Scribd
Upload
57 views

Action Items Are Carried Out: A) All The Auditors Are Properly Briefed On Their Tasks and Responsibilities

The document provides guidance for auditors to follow before, during, and after an audit. It outlines steps the lead auditor should take before a site visit, including ensuring auditors are briefed on their roles and distributing the audit plan to the auditee. It describes how auditors should collect objective evidence through documentation reviews, interviews, and observations. Auditors must document any nonconformities found and discuss corrective actions with the auditee's management.

Uploaded by

syedumarahmed52
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
57 views

Action Items Are Carried Out: A) All The Auditors Are Properly Briefed On Their Tasks and Responsibilities

The document provides guidance for auditors to follow before, during, and after an audit. It outlines steps the lead auditor should take before a site visit, including ensuring auditors are briefed on their roles and distributing the audit plan to the auditee. It describes how auditors should collect objective evidence through documentation reviews, interviews, and observations. Auditors must document any nonconformities found and discuss corrective actions with the auditee's management.

Uploaded by

syedumarahmed52
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Before the site visit audit, the lead auditor should ensure that the following

action items are carried out:


a) All the auditors are properly briefed on their tasks and responsibilities.

Difference between audit client and auditee?


Documented information pertaining to the audit should be retained? What documented
information?
b) The audit plan and documented information review report have been sent to the auditee. (Does
auditor sends it or lead auditor sends it)?
The audit report should be issued within an agreed period of time.
The audit report should then be distributed to the relevant interested parties defined in the audit
programme or audit plan.
When distributing the audit report, appropriate measures to ensure confidentiality should be
considered.

The audit team and the individual(s) managing the audit programme should not disclose any
information obtained during the audit, or the audit report, to any other party without the explicit
approval of the audit client and, where appropriate, the approval of the auditee.
If disclosure of the contents of an audit document is required, the audit client and auditee should
be informed as soon as possible. (Give example for clarification please)?

The audit checklists prepared by the Audit team during the document review and pre-
audit should be put to effective use during auditing. Checklists should serve as an aid to
audit planning while on-site. The Audit Team can use the completed checklist to
support the audit report to ensure its comprehensiveness.
Using an Audit Checklist is NOT A MANDATORY REQUIREMENT, but it is
strongly RECOMMENDED

Audit Plan
The audit plan should be communicated to the auditee and audit team members.
The plan should be reviewed and approved by the auditee and any revision should
be agreed between the parties concerned before or during the audit.
Audit Scope:
 Description Of The Physical And Virtual-Locations
 Organizational Units
 Activities and processes, as well as the time period covered.

Audit Program/Audit Plan:


 An audit program, also called an audit plan has a description of the activities and arrangements
for an audit.

Objective Evidence
 Data supporting the existence or verity of something
 Note 1 to entry: Objective evidence can be obtained through observation, measurement, test, or
by other means.
 Note 2 to entry: Objective evidence for the audit (3.1) generally consists of records, statements
of fact, or other information that are relevant to the audit criteria (3.7) and verifiable.
Examples of Objective Evidence
 Test log
 Test report
 Review report
 Non-conformance report
 Witness statement
 In information systems: audit trail
 Quality metric (example: in software development, code defect density - defects per thousand
lines of code)
 Any anomalies identified by an audit are documented in non-conformance reports. For a non-
conformance report to be credible it must be backed up by objective evidence

Example:
Auditor: Did you test the system?
Auditee: Yes.
Auditor: Sounds good, can you please provide me with your test plans, test designs, test cases,
test results, test reports together with records of the resolution of all test anomalies identified.

Audit Criteria
 Set of requirements (3.23) used as a reference against which objective evidence (3.8) is compared
 Note 1 to entry: If the audit criteria are legal (including statutory or regulatory) requirements, the words
“compliance” or “non-compliance” are often used in an audit finding (3.10).
 Note 2 to entry: Requirements may include policies, procedures, work instructions, legal requirements,
contractual obligations, etc.

Audit Evidence
Audit evidence has traceability, it is such evidence which enables an outside person as if he himself
was present during the audit
 Records, statements of fact or other information, which are relevant to the audit criteria (3.7) and
verifiable.

4.15.4 Collecting Verifiable Evidence


Auditors must collect verifiable evidence. The overall system can be audited
systematically by

a)Using matrices and well-prepared checklists.


b) By reviewing the appropriate data, records, and reports.
c) Interviewing the personnel directly involved in the activity.
d) By observing how an activity is being performed

The auditor also should note the good practices of the auditee organization

It may include information obtained from previous audits, provided that the
auditor has determined whether changes have occurred since the previous
audit that would affect its relevance to the current audit or information
obtained from the firm’s procedures for client acceptance and continuance.

Audit evidence is collected via audit procedures

There are seven types of audit procedures, and the purpose of the process
typically dictates which one is used:

 Inspection. Auditors collect evidence by inspecting physical assets, records, or


documents.
 Observation. Auditors observe the client’s business processes and operations to
identify deficiencies.
 Inquiry. Auditors talk with the client’s senior management to gain a deeper
understanding of business processes for the auditing process. Inquiry alone,
however, isn’t considered sufficient audit evidence to reduce the risk.
 External confirmation. This involves obtaining written or oral responses from third
parties, such as customers, suppliers, or financial institutions.
4.15.6 Various Audit Trails
Auditors will need to establish the methods before commencing the auditing. In
most cases, single or a combination of methods is used at different areas,
activities or stages of the audit.
Process Trail Method
This is suitable for any organization where the functional departments interact closely
or are heavily interdependent on each other.The Auditor may: Trace forward by
obtaining random sample/s of contract or customer order and follow the contract
through the organization established management system. This can be used to
determine whether customers requirements such as product specifications, customer
property (where applicable), measuring and monitoring requirements, product
preservation methods are met and whether the organization conforms with ISO 9001
requirements, applicable regulatory and statutory requirements and other audit
criteria.
Trace backward by taking random sample/s of completed products, customer
complaints, returned products and determine whether the organization has
performed the required process, measuring and monitoring methods and maintain
records for these products and whether the organization conforms with ISO 9001
requirements, applicable regulatory and statutory requirements and other audit
criteria.
Horizontal Audit Trail using ISO 9001
Horizontal audit focuses on one element of ISO 9001 at a time to audit horizontally
across the organization's departments for conformance to the element. Upon
completion of an element, the auditor moves on to the next applicable requirements.
This method is suitable for small organizations
4.15.6.4 Vertical Audit Trail using organizational structure# Vertical audit focuses on
each department of the organization to audit all requirements of ISO 9001 vertically
through all the clauses for conformance by the department. Upon its completion,
move on to the next applicable requirements. This method is suitable for large
organizations

Audit Techniques: Interviewing or Inquisition (Gathering Objective Evidence)


In most audits a significant portion of the auditor’s time is spent on gathering
information from auditees. The remaining time is used for gathering information from
documents and audit review with other auditors. Gathering information from
auditees forms the major part of the audit. It is where the auditors make
observations, collect data and interview employees.
Relevant audit notes must be taken to ensure that accurate information is being recorded.

Information obtained through interviews and observation should be verified by


acquiring the same information from other independent sources such as documented
procedures, records or measurements.
Audits can use either judgment-based sampling (see A.6.2) or statistical sampling
The decision of sample size is heavily dependent on Auditor’s skills, experience,
statistical knowledge and time available for the audit
The following guidelines should be used for determining the sampling size during an
audit:
f) Competence of the Auditee performing the activity.
b) The number of different or similar activities.
c) The number of locations where the activity is performed.

Whether the activity is customer specified requirements or governed by statutory


or regulatory requirements.

4.15.7 Reporting Audit Results


The two types of nonconformance that are typically reported (see chapter 7) are
nonconformance and observation. Audit results should be based on fact obtained during
the audit that are substantiated by objective, verifiable evidence accumulated during the
audit process
Verifiable evidence accumulated includes qualitative and quantitative information,
records, data and statements made during interviews that support the observation.
The auditor should sign the CAR form and discuss it at a convenient time with the
appropriate management representative, who shall be asked to sign the CAR to record its
acceptance by the company. If at any time the company is able to provide acceptable
corrective action against a CAR, then the action may be verified and the CAR closed out by
the lead auditor.
Prior to the closing meeting, the lead auditor should conduct a discussion with the audit
team on matters arising during the audit. He or she should ensure that all aspects of the
system have been covered. A nonconformance summary sheet should be prepared to
cover all CARs, signed or unsigned by the appropriate management representative.
Closing Meeting (Very Imp, study this in great detail)
In the closing meeting, the lead auditor shall perform the following tasks:

Thank the staff of the assessed company for their assistance and cooperation.
b) Circulate an attendance sheet for record purposes.
c) Present,
discuss and obtain signatures on any outstanding CARs. The responsibility of
proposing corrective actions should always lie on the auditee but not the audit team.
d) Presentan objective overview of the results of the audit. This can be done by going
through the recommendation section of the audit report.
e) Arrange a provisional revisit date, if necessary.
f) Informthe company that the certification audit is based on sample and there could be
deficiencies/nonconformance in areas that have not been audited.
g) Inform the company that it will be notified of the results of the audit directly
from the certification body.
h) Close the meeting. Leave a copy of each signed CAR with the company so
that it can initiate corrective actions.

You might also like