services? 96. Does the organization deal with nonconforming outputs by correction? 97. Does the organization deal with nonconforming outputs by segregation, containment, return or suspension of provision of products and services? 98. Does the organization deal with nonconforming outputs by informing the customer? 99. Does the organization deal with nonconforming outputs by obtaining authorization for acceptance under concession? 100. How the Conformity to the requirements is verified? 101. Does the organization retain documented information that describes the nonconformity? 102. Does the organization retain documented information that describes the actions taken? 103. Does the organization retain documented information that describes any concessions obtained? 104. Does the organization retain documented information that identifies the authority deciding the action in respect of the nonconformity?

TVE CERT

153

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

PERFORMANCE EVALUATION & IMPROVEMENT This chapter deals about the clause requirement – Performance Evaluation & Improvement 1. Monitoring, measurement, analysis and evaluation a. General

The organization shall determine: 

what needs to be monitored and measured



the methods for monitoring, measurement, analysis and evaluation needed to ensure valid results



when the monitoring and measuring shall be performed



when the results from monitoring and measurement shall be analysed and evaluated.

The organization shall 

evaluate the performance and the effectiveness of the QMS.



retain appropriate documented information as evidence of the results.

b. Customer satisfaction

The organization shall 

monitor customers‘ perceptions of the degree to which their needs and expectations have been fulfilled.



determine the methods for obtaining, monitoring and reviewing this information.

TVE CERT

154

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

NOTE Examples of monitoring customer perceptions can include: 

customer surveys



customer feedback on delivered products and services



meetings with customers



market-share analysis



compliments



warranty claims and



dealer reports

c. Analysis and evaluation

The organization shall analyse and evaluate appropriate data and information arising from monitoring and measurement.

The results of analysis shall be used to evaluate:



conformity of products and services



the degree of customer satisfaction



the performance and effectiveness of the QMS



if planning has been implemented effectively



the effectiveness of actions taken to address risks and opportunities



the performance of external providers



the need for improvements to the QMS.

NOTE Methods to analyse data can include statistical techniques.

2. Internal audit

The organization shall conduct internal audits at planned intervals to provide information on whether the QMS:

TVE CERT

155

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



conforms to the:  organization‘s own requirements for its QMS  requirements of this International Standard



is effectively implemented and maintained.

The organization shall: 

plan, establish, implement and maintain an audit programme(s) including  the frequency  methods  responsibilities  planning requirements and  reporting

which shall take into consideration the importance of the processes concerned, changes affecting the organization, and the results of previous audits 

define the audit criteria and scope for each audit



select auditors and conduct audits to ensure objectivity and the impartiality of the audit process



ensure that the results of the audits are reported to relevant management



take appropriate correction and corrective actions without undue delay



retain documented information as evidence of the implementation of the audit programme and the audit results.

NOTE See ISO 19011 for guidance.

TVE CERT

156

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

3. Management review

a. General

Top

management

organization‘s intervals,

to

shall

QMS, ensure

review at

its

the

planned continuing

suitability, adequacy, effectiveness and alignment with the strategic direction of the organization.

b. Management review inputs

The management review shall be planned and carried out taking into consideration: 

the status of actions from previous management reviews



changes in external and internal issues that are relevant to the QMS



information on the performance and effectiveness of the Q M S , including trends in:  customer satisfaction and feedback from relevant interested parties  the extent to which quality objectives have been met  process performance and conformity of products and services  nonconformities and corrective actions  monitoring and measurement results  audit results  the performance of external providers

TVE CERT

157

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



the adequacy of resources



the effectiveness of actions taken to address risks and opportunities (see 6.1)



opportunities for improvement.

c. Management review outputs

The outputs of the management review shall include decisions and actions related to: 

opportunities for improvement



any need for changes to the QMS



resource needs.

The organization shall retain documented information as evidence of the results of management reviews.

Auditing Guidance - Management Review

ISO

9001

review

requires the

top

management

organization's

to

quality

management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. The review could be carried out at a separate meeting but this is not a requirement of the standard. There are many

ways

management generated

by

in

which

system

top

such

management as

the management

receiving

can and

representative

review

the

quality

a

report

reviewing or

other

personnel,

electronic communication or as part of regular management meetings where issues such as budgets and targets are also discussed.

TVE CERT

158

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

The management review is a process that should be conducted and audited utilizing the process approach.

The management review process should not be an exercise carried out solely to satisfy the requirements of the standard and the auditors; it should be an integral part of the organization‘s business management process. The overall management review is complex process carried out at various levels in the organization. It is always a two-way process, generated by top management with inputs from all levels in the organization. These activities could vary from daily, weekly, monthly, organizational unit meetings to simple discussions or reports.

Auditors should look for evidence that the inputs and outputs of the management review process are relevant to the organization‘s size and complexity and that they are used to improve the business. Auditors should also consider how the organization‘s management is structured and how the management review process is used within this structure.

4. Improvement a. General The organization shall determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction.

These shall include: 

improving products and services to meet requirements as well as to address future needs and expectations

TVE CERT



correcting, preventing or reducing undesired effects



improving the performance and effectiveness of the QMS.

159

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

NOTE Examples of improvement can include: 

correction



corrective action



continual improvement



breakthrough change



innovation and



re-organization

5 . Non conformity and corrective action When a nonconformity occurs, including any arising from complaints, the organization shall: 

react to the nonconformity and, as applicable:  take action to control and correct it  deal with the consequences



evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by: 1) reviewing and analysing the nonconformity 2) determining the causes of the nonconformity 3) determining if similar nonconformities exist, or could potentially occur



implement any action needed



review the effectiveness of any corrective action taken



update risks and opportunities determined during planning, if necessary



make changes to the QMS, if necessary.

Corrective

actions

shall

be

appropriate

to

the

effects

of

the

nonconformities encountered.

TVE CERT

160

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

The organization shall retain documented information as evidence of: 

the nature of the nonconformities and any subsequent actions taken;



the results of any corrective action.

6. Continual improvement

The organization shall 

continually improve the suitability, adequacy and effectiveness of the Q MS .



consider the results of analysis and evaluation, and the outputs from management review, to determine if there are needs or opportunities that shall be addressed as part of continual improvement.

7. Auditing Guidance – Continual Improvement

The auditor should seek to determine if the auditee has attempted to set objectives that establish the correlation between the three factors of corporate objectives, customer needs, and market expectations. Thereafter, it is up to the organization to balance the need for improving internal efficiency and the need to progress with external performance (although the two are very often closely related). No one in isolation can ever be considered as being ―enough‖ or ―not enough‖.

It is important to understand that continual improvement doesn‘t necessarily just mean continual improvement of product or process, but can and should also apply to the quality management system itself. An auditor should remember that it would be unrealistic to expect an organization to make progress on all potential improvements simultaneously.

TVE CERT

161

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Continual improvement should be interpreted as a recurring (step by step) activity. What it means is when opportunities for improvement are identified and when such improvements are justified, an organization needs to decide how they are to be implemented, based on the available resources.

Each improvement will require the commitment of resources, which may need prioritisation by top management, especially where investments are needed. Instead, the auditor should seek to ensure that the improvement objectives are consistent overall, and are coherent with the trilogy of factors mentioned above. However, an organization that does not have a policy and objectives relating to continual improvement is clearly not complying with the standard. Similarly, the absence of any evidence of improvement on at least one of these aspects would have to be considered as indicating that an organization's quality policy is not in line with ISO 9001.

There is no requirement that the organization should set objectives for improvement of all its processes at any one time. As in the above example on reducing customer complaints, some processes may not be deemed by top management to contribute significantly to the reduction of delays, and it is only normal therefore, that the organization would not concentrate on these areas.

If the top management has set a (realistic) objective for a process, and there is no evidence of improvement, this information must be fed back into the management review so that top management can decide what type of action is appropriate - for example, re-adjusting the objective or providing other means to impact on the process.

TVE CERT

162

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Summary 1. Has the organization determined what needs to be monitored and measured? 2. Has the organization determined the methods for monitoring, measurement, analysis and evaluation needed to ensure valid results? 3. Has the organization determined when the monitoring and measuring shall be performed? 4. Has the organization determined when the results from monitoring and measurement shall be analysed and evaluated? 5. Has the organization evaluated the performance and the effectiveness of the QMS? 6. Does the organization retain appropriate documented information as evidence of the results? 7. Does the organization monitor customers‘ perceptions of the degree to which their needs and expectations have been fulfilled? 8. Has the organization determined the methods for obtaining, monitoring and reviewing this information? 9. Does the organization monitoring customer perception can include customer surveys, customer feedback on delivered products and services? 10. Does the organization monitoring customer perception can include meetings with customers, market-share analysis, compliments, warranty claims and dealer reports? 11. Does the organization analyse and evaluate appropriate data and information arising from monitoring and measurement? 12. Are the result of analysis used to evaluate conformity of products and services? 13. Are the result of analysis used to evaluate the degree of customer satisfaction? 14. Are the result of analysis used to evaluate the performance and effectiveness of the QMS? 15. Are the result of analysis used to evaluate if planning has been

TVE CERT

163

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

implemented effectively? 16. Are the result of analysis used to evaluate the effectiveness of actions taken to address risks and opportunities? 17. Are the result of analysis used to evaluate the performance of external providers? 18. Are the result of analysis used to evaluate the need for improvements to the QMS? 19. What type of methods used to analyse of data? 20. Does the organization conform to the organization‘s requirements of QMS? 21. Does the organization conform to the requirements of this ISO 9001:2015 standard? 22. Does the organization plan, establish, implement and maintain an audit programme(s)? 23. Does

the

organization

include

the

frequency,

methods,

responsibilities, planning requirements and reporting, which shall take into consideration the importance of the processes concerned, changes affecting the organization, and the results of previous audits? 24. Does the organization define the audit criteria and scope for each audit? 25. Does the organization select auditors and conduct audits to ensure objectivity and the impartiality of the audit process? 26. Does the organization ensure that the results of the audits are reported to relevant management? 27. Does the organization take appropriate correction and corrective actions without undue delay? 28. Does the organization retain documented information as evidence of the implementation of the audit programme and the audit results? 29. Does the organization‘s Top management review the organization‘s QMS, at planned intervals? 30. Does the top management ensure its continuing suitability, adequacy, effectiveness and alignment with the strategic direction of the

TVE CERT

164

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

organization? 31. Is the management review, planned and carried out taking into consideration of the status of actions from previous management reviews? 32. Is the management review, planned and carried out taking into consideration of the changes in external and internal issues that are relevant to the QMS? 3 3 . Is the management review, planned and carried out taking into consideration of information on the performance and effectiveness of the Q M ? 34. Does the management review include trends in customer satisfaction and feedback from relevant interested parties? 35. Does the management review include trends in the extent to which quality objectives have been met? 36. Does the management review include trends in process performance and conformity of products and services? 37. Does the management review include trends in nonconformities and corrective actions? 38. Does the management review include trends in monitoring and measurement results? 39. Does the management review include trends in audit results? 40. Does the management review include trends in the performance of external providers? 41. Does the management review include trends in the adequacy of resources? 42. Does the management review include trends in the effectiveness of actions taken to address risks and opportunities? 43. Does the management review include trends in opportunities for improvement? 44. Does the output of the management review include decisions and actions related to opportunities for improvement? 45. Does the output of the management review include decisions and

TVE CERT

165

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

actions related to any need for changes to the QMS? 46. Does the output of the management review include decisions and actions related to resource needs? 47. Does the organization retain documented information as evidence of the results of management reviews? 48. Does the organization determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction? 49. Has the organization included improving products and services to meet requirements as well as to address future needs and expectations? 50. Has the organization included improving the performance and effectiveness of the QMS? 51. Has the improvement continual

included

correction,

corrective

action,

improvement, breakthrough change, innovation and re-

organization? 52. How the organizations react when any nonconformity occurs? 53. How the organizations take action to control and correct the nonconformities? 54. Has organization evaluated the need for action to eliminate the causes of the nonconformities? 55. How

the

organization

monitor

the

reoccurrence

of

the

nonconformities? 56. Has the organization reviewed the nonconformities? 57. Has the organization determined the causes of the nonconformities? 58. How the organization determines the nonconformity is potential? 59. Has organization reviewed the effectiveness of any corrective action taken? 60. Is any change done in the QMS? 61. Has the organization retained documented information? 62. Has the organization have a plan for continual improvement of the QMS performance?

TVE CERT

166

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

63. Has the organization identified, where the continual improvement required in the QMS 64. Has the organization consider the results of analysis and evaluation, and the outputs from management review, to determine if there are needs or opportunities that shall be addressed as part of continual improvement?

TVE CERT

167

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

MANAGEMENT OF AUDIT PROGRAMME An organization needing to conduct audits should establish an audit programme that contributes to the determination of the effectiveness of the auditee‘s management system. The audit programme can include audits considering one or more management system standards, conducted either separately or in combination.

The top management should ensure that the audit programme objectives are established and assign one or more competent persons to manage the audit programme. The extent of an audit programme should be based on the size and nature of the organization being audited, as well as on the nature, functionality, complexity and the level of maturity of the management system to be audited.

Priority should be given to allocating the audit programme resources to audit those matters of significance within the management system. These may include the key characteristics of product quality or hazards related to health and safety, or significant environmental aspects and their control.

1. Establishing the Audit Programme Objectives

a. Audit Objectives 

The audit objectives shall be determined by the certification body. The audit scope and criteria including any changes, shall be established by the certification body after discussion with the client



The audit objectives shall describe what is to be accomplished by the audit and shall include the following: a. Determination of the conformity of the client‘s Management system, or parts of it, with audit criteria. b. Evaluation of the ability of the management system, to ensure the

TVE CERT

168

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

client organization meets applicable statutory, regulatory and contractual requirements. c. Note: a management system certification audit is not a legal compliance audit d. Evaluation of the effectiveness of the management system to ensure the

client organization is continually meeting its specified

objectives. e. As applicable, identification of areas, for potential improvement of the management system

b. Audit Scope 

The audit scope should be consistent with the audit programme and audit objectives. It includes such factors as physical locations, organizational units, activities and processes to be audited, as well as the time period covered by the audit.

c. Audit Criteria 

The audit criteria are used as a reference against which conformity is determined and may include applicable policies, procedures, standards, legal requirements, management system requirements, contractual requirements, sector codes of conduct or other planned arrangements.



In the event of any changes to the audit objectives, scope or criteria, the audit programme should be modified if necessary.

When two or more management systems of different disciplines are audited together (a combined audit), it is important that the audit objectives, scope and criteria are consistent with the objectives of the relevant audit programmes

TVE CERT

169

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

2. Establishment of the Audit Programme a. Roles and responsibilities of the person managing the audit programme The person managing the audit programme should: 

establish the extent of the audit programme.



identify and evaluate the risks for the audit programme.



establish audit responsibilities.



establish procedures for audit programmes.



determine necessary resources.



ensure the implementation of the audit programme, including the establishment of audit objectives, scope and criteria of the individual audits, determining audit methods and selecting the audit team and evaluating auditors.



ensure that appropriate audit programme records are managed and maintained.



monitor, review and improve the audit programme.

The person managing an audit programme should inform the top management of the contents of the audit programme and, where necessary, request its approval. b. Competence of the person managing the audit programme The person managing the audit programme should have the necessary competence to manage the programme and its associated risks effectively and efficiently, as well as knowledge and skills in the following areas:

TVE CERT



audit principles, procedures and methods.



management system standards and reference documents.



activities, products and processes of the auditee.



applicable legal and other requirements relevant to the activities and 170

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

products of the auditee. 

customers, suppliers and other interested parties of the auditee, where applicable.

The person managing the audit programme should engage in appropriate continual professional development activities to maintain the necessary knowledge and skills to manage the audit programme.

3. Extent of the Audit Programme

The extent of the audit programme may vary depending on the size and nature of the auditee, as well as on the nature, functionality, complexity and the level of maturity of, and matters of significance to, the management system to be audited.

Other factors impacting the extent of an audit programme include the following: 

the objective, scope and duration of each audit and the number of audits to be conducted, including audit follow up, if applicable.



the number, importance, complexity, similarity and locations of the activities to be audited.



those factors influencing the effectiveness of the management system.



applicable audit criteria



conclusions of previous internal or external audits.



results of a previous audit programme review.



language, cultural and social issues.



the concerns of interested parties, such as customer complaints or non compliance with legal requirements.



significant changes to the auditee or its operations.



availability of information and communication technologies to support audit



TVE CERT

activities, in particular the use of remote audit methods.

the occurrence of internal and external events, such as product

171

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

failures, information security leaks, health and safety incidents, criminal acts or environmental incidents.

4. Audit Programme Risks

There are many different risks associated with audit Programme .These risks may be associated with the following: 

planning



resources



selection of the audit team



implementation



records and their controls



monitoring, reviewing and improving the audit programme

5. Procedures for the audit programme A procedure for the audit programme should be established which includes 

planning and scheduling audits considering audit programme risks.



ensuring information security and confidentiality.



assuring the competence of auditors and audit team leaders.



selecting appropriate audit teams and assigning their roles and responsibilities.



conducting audits, including the use of appropriate sampling methods.



conducting audit follow up, if applicable.



reporting to the top management on the overall achievements of the audit programme.



maintaining audit programme records.



monitoring

and reviewing the

performance

and

risks,

and

improving the effectiveness of the audit programme.

TVE CERT

172

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

6. Audit Programme Resources

The following resources to be identified for the audit programme. 

the financial resources necessary to develop, implement, manage and improve audit activities.



audit methods.



the availability of auditors and technical experts having competence appropriate to the particular audit programme objectives.



the extent of the audit programme and audit programme risks.



travelling time and cost, accommodation and other auditing needs.



the availability of information and communication technologies

7. Applying Audit Methods An audit can be performed using a range of audit methods. An explanation of commonly used audit methods can be found in this annex. The audit methods chosen for an audit depend on the defined audit objectives, scope and criteria, as well as duration and location. Available auditor competence and any uncertainty arising from the application of audit methods should also be considered. Applying a variety and combination of different audit methods can optimize the efficiency and effectiveness of the audit process and its outcome.

Performance of an audit involves an interaction among individuals with the management system being audited and the technology used to conduct the audit. Table B.1 provides examples of audit methods that can be used, singly or in combination, in order to achieve the audit objectives. If an audit involves the use of an audit team with multiple members, both on-site and remote methods may be used simultaneously. NOTE

TVE CERT

Additional information about on-site visits is given in Clause B.6.

173

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Table B.1 — Applicable audit methods Extent of involvement between the auditor and the auditee Human interaction

Location of the auditor On-site Conducting interviews. Completing checklists and questionnaires with auditee participation. Conducting document review with auditee participation. Sampling.

No human interaction

Conducting document review (e.g. records, data analysis). Observation of work performed. Conducting on-site visit. Completing checklists. Sampling (e.g. products).

Remote Via interactive communication means: — conducting interviews; —

completing checklists and questionnaires;

Conducting document review (e.g. records, data analysis). Observing work — conducting performed via document surveillance means, review with considering social and legal auditee requirements. participation. Analyzing data.

On-site audit activities are performed at the location of the auditee. Remote audit activities are performed at any place other than the location of the auditee, regardless of the distance. Interactive audit activities involve interaction between the auditee‘s personnel and the audit team. Non-interactive audit activities involve no human interaction with persons representing the auditee but do involve interaction with equipment, facilities and documentation.

The responsibility of the effective application of audit methods for any given audit in the planning stage remains with either the person managing the audit programme or the audit team leader. The audit team leader has this responsibility for conducting the audit activities.

The feasibility of remote audit activities can depend on the level of confidence between auditor and auditee‘s personnel.

On the level of the audit programme, it should be ensured that the use of remote and on-site application of audit methods is suitable and balanced, in order to ensure satisfactory achievement of audit programme objectives.

TVE CERT

174

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

8. Selection of the audit methods

The person managing the audit programme should select and determine the methods for effectively conducting an audit, depending on the defined audit objectives, scope and criteria.

Where two or more auditing organizations conduct a joint audit of the same auditee, the persons managing the different audit programmes should agree on the audit method and consider implications for resourcing and planning the audit. If an auditee operates two or more management systems of different disciplines, combined audits may be included in the audit programme.

9. Selection of the audit team members The audit team performing any audit should include the team leader and any technical experts needed for the specific audit. An audit team is selected, taking into account the competence needed to achieve the objectives of the individual audit within the defined scope. If there is only one auditor, the auditor performs all applicable duties of an audit team leader. In deciding the size and composition of the audit team for the specific audit, consideration is given to the following:

a. the overall competence of the audit team needed to achieve audit objectives, taking into account audit scope and criteria. b. complexity of the audit and if the audit is a combined or joint audit. c. the audit methods that have been selected. d. legal and contractual requirements and other requirements to which the organization is committed. e. the need to ensure the independence of the audit team members from the activities to be audited and to avoid any conflict of interest.

TVE CERT

175

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

f. the ability of the audit team members to interact effectively with the representatives of the auditee and to work together. g. the language of the audit, and the auditee‘s social and cultural characteristics.

These issues may be addressed either by the auditor‘s own skills or through the support of a technical expert.

If the necessary competence is not covered by the auditors in the audit team, technical experts with additional competence should be included in the team. Technical experts should operate under the direction of an auditor, but should not act as auditors.

Auditors in training may be included in the audit team, but should participate under the direction and guidance of an auditor.

Adjustments to the size and composition of the audit team may be necessary during the audit, i.e. if a conflict of interest or competence issue arises. If such a situation arises, it should be discussed with the appropriate parties (e.g. audit team leader, the person managing the audit programme, audit client or auditee) before any adjustments are made.

10. Audit Programme Records

TVE CERT



Audit Plan



Audit Schedule



Audit Cheklist



Working Paper



Audit Report



Non- Conformity Reports



Corrective & Preventive Action Reports



Reports of Audit Programme Review



Auditor Personnel Record

176

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course



Auditor Competence



Auditor Performance Evaluation



Maintenance & Improvement of Competence.

11. Monitoring the Audit Programme

The

person

managing

the

audit

programme

should

monitor

its

implementation considering the need to:

a. evaluate conformity with audit programmes, schedules and audit objectives. b. evaluate the performance of the audit team members. c. evaluate the ability of the audit teams to implement the audit plan. d. evaluate feedback from top management, auditees, auditors and other interested parties. Some factors may determine the need to modify the audit programme, such as the following: 

audit finding.



demonstrated level of management system effectiveness.



changes to the client‘s or the auditee‘s management system.



changes to standards, legal and contractual requirements and other requirements to which the organization is committed.



change of supplier.

12. Reviewing and improving the audit programme The audit programme is reviewed to assess whether its objectives have been achieved. Lessons learned from the audit programme review should be used as inputs for the continual improvement process for the programme.

TVE CERT

177

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

The audit programme review should consider the following:

a. results and trends from audit programme monitoring. b. conformity with audit programme procedures. c. evolving needs and expectations of interested parties. d. audit programme records. e. alternative or new auditing methods. f. effectiveness of the measures to address the risks associated with the audit programme. g. confidentiality and information security issues relating to the audit programme.

The person managing the audit programme should review the overall implementation of the audit programme, identify areas of improvement, amend the programme if necessary, and should also: 

review the continual professional development of auditors, in accordance



report the results of the audit programme review to the top management.

TVE CERT

178

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

5.2 Establishing the audit programme objectives

Plan

5.3 Establishing the audit programme 5.3.1 Roles and responsibilities of the person managing the audit programme 5.3.2 Competence of the person managing the audit programme 5.3.3 Establishing the extent of the audit programme 5.3.4 Identifying and evaluating audit programme risks 5.3.5 Establishing procedures for the audit programme 5.3.6 Identifying audit programme resources

5.4 Implementing the audit programme 5.4.1 General Competence and evaluation of auditors (Clause 7)

5.4.2 Defining the objectives, scope and criteria for an individual audit

Do

5.4.3 Selecting the audit methods 5.4.4 Selecting the audit team members 5.4.5 Assigning responsibility for an individual audit

Performing an audit

to the audit team leader

(clause 6)

5.4.6 Managing the audit programme outcome 5.4.7 Managing and maintaining audit programme records

Check

5.5 Monitoring the audit programme

Act

5.6 Reviewing and Improving the audit programme

NOTE 1-This figure illustrates the application of the Plan-Do-Check-Act cycle in this International Standard. NOTE 2-Clause/sub clause numbering refers to the relevant clauses/sub clauses of this International Standard.

Figure 1 — Process flow for the management of an audit programme

TVE CERT

179

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Audit Related Forms

TVE CERT

180

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

Audit Plan Organization Name

Ref. No.

Audit Criteria / Standard / Reference documents ISO 9001:2015 Audit Objective (s) Stage -1

Stage -2

Recertification

Surveillance [No. ]

Head Office Site(s)

Scope of Certification Exclusions (if any)

IAF / NACE

Mobile No.

Contact Person Audit Date(s)

Total Man days

Role

Name

ARN1

Remarks

Team Leader Audit Team Auditor(s) Technical Area / Sector Expert Remarks Sign: Date:

TVE CERT

181

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

   

Audit Plan (Schedule)

Organization

Ref. No.

Location

Standard

Date

Time

o o o

TVE CERT

Stage 1 √ Stage 2 Surveillance [ ] Recertification

Assessment Areas [Auditor / Lead Auditor]

[Auditor / Member]

[/ TE]

Audit Schedule for stage 2 should be prepared during stage 1 audit and may be changed, if required, during the opening meeting of stage 2. Audit schedule should be prepared for each site separately. Each man-day is equivalent to 8 working hours excluding lunch and travel

182

Issue Date: SEP 2015

Quality Management Systems Auditor / Lead Auditor Training Course

AUDIT CHECK LIST

Checklist process: QMS Clause No.

TVE CERT

Page

of

Date of Preparation REQUIREMENT/QUESTION

ACTIVITY COMPLIANCE Y/N

Issue Date: 183SEP 2015

COMMENTS / REMARKS

Quality Management Systems Auditor / Lead Auditor Training Course

Working Paper

Auditor Name: S. No

QMS Clause Ref.

Date: Audit Notes

TVE CERT

Comments / Remarks

Issue Date: SEP 2015

184

Quality Management Systems Auditor / Lead Auditor Training Course

An

Audit Report Submitted to

M/s_______________________________________________ Address---------------------------------------------------------------------

Ref No.

Disclaimer: - The Auditing is based on a sampling process of the available information and consequently there is an element of uncertainty which may be reflected in the Audit findings. Those relying or acting upon the Audit results and conclusions to be aware of this uncertainty. The Audit recommendations are subject to an independent review, prior to decision.

TVE Certification Services Pvt. Ltd. 21/26B, Kamarajar Street, K.K. Nagar, Trichy-620 021 Ph: 0431-2352288, Mob: 9361444418, 9360728434 Email: [email protected] Website: www.tvecert.org

TVE CERT

Issue Date: SEP 2015

185

Quality Management Systems Auditor / Lead Auditor Training Course

Audit Report

STAGE 2

Management Representative Exclusion

Audit Criteria [Standard] [ISO 9001:2015/ ISO 14001:2015/ OHSAS 18001:2007]

 

Audit Objectives

 

[ISO 9001]

Determination of the conformity of the client’s management system, or parts of it, w ith audit criteria; Evaluation of the ability of the management system to ensure that the client organiz ation meets applicable statutory, regulatory and contractual requirements; Evaluation of the effectiveness of the management system to ensure that the client organization is continually meeting its specified objectives; Identification of areas for potential improvement of the management system.

Audit Scope [confirmed] Audit Site[s] Date[s] of audit

[Dates of Stage 2 only]

Technical Code

[IAF-NACE]

Team Leader Audit Team

Auditor[s] Technical Expert

Brief Profile of the organization Including main products/ services and customers

Positive features

TVE CERT

Issue Date: SEP 2015

186

Quality Management Systems Auditor / Lead Auditor Training Course

Evaluation of Internal Audits

[Kindly provide comments related to audit plan, internal auditors, areas covered, any impartiality, non conformities raised, periodicity etc.]

Evaluation of Management Review

[Kindly provide comments on the periodicity, agenda, review output, participants etc.]

Non Conformities

[Kindly provide comments on the types of nonconformities and status]

Observations/ areas for potential Improvement

Overall Comment on the compliance of the system, to the requirements of the standard for meeting organization policies and objectives.

TVE CERT

Issue Date: SEP 2015

187

Quality Management Systems Auditor / Lead Auditor Training Course

Conclusion and Recommendation Based on the information and audit evidences gathered audit team concluded to:    

Recommend for grant of certification Certification will be recommended subject to acceptance of corrective actions evidence Recommend for follow up assessment Recommend for full assessment again

Remarks:-

I pledge that the report and records will remain confidential and will not be shared with any other person or organization and abide with the confidentiality and no conflict of interest agreement signed.

(Signature) Team Leader

To Audit Manager, TVE Certification Services Pvt. Ltd. Attachments (Kindly tick)

 ✓ Audit team Allocation Plan  ✓ Audit schedule  ✓ Certification Assessment Plan  ✓ Scope of Certification

 Non Conformity Reports  ✓ Attendance Sheet  ✓ Assessment Checklist  ✓ Ongoing Surveillance Plan

Note: Auditors may use blank sheets for putting any supplementary/ additional information.

TVE CERT

Issue Date: SEP 2015

188

Quality Management Systems Auditor / Lead Auditor Training Course

ISO 9001:2015 AUDIT - NONCONFORMITY REPORT Name of the Company:

Non Conformity No.:______

Area Under Review: ___________________________.

Category : Major / Minor

ISO 9001:2015 Clause No.:________

√ (tick ) Most Appropriate

Description of the nonconformity (Max 3 marks): _____________________________________________________________________________ _____________________________________________________________________________ _____________________________________________________________________________ Relevant evidence (Max 3 Marks): ____________________________________________________________________________ _____________________________________________________________________________

ISO 9001:2015 clause and requirement (Max 1 Mark): _______________________________________________________________________________ _______________________________________________________________________________

Auditor :

TVE CERT

Issue Date: SEP 2015

189

Quality Management Systems Auditor / Lead Auditor Training Course

PERFORMING AN AUDIT – PRE AUDIT ACTIVITIESPLANNING THE AUDIT –PART- I This Chapter gives guidance on preparing and conducting audit activities as part of an audit programme Figure provides an overview of typical audit activities. The extent to which the provisions of this clause are applicable depends on the objectives and scope of the specific audit. 6.2 Initiating the audit 6.2.1 General 6.2.2 Establishing initial contact with the auditee 6.2.3 Determining the feasibility of the audit

6.3 Preparing audit activities 6.3.1 Performing document review in preparation for the audit 6.3.2 Preparing the audit plan 6.3.3 Assigning work to the audit team 6.3.4 Preparing work documents

6.4 Conducting the audit activities 6.4.1 General 6.4.2 Conducting the opening meeting 6.4.3 Performing document review while conducting the audit 6.4.4 Communicating during the audit 6.4.5 Assigning roles and responsibilities of guides and observers 6.4.6 Collecting and verifying information 6.4.7 Generating audit findings 6.4.8 Preparing audit conclusions 6.4.9 Conducting the closing meeting

6.5 Preparing and distributing the audit report 6.5.1 Preparing the audit report 6.5.2 Distributing the audit report

6.6 Completing the audit

6.7 conducting audit follow up (if Specified in the audit plan) NOTE

Sub clause numbering refers to the relevant sub clauses of this International Standard.

Figure2 — Typical audit activities

TVE CERT

Issue Date: SEP 2015

190

Quality Management Systems Auditor / Lead Auditor Training Course

Typical audit activities may be divided into three phases. 1. Pre-audit Activities 2. On-site Audit Activities 3. Post Audit activities

PRE-AUDIT ACTIVITIES

1. Initial contact with the Auditee

The initial contact with the auditee for the performance of the audit can be informal or formal and should be made by the audit team leader. The purposes of the initial contact are the following 

establish communications with the auditee‘s representatives



confirm the authority to conduct the audit



provide information on the audit objectives, scope, methods and audit team composition, including technical experts



request access to relevant documents and records for planning purposes



determine applicable legal and contractual requirements and other requirements relevant to the activities and products of the auditee



confirm the agreement with the auditee regarding the extent of the disclosure and the treatment of confidential information



make arrangements for the audit including scheduling the dates



determine any location-specific requirements for access, security, health and safety or other



agree on the attendance of observers and the need for guides for the audit team



determine any areas of interest or concern to the auditee in relation to the specific audit.

TVE CERT

Issue Date: SEP 2015

191

Quality Management Systems Auditor / Lead Auditor Training Course

2. Feasibility of the audit

The feasibility of the audit should be determined to provide reasonable confidence that the audit objectives can be achieved.

The determination of feasibility should take into consideration such factors as the availability of the following: 

sufficient and appropriate information for planning and conducting the audit



adequate cooperation from the auditee



adequate time and resources for conducting the audit.

Where the audit is not feasible, an alternative should be proposed to the audit client, in agreement with the auditee.

3. Document Review

The relevant management system documentation of the auditee should be reviewed in order to: 

gather information to prepare audit activities and applicable work e.g. on processes, functions



Establish an overview of the extent of the system documentation to detect possible gaps.

a. Conducting the document review

The auditors should consider if: 

the information in the documents provided is:



complete



correct



consistent

TVE CERT

Issue Date: SEP 2015

192

Quality Management Systems Auditor / Lead Auditor Training Course



current



the documents being reviewed cover the audit scope and provide sufficient information to support the audit objectives



the use of information and communication technologies, depending on the audit methods, promotes efficient conduct of the audit: specific care is needed for information security due to applicable regulations



on protection of data (in particular for information which lies outside the audit scope, but which is also contained in the document).

The documentation should include, as applicable, management system documents and records, as well as previous audit reports. The document review should take into account the size, nature and complexity of the auditee‘s management system and organization, and the audit objectives and scope.

4. Preparation of Audit Plan The audit team leader should prepare an audit plan based on the information contained in the audit programme and in the documentation provided by the auditee. The audit plan should consider the effect of the audit activities on the auditee‘s processes and provide the basis for the agreement among the audit client, audit team and the auditee regarding the conduct of the audit. The plan should facilitate the efficient scheduling and coordination of the audit activities in order to achieve the objectives effectively.

In preparing the Audit plan the following to be considered  Sampling Techniques 

the composition of the audit team and its collective competence.



the risks to the organization created by the audit.

For example, risks to the organization may result from the presence of the audit team members influencing health and safety, environment and quality, and their presence presenting threats to the auditee‘s products, services, personnel or infrastructure (e.g. contamination in clean room facilities). TVE CERT

Issue Date: SEP 2015

193

Quality Management Systems Auditor / Lead Auditor Training Course

For combined audits, particular attention should be given to the interactions between operational processes and the competing objectives and priorities of the different management systems.

The scale and content of the audit plan may differ, for example, between initial and subsequent audits, as well as between internal and external audits. The audit plan should be sufficiently flexible to permit changes which can become necessary as the audit activities progress. The audit plan should cover or reference the following: a. the audit objectives b. the audit scope, including identification of the organizational and functional units, as well as processes to be audited c. the audit criteria and any reference documents d. the locations, dates, expected time and duration of audit activities to be conducted, including meetings with the auditee‘s management e. the audit methods to be used, including the extent to which audit sampling is needed to obtain sufficient audit evidence and the design of the sampling plan, if applicable f. the roles and responsibilities of the audit team members, as well as guides and observers g. the allocation of appropriate resources to critical areas of the audit. h. identification of the auditee‘s representative for the audit i.

the working and reporting language of the audit where this is different from the

j.

language of the auditor or the auditee or both

the audit report topics

k. logistics

and

communications

arrangements,

including

specific

arrangements for the locations to be audited l.

any specific measures to be taken to address the effect of uncertainty on achieving the audit objectives

m. matters related to confidentiality and information security n. any follow-up actions from a previous audit o. any follow-up activities to the planned audit p. co-ordination with other audit activities, in case of a joint audit. TVE CERT

Issue Date: SEP 2015

194

Quality Management Systems Auditor / Lead Auditor Training Course

PERFORMING AN AUDIT – PRE AUDIT ACTIVITIESPLANNING THE AUDIT –PART- II This chapter deals about the pre audit activities like the preparation of the work documents like the audit checklist and the Sampling techniques.

1. Work Documents

The audit team members should collect and review the information relevant to their audit assignments and prepare work documents, as necessary, for reference and for recording audit evidence. Such work documents may include the following: 

checklists



audit sampling plans



forms for recording information, such as supporting evidence, audit findings and records of meetings.

The use of checklists and forms should not restrict the extent of audit activities, which can change as a result of information collected during the audit. Preparing work documents

When preparing work documents, the audit team should consider the questions below for each document. a. Which audit record will be created by using this work document? b. Which audit activity is linked to this particular work document? c. Who will be the user of this work document? d. What information is needed to prepare this work document?

TVE CERT

Issue Date: SEP 2015

195

Quality Management Systems Auditor / Lead Auditor Training Course

For combined audits, work documents should be developed to avoid duplication of audit activities by: 

clustering of similar requirements from different criteria



coordinating the content of related checklists and questionnaires.

The work documents should be adequate to address all those elements of the management system within the audit scope and may be provided in any media.

2. Sampling a. General

Audit sampling takes place when it is not practical or cost effective to examine all available information during an audit, e.g. records are too numerous or too dispersed geographically to justify the examination of every item in the population.

The objective of audit sampling is to provide information for the auditor to have confidence that the audit objectives can or will be achieved.

b. Sampling Risks

The risk associated with sampling is that the samples may be not representative of the population from which they are selected, and thus the auditor‘s conclusion may be biased and be different to that which would be reached if the whole population was examined.

C. Sampling Steps 

establishing the objectives of the sampling plan



selecting the extent and composition of the population to be sampled



selecting a sampling method



determining the sample size to be taken

TVE CERT

Issue Date: SEP 2015

196

Quality Management Systems Auditor / Lead Auditor Training Course



conducting the sampling activity



compiling and evaluating, reporting and documenting results

d. Sampling Methods Judgement-Based Sampling

Judgement-based sampling relies on the knowledge, skills and experience of the audit team for judgement-based sampling, the following can be considered: 

previous audit experience within the audit scope



complexity of requirements (including legal requirements) to achieve the objectives of the audit



complexity and interaction of the organization‘s processes and management system elements



degree of change in technology, human factor or management system



previously identified key risk areas and areas of improvement



output from monitoring of management systems.

A drawback to judgement-based sampling is that there can be no statistical estimate of the effect of uncertainty in the findings of the audit and the conclusions reached.

Statistical Sampling

Statistical sampling design uses a sample selection process based on probability theory. Attribute-based sampling is used when there are only two possible sample outcomes for each sample (e.g. correct/incorrect or pass/fail). Variable-based sampling is used when the sample outcomes occur in a continuous range.

The sampling plan should take into account whether the outcomes being examined are likely to be attribute-based or variable-based. For example, when evaluating conformance of completed forms to the requirements set out TVE CERT

Issue Date: SEP 2015

197

Quality Management Systems Auditor / Lead Auditor Training Course

in a procedure, an attribute-based approach could be used. When examining the occurrence of food safety incidents or the number of security breaches, a variable-based approach would likely be more appropriate.

e. Elements Affecting the Audit Sampling 

The key elements that will affect the audit sampling plan are:



the size of the organization



the number of competent auditors



the frequency of audits during the year



the time of individual audit



any externally required confidence level

3. CHECKLISTS

a. Introduction This session covers the purpose, role and use of audit checklists to support the audit process for an on-site audit.

b. Purpose The purpose of auditor checklists is to provide a reference document for use during the audit process which helps the auditor keep to the prepared plan for the audit both in terms of time and content.

In preparing a checklist the auditor should 

be familiar with the Safety Management System



relate the checklist to the department / area to be audited



relate the work to be done to the time available

The format of the checklist is at the auditor‘s discretion.

TVE CERT

Issue Date: SEP 2015

198

Quality Management Systems Auditor / Lead Auditor Training Course

c. Preparation of Checklists

Guidance points for the preparation of audit checklists are: 

Before preparing the checklists, the auditor should become fully conversant with the objectives and scope of the audit and the documents specifying the Quality System requirements.



There should be a separate checklist for each department or work area to be visited. Sometimes it may be advantageous to have more than one checklist for a single area where there is more than one function applicable to that area, e.g. production and inspection.



Time allocated for an audit will depend on number of items on the checklist and their importance.



The amount of detail included in the checklist about the activities for examination should suit needs of the auditor. The auditor may write out a series of questions, or simply list headings.



The checklists should be a good servant but never be the ‗master‘ of the auditor. The auditor may come across information which, if followed up, may provide a valuable insight into the way the company manages quality. However, deviation from a pre-prepared checklist should only be permitted if time allows and the overall objective of the audit is not jeopardised. In general, if an audit has been well planned and the checklist carefully prepared, deviation from the checklist will not be necessary.

The following documents can be used / referred while preparing a check-list: 

Legal/Statutory sector specific requirements/mandatory in law



Quality System standard e.g. ISO 9001



Customer requirements



Company‘s Quality system documentation



Personal experience (not personal bias)

In a situation, wherein there is no documentation for an activity, a checklist can still be prepared, based on the above points. TVE CERT

Issue Date: SEP 2015

199

Quality Management Systems Auditor / Lead Auditor Training Course

d. Advantages of checklists

Pre-planning the audit by preparing checklists is one of the techniques of effective auditing. The use of checklists: 

Checklists if developed for a specific audit and used correctly: o Promote planning for the audit. o Ensure a consistent audit approach. o Act as a sampling plan and time manager. o Serve as a memory aid. o Provide a repository for notes collected during the audit process (audit field notes)



Audit checklists need to be developed to provide assistance to the audit process.



Auditors need to be trained in the use of a particular checklist and be shown how to use it to obtain maximum information by using good questioning techniques.



Checklists should assist an auditor to perform better during the audit process.



Checklists help to ensure that an audit is conducted in a systematic and

comprehensive manner and that adequate evidence is

obtained. 

Checklists can provide structure and continuity to an audit and can ensure that the



Checklists can provide a means of communication and a place to record data for



audit scope is being followed.

use for future reference.

A completed checklist provides objective evidence that the audit was performed.



A checklist can provide a record that the QMS was examined.



Checklists can be used as an information base for planning future audits.



Checklists can be provided to the auditee ahead of the on-site audit.

TVE CERT

Issue Date: SEP 2015

200

Quality Management Systems Auditor / Lead Auditor Training Course

e. Disadvantages of Checklist

In contrast, when audit checklists are not available, or poorly prepared, the following issues/concerns are noted: 

The checklist can be seen as intimidating to the auditee.



The focus of the checklist may be too narrow in scope to identify specific problem areas.



Checklists are a tool to aid the auditor, but will be restrictive if used as the auditor‘s only support mechanism.



Checklists should not be a substitute for audit planning.



An inexperienced auditor may not be able to clearly communicate what he/she is looking for, if they depend too heavily on a checklist to guide their questions.



Poorly prepared checklists can slow down an audit due to duplication and repetition.



Generic checklists, which do not reflect the specific organizational management system, may not add any value and may interfere with the audit.



Narrow

focused

checklists

minimize

unique

assessment

questions/approach

f. Essential features of a Process Based Checklist



The PDCA Approach



Process Performance Measures (Plan)



Expected results (Plan)



Process map (Plan)



Process owner (Plan)



Sequence of activities (Plan)



SOPs \ WIs (Plan)

TVE CERT

Issue Date: SEP 2015

201

Quality Management Systems Auditor / Lead Auditor Training Course



Implementation (Do)



Monitoring (Do/Check)



Reviewing process measures (Check)



Analysis of data (Check \ Act)



Improvements activities (Act)

g. Conclusion

There are advantages and disadvantages in using audit checklists. It depends on many factors, including customer needs, time and cost restraints, auditor experience and sector scheme requirements. Auditors should assess the value of the checklist as an aid in audit process and consider its use as a functional tool.

TVE CERT

Issue Date: SEP 2015

202

Quality Management Systems Auditor / Lead Auditor Training Course

ON-SITE AUDIT ACTIVITIES-CONDUCTING THE AUDIT-PART-I This chapter deals about the on-site audit activities like the opening meeting, the significance of stage1 audit and the document review done during the stage 1 audit.

The following are the steps in the on-site audit activities.

On-site Audit Activities: 1. Opening Meeting 2. Stage-1 Audit 3. Stage-2 Audit 4. Communication during the Audit 5. Collecting and verifying information 6. Audit conclusions 7. Audit conclusions & Closing meeting

1. Opening Meeting

The primary purpose of an audit opening meeting is

to

confirm

the

audit

plan

and

prior

arrangements. It is also an opportunity to introduce the audit team members and describe your audit approach.

The opening meeting is chaired by the Lead Auditor and held with management of the organization and the areas to be audited. The meeting should be conducted in a friendly manner and put the auditee at ease. You want to create a sense of trust and cooperation from the very start of the audit. If you will be assigned guides, or be accompanied by observers, the opening meeting can be used to carefully explain their roles to avoid possible disruptions during the audit. TVE CERT

Issue Date: SEP 2015

203

Quality Management Systems Auditor / Lead Auditor Training Course

Remember to allocate time in the opening meeting for the auditee to ask questions. The opening meeting can also give insights into the level of management commitment and support.

The detail covered in an opening meeting should be consistent with the familiarity of the auditee with the audit process. For internal audits in a small organization, the opening meeting may simply consist of communicating that an audit is being conducted and explaining the nature of the audit.

For other audit situations, particularly third-party audits, the opening meeting may be quite formal and even capture attendance records. The following agenda topics should be considered, as appropriate:

Agenda 

Introduction of meeting participants



Roles of auditor auditee guide observer



Attendance list (names, titles, contact information)



Audit objective (purpose or reason for the audit)



Audit scope (coverage of areas processes clauses)



Audit criteria (applicable requirements)



Documentation status (changes since plan developed)



Agenda plan (agenda assignments meetings times)



Audit methods (procedure sampling forms)



Risk management (reduce risk from presence of audit team)



Communications (auditee to be kept well-informed)



Language (to be used during the audit)



Confirmation of resources and facilities



Confidentiality (results only to the auditee)



Safety, security, and emergency considerations



Reporting method (including severity grading, if any)



Closing meeting (date, time, and location)



Acknowledgments (who accepts nonconformities)

TVE CERT

Issue Date: SEP 2015

204

Quality Management Systems Auditor / Lead Auditor Training Course



Complaints or appeals (system for feedback)



Concerns or questions (ready to begin audit?)

Participants

Most of the companies adopt the policy of having their

management

strongly

represented

at

opening meetings to demonstrate to the auditors the company‘s commitment to their Quality System.

Few companies send managers also to opening meetings as a means of communicating the quality message and gaining commitment to the Quality System. However, it is a matter for the auditee company to decide who will be present.

The Lead Auditor should go into the opening meeting well prepared with a written agenda along with the opening meeting check list and should conduct the meeting in a business-like and professional manner.

The auditors may have questions of a general nature to ask about the Quality System of the company. It is sometimes appropriate to ask these during the opening meeting. However, if there are a large number of people attending the meeting, it is better to keep the questions for a subsequent discussion with the Management representatives to avoid keeping managers away from their work longer than is necessary. Also, if the auditor asks for information about the Quality System during the opening meeting there is a risk that lengthy explanations by the auditee‘s management will extend the meeting and upset the audit programme. The auditors should ask questions in less formal settings when they can, without discourtesy, interrupt if an explanation becomes unnecessarily long or irrelevant.

TVE CERT

Issue Date: SEP 2015

205

Quality Management Systems Auditor / Lead Auditor Training Course

The Lead Auditor should ensure that a record is kept of those attending and particular concerns raised.

The meeting should be in time and to the point. Presentations by the company – such as slide shows – should be politely declined as they would take time out of the audit programme.

2. Stage-1 Audit

The stage 1 audit shall be performed to

a. audit the client's management system documentation (review the client documentation) b. evaluate the client's location and site-specific conditions and to undertake discussions with the client's personnel to determine the preparedness for the stage 2 audit c. review the client's status and understanding regarding requirements of the standard, in particular with respect to the identification of key performance

or

significant

aspects,

processes,

objectives

and

operation of the management system d. collect necessary information regarding the scope of the management system, processes and location(s) of the client, and related statutory and regulatory aspects and compliance (e.g. quality, environmental, legal aspects of the client's operation, associated risks, etc.) e. review the allocation of resources for stage 2 audit and agree with the client on the details of the stage 2 audit f. provide a focus for planning the stage 2 audit by gaining a sufficient understanding of the client's management system and site operations in the context of possible significant aspects g. evaluate if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for the stage 2 audit.

TVE CERT

Issue Date: SEP 2015

206

Quality Management Systems Auditor / Lead Auditor Training Course

For most management systems, it is recommended that at least part of the stage 1 audit be carried out at the client's premises in order to achieve the objectives stated above. Stage 1 audit findings shall be documented and communicated to the client, including identification of any areas of concern that could be classified as nonconformity during the stage 2 audit.

In determining the interval between stage 1 and stage 2 audits, consideration shall be given to the needs of the client to resolve areas of concern identified during the stage 1 audit. The certification body may also need to revise its arrangements for stage 2.

3. Documentation Review

The auditors should consider if: The information in the documents provided is: 

complete (all expected content is contained in the document)



correct (the content conforms to other reliable sources such as standards and regulations)



consistent (the document is consistent in itself and with related documents)



current (the content is up to date)



the documents being reviewed cover the audit scope and provide sufficient information to support the audit objectives



the use of information and communication technologies, depending on the audit methods, promotes efficient conduct of the audit: specific care is needed for information security due to applicable regulations on protection of data (in particular for information which lies outside the audit scope, but which is also contained in the document).

TVE CERT

Issue Date: SEP 2015

207

Quality Management Systems Auditor / Lead Auditor Training Course

ON-SITE AUDIT ACTIVITIES-CONDUCTING THE AUDIT-PART-II This chapter deals about the stage 2 audit conducted onsite on the clients management system. Also it deals about the communication through interviews during the audit and the methods of verifying and collecting information during the audit

1. Stage 2 Audit

The stage 2 audit is the onsite audit activity that starts with the opening meeting with the Top management and the members of the organisation being audited.

The purpose of the stage 2 audit is to evaluate the implementation, including effectiveness, of the client's management system. The stage 2 audit shall take place at the site(s) of the client.

It shall include at least the following: a. information and evidence about conformity to all requirements of the applicable management system standard or other normative document b. performance monitoring, measuring, reporting and reviewing against key

performance objectives and targets (consistent with the

expectations in the applicable management system standard or other normative document) c. the client's management system and performance as regards legal compliance d. operational control of the client's processes e. internal auditing and management review f. management responsibility for the client's policies g. links between the normative requirements, policy, performance objectives and targets(consistent with the expectations applicable

management

system

TVE CERT

in

the

standard or other normative Issue Date: SEP 2015

208

Quality Management Systems Auditor / Lead Auditor Training Course

document),

any

applicable

legal

requirements,

responsibilities,

competence of personnel, operations, procedures, performance data and internal audit findings and conclusions.

2. Communication during the audit

During the audit, it may be necessary to make formal arrangements for communication within the audit team, as well as with the auditee, the audit client and potentially with external bodies (e.g. regulators), especially where legal requirements require the mandatory reporting of non-compliances.

The audit team should confer periodically to exchange information, assess audit progress, and reassign work between the audit team members, as needed.

During the audit, the audit team leader should periodically communicate the progress of the audit and any concerns to the auditee and audit client, as appropriate. Evidence collected during the audit that suggests an immediate and significant risk to the auditee should be reported without delay to the auditee and, as appropriate, to the audit client.

Any concern about an issue outside the audit scope should be noted and reported to the audit team leader, for possible communication to the audit client and auditee.

Where the available audit evidence indicates that the audit objectives are unattainable, the audit team leader should report the reasons to the audit client and the auditee to determine appropriate action. Such action may include reconfirmation or modification of the audit plan, changes to the audit objectives or audit scope, or termination of the audit.

Any need for changes to the audit plan which may become apparent as auditing activities progress should be reviewed and approved, as appropriate, by both the person managing the audit programme and the auditee. TVE CERT

Issue Date: SEP 2015

209

Quality Management Systems Auditor / Lead Auditor Training Course

3. Collecting & Verifying Information

During the audit, information relevant to the audit objectives, scope and criteria, including information relating to interfaces between functions, activities and processes,

should

be

collected

by means of

appropriate sampling and should be verified. Only information that is verifiable should be accepted as audit evidence.

Audit evidence leading to audit findings should be recorded. If, during the collection of evidence, the audit team becomes aware of any new or changed circumstances or risks, these should be addressed by the team accordingly.

Methods of collecting information include the following: 

interviews with employees and other persons



observations of activities and the surrounding work environment and conditions



documents, such as policies, objectives, plans, procedures, standards, instructions, licenses and permits specifications, drawings, contracts and orders



records, such as inspection records, minutes of meetings, audit reports, records of monitoring programme and the results of measurements



data summaries, analyses and performance indicators



information on the auditee‘s sampling plans and on the procedures for the control of sampling and measurement processes



reports from other sources, e.g. customer feedback, external surveys and measurements, other relevant information from external parties and supplier ratings



databases and websites



simulation and modelling.

TVE CERT

Issue Date: SEP 2015

210

Quality Management Systems Auditor / Lead Auditor Training Course

4. Observation (on visiting the auditee’s location)

To minimize interference between audit activities and the auditee‘s work processes and to ensure the health and safety of the audit team during a visit, the following should be considered:

a. Planning the visit: ensure permission and access to those parts of the auditee‘s location, to be visited in accordance within the audit scope provide adequate information (e.g. briefing) to auditors on security, health (e.g. quarantine), 

occupational health and safety matters and cultural norms for the visit including requested and recommended



vaccination and clearances, if applicable



confirm with the auditee that any required personal protective equipment (PPE) will be available for the audit team, if applicable



except for unscheduled ad hoc audits, ensure that personnel being visited will be informed about the audit objectives and scope

b. On-site activities: 

avoid any unnecessary disturbance of the operational processes



ensure that the audit team is using PPE properly



ensure emergency procedures are communicated (e.g. emergency exits, assembly points)



schedule communication to minimize disruption



adapt size of the audit team and the number of guides and observers in accordance with the audit scope, in order to avoid interference with the operational processes as far as practicable



do not touch or manipulate any equipment, unless explicitly permitted, even

when competent or licensed

TVE CERT

Issue Date: SEP 2015

211

Quality Management Systems Auditor / Lead Auditor Training Course



if an incident occurs during the on-site visit, the audit team leader should review the situation with the auditee and, if necessary, with the audit client and reach agreement on whether the audit should be interrupted, rescheduled or continued



if taking photographs or video material, ask for authorization from management in advance and consider security and confidentiality matters and avoid taking photographs of individual persons without their permission if taking copies of documents of any kind, ask for permission in advance and consider confidentiality and security matters.



when taking notes, avoid collecting personal information unless required by the audit objectives or audit criteria.

5. Conducting Interviews

a. The Communication Process

Hearing, seeing, speaking and body language are all methods of direct communication whereas writing and reading would be considered as indirect. Many people are not, accomplished at communicating directly or indirectly. Let‘s look at some of the problems with which we are faced when it comes to ―straight forward communication: 

Language is often open to varying interpretations



The average person only has a 25% efficiency rating when it comes to actual listening



About 90% of learning is achieved via our ears and eyes



Body language is a very efficient mode of communication, but difficult to evaluate and is often not taken into account at all when formalising reports etc. and can influence people in a positive or negative way quicker than any other form of communication

TVE CERT

Issue Date: SEP 2015

212

Quality Management Systems Auditor / Lead Auditor Training Course



Most people hear what they want to hear, and respond in a manner they believe you want to hear

With this in mind, we can appreciate the problems the auditor is faced with, so communication between the auditor and auditee must be good to achieve positive results, This can be influenced by either party during the health and safety audit, but essentially rests with how the auditor handles the communication process between himself and all other parties during the audit. Other ―tips‖ to polish communication skills include those non-verbal communications and body language observations that all give clues to the auditee‘s confidence with the activities being examined. These are: 

Eye contact – can give a good indication of the attentiveness and interest being given during questioning. Eye contact is often difficult to maintain during the health and safety audit due to the need to constantly refer to checklists and reference documents, and selecting objective evidence



Facial expressions – often provide feedback from the auditee, the eyebrow being raised for example may be read as disbelief or surprise



Voice tone – may also provide a good indication of the level of knowledge of the auditee where the obvious slow deliberate tone may indicate lack of knowledge or understanding of a procedure; a quick voice response may indicate nervousness



Posture – can also provide positive evidence of boredom of confusion

Whichever signs are present it takes considerable practice before one becomes refined in identifying and correctly interpreting the ―vibes‖. Remembering that this type of feedback must be seen only as an indicator, wherever possible it should always be confirmed using other sources of feedback to ensure that the correct interpretations are being made.

TVE CERT

Issue Date: SEP 2015

213

Quality Management Systems Auditor / Lead Auditor Training Course

It should also be noted that when undertaking health and safety audits the auditee may have been a victim of an accident or incident under investigation or may have witnessed the same. It is now widely accepted that traumatic events often have long lasting psychological effects on those involved or witnessing such events. These may include flash backs, fear of reoccurrence in similar situations or emotional distress when asked to recall the event. It should be clear to all experienced auditors, that under such situations the auditee may respond to questioning regarding these events in an unpredictable manner. The auditor must be sympathetic to any apparent emotional stress being suffered by the auditee and remember that their statements and or recollection of the event may not be complete or wholly accurate. To experience how the auditee may feel or react when recalling a traumatic event, consider an event in your life which you consider traumatic, and answer the following questions: 

did you recall all events clearly immediately after the incident?



has your perception of the incident changed with time?



what emotional feelings did you have immediately after the incident?



when you recall the incident now do you still have an emotional reaction?



has this reaction changed with time?

Now consider how you may get the best from an auditee who is clearly still deeply affected by a traumatic event. Use: 

compassion



clear sympathetic questioning



patience, understanding approach and also



change the line of questioning if the auditee becomes overwhelmed



stop the interview

TVE CERT

Issue Date: SEP 2015

214

Quality Management Systems Auditor / Lead Auditor Training Course

b. Talking

This is essentially the art of asking questions. Various

questioning

employed

to

help

techniques the

can

auditor

be

gather

information from the auditees. When to use each technique depends very much on the situation, how the auditee is responding, e.g. guarded answers not giving away much information or open discussions adequately describing the activities under review.

Below are some common questioning techniques along with some of the benefits of each. There are of course disadvantages associated with these techniques and the auditor must select the most appropriate techniques to use depending on the prevailing situation.

Technique

Benefits

Open: How……Why….. When….. Where…. What..

 Encourages open discussion  Relaxes auditee  Encourages auditee to describe

How do you carry out your risk

activities in details

assessments? Closed:

 Allows definitive answers to be

Do….Can…

obtained

Do you always send a copy of the

 Clarifies ambiguity

completed risk assessments to the

 Avoids auditee evading questions

Corporate Health and Safety Team? Reflective: You said that….

 Confirms information given previously

You said that completed risk

 Allows the auditee to expand

assessments from contractors do not

 Shows the auditee that the auditor is

always get sent to you. How do.. you

listening

handle those situations?

TVE CERT

Issue Date: SEP 2015

215

Quality Management Systems Auditor / Lead Auditor Training Course

 Allows auditor to focus on specific

Comparative:

issues

Comparing…. How do risk assessments produced by teams on site compare with generic risk assessments?

 Encourages the auditee to open up discussion  Allows comparisons & similarities between activities to be discussed  Allows auditor to ask specific questions

Hypothetical: Imagine… What if….

about situations which may not have

What if the risk assessments had been

occurred

reviewed by the manager and approved, but where not adequate for the job, what

 Encourages auditee to think in a wider context

steps do you take? Leading: When…. You do this then….

 Confirms understanding

When you receive the risk assessments from the contractors, you review them for adequacy, email the result to the purchasing manager and write a letter to the contractors, what happens then?

 Prevents the auditee giving information already given

By careful pharsing of questions, guided by checklist the auditor can answer a multitude of paints by asking a single question e.g. ―How do you check all incoming post?‖ This invites the auditee to describe the system. During the answer supplementary questions can be interested such as, ―Why do you do that?‖ – ―When is this done?‖ – ―How do you report defects?‖ etc.

Such questions need to be kept within the bounds of reason and the sense of proportion mentioned earlier helps here. Do not be afraid to say ―I don‘t understand!‖ and ask for further information. Compare answers given, with answers to the same question given by a different source. Use the ―unasked‖ question. Silence can encourage the auditee to volunteer further information.

Know what the procedures or standards require so that you are clear in your own mind as to what constitutes and acceptable answer and what you will accept as a minimum as objective evidence of compliance.

TVE CERT

Issue Date: SEP 2015

216

Quality Management Systems Auditor / Lead Auditor Training Course

c. Listening

An audit is an activity involved in the gathering of information. If an auditor is talking, they are not gathering information. It should become second nature to listen. 

Listen to what is going on around you



Listen intently and with interest to auditee responses



Encourage the auditee with signals that you are listening and that you are interested



as you listen, evaluate what you hear, make notes, identify new questions to follow on, sort the information from the conversation

d. Looking An important facet of an auditor‘s skill is the gathering of information by observation. Other than viewing the objective evidence provided by records, reports, documentation, products etc., much background information can be gathered by the vigilant auditor. Although the auditor should never reach conclusions based solely on subjective impressions, a good idea of the attitude of management can be gained by examination of the condition and housekeeping prevailing at the premises. A good auditor stores this information and uses it to pursue the audit. Take careful notes at each stage, few people can remember everything. The figure provides an overview of the process, from collecting information to reaching audit conclusions.

TVE CERT

Issue Date: SEP 2015

217

Quality Management Systems Auditor / Lead Auditor Training Course

source of information

Collecting by means of appropriate sampling

Audit Evidence

Evaluating against Audit Criteria Audit Findings

Reviewing Audit Conclusions

Figure 3 — Overview of the process of collecting and verifying information

TVE CERT

Issue Date: SEP 2015

218

Quality Management Systems Auditor / Lead Auditor Training Course

AUDIT FINDINGS Auditors evaluate audit evidence against audit criteria to determine audit findings. These audit findings can indicate conformity or nonconformity with the audit criteria.

Nonconformities and their supporting audit evidence

should

be

recorded.

Nonconformities may be graded in terms of severity, e.g. minor or major, for prioritizing corrective actions.

Review nonconformities with the audited area to obtain acknowledgement that the audit evidence is accurate and the nonconformities are understood. Attempt to resolve any diverging opinions concerning the audit evidence or findings, and record any unresolved issues.

In addition to nonconformities, audit findings should include conformity and good practices, along with their supporting evidence, as well as, opportunities for

improvement

and

recommendations.

Emphasize

that

any

recommendations are not binding.

1. Determining Audit Findings When determining audit findings, consider: 

Follow-up of previous audit records and conclusions



Requirements of the audit client (requestor of audit)



Findings exceeding normal practice, or opportunities for improvement



Sample size



Categorization (if any) of the audit findings

TVE CERT

Issue Date: SEP 2015

219

Quality Management Systems Auditor / Lead Auditor Training Course

2. Recording Findings For records of conformity, consider: 

Identification of audit criteria against which conformity is shown



Audit evidence to support conformity



Declaration of conformity, if applicable

For records of nonconformity, consider: 

Description of, or reference to, audit criteria



Nonconformity declaration



Audit evidence



Related audit findings, if applicable

3. Multiple Criteria

It is possible to identify findings related to multiple criteria. For a finding linked to one criterion on a combined audit, consider the possible impact on corresponding or similar criteria of the other management systems. Depending on arrangements with the audit client, you may: 

Issue separate findings for each criterion, or



Raise a single finding with references to multiple criteria

Depending on the arrangements with the audit client, the auditor may guide the auditee on how to respond to those findings.

Conformity is the fulfillment of the requirements.

Non conformity is the nonfulfillment of a requirement. In other words, a specified requirement is not being met. This may be categorized as Major, Minor-Non Conformity

a. Minor Nonconformity Minor Nonconformity is a single observed lapse in the use of defined procedure or requirement.

TVE CERT

Issue Date: SEP 2015

220

Quality Management Systems Auditor / Lead Auditor Training Course

b. Major Nonconformity

Major Nonconformity is raised where 1. There is a total breakdown of a procedure or work instruction critical to product quality, or in the operation of the organisation‘s Quality System; 2. There is a total absence of a procedure required by the Quality System Standard in the organisation‘s Quality System; 3. There are a number of minor lapses in the procedure, which when added together, collectively, suggest a total or important breakdown in the procedure; 4. The non-conformance is likely to result in an immediate hazard to the quality of the product or service being offered. c. Areas of Concern – Opportunities for Improvement:

In some cases, a process may be found conforming, but still an area of concern. These observations may be written as Opportunities for Improvement. Since they are potential problem areas, the organization can consider taking preventive actions for these observations. Corrective actions are taken for the reported nonconformities. Many nonconformity reports are poorly written. Follow these 6 C‘s for improved statements:  Complete (contains all the related facts) 

why – unmet requirement



what – objective evidence



where – which work area



when – the date and shift



who – by title, if relevant

 Correct (accurately conveys the facts)  Concise (fully explained in brief terms)  Clear (understood for prompt action)

TVE CERT

Issue Date: SEP 2015

221

Quality Management Systems Auditor / Lead Auditor Training Course

 Categorized (minor or major, if used)  Confirmable (traceable and verifiable)

An audit is only successful if it is the catalyst for prompt and effective corrective action for nonconformities and possible preventive action for opportunities for improvement. A complete and correct nonconformity report is essential. It must be clearly and concisely expressed to initiate the right action.

TVE CERT

Issue Date: SEP 2015

222

Quality Management Systems Auditor / Lead Auditor Training Course

AUDIT CONCLUSIONS AND CLOSING MEETING This chapter deals about the Audit conclusions arrived after the completion of the onsite audit and the presentation of these finding in the closing meeting.

1. Audit Conclusions

The audit team should confer prior to the closing meeting in order to: 

Review the audit findings, and any other appropriate information collected during the audit, against the audit objectives



Agree on the audit conclusions, taking into account the uncertainty inherent in the audit process



Prepare recommendations, if specified by the audit plan



Discuss audit follow-up, as applicable.

Audit conclusions can address issues such as the following: 

the extent of conformity with the audit criteria and robustness of the management system, including the effectiveness of the management system in meeting the stated objectives



the effective implementation, maintenance and improvement of the management system



the capability of the management review process to ensure the continuing suitability, adequacy, effectiveness and improvement of the management system



achievement of audit objectives, coverage of audit scope, and fulfilment of audit criteria



root causes of findings, if included in the audit plan



similar findings made in different areas that were audited for the purpose of identifying trends. If specified by the audit plan, audit conclusions can lead to recommendations for improvement, or future auditing activities.

TVE CERT

Issue Date: SEP 2015

223

Quality Management Systems Auditor / Lead Auditor Training Course

2. Closing Meeting

The primary purpose of an audit closing meeting is to present the audit findings and conclusions, ensure a clear understanding of the results, and agree on the timeframe for corrective actions.

The meeting is conducted by the lead auditor. The participants should include management of the auditee, as well as, managers of the areas that were audited.

The following agenda topics should be considered, as appropriate 

Introductions (attendees not at opening meeting)



Attendance (if required for audit report)



Thanks (time and cooperation)



Scope (reminder of coverage)



Disclaimer (limited sample brief time)



Criteria (applicable requirements)



Conformity areas (strengths positives)



Summary of Nonconformities (by lead auditor)



Nonconformities (from auditors)



Conclusions (conformity, effectiveness, trends)



Diverging opinions (resolved or recorded)



Acknowledgments (signed forms)



Agreements (on proposed actions)



Report (expected date, if not provided)



Non-binding recommendations (if allowed)



Post-audit (actions, complaints, appeals)



Follow-up (verification of corrective actions)



Thanks (courtesy and hospitality)

TVE CERT

Issue Date: SEP 2015

224

Quality Management Systems Auditor / Lead Auditor Training Course

When conducting the closing meeting, speak with authority and listen with interest. Maintain good manners, watch your body language, and maintain control of the meeting.

Keep a record of any issues that are raised during the meeting. If new audit evidence is provided, delete nonconformities that were written in error. However, keep valid nonconformities in the report, even if they were corrected prior to the meeting.

If applicable, the lead auditor should advise the auditee of any situations encountered during the audit that may decrease the confidence that can be placed in the audit conclusions.

If defined in the management system, or by agreement with the audit client, the participants should agree on the time frame for an action plan to address any audit nonconformities.

The level of detail in the closing meeting should be consistent with the familiarity of the auditee with the audit process. For some audits, the meeting may be formal with minutes being kept. In other cases, the closing meeting may be less formal and just communicate the audit findings and audit conclusions.

Any audit team and auditee differences of opinion on the audit findings or conclusions should be discussed and resolved, if possible. If agreement cannot be reached, the auditee concerns should be recorded and the appeals process explained to them.

If recommendations for improvement are presented, you should emphasize that the recommendations are not binding. Finish the meeting with a clear outcome and explain the next steps, assignments, and due dates.

TVE CERT

Issue Date: SEP 2015

225

Quality Management Systems Auditor / Lead Auditor Training Course

POST AUDIT ACTIVITIES - REPORTING AND FOLLOW UP THE AUDIT This chapter deals about the post audit activities like preparation of the audit report, distribution of the audit report and conducting audit follow up if necessary.

1. Preparing the Audit Report

The audit team leader should report the audit results in accordance with the audit programme procedures. The audit report should provide a complete, accurate, concise and clear record of the audit, and should include or refer to the following: 

the audit objectives



the audit scope, particularly identification of the organizational and functional units or processes audited



identification of the audit client



identification of audit team and auditee‘s participants in the audit



the dates and locations where the audit activities were conducted



the audit criteria



the audit findings and related evidence



the audit conclusions



a statement on the degree to which the audit criteria have been fulfilled.

2. Distributing the Audit Report

The audit report should be issued within an agreed period of time. If it is delayed, the reasons should be communicated to the auditee and the person managing the audit programme.

TVE CERT

Issue Date: SEP 2015

226

Quality Management Systems Auditor / Lead Auditor Training Course

The audit report should be dated, reviewed and approved, as appropriate, in accordance with audit programme procedures.

The audit report should then be distributed to the recipients as defined in the audit procedures or audit plan.

3. Completing the Audit

The audit is completed when all planned audit activities have been carried out, or as otherwise agreed with the audit client (e.g. there might be an unexpected situation that prevents the audit being completed according to the plan).

Documents pertaining to the audit should be retained or destroyed by agreement between the participating parties and in accordance with audit programme procedures and applicable requirements.

Unless required by law, the audit team and the person managing the audit programme should not disclose the contents of documents, any other information obtained during the audit, or the audit report, to any other party without the explicit approval of the audit client and, where appropriate, the approval of the auditee. If disclosure of the contents of an audit document is required, the audit client and auditee should be informed as soon as possible.

Lessons learned from the audit should be entered into the continual improvement

process

of

the

management

system

of

the

audited

organizations.

4. Conducting Audit Follow-up

The conclusions of the audit can, depending on the audit objectives, indicate the need for corrections, or

TVE CERT

Issue Date: SEP 2015

227

Quality Management Systems Auditor / Lead Auditor Training Course

for corrective, preventive or improvement actions. Such actions are usually decided and undertaken by the auditee within an agreed timeframe. As appropriate, the auditee should keep the person managing the audit programme and the audit team informed of the status of these actions.

The completion and effectiveness of these actions should be verified. This verification may be part of a subsequent audit.

TVE CERT

Issue Date: SEP 2015

228

Quality Management Systems Auditor / Lead Auditor Training Course

AUDITOR RESPONSIBILITIES This chapter deals about the roles and responsibilities of the auditor, lead auditor, auditee, observer and guide also the selection of audit team member, audit principles, auditor confidentiality and the IRCA code of conduct.

1. The Roles and Responsibility of the Lead Auditor

The Lead Auditor is responsible for all aspects of the audit. This responsibility includes: 

Ensure the audit scope



Select the audit team



Direct the audit team members



Planning the audit & make effective use of resources



Represent the audit team



Manage the audit team



The preparation of the report



Lead the audit team to reach audit conclusions



Control of the opening and closing meetings



Submission of the report



Audit records



Review of the audit team‘s work



Prevent & resolve conflicts

At the same time, the Lead Auditor also carries out the duties of an auditor.

2. The Role of the Auditor

The auditor is responsible to the Lead Auditor for an allocated segment of the audit programme. This includes: 

Communicating audit requirements to the auditee



Auditing in accordance with the relevant checklists

TVE CERT

Issue Date: SEP 2015

229

Quality Management Systems Auditor / Lead Auditor Training Course



Where time permits, examining discovered areas of concern



Documenting observations



Recording evidence



Verifying the effectiveness of the Quality System



Reporting results to the Lead Auditor



Co-operating with and assisting the Lead Auditor

Above all, the auditor exercises judgement on the compliance, implementation and effectiveness of the Quality System. The auditor‘s job is to assess the quality system and not to advise on how it may be improved, thus the auditor is not acting as a consultant. He should not offer opinions or suggest that there may be better ways of doing things. However if specified by audit objectives, audit conclusions can lead to recommendations regarding improvements. An auditor who has acted as a consultant to an organisation cannot be a member of the certification audit team assessing that organisation.

QMS auditor should additionally have knowledge on -

quality technology

-

quality management principles & their application

-

quality management tools & their application

3. The Role of the Auditee and Audit Client

Auditee:

Organization being audited

Audit Client: Organization requesting the audit.

a. Before the audit activity begins: 

Select auditing agency, based on experience, accreditation in countries of interest and reputation.

TVE CERT

Issue Date: SEP 2015

230

Quality Management Systems Auditor / Lead Auditor Training Course



Liaise with auditing/certifying agency to provide required information (verbal and written)



Agree on scope for audit and the nominated team.



Agree on suitable dates for the audit activity and sites to be visited.

b. During the pre-audit visit or through other means of communication : 

agree to provide guides and prepare them for that role



agree to provide logistic assistance during audit



provide any information required by the auditors, relevant to scope and the quality management system



agree on those who will attend the opening and closing meetings



agree to inform all staff regarding the audit



seek clarifications regarding audit procedures



provide logistic support during pre-audit visit

c. During the Audit 

provide office facilities for opening and closing meetings, and also for liasion meetings of auditors amongst themselves



provide guides



witness any observations



seek clarifications, in case observations, attributions or explanations of the auditors are not clearly understood



ensure relevant people from management are punctual for all meetings



inform management of any major non-conformances observed by the auditors



Cooperate with the auditors



agree to non-conformances and commit to timely corrective actions

d. Post – Audit 

propose time-bound corrective actions, and seek agreement of auditors (in case required)

TVE CERT

Issue Date: SEP 2015

231

Quality Management Systems Auditor / Lead Auditor Training Course



initiate and identify causes for the non-conformity



identify the counter-measure/corrective action on the causes of the non-conformity



implement the corrective action



verify the effectiveness of the actions, through Internal Audits



inform auditors about satisfactory completion of corrective actions

4. Roles & Responsibilities of Guides & Observers a. Observer: The presence and justification of observers during an audit activity shall be agreed to by the certification body and client prior to the conduct of the audit Note: observers can be members of the client‘s organization, consultants, witnessing accreditation body personnel, regulators or other justified persons.

b. Guide: Each audit shall be accompanied by a guide, unless otherwise agreed to by the audit team leader and the client. Guides are assigned to the audit team to facilitate the audit. 

Establish contacts and interview timings



Arrange visits to the areas to be audited



Ensure that safety rules are followed by the audit team



Witness the audit on behalf of the auditee



Providing the clarification or assisting in collecting information.

Note: The audit team shall ensure that observers and guides do not influence or interfere in the audit process or outcome of the audit.

TVE CERT

Issue Date: SEP 2015

232

Quality Management Systems Auditor / Lead Auditor Training Course

5. Assigning responsibility for an individual audit to the audit team leader

The person managing the audit programme should assign the responsibility for conducting the individual audit to an audit team leader. The assignment should be made in sufficient time before the scheduled date of the audit, in order to ensure the effective planning of the audit.

To ensure effective conduct of the individual audits, the following information should be provided to the audit team leader: 

audit objectives



audit criteria and any reference documents



audit scope, including identification of the organizational and functional units and processes to be audited



audit methods and procedures



composition of the audit team



contact details of the auditee, the locations, dates and duration of the audit activities to be conducted



allocation of appropriate resources to conduct the audit



information needed for evaluating and addressing identified risks to the achievement of the audit objectives. The assignment information should also cover the following, as appropriate: 

working and reporting language of the audit where this is different from the language of the auditor or the auditee, or both



audit report contents and distribution required by the audit programme



matters related to confidentiality and information security, if required by the audit programme



any health and safety requirements for the auditors



any security and authorization requirements



any follow-up actions, e.g. from a previous audit, if applicable



co-ordination with other audit activities, in the case of a joint audit.

TVE CERT

Issue Date: SEP 2015

233

Quality Management Systems Auditor / Lead Auditor Training Course

6. Code of Conduct – Confidentiality

All auditors are expected to comply with a code of conduct which emphasises the need for professionalism, confidentiality and behaviour which will harm neither the auditor‘s company nor the IRCA‘s public image. Any breach of this should be reported by the auditee to the IRCA. The UKAS also monitors auditor performance and this includes compliance with the code of conduct. The Code of Conduct is given in Appendix III of IRCA 602 - reproduced in 6 below)

7. Audit Principles

Auditing is based on five principles. It is a prerequisite to adhere to these principles for providing audit conclusions that are relevant to the management policies & control, thus providing information upon which the organization can act to improve performance. The principles also help reaching similar conclusions under similar circumstances.

The 6 Principles are: 

Integrity: Obligation to report truthfully and accurately



Fair Presentation: (Audit findings, audit conclusions & audit reports to be accurate & truthful. Unresolved diverging opinions & significant obstacles between audit team & auditee to be reported)



Due Professional care: Diligence & judgement in auditing



Confidentiality: Security of information

Auditors should exercise discretion in the use and protection of information acquired in the course of their duties. Audit information should not be used inappropriately for personal gain by the auditor or the audit client, or in a manner detrimental to the legitimate interests of the auditee. This concept includes the proper handling of sensitive or confidential information TVE CERT

Issue Date: SEP 2015

234

Quality Management Systems Auditor / Lead Auditor Training Course



Independence: The basis for impartiality & objectivity of audit conclusion



Evidence based Approach: The rational method when audit findings & conclusions are based on audit evidence (verifiable & based on appropriate sampling)

8. IRCA Code of Conduct It is a condition of certification that you agree to act in accordance with, and be bound by the following IRCA Code of Conduct:

1. To act in a strictly trustworthy and unbiased manner in relation to both the organisation to which you are employed, contracted or otherwise formally engaged (the audit organisation) and any other organisation involved in an audit performed by you or by personnel under your direct control. 2. To disclose to your employer any relationships you may have with the organisation to be audited before undertaking any audit function in respect of that organisation. 3. Not to accept any inducement, gift, commission, discount or any other profit from the organizations audited, from their representatives, or from any other interested person nor knowingly allow personnel for whom you are responsible to do so. 4. Not to disclose the findings, or any part of them, of the audit team for which you are responsible or of which you are part, or any other information gained in the course of the audit to any third party, unless authorised in writing by both the auditee and the audit organization to do so. 5. Not to act in any way prejudicial to the reputation or interest of the audit organisation. 6. Not to act in any way prejudicial to the reputation, interests or credibility of IRCA.

TVE CERT

Issue Date: SEP 2015

235

Quality Management Systems Auditor / Lead Auditor Training Course

7. In the event of any alleged breach of this code, to co-operate fully in any formal enquiry procedure.

TVE CERT

Issue Date: SEP 2015

236

Quality Management Systems Auditor / Lead Auditor Training Course

COMPETENCE & EVALUATION OF AUDITORS A competent Auditor is one who demonstrates personal attributes (as tested below) and the ability to apply the appropriate generic & specific knowledge & skill gained thorough education, work experience, auditor training & audit experience.

1.

Personal Behaviour

An auditor needs to possess the necessary quality to enable the performance of audit activities: a. ethical, i.e. fair, truthful, sincere, honest and discreet b. open-minded, i.e. willing to consider alternative ideas or points of view c. diplomatic, i.e. tactful in dealing with people d. observant, i.e. actively aware of physical surroundings and activities e. perceptive, i.e. instinctively aware of and able to understand situations f. versatile, i.e. adjusts readily to different situations g. tenacious, i.e. persistent and focused on achieving objectives h. decisive, i.e. reaches timely conclusions based on logical reasoning and analysis i.

self-reliant, i.e. acts and functions independently while interacting effectively with others

j.

acting with fortitude, i.e. able to act responsibly and ethically, even though these action may not always be popular and may sometimes result in disagreement or confrontation

k. open to improvement i.e. willing to learn from situations, and striving for better audit results l.

culturally sensitive, i.e. observant and respectful to the culture of the auditee

m. collaborative, i.e. effectively interacting with others, including audit team members and the auditee‘s personnel

TVE CERT

Issue Date: SEP 2015

237

Quality Management Systems Auditor / Lead Auditor Training Course

2. Generic Knowledge & Skills of Auditors Auditors should possess the knowledge and skills in the following areas:

a. Audit Principle, Procedures and Methods 

apply audit principles, procedures, and methods



plan and organize the work effectively



conduct the audit within the agreed time schedule



prioritize and focus on matters of significance



collect information through effective interviewing, listening, observing and reviewing documents, records and data



understand and consider the experts‘ opinions



understand the appropriateness and consequences of using sampling techniques for auditing



verify the relevance and accuracy of collected information



confirm the sufficiency and appropriateness of audit evidence to support audit findings and conclusions



assess those factors that may affect the reliability of the audit findings and conclusions



use work documents to record audit activities



document audit findings and prepare appropriate audit reports



maintain the confidentiality and security of information, data, documents and records



communicate effectively, orally and in writing (either personally, or through the use of interpreters and translators)



understand the types of risks associated with auditing.

b. Comprehend the audit scope & apply Audit criteria. 

management system standards or other documents used as audit criteria



the application of management system standards by the auditee and other organizations, as appropriate

TVE CERT

Issue Date: SEP 2015

238

Quality Management Systems Auditor / Lead Auditor Training Course



interaction between the components of the management system



recognizing the hierarchy of reference documents



application of the reference documents to different audit situations.

c. Organizational Context 

Organizational types, governance, size, structure, functions



General business and management system concepts



Cultural and social aspects

d. Applicable Laws, Regulations & Other Requirements. 

laws and regulations and their governing agencies



basic legal terminology



contracting and liability

3. Sector Specific Knowledge & Skills of QMS Auditors

Knowledge and skills related to the discipline and the application of disciplinespecific methods, techniques, processes and practices should be sufficient to enable the auditor to examine the management system and generate appropriate audit findings and conclusions.

Examples are as follows:  terminology relating to quality, management, organization, process and product,

characteristics,

conformity,

documentation,

audit

and

monitoring

and

measurement processes  customer

focus,

measuring of

customer-related

processes,

customer satisfaction, complaints handling, code of

conduct, dispute resolution  leadership – role of top management, managing for the sustained success of an organization – the quality management approach, TVE CERT

Issue Date: SEP 2015

239

Quality Management Systems Auditor / Lead Auditor Training Course

realizing financial and economic benefits through management of quality, quality management systems and excellence models  involvement of people, human factors, competence, training and awareness  process approach, process analysis, capability and control techniques, risk treatment methods  system approach to management (rationale of quality management systems, quality management systems and other management system focuses, quality management system documentation), types and value, projects, quality plans, configuration management  continual improvement, innovation and learning  factual approach to decision making, risk assessment techniques (risk

identification,

analysis

and evaluation), evaluation of quality

management (audit, review and self-assessment), measurement and monitoring techniques, requirements for measurement processes and measuring equipment, root cause analysis, statistical techniques  characteristics of processes and products, including services  mutually beneficial supplier relationships, quality management system requirements and requirements for products, particular requirements for quality management in different sectors

a. Generic Knowledge & Skills of Audit Team Leaders

Audit team Leaders in addition to the generic & specific knowledge & skills required by Auditors, Audit team Leader should be able to:

TVE CERT

Issue Date: SEP 2015

240

Quality Management Systems Auditor / Lead Auditor Training Course

a. balance the strengths and weaknesses of the individual Audit team members b. develop a harmonious working relationship among the audit team members c. manage the audit process, including 

planning the audit and making effective use of resources during the audit



managing the uncertainty of achieving audit objectives



protecting the health and safety of the audit team members during the audit, including ensuring compliance of the auditors with the relevant health, safety and security requirements



organizing and directing the audit team members



providing direction and guidance to auditors-in-training



preventing and resolving conflicts, as necessary

d. represent the audit team in communications with the person managing the audit programme, audit client and auditee e. lead the audit team to reach the audit conclusions f. prepare and complete the audit report

b. Knowledge and skills for auditing management systems addressing multiple disciplines

Auditors who intend to participate as an audit team member in auditing management systems addressing multiple disciplines should have the competence necessary to audit at least one of the management system disciplines and an understanding of the interaction and synergy between the different management systems.

Audit team leaders conducting audits of management systems addressing multiple disciplines should understand the requirements of each of the management system standards and recognize the limits of their knowledge and skills in each of the disciplines.

TVE CERT

Issue Date: SEP 2015

241

Quality Management Systems Auditor / Lead Auditor Training Course

c. Education, Work Experience, Auditors Training & Audit Experience of Auditors.



Education to provide the generic & specific knowledge & skills



Work experience in a technical, managerial & / or professional position involving judgment, problem solving, communication.

This may be in the field of – 

Quality Management System



Completion of Auditor Training



Audit experience as an Audit Team Member.



Additional Audit Experience required to be gained while acting in the role of an Audit Team Leader under the direction & guidance of another Auditor who is competent as an Audit Team Leader. Depending on the Audit programme higher or lower level trainings for Auditors & Lead Auditors may be appropriate.

d. Audit team leaders An audit team leader should have acquired additional audit experience to develop the knowledge and skills described in 7.2.3 (19011:2011). This additional experience should have been gained by working under the direction and guidance of a different audit team leader.

4. Auditors Competence Evaluation 

The auditor evaluation is to be defined in the audit programme procedures. The evaluation process should identify training & others skills enhancement needs.



This Evaluation is done in different stages -

Initial evaluation

-

Evaluation as part of the audit team selection process

-

Continual evaluation & identification of training & skill

TVE CERT

Issue Date: SEP 2015

242

Quality Management Systems Auditor / Lead Auditor Training Course

Appendix 2: Evaluation Methods

Evaluation method

Objectives

Examples

Review of records

To verify the background of the auditor.

Analysis of records of education, training, employment and audit experience.

Feedback

To provide information about how the performance of the auditor is perceived.

Surveys, questionnaires, personal references, testimonials, complaints, performance evaluation, peer review.

Interview

To evaluate personal attributes and communication skills, to verify information and test knowledge and to acquire additional information.

Face-to-face and telephone interviews.

Observation

To evaluate personal attributes and the ability to apply knowledge and skills.

Role playing, witnessed audits, on the job performance.

Testing

To evaluate personal attributes and knowledge and skills and their application.

Oral and written exams, psychometric testing.

Post-audit review

To provide information where direct observation may not be possible or appropriate.

Review of the audit report and discussion with the audit client, auditee, and colleagues and with the auditor.

5. Conducting the evaluation

The information are collected about the person & compared against the criteria set. In case, a person does not meet the criteria, additional training, work & / or audit experience may be required following which there should be a re-evaluation.

6. Maintenance & Improvement of Auditor Competence

The auditor & audit team leaders should maintain them AC & CPD. The auditing competence is achieved through regular participation in Management TVE CERT

Issue Date: SEP 2015

243

Quality Management Systems Auditor / Lead Auditor Training Course

system audits & continual professional development. This may be achieved by additional work experience, training, private study, coaching, attendance at meetings, seminars & conferences or other relevant activities.

FOR REFERENCE:

Major differences in terminology between ISO 9001:2008 and ISO 9001:2015

ISO 9001:2008

ISO 9001:2015

Products

Products and services Not used

Exclusions

(See Clause A.5 for clarification of applicability) Not used

Management representative

(Similar responsibilities and authorities are assigned but no requirement for a single management representative)

Documentation, quality manual, documented procedures, records

Documented information

Work environment

Environment for the operation of processes

Monitoring and measuring equipment

Monitoring and measuring resources

Purchased product

Externally provided products and services

Supplier

External provider

TVE CERT

Issue Date: SEP 2015

244

We hope you enjoyed your course You will be contacted by the CQI and IRCA for feedback on the course and your Approved Training Partner. Completing this short survey will help to ensure the continuing high standards of these courses.

The CQI and IRCA offer a range of services to support you throughout your career. For more information, please visit www.quality.org

www.quality.org/training