ISO 9001:2015

Lead Auditor Course

PARTICIPANT GUIDE
IQMS LEARNING LIMITED
Document Name: ISO 9001:2015 Lead Auditor Course - Participant Guide
Document ID: Participant Guide Q3-LA-IRCA 9153 Issue 1 2021
Date of Issue: January 2021
© COPYRIGHT
IQMS LEARNING
All rights reserved

No part of this work may be reproduced or copied in any form or by any means
(graphic, electronic or mechanical, including photocopying, recording, taping or
information retrieval systems) without the written permission of IQMS Learning
or as otherwise permitted by the operation of the law.

Opinions expressed by or on behalf of IQMS Learning Limited (“IQMS

LEARNING”) in this publication or during the course of any training provided by
IQMS LEARNING is provided as general guidance only and does not amount
to formal legal or other professional advice. IQMS LEARNING does not warrant
the accuracy or completeness of information given or its fitness for any
particular purpose. To the extent permitted by law IQMS Learning accepts no
liability for any claims for loss or damage whether caused by its negligence (or
that of any of its agents or employees) or otherwise.
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CONTENTS

Training with IQMS LEARNING ............................................................................................v

Introduction .......................................................................................................................... vii
Course Overview ................................................................................................................ viii
MODULE 1: QUALITY MANAGEMENT FUNDAMENTALS ................................................... 1
Module 1 Introduction: Quality Management Fundamentals .............................................. 2
Purpose & Benefits of a Quality Management System ........................................................ 3
Quality Terms & Definitions .................................................................................................. 7
Compliance and Conformity ................................................................................................. 9
Quality Management Standards ......................................................................................... 11
ISO 9001:2015 QMS Structure .......................................................................................... 13
MODULE 2: QUALITY MANAGEMENT CONCEPTS ............................................................ 15
Module 2 Introduction: Quality Management Concepts .................................................... 16
Introduction ......................................................................................................................... 17
Quality Management Principles .......................................................................................... 18
Activity 1: Quality Management Principles ......................................................................... 19
Process Approach .............................................................................................................. 21
Plan-Do-Check-Act (PDCA) Cycle ..................................................................................... 23
Risk-Based Thinking........................................................................................................... 25
MODULE 3: AUDITING QUALITY MANAGEMENT SYSTEMS ............................................ 27
Module 3 Introduction: Auditing Quality Management Systems ....................................... 28
Audit Process ..................................................................................................................... 29
Categories of Audits ........................................................................................................... 32
Types of Audits ................................................................................................................... 34
Role of Third-Party Bodies and Certification ...................................................................... 36
Framing a Quality Management System Audit ................................................................... 37
MODULE 4: AUDITING CLAUSE 4: CONTEXT OF THE ORGANISATION......................... 43
Module 4 Introduction: Auditing Clause 4: Context of the Organisation ........................... 44
Overview of Clause 4: Context of the Organisation ........................................................... 45
Organisational Context ....................................................................................................... 46
Activity 2: Determine Internal and External Issues ............................................................. 48
Interested Parties ............................................................................................................... 52
Scope of Quality Management System .............................................................................. 54
Quality Management System and Its Processes ............................................................... 56
Activity 3: Determine Evidence Requirements ................................................................... 58
MODULE 5: AUDITING CLAUSE 5: LEADERSHIP .............................................................. 61
Module 5 Introduction: Auditing Clause 5: Leadership...................................................... 62
Overview of Clause 5: Leadership ..................................................................................... 63
Activity 4: Auditing Leadership and Commitment ............................................................... 70
MODULE 6: AUDITING CLAUSE 6: PLANNING .................................................................. 73
Module 6 Introduction: Auditing Clause 6: Planning ......................................................... 74
Overview of Clause 6: Planning ......................................................................................... 75
Activity 5: Auditing Quality Policy and Objectives .............................................................. 80

www.iqmslearning.co.uk i
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 7: AUDITING CLAUSE 7: SUPPORT .................................................................... 85

Module 7 Introduction: Auditing Clause 7: Support ............................................................ 86
Overview of Clause 7: Support ........................................................................................... 87
Activity 6: Auditing Resources ............................................................................................ 97
MODULE 8: AUDITING CLAUSE 8: OPERATION ................................................................ 99
Module 8 Introduction: Auditing Clause 8: Operation ....................................................... 100
Overview of Clause 8 ....................................................................................................... 101
Activity 7: Clause 8 Key Requirements – Determine Possible Evidence ......................... 102
MODULE 9: AUDITING CLAUSE 9: PERFORMANCE EVALUATION ............................. 123
Module 9 Introduction: Auditing Clause 9: Performance Evaluation ................................ 124
Overview of Clause 9 - Performance Evaluation ............................................................. 125
Monitoring, Measurement, Analysis and Evaluation ........................................................ 126
Activity 8: Auditing Quality Performance Evaluation ........................................................ 129
Activity 9: Auditing the Audit Programme ......................................................................... 135
MODULE 10: AUDITING CLAUSE 10: IMPROVEMENT .................................................... 139
Module 10 Introduction: Auditing Clause: 10 Improvement ............................................. 140
Overview of Clause 10: Improvement .............................................................................. 141
Potential Improvement Opportunities ............................................................................... 142
Activity 10: Clause Identification ....................................................................................... 147
MODULE 11: ISO 19011 GUIDANCE FOR AUDITING ........................................................ 151
Module 11 Introduction: ISO 19011 Guidance for Auditing ............................................. 152
Overview of ISO 19011 .................................................................................................... 153
Auditing Terms and Definitions ........................................................................................ 156
Principles of Auditing ........................................................................................................ 159
Activity 11: Auditor Attributes............................................................................................ 161
Roles and Responsibilities ............................................................................................... 163
Activity 12: Roles and Responsibilities ............................................................................. 167
Activity 13: Audit Objective, Scope and Criteria ............................................................... 171
Auditor Competencies ...................................................................................................... 173
Activity 14: Auditor Competencies .................................................................................... 176
Auditor Evaluation ............................................................................................................ 184
MODULE 12: AUDIT PLANNING & PREPARATION ........................................................... 199
Module 12 Introduction: Audit Planning & Preparation ................................................... 200
Overview of Audit Activities .............................................................................................. 201
Initiate the Audit ................................................................................................................ 202
Prepare for the Audit ........................................................................................................ 204
Performing the Document Review .................................................................................... 208
Activity 15: Document Review .......................................................................................... 209
Activity 16: The Audit Plan................................................................................................ 214
Activity 17: Audit Checklist ............................................................................................... 227
MODULE 13: PERFORMING THE AUDIT ............................................................................ 229
Module 13 Introduction: Performing the Audit ................................................................. 230
Performing the Audit ......................................................................................................... 231
Conducting the Opening Meeting ..................................................................................... 232
Activity 18: Opening Meeting ............................................................................................ 234

ii www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Managing Communication ................................................................................................ 238

Activity 19: Personality Types .......................................................................................... 245
Conducting Interviews ...................................................................................................... 253
Collecting and Verifying Information ................................................................................. 254
Activity 20: The Audit ........................................................................................................ 258
MODULE 14: REPORTING AUDIT OUTCOMES ................................................................. 261
Module 14 Introduction: Reporting Audit Outcomes ....................................................... 262
Audit Findings ................................................................................................................... 263
Activity 21: Nonconformity Reporting ............................................................................... 269
The Closing Meeting......................................................................................................... 278
Activity 22: Closing Meeting and Reporting ..................................................................... 282
MODULE 15: AUDIT FOLLOW-UP ....................................................................................... 287
Module 15 Introduction: Audit Follow-up ......................................................................... 288
Preparing the Audit Report ............................................................................................... 289
Distributing the Audit Report ............................................................................................ 292
Completing The Audit ....................................................................................................... 294
Conducting Audit Follow-up ............................................................................................. 295
Activity 23: Audit Report & Corrective Action ................................................................... 299
Optional / Additional Corrective Action Test ..................................................................... 302

www.iqmslearning.co.uk iii
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

TRAINING WITH IQMS LEARNING GLOBAL

LEARNING THAT SUPPORTS BUSINESS NEEDS
IQMS Learning provides training services that address key business
management needs, including:
• Quality Management
• Occupational Health and Safety
• Environmental Management
• Information Security
• Food Safety
• Risk, Compliance and Governance
• Six Sigma and Business Improvement
• Auditing
• Management Systems Improvement Programmes

NATIONALLY AND INTERNATIONALLY RECOGNISED

TRAINING
IQMS Learning provides nationally & internationally recognised training.

Many courses are approved by professional bodies including the CQI and IRCA
Certified Training (Certified training), Institute of Environmental Management and
Assessment (IEMA), British Retail Consortium (BRC) and Highfields
Qualifications.

CONTACT IQMS LEARNING GLOBAL

Email: [email protected]

Customer Support: +44 (0)191 516 6191

Website: www.iqmslearning.co.uk

www.iqmslearning.co.uk v
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

DO YOU HAVE SPECIFIC TRAINING NEEDS IN YOUR

BUSINESS?
We can develop face-to-face or online training solutions for you
Need nationally and internationally recognised training?

Public Training – Face to Face

• Our public training runs all year round across the UK

• Venues in accessible locations
• Gain knowledge, develop skills and build networks
• Training programmes are delivered by qualified professionals and subject-
matter experts

Enjoying your training? Think there would be a benefit for more of your staff to
attend?

In-house and customised training

• Address your team or company’s specific skills gaps, challenges and

opportunities in the most appropriate format
• We’ll come to you! Convenient training and/or coaching will be delivered at
a time and location convenient for your team
• Cost effective method for training groups of employees
• Receive the highest standards of specific shared learning and
understanding within your team
• Examples and context can be tailored to your organisation and industry
• Build a curriculum to meet your capability needs including bespoke
Blended Leaning Solutions with competence verification
• Ensure learning is aligned to your organisation’s objectives

We now offer many courses across OHS, Quality, Environmental Management and
Food Safety online!

Blended Learning Curricula, Virtual Remote Delivery of all face to face training
courses and Online e-Learning Modules

• Employs best practice scenario-based learning – put yourself in their shoes

• Learn at your own pace from any computer
• Great for learning from remote areas
• Tremendous flexibility and less downtime from work
• All Blended, Virtual Remote and e-Learning courses can lead towards a
recognised qualification

vi www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

INTRODUCTION
IQMS Learning is pleased to welcome you to this course and hopes it will meet
your expectations and further your objectives.

This five-day training course, Lead Auditor Quality Management Systems, is

certified through CQI and IRCA Certified training (Certified training) and meets
the Certification criteria for the CQI and IRCA Certified training ISO 9001:2015
Auditor/Lead Auditor Training course (Quality Management Systems).

www.iqmslearning.co.uk vii
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

COURSE OVERVIEW
PURPOSE
• To provide students with the knowledge and skills required to perform an audit of a quality
management system based on ISO 9001 and to report on the effectiveness of
implementation and performance outcomes of the management system in accordance with
recognised auditing guidelines in ISO 19011

• Satisfies the training requirements to support your application for CQI membership and/or
for registration as a qualified Auditor with the CQI and IRCA Certified training Scheme,
should you wish to do so.

TARGET AUDIENCE
This course is designed for people who need to conduct external audits of
quality management systems.

Typically, professionals such as:

• Individuals who want to obtain a formal qualification to add to their internal
auditing experience
• Individuals interested in conducting first-party and second-party audits
• Individuals leading their companies to ISO 9001 certification
• Business Managers, Quality Managers, Engineers, and Consultants
• Want to become a Certified Quality Management Systems Auditor through
their relevant certifying body such as CQI and IRCA Certified training

LEARNING OUTCOMES
Upon completion of this course, students will be able to:
• Explain the purpose of a Quality Management System
• Explain the purpose of the ISO 9000 Standards
• Explain the audit process including planning, conduct, reporting and follow-
up phases
• Conduct a process-based audit of a Quality Management System against
the requirements of ISO 9001

viii www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PRIOR KNOWLEDGE
It is a CQI and IRCA Certified training requirement that students are expected
to have the following prior knowledge:

a) Management systems

• The Plan, Do, Check, Act (PDCA) cycle

• The core elements of a management system and the interrelationship
between top management responsibility, organisational context, quality
policy & objectives, planning, implementation, measurement, review and
correction, corrective actions and emerging risks/opportunities to drive
continuous improvement

b) Quality management
• The fundamental concept of the relationship between quality management
and customer/stakeholder satisfaction and the seven quality management
principles (see ISO 9000):
─ Customer focus
─ Leadership
─ Engagement of people
─ Process approach
─ Improvement
─ Evidence-based decision making
─ Relationship management

c) ISO 9001

• Knowledge of the requirements of ISO 9001 and the commonly used

quality management terms and definitions, as given in ISO 9000, which
may be gained by completing a CQI and IRCA Certified training QMS
Foundation Training course or equivalent.

www.iqmslearning.co.uk ix
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

COURSE RECOGNITION
CERTIFICATION: CQI and IRCA Certified Training

This course is based on the certification criteria for CQI and IRCA
Certified training ISO 9001:2015 Auditor/Lead Auditor Training course
(Quality Management Systems).

On completion, successful students will have the knowledge and skills to:

ISO 9001:2015 AUDITOR/LEAD AUDITOR TRAINING COURSE

(QUALITY MANAGEMENT SYSTEMS)
Knowledge
• Explain the purpose of a quality management system, of quality
management systems standards, of management system audit, of third-
party certification and the business benefits of improved performance of
the quality management system.
• Explain the role and responsibilities of an auditor to plan, conduct, report
and follow-up a quality management system audit in accordance with
the requirements of ISO 9001
Skills
• Plan, conduct, report and follow-up an audit of a quality management
system to establish conformity (or otherwise) with ISO 9001 and in
accordance with ISO 19011, and ISO/IEC 17021, as applicable.

Successful students will receive a Certificate of Achievement as objective

evidence that you have attended the complete course, passed the continuous
assessment and passed the written assessment.

Students who successfully complete this Lead Auditor Quality Management

Systems course will satisfy part of the training requirements for initial
certification as a CQI and IRCA Certificated QMS Auditor.

Further information may be found at www.quality.org

x www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

ASSESSMENT REQUIREMENTS

ASSESSMENT METHOD
Students who attend this course in its entirety will receive a Certificate of
Attendance.

Students wishing to receive a formal Certificate of Successful Completion for

this course are required to complete the required formal assessments
associated with this course including the final written assessment.

The assessment has been devised to correspond with the requirements of the
associated qualification/units of competency, including skills and knowledge.

STUDENT SUPPORT
If you are unclear or concerned with any aspect of the assessments for this
course, please talk with your trainer.

Ask your trainer for any further information, assistance or feedback. They are
also available to undertake alternative or additional assessments (including
reasonable adjustment), should you require it. Please ask to speak to your
trainer privately if you need to discuss your individual needs.

www.iqmslearning.co.uk xi
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

ASSESSMENT: IN-CLASS ASSESSMENT ACTIVITIES

The Participant Guide contains a number of assessment activities that are
mapped to the certification for this course. As students work through these
activities in class the trainer will record outcomes in a class Assessment
Record, with the activity debrief used to encourage students to consider how
they would apply the learning in the workplace.

If you are unclear about any aspect of course assessments, please talk with
your trainer. All assessments are marked by a qualified assessor. For each
assessment task you will be marked as “Satisfactory” or “Unsatisfactory”. On
final completion of all assessment requirements of this course the assessor will
determine if you are Competent or Not Yet Competent. If you are deemed not
yet competent your trainer will discuss with you additional or alternative
assessments. You will be provided with the opportunity to submit additional
assessment evidence.

CONTINUOUS ASSESSMENT
Throughout the course, students will undergo a continuous assessment
process based on trainer observation of students’ level and quality of
engagement and participation and the quality of outputs from selected
group/individual written activities.

This includes attendance, contribution to team work, attitude and demonstrated

satisfactory completion of the following in-class assessment activities.

IN-CLASS ASSESSMENT ACTIVITIES

Activity 1: Quality Management Principles
Activity 2: Determine Internal and External Issues
Activity 3: Determine Evidence Requirements
Activity 4: Auditing Leadership & Commitment
Activity 5: Auditing Quality Policy and Objectives
Activity 6: Auditing Resources
Activity 7: Clause 8 Requirements - Determine Possible Evidence
Activity 8: Auditing Quality Performance Evaluation
Activity 9: Auditing the Audit Programme
Activity 10: Clause Identification
Activity 11: Auditor Attributes

xii www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

IN-CLASS ASSESSMENT ACTIVITIES cont...

Activity 12: Roles and Responsibilities
Activity 13: Audit Objective, Scope & Criteria
Activity 14: Auditor Competencies
Activity 15: Document Review
Activity 16: The Audit Plan
Activity 17: Audit Checklist
Activity 18: Opening Meeting
Activity 19: Personality Types
Activity 20: The Audit
Activity 21: Nonconformity Reporting
Activity 22: Closing Meeting and Reporting
Activity 23: Audit Report and Corrective Action

ASSESSMENT: END OF COURSE ASSESSMENT

At the end of the course you must complete a CQI and IRCA certified training
written assessment consisting of short answer questions. You are required to
attain at least 70% for successful completion of this written assessment.

www.iqmslearning.co.uk xiii
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PROGRAMME MAP

DAY 1 DAY 2 DAY 3 DAY 4 DAY 5

Quality Auditing ISO 19011 Performing the Audit

Management Clause 7: Guidance for Audit Follow-up
Fundamentals Support Auditing

Quality Auditing
Clause 8: Audit Planning Reporting Audit
Management Outcomes
Concepts Operation & Preparation

Auditing QM Auditing
Systems Clause 9:
Performing the
Performance
Audit
Auditing Evaluation
Clause 4:
Context of the Auditing
Organisation Clause 10:
Improvement
Auditing
Clause 5: ISO 19011
Leadership Guidance for
Auditing
Auditing
Clause 6:
Planning

xiv www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PROGRAMME SCHEDULE
Day 1
START TIME LENGTH TOPIC
8:30 am 30 mins Welcome and Introductions
9.00 am 60 mins Module 1: Quality Management Fundamentals
10.00 am 15 mins Morning Break
10.15 am 60 mins Module 2: Quality Management Concepts
11.15 am 45 mins Module 3: Auditing Quality Management Systems
Module 4: Auditing Clause 4: Context of the
12:00 pm 30 mins
Organisation
12.30 pm 45 mins Lunch Break
1:15 pm 30 mins Module 4: Auditing Clause 4: - continued
1:45 pm 90 mins Module 5: Auditing Clause 5: Leadership
3.15 pm 15 mins Afternoon Break
3:30 pm 75 mins Module 6: Auditing Clause 6: Planning
4.45 pm 15 mins Day Close Out
Day 2
START TIME LENGTH TOPIC
8:30 am 15 mins Review Day 1
8.45 am 45 mins Module 7: Auditing Clause 7: Support
10.00 am 15 mins Morning Break
10:15 am 120 mins Module 8: Auditing Clause 8: Operation
12.15 pm 45 mins Lunch Break
Module 9: Auditing Clause 9: Performance
1.00 pm 90 mins
Evaluation
2:30 pm 15 mins Afternoon Break
2.45 pm 60 mins Module 10: Improvement
3.45 pm 60 mins Module 11: ISO 19011 Guidance for Auditing
4.45 pm 15 mins Day Close Out

www.iqmslearning.co.uk xv
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Day 3
START TIME LENGTH TOPIC
8:30 am 30 mins Review Day 2
9:00 am 60 mins Module 11: ISO 19011 Guidance for Auditing
10.00 am 15 mins Morning Break
10:15 am 120 mins Module 12: Audit Planning & Preparation
12.15 pm 45 mins Lunch Break
1.00 pm 120 mins Module 13: Performing the Audit
3:00 pm 15 mins Afternoon Break
3:15 pm 90 mins Module 13: Performing the Audit
4.45 pm 15 mins Day Close Out
Day 4
START TIME LENGTH TOPIC
8:30 am 30 mins Review Day 3
9:00 am 60 mins Module 13: Performing the Audit
10.00 am 15 mins Morning Break
10:15 am 120 mins Module 13: Performing the Audit
12.15 pm 45 mins Lunch Break
1.00 pm 120 mins Module 13: Performing the Audit
3:00 pm 15 mins Afternoon Break
3:15 pm 75 mins Module 14: Reporting Audit Outcomes
4.30 pm 30 mins Day Close Out
Day 5
START TIME LENGTH TOPIC
8:30 am 30 mins Review Day 4
9:00 am 60 mins Module 15: Audit Follow-up
10.00 am 15 mins Morning Break
10:15 am 60 mins Module 15: Audit Follow-up
11:15 am 60 mins Revision and Written Assessment Instructions
12.15 pm 45 mins Lunch Break
1.00 pm 150mins Written Assessment
3:30 pm 15 mins Afternoon Break
Next steps including CQI and IRCA Certified
3:45 pm 30 mins
training Registration and course feedback
4.15 pm Close
Please note: the course timings are estimates only. The exact times for all breaks may
vary slightly dependent on time and finish times of the course, and the needs of students.

xvi www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

ICON REGISTER

LEARNING ACTIVITY
Where you see this icon, you are required to
complete an in-class activity

NOTES

www.iqmslearning.co.uk xvii
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

xviii www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 1:
Quality Management
Fundamentals

www.iqmslearning.co.uk 1
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 1 DAY 1
INTRODUCTION:
Quality Management
QUALITY MANAGEMENT Fundamentals
FUNDAMENTALS
Quality Management
Concepts

Auditing QM Systems

Auditing Clause 4:
Context of the
Organisation

Auditing Clause 5:
Leadership

Auditing Clause 6:
Planning

Estimated duration: Approximately 1 hour

Background Module 1 is intended to encourage students to review the fundamentals of
information: quality management.
Module • Explain the purpose of a quality management system (QMS)
objectives:
• Describe the organisational benefits of a quality management system
• Explain the key terminologies used in the quality management
discipline and ISO 9001:2015
• Explain the difference between compliance and conformance in an
audit context
• Describe the quality management family of standards
• Describe how the family of standards relates to quality.
Slides: 18 – 25
Activities: No activities in Module 1

2 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PURPOSE & BENEFITS OF A QUALITY MANAGEMENT

SYSTEM
Managing the quality of products, services and processes to meet the needs
and expectations of interested parties is critical to the long-term success of an
organisation.

An organisation’s quality management system must support the achievement

of goals and objectives leading to long-term success.

PURPOSE

The purpose of a quality management system is to:

• Ensure outcomes meet the needs and expectations of interested parties,
including the organisation itself, its customers and other key stakeholders
• Improve products, services, processes and performance outcomes.

The ISO 9001 Quality Management Systems international standard specifies

the requirements of a quality management system where an organisation needs
to demonstrate its ability to consistently provide products and services that meet
customer and applicable statutory and regulatory requirements.

A quality management system must provide value for the organisation and its
interested parties. Consistent with the organisation’s quality policy, the intended
outcomes of a quality management system include:

• Enhancement of performance
• Meet customer needs and expectations
• Meet applicable compliance obligations, and
• Fulfil quality objectives.

www.iqmslearning.co.uk 3
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

BENEFITS OF A QUALITY MANAGEMENT SYSTEM

The development and implementation of a formal quality management system

brings many advantages to the implementing organisation, including:
• Encouraging a proactive approach to understanding and managing the
inherent risks that exist within the organisation in relation to the context of
the organisation, strategy, the management system, products, services
and processes
• Enabling the development of structured processes, designed to mitigate
and control those risks
• Enabling the organisation to meet the needs and expectations of interested
parties in a consistent manner
• Facilitating continual improvement using the results generated from formal
internal/external audit and review processes
• Realising cost benefits through enhanced assurance and reliability of
products, services and processes.
• Supporting the successful delivery of the organisation’s strategic direction,
such as revenue and margin growth (for example)
• Improve products, services and processes
• Enhance strategic, business, management system and process
performance whilst effectively managing key risks and known failures, (i.e.
Improvement)
• Meet applicable regulatory and/or legal compliance obligations
• Fulfil quality policy & objectives
• Help manage other planned changes in the organisation and/or its system
or structure

4 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

GROUP DISCUSSION
What does the term “Quality” mean to you?

What do you believe is the purpose of the Quality Management Standard ISO
9001?

Can you identify any additional benefits of implementing a formal QMS?

www.iqmslearning.co.uk 5
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

What are the business benefits of a certified QMS?

Who do you believe should be involved in the QMS?

6 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

QUALITY TERMS & DEFINITIONS

Some terminology used within the Quality Management family of standards has
been standardised to align with other management system standards, to
provide an overall common” language across all management systems
standards.

Some terminology is specific to the Quality Management discipline.

The guideline standard ISO 9000 Quality Management Fundamentals and

Vocabulary provides guidance on the definitions of terms used in the quality
management family of standards.

The following table outlines several key terms and definitions used in Quality
Management.

TERM DEFINITION
Audit A systematic and independent examination of a process or
quality management system to determine the extent to
which the audit criteria (requirements) are fulfilled.
Conformity The fulfilment of a specified requirement.
Continual A recurring activity to improve or enhance some aspect of
improvement a process, product or service.
Corrective
An action to reduce or eliminate an identified problem.
action
Documented Information maintained to provide instructional guidance
information and retained to provide evidence of results or outcomes.
Effectiveness The extent to which the outcomes have fulfilled
requirements.
Inspection The measurement, examination or testing of one or more
characteristics of a product, service or process outcome to
determine whether conformity to requirements has been
achieved.

www.iqmslearning.co.uk 7
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

TERM DEFINITION
Interested A person or organisation that can affect, be affected by or
party perceive itself to be affected by a decision or activity.
Management A framework of processes used by an organisation to
system ensure it can fulfil requirements and achieve required goals
and objectives.
Measurement A process to determine a value, (usually for comparing
results with specified requirements.
Monitoring Determining the status of a system, a process, a product, a
service or an activity
Nonconformity The non-fulfilment of a specified requirement.
Organisation An organised group of people that is structured and
managed to meet a need or pursue a goal and related
objectives.
Process A set of interrelated or interacting activities that use inputs
to deliver an intended result. NOTE: all processes have the
following characteristics; inputs, activities, outputs,
resources, interested parties and management controls for
all the aforementioned characteristics
Product A tangible output produced or resulting from a series of
interrelated activities.
Quality The characteristics of a product, service or process that
determine its ability to satisfy stated or implied needs.
Note: This is a subjective term. Each person, organisation
or sector will have its own definition.
Quality policy Documented information maintained by an organisation
providing direction in relation to the standard of quality
required to fulfil obligations and meet quality related
objectives.
Quality A quality related outcome to be achieved.
objective
Requirement A need or expectation that is stated, generally implied or
obligatory.
Risk The effect of uncertainty, (i.e. potential damage &
likelihood)
Service An intangible output performed at the interface between the
organisation and the customer.
Top A person or group of people who directs and controls an
management organisation at the HIGHEST level.

8 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

COMPLIANCE AND CONFORMITY

The aim of a quality management system is to ensure an organisation can
provide a product or service that complies with applicable statutory and
regulatory requirements and conforms to stated requirements.

An organisation is responsible for ensuring legal compliance requirements are

met.

An auditor is responsible for:

• Evaluating an organisation’s quality management system, and
• Determining the level of conformance to the requirements of ISO 9001.

The terms compliance and conformity are often misunderstood.

• Compliance means to act in accordance with another’s requirements,
requests, rules or wishes and in terms of obligations. Legal compliance
relates to external factors imposed on the organisation such as laws or
regulations. Compliance with laws is mandatory.
• Conformity means to follow or adhere to something. Conformity relates to
internal factors or guidelines with which the organisation has elected to
conform, such as standards of behaviour or quality performance targets.

In management system terms, conformity can mean that the system is being
followed correctly without deficiency. Hence the term nonconformity indicates
where there is a deviation from the system’s specified requirements.

Note: effectiveness is a measure of customer or interested party satisfaction

regarding the outcomes from the system and/or the outputs from the process.

www.iqmslearning.co.uk 9
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

An organisation demonstrates conformance with its stated quality policy and

quality objectives and process criteria through monitoring, measurement,
analysis, evaluation and improvement of the quality management system. It
does this by:
• Planning, (i.e. setting purpose, objectives, criteria, targets, KPI’s, etc for
the system and its processes)
• Checking, (i.e. reviewing, monitoring and/or measuring)
• Reporting
• Data analysis
• Performance evaluations, (conformance, compliance, effectiveness)
• Audits and third-party assessments
• Management reviews of the implemented management system
• Correction, corrective actions taken and management of emerging risks
• Demonstrated continual improvement.

Standards do specify requirements for the design of a QMS but standards do

not lay down requirements for how quality management is to be implemented.
How implementation of a quality management system is carried out and
managed will vary between organisations, depending on the size of the
organisation, quality policy and the organisation’s activities.

10 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

QUALITY MANAGEMENT STANDARDS

INTERNATIONAL ORGANISATION FOR STANDARDISATION (ISO)

The International Organisation for Standardisation (ISO) based in Geneva,

Switzerland, has long provided international product standards. In 1987, it
responded to pressures for an international standard for quality management
by publishing the ISO 9000 series. This established a benchmark for the
management of quality assurance. It has changed the role and significance of
ISO in a major way.

ISO 9000 – QUALITY MANAGEMENT SYSTEMS – FUNDAMENTALS AND

VOCABULARY

Introduces Quality Management Systems and the vocabulary of quality

management terminology.

ISO 9001 – QUALITY MANAGEMENT SYSTEMS – REQUIREMENTS

ISO 9001 specifies the requirements for Quality Management Systems for use
where an organisation’s capability to provide conforming products and services
needs to be demonstrated. If an organisation is seeking certification, this is the
standard that will be used.

ISO 9004– MANAGING FOR THE SUSTAINED SUCCESS OF AN

ORGANISATION – A QUALITY MANAGEMENT APPROACH

Provides guidance to organisations to support the achievement of sustained

success by a quality management approach. It is applicable to any organisation,
regardless of size, type and activity.

It is not intended for certification, regulatory or contractual use, (although on

occasions some sector schemes, or specific contracts may invoke certain good
practices in 9004 as expectations/requirements placed on the organisation).

www.iqmslearning.co.uk 11
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

ISO 9000 SERIES OF STANDARDS

ISO NUMBER ABBREVIATED TITLE

Quality Management System (QMS)

ISO 9000 Quality management systems - Fundamentals and vocabulary

ISO 9001 Quality management systems - Requirements

Managing for the sustained success of an organisation - A quality

ISO 9004
management approach

Discipline Specific Guideline Standards

Quality management - customer satisfaction - Guidelines for codes of
ISO 10001
conduct for organisations

Quality management - customer satisfaction - Guidelines for complaint

ISO 10002
handling in organisations

Quality management - customer satisfaction - Guidelines for dispute

ISO 10003
resolution external to organisations

Quality management - customer satisfaction - Guidelines for

ISO 10004
monitoring and measuring

ISO 10005 Quality management - Guidelines for quality plans

ISO 10006 Quality management - Guidelines for quality in project management

ISO 10007 Quality management - Guidelines for configuration management

Quality management - Customer satisfaction - Guidelines for business

ISO 10008
to consumer electronic commerce transactions

Measurement management systems - Requirements for

ISO 10012
measurement processes and measuring equipment

ISO/TR
Guidelines for developing quality management system documentation
10013

ISO 10015 Quality management - Guidelines for training

Guidelines for the selection of quality management system

ISO 10019
consultants and use of their services

ISO 19011 Guidelines for auditing management systems

ISO 31000 Risk management - Principles and Guidelines

Note: Many industries (including aerospace, education, and healthcare) have

developed an industry specific version of ISO 9001 retaining the requirements
of ISO 9001 and adding with specific requirements relevant to their industry.

12 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

ISO 9001:2015 QMS STRUCTURE

The ISO 9001 Standard has been designed to address the organisation’s
requirements for product, service and process quality with the intent of
enhancing performance and improving customer satisfaction.

ISO 9001:2015 QUALITY MANAGEMENT STANDARD STRUCTURE

Introduction

1. Scope

2. Normative references

3. Terms and definitions

4. Context of the organisation

4.1 Understanding the organisation and its context
4.2 Understanding the needs and expectations of interested
parties
4.3 Determining the scope of QMS
4.4 Quality management system and its processes

5. Leadership
5.1 Leadership and commitment
5.2 Policy
5.3 Organisational roles, responsibilities and authorities

6. Planning
6.1 Actions to address risks and opportunities
6.2 Quality objectives and planning to achieve them
6.3 Planning of changes

www.iqmslearning.co.uk 13
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

7. Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information

8 Operation
8.1 Operational planning and control
8.2 Requirements for products and services
8.3 Design and development of products and services
8.4 Control of externally provided processes, products and
services
8.5 Production and service provision
8.6 Release of products and services
8.7 Control of nonconforming outputs

9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review

10 Improvement
10.1 General
10.2 Nonconformity and corrective action
10.3 Continual improvement

ANNEX SL FRAMEWORK

The ISO 9001:2015 Standard reflects the structure defined in Annex SL, issued
by ISO in 2012, intended to define the framework for the development of all
management system standards.

The Annex SL represents the high-level structure. All new ISO management
system standards adhere to this framework. All current management system
standards will migrate to the framework at their next revision.

The intent is to provide a consistent format and clause numbering approach,

with much of the same core text. This approach will enable organisations to
more easily implement a single system addressing multiple standards.

14 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 2:
Quality Management Concepts

www.iqmslearning.co.uk 15
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 2 DAY 1
INTRODUCTION:
Quality Management
QUALITY MANAGEMENT Fundamentals
CONCEPTS
Quality Management
Concepts

Auditing QM Systems

Auditing Clause 4:
Context of the
Organisation

Auditing Clause 5:
Leadership

Auditing Clause 6:
Planning

Estimated Approximately 1 hour

duration:
Background Module 2 defines the key concepts that underpin quality management
information: standards and explains how quality management can influence an
organisations products, services and processes.
Module • Describe quality management principles and their intent to provide best
objectives: practice guidance to organisations
• Describe the process approach and how it is used by organisations to
manage their processes effectively
• Describe the PDCA cycle and how it is used by organisations to manage
quality
• Explain risk-based thinking and the value it provides to determine the range
and type of controls needed to manage processes and systems.
Slides: 26 – 31
Activities Activity 1: Quality Management Principles, page 19

16 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

INTRODUCTION
There are several concepts that underpin the quality management discipline,
each intended to provide guidance to organisations on how best to manage
quality.

Quality management concepts are incorporated in the different quality

standards, outlining what organisations should consider when determining how
best to implement a quality management system, that will facilitate the
consistent achievement of a quality product or service.

A quality management system auditor needs to understand these concepts and

the influence they have in the design, development, implementation, and
ongoing management of a quality management system.

Quality management concepts include the following.

• Following quality management principles for best practice guidance
• Adopting a process approach to plan processes and their interaction
• Applying the Plan Do Check Act (PDCA) cycle to all processes to ensure
they are adequately resourced and managed, and opportunities for
improvement are determined and acted on
• Applying risk-based thinking to determine what factors could cause
processes and the quality management system to deviate from the
planned results and put in place preventive controls to minimise negative
effects and make maximum use of opportunities as they arise.

www.iqmslearning.co.uk 17
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

QUALITY MANAGEMENT PRINCIPLES

The Quality Management Standards are based on seven quality management
principles. These describe the way organisations work and are embedded in
what an organisation does to achieve the organisation’s goals and objectives.

A quality management principle is a comprehensive and fundamental

rule/belief, for leading and operating an organisation, aimed at continually
improving performance over the long term by focusing on customers while
addressing the needs of all other stakeholders.

The application of the quality principles is intended to provide direct benefits to

an organisation and make an important contribution to cost and risk
management.

The quality management principles are intended to assist an organisation to

achieve their stated quality objectives:
• Customer focus
• Leadership
• Engagement of people
• Process approach
• Evidence-based decision making
• Improvement
• Relationship management.

18 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 1: Quality Management Principles

Overview:

Much of the content of ISO 9001:2015 is based on the concepts that underpin
the quality management principles and the generic PDCA management cycle.

Task:

In your team, review the quality management principles and related definitions
provided in the table.

For each principle identify 2 clauses of ISO 9001:2015 that relate to this
principle

Be prepared to share your work with the group.

www.iqmslearning.co.uk 19
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PRINCIPLE DEFINITION CLAUSE NUMBER

Customer focus The primary focus of the organisation is to meet

customer requirements and to strive to exceed
customer expectations.

Leadership Leaders at all levels establish unity of purpose

and direction. Strong leadership enables
employees to achieve the quality objectives of
the organisation.

Engagement of People at all levels in the organisation are

people trained, competent, empowered and actively
engaged in their role.

Process approach Activities are understood and managed as

interrelated processes that function as a
coherent system.

Improvement The organisation has a focus on continuous and

ongoing improvement.

Evidenced-based Decisions are based on the analysis and

decision making evaluation of data and information.

Relationship The organisation manages its relationships with

management interested parties, such as suppliers and
partners.

20 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PROCESS APPROACH
The Quality Management Standards promote the adoption of a process
approach when developing, implementing and improving the effectiveness of a
quality management system, to enhance customer satisfaction by meeting
customer requirements.

WHAT IS A PROCESS APPROACH?

The process approach involves the systematic definition and management of

processes, and their interactions, to achieve the intended results in accordance
with the quality policy and strategic direction of the organisation.

Understanding and managing interrelated processes as a system contributes

to the organisation’s effectiveness and efficiency in achieving its intended
results. This approach enables the organisation to control the interrelationships
and interdependencies among the processes of the system, so that the overall
performance of the organisation can be enhanced.

www.iqmslearning.co.uk 21
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MATERIALS
PEOPLE
& EQUIPMENT
Competence
Vendor Management
Training
Asset Management
Succession Planning

INPUTS Procure Resources OUTPUTS

Objectives Product / Service
Requirements “comprising a series of Results
Legal Obligations tasks & activities” Data

MEASURES
METHODS Performance Targets
Documents Maintained Monitoring Performance
Documents Retained Measuring Performance
Corrective Action

Figure 1: Process Elements Diagram Using Procurement Example

22 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PLAN-DO-CHECK-ACT (PDCA) CYCLE

The Plan-Do-Check-Act (PDCA) cycle is an ongoing, iterative process that
enables an organisation to establish, implement and maintain its quality policy
based on top management’s leadership and commitment to the quality
management system.

The methodology can be applied to all processes and the quality management
system as a whole, with each phase of the cycle traceable to one or more
clauses in the ISO 9001 Standard.

The PDCA cycle is shown below.

Figure 2: The PDCA Cycle

www.iqmslearning.co.uk 23
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PLAN - CLAUSES 4, 5, AND 6

Establish an ongoing planning process that enables the organisation to:

• Establish the organisation’s context, issues, risks opportunities
• Determine the scope of the Quality Management System and the
processes needed
• Create management structures
• Assign roles and responsibilities with sufficient authority
• Identify quality requirements and set internal performance criteria where
appropriate
• Set quality objectives and formulate program(s) to achieve them
• Develop and use performance indicators.

DO - CLAUSES 7 AND 8 (NOTE: 7 IS THE LINK BETWEEN HAVING

PLANS AND THE CAPABILITY TO DO THEM)

Implement and operate the quality management system and:

• Provide adequate resources
• Train employees and ensure their awareness and competence
• Establish processes for internal and external communication
• Establish and maintain documentation
• Establish and implement document control(s)
• Establish and maintain operational control(s)
• Determine customer requirements and interactions with customers
• Design and development of goods and services
• Control of external provision of products and services
• Release of products and services
• Control of nonconforming outputs.

CHECK – CLAUSE 9

Assess quality management system processes including:

• Conduct ongoing monitoring, measurement, analysis and evaluation
• Evaluate status of conformity
• Conduct periodic internal audits
• Re-context and Conduct management reviews of the quality management
system at appropriate intervals
• Manage records.

ACT – CLAUSE 10

Review and act to improve the quality management system:

• Identify nonconformity and areas for improvement and take corrections,
corrective actions and manage emerging risks
• Continually improve by applying PDCA to improvement initiatives

24 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

RISK-BASED THINKING
WHAT IS RISK-BASED THINKING?

The concept of ‘risk’ in the context of ISO Standards relates to the uncertainty
in achieving objectives and has always been implicit in previous versions of ISO
9001. The 2015 version makes it more explicit and builds it into the whole
management system.

In the context of ISO 9001, risk-based thinking requires organisations to adopt

a systematic approach for the assessment, control, communication and review
of risks in relation to the quality of process outcomes, products and services
throughout their life-cycle – from planning to post -delivery support.

Note that ISO 9001 does not stipulate the requirement for formal methods for
risk management or a documented risk management process. Organisations
can decide whether to develop a more extensive risk management
methodology than is required by ISO 9001 through the application of other
guidance or standards such as ISO 31000 Risk Management.

The Quality Management Standard specifies requirements for the organisation

to understand its context and determine risks as a basis for planning,
representing the need to apply risk-based thinking to planning and
implementing quality management system processes.

www.iqmslearning.co.uk 25
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

LEVELS OF RISK

When managing the quality of process outcomes or results, not all the
processes represent the same level of risk in terms of the organisation’s ability
to meet its objectives. The consequences of nonconformity of product or
services will vary widely depending on the type of business, from minor
inconvenience to the customer to far-reaching and even fatal outcomes.

Each organisation is responsible for the application of its defined appetite for
risk. This needs to be reflected the level and type of controls it implements to
address risks and manage process performance.

ROLE OF THE AUDITOR

The role of an auditor is:

• To confirm that the organisation has adopted risk-based thinking when
planning and implementing their quality management system, and
• The risk-based thinking approach is effective in facilitating a consistent and
compliant outcome that meets the needs of interested parties.
• Organisations have different appetites for risk, therefore as auditors you
will see a wide variation of the degrees of management time, effort and
controls applied to Risk.

In general, an auditor can reasonably expect to evaluate how;

• The organisation, management system, processes, projects, contracts,
suppliers, products and services may be exposed to risk, determines areas
of risk and/or decides/represents degrees of risk.
• Risk is considered from the beginning – e.g. Context of the Organisation,
Strategic Direction, integration between business processes and QMS
processes
Risk-based thinking influences:
• Determination and prioritisation of risks
• Decisions if and how to address risks
• Types and levels of control needed, (e.g. Treatment, Transfer,
Termination, or Toleration & contingency preparedness)
• Management and implementation control of planned actions
• Verification of the effectiveness of responses to risks, (i.e. risk is confirmed
as being managed to a pre-planned acceptable level)

Note: Generally speaking, “The higher the risk, the more control is needed”

26 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 3:
Auditing Quality Management
Systems

www.iqmslearning.co.uk 27
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 3 DAY 1
INTRODUCTION:
Quality Management
AUDITING QUALITY Fundamentals
MANAGEMENT SYSTEMS
Quality Management
Concepts

Auditing QM Systems

Auditing Clause 4:
Context of the
Organisation

Auditing Clause 5:
Leadership

Auditing Clause 6:
Planning

Estimated Approximately ¾ hour

duration:
Background Provide a brief outline of the approach used and related considerations when
information: conducting a quality management audit.
Module • Provide an overview of the audit process (plan, conduct, report and follow-
objectives: up) in accordance with ISO19011
• Explain the differences between a first-party, second-party and third-party
certification audits and the role of the auditor
• Describe the categories and types of audits
• Determine the key considerations when framing a quality management
system audit.
Slides: 32 - 36
Activities No activities included in the module.

28 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDIT PROCESS
OBJECTIVE OF AN AUDIT

The main objective of an audit is to validate and confirm the extent to which an
organisation is fulfilling its quality obligations and overall requirements against
specified criteria which include internal and external requirements.

AUDITING THE QUALITY MANAGEMENT SYSTEM

When auditing a quality management system, the auditor needs to follow a

formalised schedule in order to cover the management system adequately.
Consider:
• The organisational context such as the organisation size, location and
other environmental factors, internal & external issues and risks &
opportunities the organisation is facing or is planning to face
• Past, current and future quality related performance
• Knowledge and experience of auditors, and
• Maturity of the quality management system.

AUDIT METHODOLOGY

Audits require a defined set of criteria or requirements. Requirements are then

compared to policy, procedure, work instruction or work practice to determine
whether there is conformity.

STAGES

The audit process has four key stages:

1. Planning
2. Performing
3. Reporting
4. Following up

Note: The Follow-up stage only occurs if the audit reveals nonconformities.

Within each stage there are several tasks designed to ensure the audit is
conducted in accordance with the organisation’s defined approach, and within
the defined boundaries of the audit scope, objective and criteria.

www.iqmslearning.co.uk 29
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Below is a summary of each stage with key tasks discussed.

PLANNING THE AUDIT

The planning stage involves several key tasks to ensure the audit team is
prepared for the audit.
• Initial contact with the auditee organisation
This is intended to confirm authority to conduct the audit and provide
relevant information pertaining to the audit including the objective, scope
and criteria. The auditor should also conduct some remote research about
the organisation e.g. their website, public financial accounts, for example
• Prepare an audit plan
Determine arrangements for the audit including scheduled meetings,
timeframes, key audit activities and reporting processes.
• Assign work to the audit team
Assign work to each audit team member in accordance with their skills and
knowledge, experience.
• Conduct a document review
The audit team leader reviews the quality management system
documentation, such as the output policies and procedures, to check
whether the audit criteria have been met. This can be done prior to the
audit or on the day of the audit as each requirement is addressed.
• Preparation of work document (guidance tools, checklists, etc.)
Each audit team member prepares audit work documents to guide the
auditor through the requirements of the audit criteria. The work document
is used to record objective evidence and reporting categories.

PERFORMING THE AUDIT

This stage involves several key tasks to ensure the audit is completed in
accordance with planned arrangements.
• Opening meeting
The opening meeting is conducted with senior management of the
organisation is to set the scene, introduce the auditors and confirm the
audit arrangements. The format for the meeting should be relative to the
type of audit and audience in attendance.
• Collect evidence
Collect evidence through interviews, observations, review of documents
and records, (face to face interviews and/or remote/virtual review of info)
• Evaluate evidence
The audit team evaluates the evidence gathered during the audit and
decides whether the system conforms to the audit criteria.
• Present findings in a closing meeting
The closing meeting is held with senior management of the organisation to
advise them of the audit results. It is usually a formal meeting where an
attendance record and minutes are taken.

30 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

REPORTING AUDIT OUTCOMES

This stage involves two key tasks to ensure the audit results are reported in a
timely manner.
• Complete a draft audit report
The draft audit report includes a summary of the audit findings, how well
the organisation is meeting its quality objectives and related targets with
positive feedback on the overall quality management system where
appropriate.
• Distribute the audit report
Distribute the audit report within the agreed timeframe and in accordance
with client instructions.

CONDUCTING AUDIT FOLLOW-UP

This stage involves conducting a follow-up audit to ensure audit

nonconformities are resolved in a timely manner.
• Conduct a follow-up audit
Once nonconformities have been corrected, the organisation advises the
auditor/auditing body that they are ready for a follow-up audit. The scope
of the follow-up audit is limited to an investigation of the identified
nonconformities.

The follow-up audit is to verify that all necessary actions in response to

nonconformities, i.e. correction, corrective actions and associated
emerging risks have been planned, effectively implemented and verified
as such by the responsible auditee(s).

If the auditor verifies sufficient evidence to confirm all actions have been
taken and are effective then he/she will close out the nonconformities,
update the audit report conclusions and summary.
Then the auditor should discuss and plan the next steps, which for a 3rd
party certification audit would usually be some type of monitoring
surveillance type of audit to ensure the continued suitability and
effectiveness of the certificated management system.

www.iqmslearning.co.uk 31
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CATEGORIES OF AUDITS
Audits categories can vary in their depth and scope. The relationship between
the auditor and the auditee also varies according to the type of audit being
conducted. An auditor should be clear about the class and type of audit being
performed, as this will have an impact on the preparation of the audit and the
structure of the audit team.

CATEGORIES OF AUDITS

There are two main categories of audits. These are:

• Internal, and
• External.

INTERNAL AUDITS

An internal audit is where an organisation is performing an audit upon its own

systems, procedures and facilities. This is often referred to as a first-party audit.

Auditors are generally used from within the organisation or, in some instances,
hired as subcontractors.

The internal audit is often viewed as a health check for the organisation,
identifying performance, needs, strengths and weaknesses.

It is widely recognised that an effective internal audit has the greatest potential
to identify improvement opportunities within the organisation.

Similarly, it is recognised that the results of internal audits are not always given
the priority and attention that they deserve.

32 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

EXTERNAL AUDITS

External audits can be further divided into:

• Second-party audits
• Third-party audits.

Second-Party Audits

Second-party audits are performed by an organisation upon its own suppliers

or contractors. This audit is performed to assess the status of contracts to
determine whether the organisation will be receiving what it has specified.

It is not unusual for organisations to conduct audits of customers where there

is potential risk to business and brand name, should a labelled product be
mishandled or misused during the transport/distribution/resale chain, e.g. in the
transportation, storage and handling of chemicals or waste products.

Third-Party Audits

Third-party audits are conducted by external independent organisations. Such

organisations provide certification or registration of conformity with defined
requirements (such as ISO 9001) and may be completed at the customer’s
request.

Audits by statutory or regulatory authorities are undertaken where the

organisation is required to satisfy compliance obligations with statutory and
regulatory requirements.

The diagram below illustrates the relationship between the different audit
categories.

Internal Audits

You Auditing Suppliers Customers Auditing You

e.g.
Figure 3: Audit Categories

www.iqmslearning.co.uk 33
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

TYPES OF AUDITS
TYPES OF AUDITS

There are several types of audits which need to be understood within the audit
function as it will assist with the audit approach that is required for certain audit
techniques to be applied and to meet the defined audit outcomes.

Audit types include:

• Documentation review audit (Desktop – on site OR Remote)
• Process audit
• Product or service audit, and
• System/element audit.

Document Review Audit

This audit is conducted to assess the documentation of a part or the whole of

an organisation.

If conducted:
• Internally, the audit’s purpose is to determine whether the documentation,
procedures and work instructions meet the needs of the business; or
• By an independent body (i.e. a third-party audit), it is the first step of a
certification assessment process. The auditor, an independent body,
carries out this review to assess whether the organisation documentation
meets the requirements of the standard. The review provides a basis for
the third-party auditor to prepare an audit plan and checklist to carry out
the proceeding steps of the certification assessment or audit.

34 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Process Audit

This audit is conducted to examine a process to confirm the:

• Process follows written procedures (if one exists), and
• Desired outcomes are defined, planned and being met.
• Processes are interrelated and performing to expectations

This type of audit may apply to a core, management or support process such
as human resource management. In a process audit, the criteria are
• Documented procedures, flowcharts, process maps
• Defined process objectives and targets/KPI’s
• Work instructions
• Workflows and
• Competency of employees.

Product or Service Audit

This audit is conducted to verify that:

• A product has been manufactured, or a service performed, to specification,
and
• There is evidence that it meets customer requirements.

This type of audit usually leads into audits of processes and records, for
example, product labelling audits.

System/Element Audit

This audit is conducted in specific area of the business management system to

confirm that it complies with the specified requirements of a standard, contract
or legislation.

Specified requirements are usually the elements of the management system.

System audits require the auditor to have knowledge of the appropriate
standard, contract or legislative criteria.

The Lead Auditor is verifying that NO GAPS exist between:

• The standard and the designed system and its processes

• The system, its processes and context of the organisation
• The planned outputs/outcomes of processes/system respectively and the
actual performance results achieved for both.

www.iqmslearning.co.uk 35
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

ROLE OF THIRD-PARTY BODIES AND CERTIFICATION

Certification of a quality management system by a certified body means that the
quality system been scrutinised by an external or independent third-party
auditor. This increases consumer confidence that the system meets the
required standard and specifications.

Registration with a certification body is widely recognised within industry as a

benchmark with management systems and is highly regarded with customers
and stakeholder groups.

ROLE OF THE AUDITOR

The role of the third-party auditor is to:

• Ensure the organisation conforms to specified requirements within their
certification scope
• Assess the level of conformity against requirements associated with the
organisational risks, derived from Context of the Organisation
• Assess previous and current performance in line with planned events, and
form a professional judgement of the levels of likely future Management
System Performance going forward, (i.e. Risk)
• Ensure that the organisation demonstrates effective responses/actions to
NCs and continual improvement.

BENEFITS

For the organisation undergoing audit, the benefits are to demonstrate that they
have:
• invested in managing their organisational risks and positive opportunities
• developed a formal structure to manage such risks, and
• adopted a culture of continual improvement

A QMS is designed to deliver the organisation’s own strategy and positive

response to issues derived from Context of the Organisation just as much as
it delivers customer and other stakeholder satisfaction.

36 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

FRAMING A QUALITY MANAGEMENT SYSTEM AUDIT

INTRODUCTION

All audits are framed through determining the following requirements:

• Audit scope
• Audit objective(s)
• Audit criteria.

Once an audit has been framed this determines the boundaries and extent of
the audit. This assists in planning the audit, enabling the development of a
formal schedule and the identification of any resources required to complete the
audit.

AUDIT SCOPE

The scope of the audit normally refers to the boundaries of the audit which
assists in focusing on the overall audit without being encouraged to go beyond
the agreed boundaries, (with the exception of pursuing key and necessary audit
trails which may be in interfacing processes outside of the formal planned audit
scope – This is very important for professional auditing effectiveness).

A quality audit can apply to a process, product, service, function or physical

location. For example, the audit may apply to the entire organisation or be
limited to a single department or one part of a complex process, a specific
product or service.

www.iqmslearning.co.uk 37
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDIT DEPTH

The depth of the audit refers to the amount of detail that is to be reviewed. For
example, if it is a full depth audit, all components will be verified during the audit
including all related processes, activities and records within the audit scope.

Both the scope and depth must be defined prior to the audit to assist in planning.

In defining scope and depth, it is important to quantify and understand any

current or past quality related issues or problems within the audit scope.

This allows the auditor to prioritise these areas of risk, and audit these areas
first or more frequently in order to:
• Verify the level of effectiveness and conformance with the system; and
• Identify any further risk exposure.

AUDIT OBJECTIVE

The audit objective is the specific purpose for conducting audits. The objective
is usually based on management priorities based on organisational risks.

Audit objectives are outcome and performance based. They must be verifiable
and can be written in many ways to suit the overall audit scope and required
depth of an audit.

Examples of audit objectives include:

• To determine the level of compliance with applicable statutory and/or
regulatory requirements
• To determine conformity with ISO 9001 and system requirements
• To verify supplier conformity with contract terms and conditions
• To confirm effectiveness of [specific processes]
• To identify opportunities to improve product or service delivery methods.

Compliance Audit Objective

The objective of a compliance audit is to determine whether the applicable legal

and regulatory requirements have been met.

The audit may cover the organisation’s level of compliance with license
conditions, and reporting regimes to regulators. Legal and regulatory
requirements differ between states/provinces and therefore the audit focus may
vary.

Product or Service Audit Objective

The objective of a product or service audit is to verify that the marketing claims
or product or service specifications are true and correct.

38 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Process Audit Objective

The objective of a process audit is to verify that the defined method will meet
quality related requirements and expectations of either internal or external
interested parties.

Quality Management System Audit Objective

A quality management system audit, by definition, is a true audit. It is an audit

of an entire quality management system or parts of the quality management
system against defined criteria. A quality management system audit is used to
verify conformity of the system to meet the specified requirements of the ISO
9001 Standard and the issues derived from Context of the Organisation.

AUDIT CRITERIA

Audit criteria are any policies, procedures, standards or other requirements to

which audit evidence is compared. Audit criteria are related to the audit scope
and audit objective which frames the audit.

Once the audit criteria have been assessed against the requirements and
compared against the audit evidence, an overall conclusion can be made on
the effectiveness of such requirements.

For example, if auditing conformity with Human Resource Management, the

audit criteria could include:
• Human resource management policies and procedure
• Human resource management objectives
• Human resources records management requirements
• Competency of employees.

Other examples of criteria can be directly related to ISO 9001 and related
system documentation and can include:
• Management Systems Standards including ISO 9001 Quality Management
System Requirements
• Codes of Practice and/or Guidelines
• Organisation’s quality documented management system.

www.iqmslearning.co.uk 39
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

FEASABILITY OF THE AUDIT

It is important to ensure that the audit objectives can be met and that the audit
will be of benefit to all those concerned. Before authorising an audit, the person
responsible must determine whether the objectives will be met, or whether the
audit is feasible.

When considering audit feasibility, ask:

• Is there sufficient and appropriate information about the subject of the
audit?
• Allotted time available
• Logistics to get around the site, (for the larger or multi-location
organisations)
• Does the auditor have clearance to enter the audit scope?
• Is there adequate co-operation from the auditee?
• What are the key risks to:
▪ The audit going to plan and meeting objectives
▪ The audit team
▪ The auditees (and disruptions to the organisation, department,
function)
▪ H&S of all interested parties.

Where the audit is not considered feasible, the audit programme management,
in consultation with the auditee, must propose a solution acceptable to the audit
client and the auditing body. The feasibility of a certification audit may be
decided after the first stage assessment.

40 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

GROUP DISCUSSION

To ensure an audit is managed effectively in accordance with the objective,

scope and criteria, there are several factors that must be considered when
preparing to conduct an audit.

What factors need to be considered to ensure the security and H&S of the
organisation is not put at risk by your audit visit and that the disruption is
minimised?

What factors need to be considered to ensure the confidentiality of the client's

documents (the client’s documents are protected from loss or misuse)?

What factors need to be considered to ensure the audit process (the auditor is
independent, and the audit process is objective) remains impartial?

What factors need to be considered to ensure the audit remains equitable (the
audit is fair to the client and auditees)?

What factors will influence the audit methods to be used, for example:

• Remote audit using technology to conduct interviews and access records

• Interviews with key staff
• Observation of work undertaken either at the auditee’s workplace or off-
site at a customer site.

www.iqmslearning.co.uk 41
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

42 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 4:
Auditing Clause 4: Context of
the Organisation

www.iqmslearning.co.uk 43
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 4 DAY 1
INTRODUCTION:
Quality Management
AUDITING CLAUSE 4: Fundamentals
CONTEXT OF THE
Quality Management
ORGANISATION Concepts

Auditing QM Systems

Auditing Clause 4:
Context of the
Organisation

Auditing Clause 5:
Leadership

Auditing Clause 6:
Planning

Estimated duration: Approximately 1 hour

Background This module outlines the role of the auditor to confirm the organisation
information: understands the context of the organisation in relation to quality management
and this insight is used to manage the organisation’s operational activities.
Module • Understand how to evaluate the processes used by the organisation to
objectives: determine, understand and document context
• Understand how to evaluate the approach used by the organisation to
determine the needs and expectations of interested parties
• Understand how to determine whether the scope of the organisation’s
quality management system is clearly defined
• Understand how to determine if the organisation has established a
system of processes that can meet the needs and expectations of
interested parties, context of the organisation, and addresses internal
and external issues.
Slides: 38 - 44
Activities • Activity 2: Determine Internal and External Issues, page 48
• Activity 3: Determine Evidence Requirements, page 58

44 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

OVERVIEW OF CLAUSE 4: CONTEXT OF THE

ORGANISATION
Clause 4 is intended to provide insight into the purpose and objectives of the
organisation and ensuring the quality management system is truly integrated
into the organisation.

Clause 4 contains 4 subclauses as follows:

• 4.1 Understanding the organisation and its context
• 4.2 Understand the needs and expectations of interested parties
• 4.3 Determining the scope of the quality management system
• 4.4 Quality management system and its processes.

www.iqmslearning.co.uk 45
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

ORGANISATIONAL CONTEXT
CLAUSE 4.1 UNDERSTANDING THE ORGANISATION AND ITS CONTEXT

The intent of Clause 4.1 is to ensure the organisation has a high-level,

conceptual understanding of the critical issues that can affect, either positively
or negatively, the way the organisation manages its quality obligations.

Issues can be important topics or problems that require debate and discussion,
or changing circumstances that affect the organisation’s ability to achieve the
intended outcomes it sets for its quality management system.

External issues; (i.e. risks and/or opportunities) include:

• Changes in the competitive landscape
• Political issues
• Economic issues
• Environmental issues
• Legal requirements
• Regulatory issues
• Technological changes, both domestic and global.

Internal issues; may involve strategic initiatives, new financial targets or cost
cutting initiatives, risks/opportunities, planned organisational changes, planned
changes to business systems/process and the organisations culture, beliefs,
values or principles.

AUDITOR’S ROLE

An auditor needs to ensure that top management have determined the external
and internal issues, and the outcomes are used as input to organisational
planning processes including:
• Determining the actions needing to be PDCA managed through the
management system in order to address the risks and opportunities
determined from Context of the Organisation and Strategic planning.
• How the Strategic Direction and Business Processes will be aligned and
integrated respectively
• Establishing the quality policy and related objectives with consideration of
these issues to ensure alignment and minimal contradiction or confusion.

46 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 4.1 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation determine possible internal and external
issues that may affect their ability to achieve the intended outcomes
of the quality management system?
2 How does the organisation determine which issues must be
addressed to ensure outcomes can achieved?
3 What approach is used to monitor and review information pertaining
to known internal and external issues?

CLAUSE 4.1 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Organisations do not always use a structured approach to determine all
issues that can have an impact on the organisation’s ability to achieve their
stated quality objectives.
• Organisations do not always use the insight from understanding their
context to influence business planning.
• Organisations may not have a systematic approach to monitor and review
information pertaining to known issues.
Note: Clause 4.1 feeds into clause 6.1 in terms of determining which
Issues are important, whether they are Risks, Opportunities or Known
Failures and which ones the organisation has committed to do something
about. We shall cover this key concept in more detail when we analyse
Section 6 of the standard later today.

www.iqmslearning.co.uk 47
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 2: Determine Internal and External

Issues

Overview:

An organisation must identify the internal and external issues that may affect
their ability to achieve their goals and objectives in relation to the quality of their
products, services and processes.

The PESTLE analysis is a tool that is used to identify and analyse the key
drivers of change in the current environment. PESTLE is mnemonic; it stands
for Political, Economic, Social, Technological, Legal, and Environmental
factors.

The PESTLE analysis can be used by an organisation to facilitate the

identification of potential external issues that may affect the organisation.

Note: SWOT analysis is also often used to determine internal issues in

organisations.

Task:

Use the case study organisation to conduct a PESTLE Analysis. Compile your
analysis using the table on the next page.

Be prepared to share your results with the group.

48 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

INTERNAL ISSUE EXTERNAL ISSUE

www.iqmslearning.co.uk 49
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PESTLE ELEMENT ISSUES

Political
• Government type & policy
• Funding, grants &
initiatives

Economy
• Inflation & interest rates
• Labour & energy costs

Social
• Population, education,
media
• Lifestyle, fashion, culture

Technology
• Emerging technologies
• Information &
communication

Legal
• Regulations & Standards
• Employment law

Environment
• Weather, green & ethical
issues
• Pollution, waste, recycling

50 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

www.iqmslearning.co.uk 51
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

INTERESTED PARTIES
CLAUSE 4.2 UNDERSTAND THE NEEDS AND EXPECTATIONS OF
INTERESTED PARTIES

The intent of Clause 4.2 is to ensure an organisation determines the interested

parties that are relevant to the organisation and understands their needs and
expectations.

One definition of an Interested Party is a person or organisation that has a

vested or perceived interest in the organisation, for example:
• Direct customers and perhaps their customers (e.g. end users)
• Supply chains or outsourced partners
• Regulatory bodies or legal requirements
• Lobbyists, other influencing bodies or groups and,

Not forgetting the organisation’s processes, process managers and staff whom
use the management system.

The insight gained from identifying the information about interested parties, their
needs and expectations is used to influence planning and determine what
outcomes must be achieved and the methods to achieve these outcomes.

AUDITOR’S ROLE

An auditor needs to ensure the organisation has a clear understanding of the

expressed needs and expectations of the most relevant interested parties from
those listed above, and has acquired the knowledge necessary to determine
the organisation’s obligations and the scope/purpose of the management
system.

The ongoing monitoring and review of information relating to these interested

parties needs to be part the approach to ensure the organisation’s
understanding of these expectations remains current.

52 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 4.2 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 What is the process used to determine whether interested parties
are impacted by the activities of the organisation?
2 What is the process for determining the needs and expectations of
these interested parties?
4 How does the organisation monitor and review information relating
to the interested parties and their requirements?

CLAUSE 4.2 AUDIT INSIGHTS

The following are insights relevant to this clause.

• The needs and expectations of determined and prioritised interested
parties such as customers, owners, regulators and employees are
generally well understood and monitored on a regular basis.
• If the organisation can’t demonstrate how this information about interested
parties is used in determining strategy, quality policy/objectives and the
scope and design of QMS processes, then it would most likely constitute
a potentially serious nonconformity.
• If monitoring and review of information pertaining to determined interested
parties is not evaluated on a regular basis, then this would very probably
be a significant audit finding, possibly a Major Nonconformity.

www.iqmslearning.co.uk 53
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

SCOPE OF QUALITY MANAGEMENT SYSTEM

CLAUSE 4.3 DETERMINING THE SCOPE OF THE QUALITY
MANAGEMENT SYSTEM

The intent of the clause is to ensure the organisation defines and documents
the scope of its quality management system.

An organisation may choose to implement the International Standard:

• Across the entire organisation, or
• Within specific parts of the organisation.

AUDITOR’S ROLE

An auditor needs to ensure that the organisation has determined and

documented the boundaries and applicability of the quality management
system, incorporating the following information:
• Description of the types of products and services covered;
• Justification for any situation(s) where any requirement of the standard
cannot be applied

CLAUSE 4.3 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 What factors have influenced the scope and boundaries of the
quality management system?
2 Has the organisation identified those aspects of the business that
are not covered by the scope of the quality management system?
3 Has the scope considered outsourced processes that have an
impact on some aspect of product, service or process quality?

54 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 4.3 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Normally, the scope of a quality management system is defined. However,
outsourced processes are sometimes excluded from the scope but still
have to be managed through the system in accordance with clause 8.4 of
the standard
• New conditions need to be assessed to understand the impact on the
organisation. For example, often scope changes are not realistically
addressed with situations such as:
− company mergers
− new products or services
− new strategic direction, context - internal/external issues, other
business processes, new locations, etc.
• Do not assume that these new conditions are automatically included in the
scope of the quality management system.

www.iqmslearning.co.uk 55
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

QUALITY MANAGEMENT SYSTEM AND ITS

PROCESSES
CLAUSE 4.4 QUALITY MANAGEMENT SYSTEM AND ITS PROCESSES

The intent of Clause 4.4 is to ensure that the organisation establishes,

implements, maintains and continually improves a quality management system,
including the processes needed and their interactions, in accordance with the
requirements of ISO 9001.

How the organisation achieves this outcome is dependent on a number of

variables such as the:
• Size of the organisation
• Geographic disbursement of operations
• Capabilities of the workforce and
• Complexity and nature of work undertaken by the organisation.

AUDITOR’S ROLE

An auditor needs determine if the organisation has:

• Identified the processes needed to provide the required outcomes
(products, services and process results), including inputs, outputs,
sequence and interaction needed for the quality management system
throughout the organisation
• Integrated quality management system requirements into various business
functions, such as:
− design & development of products and services
− procurement of materials and outsources services
− human resource management
− sales and marketing
− production and distribution
− after sales support where applicable.
• Incorporated issues associated with its context into the quality
management system, including determined risks, opportunities and
failures
• Incorporated interested party requirements into the quality management
system.

56 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

An auditor must ensure they do not allow their own opinions to influence how
they evaluate the approach employed by the organisation to achieve the
required outcomes.

The type and level of documented information maintained must be appropriate

to support process operations, and the documented information retained must
be able to provide confidence that processes are carried out as planned and
under controlled conditions.

CLAUSE 4.4 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 What factors influenced the design of the quality management
system and its processes?
2 What factors influenced the type and range of documented
information maintained and retained?
3 How has the organisation aligned the QMS to strategic direction and
integrated quality management requirements into other parts of the
business?
4 How has the organisation implemented quality management
controls for its internal processes and those performed outside the
organisation, including the management of risks and opportunities

CLAUSE 4.4 AUDIT INSIGHTS

The following are insights relevant to this clause.

• The organisation may elect to integrate quality management requirements
into existing operational processes, ensuring the outcomes meet all
business requirements.
• In some instances, quality management systems are developed in
isolation with little or no consultation with business, resulting in a system
that does not align with the needs of the organisation.
• Organisations often address strategic risks, but not through the QMS and
often, risks in individual or sequences of processes are not considered at
all.
• Documented information developed for quality management systems is
based on generic templates acquired from external sources and not
customised to suit the needs of the organisation.
• Documented information is developed for all tasks and activities without
consideration of the competence of people performing the work.

www.iqmslearning.co.uk 57
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 3: Determine Evidence Requirements

Overview:

Clause 4: Context of the Organisation has several requirements that must be

verified with evidence.

An auditor must consider each requirement and determine what evidence would
confirm or verify the organisation has fulfilled each requirement.

Task:

Your trainer will allocate a key requirement of Clause 4 to each team.

Each team must review the information pertaining to their allocated key
requirement and determine a range of suitable evidence that would confirm or
verify the case study organisation has fulfilled the requirements.

Use the table provided to record your notes and be prepared to share your
results with the group.

58 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

KEY REQUIREMENT POSSIBLE EVIDENCE

Clause 4.2
Understand the needs and
expectations of interested parties

Clause 4.3
Determining the scope of the
quality management system

Clause 4.4
Quality management system and
its processes

www.iqmslearning.co.uk 59
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

60 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 5:
Auditing Clause 5: Leadership

www.iqmslearning.co.uk 61
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 5 DAY 1
INTRODUCTION:
Quality Management
AUDITING CLAUSE 5: Fundamentals
LEADERSHIP
Quality Management
Concepts

Auditing QM Systems

Auditing Clause 4:
Context of the
Organisation

Auditing Clause 5:
Leadership

Auditing Clause 6:
Planning

Estimated
1 ½ hours
duration:
Background This module outlines the role of the auditor to confirm the commitment of top
information: management to the standard of quality outlined in the quality policy and
related objectives, ongoing focus on customer requirements, with the
necessary responsibility and authority assigned to the relevant roles within
the organisation.

Module • Understand how to confirm the commitment and participation of top

objectives: management to the establishment of an effective quality management
system
• Understand how to evaluate the approach used to by the organisation to
develop the quality policy
• Understand how to confirm the quality policy reflects the purpose and
context of the organisation and supports its strategic direction and is
integrated with other business processes
• Understand how to evaluate the approach used by top management to
ensure the focus of the organisation remains firmly on customer
requirements, whilst fulfilling legal obligations
• Understand how to evaluate the approach employed by top
management to ensure roles, responsibilities and authorities are
established and communicated throughout the organisation.
Slides: 45 - 49
Activities: Activity 4: Auditing Leadership and Commitment, page 70

62 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

OVERVIEW OF CLAUSE 5: LEADERSHIP

Clause 5 relates to the top management commitment needed for an effective
quality management system including establishing objectives and strategic
planning.

The commitment and active support of top management, including providing

adequate resources, are critical to the success of the quality management
system.

Clause 5 contains 3 subclauses as follows:

• 5.1 Leadership and Commitment
• 5.2 Policy
• 5.3 Organisational roles, responsibilities and authorities

www.iqmslearning.co.uk 63
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

LEADERSHIP AND COMMITMENT

CLAUSE 5.1 LEADERSHIP AND COMMITMENT

The intent of Clause 5.1 is to ensure the organisation’s top management

demonstrates their leadership and commitment to the QMS by carrying out
specific activities that include (at a minimum) the following:
• Take accountability for the effectiveness of the QMS
• Ensure the quality policy is compatible with the organisations context and
strategic direction
• Integrate the QMS into business operations and related processes
• Ensure adequate resources are available and intended results are
achieved
• Ensure customer, statutory and regulatory requirements are met
• Ensure risks and opportunities that will affect product or services
requirements are managed
• Promote continual improvement and
• Communicate the importance of effective quality management.

ISO 9001 identifies several actions that demonstrate leadership and

commitment. Top management may not perform all of these actions
themselves; they may delegate responsibility to others. However top
management are accountable for ensuring that these actions are performed.

AUDITOR’S ROLE

An auditor must confirm that members of top management:

• Are personally committed to quality management
• Are actively involved in directing the organisation towards achieving the
stated standards of quality outlined in the Quality Policy and related
objectives and
• Create a culture and environment that encourages all people in leadership
roles, including those in team leader roles, to work actively towards
implementing the requirements of the quality management system and
fulfilling the quality objectives.

64 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 5.1 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does top management ensure quality management
requirements are communicated, understood and integrated into all
aspects of business operation, including Strategic Direction/Plans?
2 What strategies does top management employ to ensure the
organisation focuses on consistently meeting and exceeding
customer needs and expectations?

3 What strategies does top management employ to encourage

engagement and ownership in managing quality across the
organisation, including promotion of the process approach, risk-
based thinking and alignment of the QMS with strategic direction?

CLAUSE 5.1 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Top management may not clearly articulate to the organisation the
importance and relationship between quality management and strategic
direction of the organisation.
• Top management may not adequately disclose the rationale for focusing
on customer needs and expectations.
• Top management may underestimate the importance of encouraging
engagement and ownership of managing quality consistently across the
organisation.
• Top management may publish the quality policy and objectives but acquire
no evidence of the effectiveness of its communication, its understanding
and its deployment throughout the organisation.
Note: Communication always needs to be at least a two-way process.

www.iqmslearning.co.uk 65
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

QUALITY POLICY

CLAUSE 5.2 POLICY

The intent of the clause is to ensure that a quality policy is developed,

implemented and maintained and meets the requirements of the organisation’s
quality commitments and those requirements specified in ISO 9001.

QUALITY POLICY

The quality policy is a set of principles stated as commitments in which top

management outlines the long-term direction of the organisation to support and
enhance its quality performance.

The quality policy is a critical document in the quality management system as it

establishes the organisation’s criteria for the quality of their products, services
and process outcomes. The quality policy enables the organisation to set its
objectives and take actions to achieve the intended outcomes of the quality
management system.

A quality policy must:

• Support the strategic direction of the organisation
• Provide a framework for setting quality objectives
• Support the need to satisfy applicable requirements
• State a commitment to continually improve the quality management
system.

These commitments are then addressed in the specific requirements in other

clauses to establish, implement, maintain and continually improve the quality
management system.

The quality policy must be:

• Maintained as documented information
• Communicated, understood and applied within the organisation, and
• Available to relevant interested parties.

66 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR’S ROLE

An auditor needs to:

• Confirm that top management has established, implemented and
maintains a quality policy and
• Ensuring the quality policy is understood and applied and:
− Is appropriate to the needs of the organisation and compatible to its
long-term strategic direction
− Provides a framework for establishing measurable quality objectives
and related targets and
− Includes commitments to both satisfying applicable requirements
and continual improvement to managing quality.

CLAUSE 5.2 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 What factors does top management consider when developing and
updating the quality policy?
2 How does top management ensure the quality policy is compatible
with the strategic direction and the context of the organisation?
3 How does top management ensure is the policy effectively
implemented (communicated, understood and applied) across the
organisation?

CLAUSE 5.2 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Policy is somewhat generic and does not reflect the strategic direction of
the organisation.
• Policy wording can have little or no real meaning in context with the
organisation. For example, “We will strive to provide a quality product that
meets the needs of interested parties” which could be relevant to any
organisation.
• Policy content is not translated or reflected in the organisation’s objectives
and related performance targets.
• The policy is not appropriate to the nature and scale of the organisation.
For example, when a subsidiary company adopts the policy of the parent
company, or vice versa, the activities of the parent are often substantially
different to the subsidiary company.
• The policy is poorly communicated, and not understood by employees and
others whose work may have an impact on the quality of the organisation’s
products, services, and process outcomes.

www.iqmslearning.co.uk 67
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

ROLES, RESPONSIBILITIES AND AUTHORITIES

CLAUSE 5.3 ORGANISATIONAL ROLES, RESPONSIBILITIES AND
AUTHORITIES

The intent of Clause 5.3 is to ensure roles, responsibilities and authorities are
specified within the quality management system and known by all people who
are involved with quality related activities inclusive of interested parties
responsible for outsourced processes.

The successful implementation of a quality management system requires the

commitment, participation and involvement of all employees. Therefore, quality
responsibilities fall across the entire organisation, including operational areas
as well as the quality related functions.

Quality-related roles, responsibilities and authorities must be integrated into the

existing organisational management framework. Employees at all levels of the
organisation are accountable, within the scope of their responsibilities, for
quality performance.

AUDITOR’S ROLE

An auditor needs to ensure that quality management roles, responsibilities, and

authorities;
• Well defined; and
• Effectively communicated to the relevant employees.
Note: Accountability for the performance outcomes of the QMS as a whole and
the performance results of all its processes always rests with Top
Management, hence why the QMS must provide data/information to ensure
Top Management can execute that accountability effectively.

68 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 5.3 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 What approach has top management used to assign responsibility
for:
• Establishing, implementing and maintaining the quality
management system?
• Reporting on the quality management system’s performance?
2 How are the assigned roles, responsibilities and authorities
communicated to the relevant employees?

CLAUSE 5.3 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Assigned roles, responsibilities and authorities are required to be
supported by competent individuals. In some instances, an employee is
assigned a quality management role with minimal support from
management to ensure they are proficient in the role.
• In some instances, employees with assigned quality management
responsibilities do not get the support from management needed to
effectively implement the quality management system within their scope of
responsibility.
• Organisations can sometimes be very clear about the responsibilities of
employees and neglect the associated authorities which empower
employees to carry out these responsibilities.
• Position description documents may not specify quality management
responsibilities and authorities.

www.iqmslearning.co.uk 69
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 4: Auditing Leadership and

Commitment

Overview:

Top management must demonstrate leadership and commitment with respect

to the quality management system.

An auditor must confirm that members of top management are:

• Personally committed to quality management and
• Actively involved in directing the organisation towards quality objectives.

Task:

Your team are preparing for an interview with a member of top management
from the case study organisation.

In your teams, develop a series of open and probing questions that will provide
evidence of their leadership and commitment to the quality management
system.

Use the table provided to record your questions and be prepared to share your
ideas with the group.

70 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

KEY REQUIREMENT POSSIBLE QUESTIONS

Clause 5.1.1 General

Clause 5.1.2 Customer Focus

Clause 5.2 Policy

Clause 5.3 Organisational roles,

responsibilities and authorities

www.iqmslearning.co.uk 71
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

72 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 6:
Auditing Clause 6: Planning

www.iqmslearning.co.uk 73
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 6 DAY 1
INTRODUCTION:
Quality Management
AUDITING CLAUSE 6: Fundamentals
PLANNING
Quality Management
Concepts

Auditing QM Systems

Auditing Clause 4:
Context of the
Organisation

Auditing Clause 5:
Leadership

Auditing Clause 6:
Planning

Estimated
1 ¼ hour
duration:
Background This module outlines the role of the auditor to confirm the planning
information: approach incorporates relevant quality objectives and measurable targets,
and the associated actions needed to address the related risks and
opportunities.
Module • Understand how to evaluate the effectiveness of planning
objectives: arrangements and the consideration and incorporation of actions to
manage identified internal/external issues, strategic direction, risks,
opportunities and any known failures
• Understand how to confirm there is a relationship between quality
objectives and the quality policy
• Understand how to confirm quality objectives and measurable targets
have been cascaded throughout the organisation for all key processes,
functions and areas
• Understand how to confirm the organisation has effective protocols in
place to manage the implementation of changes to the organisation
and its quality management system in a PDCA planned and systematic
manner.
Slides: 50 - 54

Activities: Activity 5: Auditing Quality Policy and Objectives, page 80

74 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

OVERVIEW OF CLAUSE 6: PLANNING

The intent of Clause 6 is to ensure there a structured quality management
planning process in place.

The approach must incorporate consideration of the issues relevant to the

purpose of the organisation and determine the risks and opportunities that need
to be addressed as part of planning.

The outcome should ensure the organisation will achieve their required
outcomes, prevent or reduce undesired effect, and achieve performance
improvement.

Clause 6 contains 3 subclauses as follows:

• 6.1 Actions to address risks and opportunities
• 6.2 Quality objectives and planning to achieve them
• 6.3 Planning of changes

www.iqmslearning.co.uk 75
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

ACTIONS TO ADDRESS RISK AND OPPORTUNITIES

CLAUSE 6.1 ACTIONS TO ADDRESS RISKS AND OPPORTUNITIES

The intent of Clause 6.1 is to ensure the organisation:

• Determines the risks and opportunities relevant to the context of the
organisation, and the requirements of interested parties; and
• Determine the actions needed to address the risks and opportunities that
may impede or support the organisation to achieve their intended outcome.

The approach used should demonstrate the organisation has applied a

systematic method to identify the risks and opportunities associated with
internal and external issues and strategic plans, assessed and prioritised the
identified risks, and determined what actions are needed.

Below are some examples of risk assessment characteristics and

possible responsive actions (other methods may of course be used)

1. Assess Risks for Severity – Occurrence to proactively reduce the risks

and Detectability – Actionability to react quickly to limit the Severity
should the risk occur, for example.

2. Possible Actions – Treat – Tolerate – Terminate – Transfer RISKS

The organisation will determine the most appropriate method(s) which may
involve a very simple qualitative process or a full quantitative assessment,
depending on the context in which the organisation operates (e.g. size of the
organisation, technological sector, maturity level of the quality management
system). The outcome should ensure the organisation will operate within their
defined appetite or tolerance for risk.

The outcome of the analysis should be used as an input for planning the actions
needed to ensure the overall achievement of quality objectives and related
targets.

The planned action may address the issues through a single or combination of
pathways within the quality management system, such as setting objectives,
operational planning and control, or monitoring and measurement
requirements.

76 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR’S ROLE

An auditor needs to ensure the organisation is PDCA ready to manage how

they shall:
• Take actions needed to address the risks and opportunities relevant to the
context of the organisation, the management system performance
outcomes and/or strategic direction.
• Integrate and implement these actions into its quality management system
processes.
• Evaluate the effectiveness of these actions.

An auditor must keep in mind that it is up to the organisation to determine the

type and level of detail of documented information it maintains and retains.
However, it needs to be current and readily available to those person(s) who
need access to the documented information.

CLAUSE 6.1 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation identify and evaluate risks and
opportunities associated with its products, services and
processes?
2 What approach does the organisation use to assess risks and
opportunities to determine actions needed?
3 How does the organisation determine what actions are required
to ensure risks and opportunities reflect the risk appetite of the
organisation?
4 How does the organisation evaluate the effectiveness of actions
taken within the planning function?

CLAUSE 6.1 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Risk management processes may be established but are not applied as
part of the planning process when determining new products, services or
changes to operational processes.
• Risk information may be generic and not reflect the nature and scale of the
organisation.
• There may be no training or inadequate management training in the
application of risk processes resulting in inconsistency in assessing and
treating risk.
• The agreed actions are not used as input to planning processes.

www.iqmslearning.co.uk 77
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PLANNING & OBJECTIVE SETTING

CLAUSE 6.2 QUALITY OBJECTIVES AND PLANNING TO ACHIEVE THEM

The intent of 6.2 is to ensure quality objectives are established by top

management at the following levels:
• Strategic or highest levels of management applicable to the whole
organisation.
• Tactical level or operational levels of the organisation. This can include
objectives for specific units or functions or processes within the
organisation.

Quality objectives need to:

• Be consistent with the quality policy and be broadly aligned and
harmonised with the commitments made by top management in the quality
policy.
• Be compatible with the organisation’s strategic direction.
• Be measurable with a target that can be used to measure results against
the planned objective.
• In consideration of the applicable requirements pertaining to the needs and
expectations of interested parties.

This does not necessarily mean that an objective must be established for each
requirement. However, key requirements must have a high priority when
developing objectives.

When developing these objectives, the organisation must ensure they are
relevant to products and services conformity, and enhancement of customer
satisfaction.

When planning how to achieve its quality objectives, the organisation must
determine:
• What will be done
• What resources will be required
• Who will be responsible
• When it will be completed and
• How the results will be evaluated, including indicators for monitoring
progress toward achievement of measurable quality objectives.
The organisation must maintain documented information on the quality
objectives.

78 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR’S ROLE

The auditor needs to ensure that the organisation has established quality
objectives at relevant functions and levels within the organisation.

The auditor needs to evaluate the quality objectives to ensure they are:
• Reflect the organisations key requirements and compliance obligations
• Consistent with the quality policy
• Measurable (if practicable)
• Monitored
• Communicated
• Updated as appropriate.

The auditor can evaluate how the organisation uses results to monitor and
measure current performance and determine changes needed.

CLAUSE 6.2 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation determine the strategic and tactical
quality objectives required for each relevant function and level of
the organisation?
2 What factors does the organisation consider when determining
the appropriate performance indicators for each objective?
3 Has the organisation established and implemented a plan that
specifies who is responsible and the actions and timeframe
required for achieving the objectives?
4 Is the monitoring and evaluation of objectives and performance
included in quality management system reporting to top
management?

CLAUSE 6.2 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Objectives not fully established at all strategic and tactical levels.
• Objectives not always aligned to key requirements of interested parties
and the quality policy.
• Objectives cannot be fully quantified or measurable for intended outcomes
to be validated.
• Quality management programmes or plans do not fully outline the means
to fulfil the objectives including resources, who will be responsible and
when they will be completed.
• Reporting on performance with objectives is inconsistent.

www.iqmslearning.co.uk 79
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 5: Auditing Quality Policy and

Objectives
Overview:

Top management must establish quality objectives at relevant levels and the
functions and processes needed for the quality management system. These
must be consistent with the quality policy, measurable, monitored and
communicated.

Task:
Part 1: Development Team Task
• Each team must review the quality policy and or objectives assigned by
the trainer found in the case study organisation to verify if these conform
to the requirements of ISO 9001 Clauses 5.2 and 6.2.
• Record this information to present to the group.
Part 2: Evaluating Team Task

You will discuss your findings and the clause requirements with the group.

You may want to consider checklist questions on the previous page as a prompt
to assist the team in deciding whether information conforms to requirements.

80 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

www.iqmslearning.co.uk 81
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PLANNING OF CHANGS

CLAUSE 6.3 PLANNING OF CHANGES

The intent of Clause 6.3 is to ensure when changes to the quality management
system are needed, as driven by Strategy, Context, Stakeholders, Risks,
Opportunities and any known Failures, these changes are carried out under
controlled conditions that consider:
• What will be done and why
• Potential adverse consequences
• Maintenance of the integrity of the QMS
• What resources will be required
• Allocation or reallocation of responsibilities and authorities.

AUDITOR’S ROLE

The auditor needs to ensure that the organisation adopts a structured approach
to managing changes to the quality management system by:
• Considering the consequences these changes may have on the
organisation including the introduction of new risks and opportunities.
• Ensuring all relevant interested parties are notified of the change.
• Adequate resources are available to implement the change with minimal
disruption to the organisation’s operations.

Changes to the quality management system can relate to statutory or regulatory

changes, needs and expectations of interested, or changes identified by the
organisation that will beneficial in some way i.e. cost saving, improved efficiency
through process changes or automation of aspect of a process.

82 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 6.3 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation evaluate changes to the quality
management system to determine and understand the impact on
the organisation’s operations?
2 How does the organisation ensure that changes to the quality
management system are carried out in a planned and systematic
manner?
3 How are changes validated before the change is implemented?
4 How are changes verified after the change has been implemented?

www.iqmslearning.co.uk 83
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

84 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 7:
Auditing Clause 7: Support

www.iqmslearning.co.uk 85
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 7 DAY 2
INTRODUCTION:
Auditing Clause 7:
AUDITING CLAUSE 7: Support
SUPPORT
Auditing Clause 8:
Operation

Auditing Clause 9:
Performance
Evaluation

Auditing Clause 10:

Improvement

ISO 19011 Guidance

for Auditing

Estimated
¾ hour
duration:
Background This module outlines the role of the auditor to confirm there is adequate
information: operational support for the Quality Management System specifically with the
provision of resources, competence of employees, awareness of quality
requirements, effective communication, and documented information.

Module • Understand how to determine if there is adequate operational support

objectives: and resources for an effective and responsive quality management
system
• Understand how to determine if adequate processes are in place to
ensure person(s) doing work under the organisation’s control are aware
of quality management system requirements, and competent to perform
their job to ensure the standard of quality is achieved
• Understand how to confirm there are adequate communication
processes established by the organisation to ensure interested parties
are kept up to date about the quality management system
• Understand how to confirm there are adequate processes in place to
manage documented information needed to maintain the overall
effectiveness of the quality management system.
Slides: 55 - 61
Activities: Activity 6: Auditing Resources, page 97

86 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

OVERVIEW OF CLAUSE 7: SUPPORT

The intent of Clause 7 is to ensure there are adequate operational support and
resources for the Quality Management System to establish, implement,
maintain and continually improve the Quality Management System.

Commitment begins at the highest level with top management defining the
quality policy and ensuring the system is resourced effectively.

Support and resource requirements will vary for each organisation, dependent
on the range and type of products and services the organisation provides.

www.iqmslearning.co.uk 87
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

RESOURCES

CLAUSE 7.1 RESOURCES

The intent of Clause 7.1 is to ensure top management provide the resources
required for the establishment, implementation, maintenance and continual
improvement of the quality management system.

Resources include:
• Human resources
• People with appropriate skills and knowledge
• Infrastructure including facilities, equipment and technology
• An appropriate work environment
• Monitoring and measuring equipment that is well-maintained and provides
valid and reliable results and
• Access to knowledge from internal and external sources when required.

AUDITOR’S ROLE

The auditor needs to verify that resources such as people, infrastructure and
the operational environment are provided and maintained, to enable the
achievement of the stated requirements in the quality policy and objectives.

88 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 7.1 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation determine the resources needed to
support the quality management system?
2 Does the organisation use external providers to supplement
resource requirements, and if so, how are these types of resources
managed?
3 How does the organisation manage human resources to ensure
they are able to support the quality management system?
4 How does the organisation manage infrastructure requirements to
ensure it is adequate to support the quality management system?
5 How does the organisation manage the work environment to ensure
it is adequate for the effective operation of processes?
6 How are monitoring and measuring resources maintained?
7 Has the organisation determine the type and source of knowledge
that needs to be maintained?
8 How does the organisation ensure knowledge is readily available to
those who may require access?

CLAUSE 7.1 AUDIT INSIGHTS

The following are insights relevant to this clause.

• If the organisation has planned or rushed the implementation of the quality
management system, there may be insufficient resources to sustain it.
• Organisations may provide adequate resources when establishing the
quality management system however may not provide the necessary
resources to adequately maintain it over time.
• Monitoring and measuring resources are often maintained adequately.
However, documented reference information may be poorly maintained.
• Organisations often do not maintain knowledge consistently across the
organisation. For example, there may be multiple disparate methods used
to store corporate knowledge. Valuable information can be stored in
several ways such as individual employees’ email accounts, databases or
paper files.
• Organisations can struggle to find appropriate means to encourage
employees to share and store knowledge and experience in a formal and
structured manner.

www.iqmslearning.co.uk 89
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

COMPETENCE, AWARENESS & COMMUNICATION

CLAUSE 7.2 COMPETENCE

The intent of Clause 7.2 is to ensure the organisation:

• Determines the necessary competence required for person(s) doing work
that affects quality performance
• Ensure competence based on appropriate education, training, or
experience
• Take actions to acquire necessary competence, and evaluate
effectiveness of action taken and
• Retain appropriate documented information as evidence.

An organisation can employ a range of activities to ensure the person(s) obtains

or enhances their competence, including training, on-the-job coaching or
engaging contract people to perform the work on behalf of the organisation.

AUDITOR’S ROLE

An auditor must ensure the organisation had adequate processes in place to:
• Determine the required knowledge, skills, experience and qualifications
that make an individual competent to perform the task
• Identify specific training needs (which may be in addition to the overall
quality awareness training provided)
• Provide appropriate training and evaluate the effective of the training
provided and
• Retain appropriate documented information as evidence of competence.

90 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 7.2 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation ensure person(s) performing work for
the organisation, are competent?
4 How does the organisation evaluate the effectiveness of actions
taken to acquire the necessary levels of competence?
5 What documented information is retained as evidence of
competence?

CLAUSE 7.2 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Training needs may not be identified for all person(s) whose activities may
create significant impact on the required quality standards.
• Training requirements may not be fully documented.
• The organisation has not determined how competency is defined and
demonstrated.
• Training and assessment records are not kept or maintained.
• Outcomes of competency assessment are not readily available or not fully
documented.
• Competence, including licensing requirements, is not reassessed at
appropriate intervals to ensure ongoing currency is maintained.

www.iqmslearning.co.uk 91
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 7.3 AWARENESS

The intent of Clause 7.3 is to ensure that individuals are aware of quality
requirements so that each person can contribute to the overall effectiveness of
the quality management system.

Awareness of quality requirements must include:

• Quality policy and relevant quality objectives
• Actual or potential quality impacts associated with their work
• Their contribution they provide to the effectiveness of the system and
• The implications of not conforming to requirements.

AUDITOR’S ROLE

An auditor must ensure the organisation had adequate processes in place to

ensure a consistent communication of quality requirements to those person(s)
who can affect the quality of the organisation’s products, services and
processes.

The organisation will determine the most appropriate medium and method to
ensure the information is available, understood, and followed.

CLAUSE 7.3 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation communicate the quality requirements
outlined in the policy and related objectives?
2 How does the organisation ensure the approach is effective?

CLAUSE 7.3 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Quality awareness programmes may be limited to the initial orientation
program.
• Any changing circumstances, such as changes to policy or objectives may
not be formally communicated to employees.
• Quality awareness programmes may be generic and not fully cover all
quality requirements specific to the organisation.

92 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 7.4 COMMUNICATION

The intent of Clause 7.4 is to ensure an organisation employs a structured

approach to internal and external communications relevant to the quality
management system.

Communication allows the organisation to provide and obtain information

relevant to its quality management system, including quality performance,
statutory and regulatory obligations.

The provision of appropriate information to the organisation’s employees and

other interested parties serves to motivate employees and encourage
understanding and acceptance of the organisation’s efforts to improve quality
performance.

AUDITOR’S ROLE

The auditor needs to ensure that the organisation has a formal process that
indicates who will communicate what, and how often the communication must
be undertaken.

The auditor needs to verify that the communication process is a two-way

process, in and out of the organisation. The information issued or received by
the organisation may contain:
• Product or service information provided to the public through marketing
channels
• Requests from interested parties for specific information related to the
management of its product or service quality
• Product or service information pertaining to issues or faults that must be
communicated to the relevant interested parties including regulators,
customers and consumers.

www.iqmslearning.co.uk 93
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 7.4 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 Is there an established process to define how the organisation
communicates internally and externally to interested parties?
2 Does the organisation have a process for receiving, documenting
and responding to internal and external, verbal or written,
communications from relevant interested parties concerning its
product or service quality and the quality management system?
3 Does the organisation have a process for receiving, documenting
and responding to complaints from relevant interested parties
concerning its product or service quality?
4 Is there an established process for involving people and sharing
information horizontally and vertically within the organisation
regarding quality performance?

CLAUSE 7.4 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Organisations have many internal communications channels, however
there may be no structured approach to ensure regular communication
with internal and external interested parties.
• Processes for the methods and means of communication may not be
detailed or documented.
• Documented information on external communications may not be
consistently maintained. This includes communications with government
departments, community groups and the media.

94 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

DOCUMENTED INFORMATION
The intent of Clause 7.5 is to ensure information for the establishment,
implementation, maintenance and continual improvement for the effectiveness
of the quality management system is identified, controlled, readily available and
retrievable.

Management systems are documented to ensure a consistent approach

throughout the organisation is achieved with overall intended outcomes.

The primary focus of organisations needs to be on the effective implementation

of the quality management system and on quality performance, not on a
complex documented information control system.

The documented information for the quality management system may be

integrated with other information management systems implemented by the
organisation. It does not have to be in the form of a manual or a series of
standalone documents.

The documentation will vary depending on the size and complexity of the
organisation and competence of employees.

www.iqmslearning.co.uk 95
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR’S ROLE

The auditor must verify the organisation maintains and retains documented
information in a manner sufficient to implement the quality management
system.

The organisation’s quality management system must include:

• Documented information required ISO 9001:2015; and
• Documented information of internal and external origin that the
organisation determines as necessary for effective operations.

The approach employed to manage and control documented information is

determined by the organisation, and should be based on the needs of the
person(s) performing the work.

CLAUSE 7.5 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation maintain documented information of
internal origin?
2 How does the organisation manage the use and distribution of
documented information of external origin?
How does the organisation manage documented information
retained for historical or reference purposes?
3 How does the organisation ensure documented information is readily
available?
4 How does the organisation ensure the document control approach is
adequate to prevent unauthorised or superseded documented
information from being used?

CLAUSE 7.5 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Contents of documented information maintained may not be readily
maintained, specifically with external documented information used by the
organisation.
• Documented information maintained for use in specific areas of the
organisation such as checklists, templates or forms may not be controlled.
• There may be no formal method or approach used to ensure documented
information is retained in a consistent manner to ensure ease of retrieval.

96 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 6: Auditing Resources

Overview:

The role of the auditor is to verify an organisation’s quality management system

meets the requirements of ISO 9001 and any other relevant statutory and
regulatory requirements.

It is important to determine the type and range of evidence that could be used
to verify conformance to these requirements.

Task:

Your trainer will allocate each team a key requirement of Clause 7:

• Review the summary of intent provided for your allocated key requirement
• Read through the related information in ISO 9001
• Determine a list of possible evidence that could be used to confirm the
organisation meets the key requirements.

Use the table provided on the next page to record your list of possible evidence
and be prepared to share this information with the group.

www.iqmslearning.co.uk 97
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

KEY SUMMARY OF INTENT POSSIBLE EVIDENCE

REQUIREMENT
Clause 7.1 Ensure top management
Resources provide the resources
required for the
establishment,
implementation,
maintenance and
continual improvement of
the quality management
system.

Clause 7.2 Ensure the organisation

Competence determine the necessary
competence required, act
where needed, and
evaluate the effectiveness
of the action taken.

Clause 7.3 Ensure individuals are

Awareness aware of quality
requirements so that each
person can contribute to
the overall effectiveness
of the quality
management system

Clause 7.4 Ensure an organisation

Communication employs a structured
approach to internal and
external communications
relevant to the quality
management system

Clause 7.5 Ensure information for the

Documented establishment,
Information implementation,
maintenance and
continual improvement for
the effectiveness of the
quality management
system is identified,
controlled, readily
available and retrievable.

98 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 8:
Auditing Clause 8: Operation

www.iqmslearning.co.uk 99
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 8 DAY 2
INTRODUCTION:
Auditing Clause 7:
AUDITING CLAUSE 8: Support
OPERATION
Auditing Clause 8:
Operation

Auditing Clause 9:
Performance
Evaluation

Auditing Clause 10:

Improvement

ISO 19011 Guidance

for Auditing

Estimated 2 hours
duration:
Background This module outlines the role of the auditor to confirm an organisation has
information: adequate operational planning and controls within the quality management
system to ensure all requirements are met, and the needs and expectations
of all interested parties are fulfilled.

Module • Understand how to determine if an organisation has adequate plans in

objectives: place to provide assurance that products, services and processes will
be delivered in accordance with requirements
• Understand how to determine if an organisation has adequate
processes in place to determine and confirm customer requirements
• Understand how to evaluate an organisation’s design and development
protocols to confirm adequate control and oversight is used to manage
the approach effectively
• Understand how to determine if there are adequate controls in place to
manage the procurement of goods and services, including the
outsourcing of services and processes
• Understand how to determine if outsourced processes for operational
controls are managed effectively
• Understand how to evaluate the effectiveness of methods used by an
organisation to manage the life cycle of their products, goods and
services including production, release, and after sales support
• Understand how to evaluate the suitability and effectiveness of
processes used to manage nonconforming products, services and
processes.
Slides: 62 - 71
Activities: Activity 7: Clause 8 Key Requirements – Determine Possible Evidence,
page 102

100 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

OVERVIEW OF CLAUSE 8
The intent of Clause 8 is to ensure there are adequate processes and controls
in place to ensure the organisational output of products or services fulfils all
requirements including:
• Those of interested parties
• Stated expectations in the quality policy and related objectives and
• Any relevant regulatory and statutory requirements.

The range and type of control needed to achieve this will vary for each
organisation, dependent on some key considerations including:
• Nature of the operations
• Criticality of the work being performed
• Risks associated with issues
• Opportunities and
• Regulatory and statutory obligations.

www.iqmslearning.co.uk 101
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 7: Clause 8 Key Requirements –

Determine Possible Evidence

Overview:

The role of the auditor is to verify an organisation’s quality management system

meets the requirements of ISO 9001 and any other relevant statutory and
regulatory requirements.

It is important to determine the type and range of evidence that could be used
to verify conformance to these requirements.

Task:

Your trainer will allocate each team a key requirement of Clause 8:

• Review the summary of intent provided for your allocated key requirement
• Read through the related information in ISO 9001
• Determine a list of possible evidence that could be used to confirm the
organisation meets the key requirements.

Use the table provided on the next page to record your notes.

Prepare a flipchart presentation that summarises your conclusions and select a

member of the team to present your results.

102 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

KEY SUMMARY OF INTENT POSSIBLE EVIDENCE

REQUIREMENT
Clause 8.1 Ensure there are adequate
Operational plans in place to enable the
Planning and effective and efficient provision
Control of products and services in
accordance with requirements.

Clause 8.2 Ensure there are adequate

Requirements for processes in place to determine
Products and and confirm customer
Services requirements.

Clause 8.3 Design Ensure there are robust design

and Development and development protocols to
of Products and provide adequate control and
Services oversight to manage the new
product and service
development effectively.

Clause 8.4 Control Adequate controls are in place

of Externally to manage the procurement of
Provided goods and services, including
Processes, the outsourcing of services and
Products and processes.
Services

www.iqmslearning.co.uk 103
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

KEY SUMMARY OF INTENT POSSIBLE EVIDENCE

REQUIREMENT
Clause 8.5 The methods used to manage
Production and the life cycle of their products,
Service Provision goods and services including
production, release, and after-
sales support are adequate and
provide the intended outcomes
as stipulated in plans and
performance targets.

Clause 8.6 Release There are appropriate methods

of Products and and controls to verify the final
Services product or service meets stated
or specified requirements.

Clause 8.7 Control There are adequate processes

of Nonconforming in place to PDCA manage
Outputs nonconforming outputs such
as, products, services and
under-performing processes.

104 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

OPERATIONAL PLANNING AND CONTROL

The intent of Clause 8.1 is to ensure that the organisation can meet its stated
requirements with processes that are planned and controlled, regardless of
whether the organisation or an outside party performs the process.

Operational process planning must incorporate the following attributes or

information:
• Requirements for the products and services (outcomes) and criteria
established for acceptance of the outcomes;
• Resources including people, infrastructure, information required to achieve
conformity to the product and service requirements;
• Controls necessary to ensure processes meet the stated criteria;
• Documented information deemed necessary by the organisation to ensure
processes are carried out as planned; and
• Documented information retained to demonstrate conformity of products
and services to their requirements.

OPERATIONAL CONTROLS

The types and degrees of operational controls will be dependent on a range of

considerations including the nature of operations, criticality of work performed,
associated risks and opportunities, and regulatory obligations.

Control methods, used individually or in combination, can include:

• Design of a process to prevent error and ensure consistent results;
• Development of clear operational instructional guidelines & training to
ensure the process is performed in a specified way;
• Set of performance criteria for essential activities to monitor and measure
outcomes; or
• Use of technology such as engineered controls to control processes and
prevent adverse results.
• Use of competent and experienced employees to assure desired results;
and
• Monitoring or measuring a process to check the results.

www.iqmslearning.co.uk 105
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR’S ROLE

An auditor is required to:

• Evaluate the effectiveness of established operational controls to ensure
the controls:
− meet the intended outcomes, and
− prevent any undesired effects
• Verify how the organisation controls planned changes
• Verify how the organisation reviews the consequences of unintended
changes, and
• Verify the actions taken to mitigate any adverse effects.

CLAUSE 8.1 CHECKLIST QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation identify activities and operations that
present a significant risk to fulfilling commitments and obligations?
2 How does the organisation define the plans and related
instructional information needed to ensure processes carried out
under controlled conditions?
3 How does the organisation ensure planned arrangements are
known and implemented by the persons conducting the activities
and operations?
4 How does the organisation ensure the plans and related controls
are effective in meeting the commitments and obligations?
5 How does the organisation control any planned changes including
the review of any unintended changes and acting to mitigate any
adverse effects?
6 How does the organisation ensure outsourced processes are
controlled?

CLAUSE 8.1 AUDIT INSIGHTS

The following are insights that may be relevant to this clause.

• Controls established may rely on administrative and engineering controls
rather than elimination or substitution to achieve intended outcomes.
• Controls and processes may not be:
− fully known by employees or
− communicated to interested parties
− communicated to contractors or suppliers.
• Operational plans may not be reviewed and updated when changes are
made to products, services and processes.

106 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

REQUIREMENTS FOR PRODUCTS AND SERVICES

The intent of Clause 8.2 is to ensure the organisation can meet customer needs
and expectations in accordance with any stated or implied requirements.

There are 4 subclauses with Clause 8.2 that outline requirements pertaining to
customer communication, determining and reviewing requirements, and
managing changes to requirements should the need arise.

CUSTOMER COMMUNICATION

Communication with customer can be undertaken for a range of reasons:

• Providing information about products and services
• Responding to customer enquiries
• Confirming contract or orders, including any required changes instigated
by the customer or the organisation
• Receiving and processing customer feedback including complaints
• Confirming arrangements for managing customer property or
• Establishing any contingency plans related to the delivery of products and
services if appropriate.

DETERMINING REQUIREMENTS FOR PRODUCTS AND SERVICES

An organisation must have a complete and comprehensive understanding of all

the requirements related to its products and services and their specific
application to ensure it can deliver products or services that conform to
customer requirements.

Requirements can be derived from several sources including:

• Customer needs and expectations i.e. product or service performance
requirements
• Organisational needs and expectations i.e. financial, warranty or liability
requirements
• Statutory or regulatory obligations pertaining to a specific product or
service i.e. intended use or eligibility of customer to purchase products and
services.

www.iqmslearning.co.uk 107
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

REVIEW OF THE REQUIREMENTS FOR PRODUCTS AND SERVICES

An organisation must review each request or opportunity, resolve any variations

from the original stated offering, and confirm it is capable of meeting the all
requirements outlined in the request or opportunity.

The outcome will determine if the organisation can fulfil their commitment to
produce a product or service that meets the conditions stated in the order or
outlined in the scope of a quotation or tender proposal.

CHANGES TO REQUIREMENTS FOR PRODUCTS AND SERVICES

Changes can originate from the customer or within the organisation and must
be carefully managed to ensure decisions are made by the appropriate people
with the relevant and up-to-date information.

An organisation must ensure any changes to the original agreement

arrangement are controlled and documented information is amended and
communicated, as appropriate, within the organisation.

AUDITOR’S ROLE

An auditor needs to confirm that the organisation has a structured approach to

managing the customer relationship and ensure the organisation is able to:
• Provide product or service information to potential and existing customers
that is accurate and current
• Determine requirements for the product or service offered to the customer
including any applicable statutory and regulatory requirements
• Review of these requirements before committing to supply the product or
service to ensure it is feasible for the organisation to meet the requirements
and
• Ensure changes to original orders and agreements are managed to ensure
the relevant people are advised and adequate documented information
retained.

108 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 8.2 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation communicate product and service
information to potential or existing customers?
2 How does the organisation ensure the information is maintained to
ensure it is current and relevant?

3 How does the organisation manage inquiries from a customer?

4 How does the organisation manage the receipt of order from the
customer?
5 How does the organisation review and confirm the organisation is
capable of meeting stated requirements?
6 How does the organisation communicate any variations or changes
to customer orders or contracts? How does the organisation ensure
all relevant person(s) are aware of any change?
7 What methods or processes are used to get feedback from the
customer?
8 How is feedback reviewed and passed on the relevant person(s)?
9 How are customer complaints managed?
10 In what instances would customer complaints be escalated or
referred to top management?

CLAUSE 8.2 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Product and service information is not always consistent across the various
customer-facing media.
• Capability to meet requirements (i.e. delivery timeframes or volume of
product) is not always considered or discussed between the various
departments or areas before acceptance of customer orders and/or
contracts.
• Changes to contracts or orders are not always forwarded to the relevant
employees.
• Customer feedback information may not be analysed to identify possible
trends regarding recurring product, service or process issues.
• The method for dealing with customer complaints may not be always
communicated consistently to all employees.
• Training in product and service offerings may not be adequate.

www.iqmslearning.co.uk 109
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

DESIGN AND DEVELOPMENT OF PRODUCTS AND SERVICES

The intent of Clause 8.3 is to ensure the organisation has adopted a structured
process to manage all stages of the design and development of a product,
service or process, and the outcome meets stated and implied requirements.

The process must incorporate the following elements:

• Planning to determine design stages, considering activities such as
verification and validation, control of interfaces, review, resources
needed, customer involvement and documented information needed.
• Determination of the design and development inputs required,
including the relevant factors such as:
− Functional and performance standards
− Statutory and regulatory obligations
− Customer and end user specified requirements
− Information derived from previous similar design and development
projects
• Defined design and development controls to ensure:
− Clear delineation of results to be achieved;
− Review protocols;
− Verification and validation activities;
− Problems are resolved in a timely manner
• Design and development outputs are verified to confirm inputs
(requirements) have been met
• Design and development changes are reviewed and controlled during,
or after the design and development stages, to ensure there are no
adverse impacts on conformity requirements, and
• Appropriate documented information is retained from the design and
development process
The output of the design and development process must specify the
characteristics of the product or service that are essential to its safe and proper
use.
Note: Design and development may not be part of the scope of the
organisation’s operations. The auditor needs to confirm the applicability of this
requirement as part of audit planning and preparation.

110 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR’S ROLE

An auditor needs to confirm that the organisation has a structured process

incorporating the all the required elements.

An auditor must keep in mind that the design and development approach
adopted by an organisation needs to be appropriate to the nature, duration, and
complexity of the design and development activities. Considerations that
influence the approach adopted by the organisation include:
• Type and number of reviews needed at each stage of design and
development
• Type and range of verification and validation required at each stage of
design and development
• Level of authority required for all aspects of design and development
• Type and number of people involved in the design and development
process
• Level of involvement of the customer and users in the design and
development process, and
• Level of control expected for the design and development process by
customers and other interested parties.

CLAUSE 8.3 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation manage the design and development of
products and services?
2 How does the organisation determine applicable design inputs?
3 What factors would influence the type and range of controls needed
to ensure the required outcomes are achieved?
4 How does the organisation verify and validate design and
development outputs?
5 What approach does the organisation use to manage changes to
ensure no adverse impact on conformity to requirements?
6 What documented information does the organisation retain in
relation to design and development work?

www.iqmslearning.co.uk 111
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 8.3 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Organisations may not have clearly defined guidelines in relation to all
stages of the design and development process including method, roles,
responsibilities, and related authorities.
• Organisations may not always use a broad range of information as input
to the design process such as previous design projects, customer
feedback, or the organisation’s production and service experience.
• Organisations may not always apply adequate rigor to verification and
validation activities to ensure the outputs meet specified requirements.
• Organisations may not communicate design changes to the relevant
interested parties. This may result in different areas of the organisation
working with different design version documents.
• Organisations may not always clearly specify the characteristics of the
product or service that are essential to its safe and proper use.
• Organisations may not retain sufficient documented information pertaining
to all stages of design and development to ensure continuity of the project
or future reference for similar design projects.

112 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CONTROL OF EXTERNALLY PROVIDED PROCESSES,

PRODUCTS AND SERVICES
The intent of Clause 8.4 is to ensure the organisation has appropriate
procurement processes in place, whilst also applying Risk-Based Thinking to
ensure externally provided processes, products and services are effectively
controlled, and the organisation’s requirements are fulfilled.

CONTROL AND INFLUENCE

Appropriate controls must be in place for products or services of external origin,

whether the organisation is dealing with another entity of their own organisation,
subcontractor, partner, or an outsourcing of parts, services or processes.

The organisation’s ability to exert control or influence will vary from direct control
to limited or no influence and should be based on criticality of the process,
product or service and any significant associated supply chain risks.

Hence, the range and type of control employed by the organisation needs to
reflect the potential impact the externally provided processes, products, and
services could have on the organisation’s ability to consistently meet
requirements.

The organisation’s control over such factors may be influenced by:

• Capability, capacity and competence of the supplier to meet the
requirements of the organisation and for the supplier to also manage their
own organisational risks that could disrupt supply
• Effectiveness of the controls applied by the external provider and
• Degree to which control for the process is shared.

INFORMATION FOR EXTERNAL PROVIDER

The organisation must communicate all information needed by the external

provider to fulfil their obligations in accordance with the specified requirements.

www.iqmslearning.co.uk 113
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR’S ROLE

The auditor needs to ensure the organisation has:

• Defined criteria in place for the evaluation, selection, monitoring of
performance, and re-evaluation of external providers
• Employed appropriate controls to ensure products, services and
processes provided by external providers meets all requirements
• Employed appropriate controls to ensure effective oversight of outsourcing
arrangements, where applicable, and
• Provided appropriate information to external providers to ensure there is a
clear understanding of the scope of the arrangement.

CLAUSE 8.4 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation evaluate and select external providers?
2 How does the organisation determine an appropriate selection and
evaluation criteria for external providers?
3 How does the organisation tailor the selection criteria for
procurement of specific types of goods, services and outsourced
processes?
4 What method/s does the organisation use to communicate
requirements information to external providers?
5 Does the organisation employ some form of prioritisation method
when determining the extent of control needed for external
providers?
6 How does the organisation re-evaluate existing external providers to
confirm their performance and ongoing suitability?

7 How does the organisation confirm or verify externally provided

products, services and processes meet stated requirements?

CLAUSE 8.4 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Organisations may not have a process in place to re-evaluate external
providers to confirm their ongoing suitability and overall performance.
• Organisations may not ensure an alternative source of supply for critical
goods, services and outsourced processes. This can have a significant
impact on the organisation’s ability to meet customer requirements.
• Organisations may not always maintain adequate control over
subcontractor arrangements.
• Organisations may not always maintain adequate control over outsourced
products, services or processes.

114 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PRODUCTION AND SERVICE PROVISION

The intent of Clause 8.5 is to ensure an organisation implements controlled
conditions for production and service provision, including delivery and post-
delivery activities, to ensure the expected results are achieved.

The level of monitoring and oversight needed during production and service
provision is dependent on the resources used, and the level of control the
organisation can exert over the processes.

AUDITOR’S ROLE

The auditor must ensure the organisation has appropriate protocols to ensure
controlled conditions are in place to achieve the planned results including:
• Documented information is readily available
• Use of suitable monitoring and measuring resources
• Implementation of monitoring and measurement activities
• Use of suitable infrastructure and process environment
• Employees who are both qualified and competent, and
• Implementation of release, delivery and post-delivery activities.

Additional considerations noted below may also need to be evaluated by the

auditor, dependent on the nature and scope of their products and services.

Identification and Traceability

Some organisations may be required to trace their products or services through

all stages of their life, including post-delivery.

www.iqmslearning.co.uk 115
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Customer Property

Some organisations may be required to incorporate or use customer’s property

during the provision of the product or service.

Where this is applicable the organisation needs to ensure it has appropriate

processes in place to identify, verify, and safeguard the property while in their
care.

Preservation

An organisation must ensure it has appropriate protocols in place to preserve

the product or service during provision including identification, handling,
contamination, control, packaging, storage, transmission, transportation and
protection.

Once again, the level of control needed needs to be indicative of the impact on
the final product or service.

Post Delivery Activities

As applicable, based on the nature of an organisation’s product and services,

any post-delivery activities need to be clarified and controlled to ensure these
activities meet requirements.

Post-delivery activities can include warranty provisions, contractual obligations

such as maintenance services and services such as recycling.

Control of Changes

An organisation must ensure it has appropriate methods in place to control

changes related to production or service provision, to ensure continuing
conformity with requirements.

Documented information for all changes must be retained by the organisation.

116 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 8.5 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation communicate the production and service
provision activities that require control, ongoing monitoring,
instructional guidance, and/or special controls?
2 How does the organisation ensure documented information relating
to product and service requirements is readily available when
required?
3 How does the organisation ensure employees have the required level
of competence to perform activities?
4 How does the organisation ensure equipment is adequately
maintained to enable production and service operations to meet
product and service specifications?
5 How does the organisation ensure the work environment for
production and service provision is adequately maintained?
6 How does the organisation ensure monitoring and measuring
activities are conducted, by suitably qualified person(s) to verify
outcomes meet requirements?
7 How does the organisation ensure the defined acceptance criteria is
applied at all applicable stages of production and service provision?
8 How does the organisation identify and trace their product or service
(if applicable)?
9 How does the organisation manage property belonging to the
customer or external provider to prevent damage or loss (if
applicable)?
10 How does the organisation manage inventory to preserve the shelf-
life of products (where applicable)?
11 How does the organisation ensure post-delivery activities are
managed in accordance with formal arrangements (where
applicable)?
12 How does the organisation manage and control unplanned changes
to mitigate the impact on the provision of products and services?

www.iqmslearning.co.uk 117
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 8.5 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Documented information is not always readily available to employees,
particularly when the service is delivered at the customer site.
• In some instances, production or service equipment is not maintained in
accordance with specified requirements causing unacceptable or delayed
outcomes.
• In some instances, the work environment is not conducive to the type and
volume of work performed, or inadequate to enable monitoring and
measuring activities to be performed correctly.
• In some instances, there are insufficient monitoring and measuring
resources available for use which can impact on the timely delivery of a
product or service.
• Competence of employees does always match the needs of the product or
service provision requirements.
• In some instances, the organisation does not inform employees of damage
or loss prevention obligations pertaining to property belonging to external
providers, used by the organisation or stored at the organisation’s
premises.
• In some instances, employees are not informed of the after-sales support
provisions in contracts agreements.
• Organisations do not always gather post-delivery insights to apply to
future, similar production and service provision scenarios.

118 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

RELEASE OF PRODUCTS AND SERVICES

The intent of Clause 8.6 is to ensure an organisation employs appropriate
methods and controls to verify the final product or service meets specified
requirements.

AUDITOR’S ROLE

The auditor must evaluate the approach used by the organisation to ensure:
• Products are checked to confirm they are fit for purpose
• Products are approved for release by a person with the appropriate level
of authority
• Services are checked to confirm the required outcome has been achieved
and meet the requirements of:
− The customer
− The organisation
− Any relevant statutory and regulatory requirements
• Appropriate documented information needs to be retained by the
organisation confirming release and acceptance of the product or service.

CLAUSE 8.6 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation verify products before release to the
customer?
2 How does the organisation verify services before acceptance is
sought from the customer?
3 Does the organisation evaluate its verifications methods and
controls to ensure ongoing suitability and effectiveness?
4 What documented information does the organisation retain as
evidence of customer acceptance of goods and services?

www.iqmslearning.co.uk 119
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 8.6 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Organisations may not always define and communicate service
acceptance criteria.
• Organisations may not always develop appropriate service verification
protocols.
• Organisations may not always monitor verification methods and controls
to confirm the compliance to the approach.

120 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

8.7 CONTROL OF NONCONFORMING OUTPUT

The intent of Clause 8.7 is to ensure an organisation has a process in place to
prevent or control unintended (or even intended) use or delivery of process
outputs, products or services that do not conform to requirements.

The approach should incorporate appropriate methods relevant to the nature

and scope of operations. Some organisations may be required to incorporate
activities to segregate, contain, return or suspend the provision of products or
services.

The organisation must retain appropriate documented information based on

internal needs and external compliance obligations. The information must
include the following details:
• Description of the nonconformity and any action taken
• Description of any concessions obtained, and
• Details of the authority who determined the suitable action for the
nonconformity.

AUDITOR’S ROLE

The auditor must evaluate the approach used by the organisation to ensure:
• Nonconforming outputs including processes, products and services, are
consistently detected.
• Nonconforming outputs are controlled to ensure unintended use does not
occur.
• Investigation is conducted to determine the appropriate action needed to
address the nonconformity.
• Actions are authorised by the appropriate employees in the organisation.
• Where concessions are permissible, these are authorised by employees
with the appropriate level of authority.
• Appropriate documented information is retained by the organisation.

www.iqmslearning.co.uk 121
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 8.7 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 What methods are used by the organisation to identify
nonconforming outputs?
2 How does the organisation manage nonconformities detected
before delivery?
3 How does the organisation manage nonconformities detected after
delivery?
4 Who has the authority for accepting nonconforming outputs?
5 Does the organisation manage the risks associated with
nonconforming outputs, (i.e. the risk of further damage if the NC is
not effectively contained and corrected)?
6 What documented information is maintained by the organisation?
7 Does the organisation conduct some form of trend analysis?

CLAUSE 8.7 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Organisations may not have clearly defined processes and guidelines to
manage nonconformities post-delivery such as warranty claims or product
returns.
• Organisations may not clearly identify responsibility and authority levels for
concessions.
• Organisations may not maintain documented information relating to
nonconforming incidents.
• Organisations may not conduct trend analysis to identify recurring
nonconformity issues.

122 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 9:
Auditing Clause 9:
Performance Evaluation

www.iqmslearning.co.uk 123
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 9 INTRODUCTION: DAY 2

AUDITING CLAUSE 9:
Auditing Clause 7:
PERFORMANCE Support
EVALUATION
Auditing Clause 8:
Operation

Auditing Clause 9:
Performance
Evaluation

Auditing Clause 10:

Improvement

ISO 19011 Guidance

for Auditing

Estimated duration: 1 ½ hours

Background This module outlines the role of the auditor to ensure the organisation
information: has adequate processes in place to monitor and evaluate the
performance and effectiveness of the QMS, and ensure all
requirements are fulfilled.
Module • Understand how to determine if an organisation has adequate
objectives: processes in use to monitor, measure, and evaluate customer
satisfaction, process, product and service performance
• Understand how to determine if an organisation has an effective
internal audit programme used to evaluate the suitability and
capacity of operations to support quality management standards
and related requirements
• Understand how to determine if an organisation’s top management
has implemented a structured method to conduct management
reviews to evaluate performance and determine required changes
to the QMS.
Slides: 72 - 77
Activities: Activity 8: Auditing Quality Performance Evaluation, page 129
Activity 9: Auditing the Audit Programme, page 135

124 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

OVERVIEW OF CLAUSE 9 - PERFORMANCE

EVALUATION
The intent of Clause 9 is to ensure there are suitable and adequate processes
in place to:
• Monitor and measure overall performance of processes, products and
services
• Monitor and measure customer satisfaction
• Determine whether outcomes have met the stated requirements of
interested parties, and
• Identify changes required to improve performance and outcomes.

www.iqmslearning.co.uk 125
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MONITORING, MEASUREMENT, ANALYSIS AND

EVALUATION
The intent of Clause 9.1 is to ensure an organisation adopts a structured
approach to monitoring and measuring performance to ensure outcomes meet
or exceed the stated requirements of interested parties.

The approach must ensure methods used can provide valid and reliable results
that enable the organisation to evaluate the overall performance and
effectiveness of the QMS.

An organisation must ensure it monitors and measures all aspects of operations

including:
• Process outcomes or results
• Process performance indicators
• Product and service performance standards, and
• Customer satisfaction.

MEASURING PERFORMANCE

Traditionally, many organisations have used outcome-focussed measures to

monitor their product and service performance. These include measures such
as the number of
• Conforming or nonconforming products or services provided, or
• Number of customer complaints received.

Organisations should strive to have a balanced mix of both outcome and

process measures to assist in determining the overall effectiveness and any
root causes of any actual or potential issues.

126 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CUSTOMER SATISFACTION

An organisation can use a variety of methods to assess and understand the

customer’s perception of whether their needs and expectations have been met.

The method(s) used to obtain this information is determined by the organisation.

ANALYSING RESULTS

The analysis and evaluation must provide the organisation with information in
several specific areas of operations including:
• Customer satisfaction and/or dissatisfaction
• Conformance to customer requirements
• Characteristics of processes, product, and the associated trends; and
• External providers.

The outcome of the analysis must be used to evaluate and determine what
improvements can be implemented to both the quality management system and
the products and services of the organisation.

AUDITOR’S ROLE

The auditor must evaluate the methods used by the organisation to analyse and
evaluate data pertaining to process performance, product and service
conformity, and customer satisfaction.

The methods used by the organisation must clearly define:

• Aspects of operations that need to be monitored and measured
• Correlation between these aspects and quality objectives
• Methods used by the organisation to ensure valid results
• When monitoring and measurement is performed
• Method of result analysis and evaluation
• Determine how the record of the results will be retained.

When auditing this requirement an organisation is assessed and evaluated for

overall effectiveness within the context of the organisation, quality policy
commitments, objectives and obligations to interested parties.

www.iqmslearning.co.uk 127
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 9.1 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation determine what needs to be monitored
and measured?
2 How does the organisation monitor and measure process
performance?
3 How does the organisation monitor and measure product and
service conformity?
4 How does the organisation monitor and measure customer
satisfaction?
5 How does the organisation analyse monitoring and measurement
results?
6 How does the organisation use analysis outcomes?

CLAUSE 9.1 AUDIT INSIGHTS

The following are insights relevant to this clause.

• The organisation may not have a formal process in place to ensure
monitoring measurements is conducted consistently across all functions,
processes and areas of the organisation.
• The organisation may fail to establish a sustainable process to monitor and
measure customer satisfaction on a regular basis.
• The organisation may overlook a broader range of performance
information pertaining to warranty claims, product returns, complaints or
lost sales as indicators of customer satisfaction.
• The organisation may fail to achieve a balance in measurement with
outcome results monitored and measured, with little or no focus on process
performance.
• The organisation may fail to collect sufficient data to enable meaningful
analysis of overall results.
• The organisation may not analyse results to determine trends or
opportunities to improve some aspect of operations including products,
services or processes.
• The organisation may not present analysis outcomes in a format that
effectively communicates trends (both positive and negative) in overall
performance.
• The organisation may not use analysis outcomes as input to management
review to determine and agree on changes needed to improve some
aspect of operation (product, service or process).

128 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 8: Auditing Quality Performance

Evaluation

Objective:

An organisation needs to develop and implement a structured approach to

monitor, measure, analyse and evaluate its performance, and determine if it
meets all requirements.

Task:

In your team, use the expanded version of the checklist questions provided on
previous pages and conduct an adequacy audit of the Case Study organisation.

Determine if the stated approach(es) used to monitor, measure, analyse and

evaluate performance meets the requirements of ISO 9001.

If there is insufficient evidence to determine whether a requirement has been

met, write “further information required” or (FIR) in the objective evidence
column.

www.iqmslearning.co.uk 129
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDIT CHECKLIST QUESTIONS BASED OBJECTIVE EVIDENCE

ITEM ON ISO 9001 REQUIREMENTS
1 How does the organisation
determine and define what needs to
be monitored and measured?

What aspects of operations are

monitored and measured?

2 What approach does the

organisation employ to monitor and
measure process performance?

3 What approach does the

organisation employ to monitor and
measure and product and service
conformity?

130 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDIT CHECKLIST QUESTIONS BASED OBJECTIVE EVIDENCE

ITEM ON ISO 9001 REQUIREMENTS
4 Does the approach used to monitor
and measure process performance,
products and service conformity
outline:
− methods for monitoring,
measurement, analysis and
evaluation, as applicable, to
ensure valid results
− criteria against the organisation
will evaluate its quality
performance, using appropriate
indicators?
− when the monitoring and
measuring is performed
− when the results from monitoring
and measurement are analysed
and evaluated?
5 How does the organisation monitor
and measure customer
satisfaction?

Consider method, frequency and

communication of monitoring and
measurement results.

6 What approach does the

organisation employ to analyse and
summarise results of monitoring
and measurement?

7 How does the organisation use

analysis outcomes?

Consider who and how the

information is conveyed to the
relevant interested parties.

www.iqmslearning.co.uk 131
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

INTERNAL AUDIT
The intent of Clause 9.2 is to ensure an organisation implements an internal
audit programme to evaluate performance.

The internal audit programme should be used to assess conformance,

compliance and effectiveness of processes, determine improvements to
product and service provision, and highlight how the organisation can enhance
their ability to meet customer expectations.

An organisation must ensure audits are conducted at planned intervals, with

criteria and scope defined, auditors assigned to ensure objectivity and
impartiality, and results reported to the relevant management employees.

The outcome of the audit programme should provide top management with
insight into the effectiveness of the quality management system and where
opportunities for improvement exist within the current approach, including any
detected risks.

The extent of the internal audit programme should be based on the size and
nature of the organisation, as well as the complexity and level of maturity of the
quality management system.

The Audit Programme should also take account of:

• Context, internal/external issues, risks, opportunities and any failures
• Strategic initiatives being introduced, other planned changes, such as:
─ Changes to structure
─ Changes to the QMS scope and processes within it
─ Previous audit results
─ Risks
─ Criticality or importance of key processes
─ Current and historic process performance results, for example.

132 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR’S ROLE

An auditor must ensure the organisation has established, implemented and

maintained an effective internal audit programme that provides both oversight
and insight into process performance and the overall effectiveness of the QMS.

An auditor must ensure the approach employed by the organisation meets the
requirements stated in ISO9001 Clause 9.2 which stipulates:
• Internal audits are scheduled with consideration to the importance of the
processes concerned, changes affecting the organisation, and previous
audit results
• Internal audits are effectively planned with the objective, scope and criteria
defined for each audit
• Auditor are selected based on their competence and ability to remain
objective and impartial, and
• Audit outcomes are reported to the relevant management, and corrective
actions completed in a timely manner; and
• Audit documentation is retained as evidence.

CLAUSE 9.2 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation plan and implement the internal audit
schedule, for example, a Risk/Importance based approach?
2 What considerations or factors influence the frequency of internal
audits?
3 How does the organisation ensure there are adequate resources
available to implement the audit schedule?
4 What approach does the organisation employ to ensure all internal
audits are planned, conducted and reported consistently?
5 What approach does the organisation employ to ensure corrective
actions identified by internal audits are completed in a timely
manner?
6 How is documented information pertaining to the internal audit
programme managed?
7 How are risks associated with the execution of the audit programme
managed and the audits planned within it?
i.e. Risks to the Programme, Risks within each Audit planned, Risks
to audit teams and the auditees or other key roles involved, as per
ISO 19011 guidance.

www.iqmslearning.co.uk 133
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 9.2 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Internal Audit Programme schedules may not change from year to year,
with little or no consideration of previous audit results, current
performance, or changes to business operations.
• Internal audits are not always adequately resourced with insufficient time
allocated to plan, conduct and report audit outcomes.
• Internal audits may be focused on the system rather than verifying a
mixture of system and operational requirements.
• The consideration and management of all levels and areas of risk
associated with the programming, planning, conduct and reporting of
audits are not effectively addressed, (and not just quality risks but also
those relating to budget, resource provision, security, H&S and even
possibly environmental risks).
• Internal auditors are not always fully proficient to conduct audits, with
limited or no training and support provided.
• Corrective actions may not be effectively managed, with insufficient
analysis conducted to determine the root cause, and no follow-up to verify
the actions taken have addressed the issue.
• Management of audit records may be inconsistent.

134 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 9: Auditing the Audit Programme

Objective:

Review the Audit Programme Template found in the Case Study to verify
conformance with ISO 9001 Clause 9.2.

Task:

In your team, review the Internal Audit Programme for your allocated site.

Identify potential nonconformities.

Discuss and consider risks associated with the effective execution of the audit
programme.

Identify questions you would ask the case study organisation to determine
conformance.

www.iqmslearning.co.uk 135
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MANAGEMENT REVIEW
The intent of Clause 9.3 is to ensure that top management reviews the
organisation’s quality management system, at planned intervals, to ensure its
continuing suitability, adequacy, effectiveness and alignment with the strategic
direction of the organisation.

ISO 9001 specifies a number of inputs to the management review process and
these topics need to be addressed; however, these are not the only subjects
that can be included in a review. It is acceptable to address them as part of an
overall business review.

The management review process needs to provide evidence of decisions

regarding:
• Changes to context (refer to Section 4 of ISO 9001 again) and the quality
policy and objectives
• Plans and possible actions for improvements
• Change of resources
• Revised business plans, and
• Budgets.

Outputs may not be restricted to improvements or changes, but could also

include decisions on other critical issues, such as plans to introduce new
products or services.

Documented information on management reviews is required, but the format is

not specified. Minutes of meetings are the most common type, but electronic
records, statistical charts, presentations are also acceptable.

The management review process is not an exercise carried out solely to satisfy
the requirements of the standard and the auditors; it should be an integral part
of the organisation’s business management process.

The management review process closes the planning loop from the initial
commitments stated within the quality policy, objectives and associated
requirements and compliance obligations.

The outputs from the review then become inputs into the planning phase.

136 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR’S ROLE

An auditor is required to:

• Assess the effectiveness of such reviews;
• Ensure that relevant review inputs and associated outputs are addressed
appropriately; and
• Ensure that the organisation can, from such inputs and outputs,
demonstrate continual improvement towards enhanced quality
performance.

Auditors need to be aware the frequency and method employed to conduct

management reviews is determined by the organisation.

CLAUSE 9.3 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 What approach (what, who, when, how) does the organisation
employ to conduct management reviews?
2 What sources of information does the organisation use as input to
management reviews, including re-contexting the organisation?
3 How are decisions made regarding possible or required changes to
the QMS, operational processes, products and services?
4 How does the organisation use the insights gained from
management reviews?
5 What documented information is retained as evidence of
management reviews?

CLAUSE 9.3 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Management review inputs do not always consider a broader range of
sources other than those stipulated in ISO 9001.
• Management reviews are conducted as a stand-alone review of the quality
management system, performed by an individual, with little or no
consultation with management.
• Whether the Context of the Organisation has changed or not
• Management reviews may be focused only on historical performance
results with little or no consideration of changing circumstances within the
organisation that may present new or changed risks or opportunities.
• Outcomes of the management review may not be communicated to
interested parties.
• Sufficient and accurate documented information may not be retained.

www.iqmslearning.co.uk 137
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

138 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 10:
Auditing Clause 10:
Improvement

www.iqmslearning.co.uk 139
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 10 INTRODUCTION: DAY 2

AUDITING CLAUSE: 10
Auditing Clause 7:
IMPROVEMENT Support

Auditing Clause 8:
Operation

Auditing Clause 9:
Performance
Evaluation

Auditing Clause 10:

Improvement

ISO 19011 Guidance

for Auditing

Estimated duration: 1 hour

Background This module outlines the role of the auditor to ensure the organisation has
information: adequate processes in place to demonstrate continual improvement to
enhance quality performance through identifying system nonconformities and
addressing them through a formal corrective action process.
Module • Understand how to determine if an organisation has adequate processes
objectives: in place to manage nonconformities, corrections and corrective actions
and emerging risks associated with the aforementioned actions (if taken).
• Understand how to evaluate the approach used by the organisation to
apply continual improvement principles to enhance quality performance.
Slides: 78 - 82
Activities: Activity 10: Clause Identification, page 147

140 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

OVERVIEW OF CLAUSE 10: IMPROVEMENT

The intent of Clause 10 is to ensure an organisation encourages and
implements an improvement mindset that enhances its ability to meet
requirements and ensure customer satisfaction.

In order to achieve this intent, an organisation must determine, select and

implement those opportunities for improvement that bring value to the
organisation through:
• Improving product and services to meet requirements and address future
needs and expectations
• Correcting, preventing or reducing undesired potential or actual effects,
and/or
• Improving the performance of the quality management system, ensuring
alignment with strategy and context.

www.iqmslearning.co.uk 141
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

POTENTIAL IMPROVEMENT OPPORTUNITIES

The intent of Clause 10.1 is to ensure potential opportunities for improvement
are identified, evaluated and selected in a considered manner, and the
organisation can realise the associated benefits from the required changes.

It should be noted that improvements can be reactive, incremental, or

transformational in nature. The intended outcome should contribute in some
capacity to improve the stability and/or capability of the quality management
system and operational performance.

AUDITOR’S ROLE

An auditor must verify the organisation has a structured approach to determine

and select opportunities for improvement, and these are implemented to ensure
the expected outcome is achieved.

CLAUSE 10.1 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 What sources of information does the organisation use to
determine potential improvement opportunities?
2 How does the organisation evaluate potential improvement
opportunities to verify the value of the change?
3 How does the organisation delegate responsibility for
improvements to ensure they are implemented effectively?

142 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CLAUSE 10.1 AUDIT INSIGHTS

The following are insights relevant to this clause.

• The organisation may not use trend analysis results to determine potential
issues.
• The organisation may not apply structured and systematic approach to
evaluate and determine which improvement opportunities present the
greatest value to the organisation.
• The organisation may not assign responsibility for improvement initiatives.

NONCONFORMITY AND CORRECTIVE ACTION

The intent of Clause 10.2 is to ensure the organisation takes action to eliminate
the causes of nonconformities.

The nonconformity and corrective action process is the mechanism for the
recording, investigating and resolving a nonconformity from problems or issues
within the quality management system.

When a nonconformity occurs, the organisation must act to control and correct
the nonconformity, and deal with the consequences. It should note the
corrective actions taken must be appropriate to the significance of the effects
of the nonconformities encountered.

The organisation must retain documented information as evidence of actions

taken and results achieved.

The organisation must ensure process incorporates the following steps:

• Review the nonconformity and determine the cause

• Determine if similar nonconformities exist, or could potentially occur
• Determine and implement any corrective action needed
• Review the effectiveness of any corrective action taken, including any new
or emerging risks, and
• Make changes to the quality management system, if necessary.

www.iqmslearning.co.uk 143
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR’S ROLE

An auditor must ensure that:

• Correction and corrective actions are raised for any identified
nonconformity, or potential nonconformity, and
• Any actions taken are effective and appropriate to the nature, scale and
significance of the nonconformity and address the generic PDCA cycle.

CLAUSE 10.2 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation identify and act in the event of an actual
or potential nonconformity?
2 What factors does the organisation consider when assigning
responsibility and authority for initiating, investigating and taking
corrective action clearly defined?
3 How does the organisation ensure a thorough investigation
undertaken to determine the root cause of a nonconformity?
4 How does the organisation ensure corrective actions are
appropriate to the magnitude of the problem and commensurate
with the risk?
5 How does the organisation evaluate the effectiveness of any
corrective actions reviewed?

CLAUSE 10.2 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Corrective actions may be raised in response to audit findings, but not
raised following a customer complaint, product, service or process issue.
• Responsibility for actions may not be allocated appropriately.
• Correction may fix the immediate problem but fail to consider and address
potential further damage down-stream, for example, if the nonconforming
product is already in the hands of the customer or end-user.
• Investigations may not always identify and address the root cause of
nonconformities which always sit in earlier processes and are not always
easy to find. Remember the purpose of determining the root cause
and taking corrective action is to prevent the reoccurrence of the
nonconformities.
• Organisations may have multiple corrective action systems with one for
quality, another for work, health and safety, and another for environment.
This leads to confusion, duplication and difficulty in reporting.
• The effectiveness of actions may not be consistently evaluated and
recorded

144 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CONTINUAL IMPROVEMENT
The intent of Clause 10.3 is to ensure that the organisation demonstrates
continual improvement within the quality management system.

The rate, extent and timescale of actions to support continual improvement are
determined by the organisation. The overall intended outcome is an
enhancement in the quality performance of the organisation.

AUDITOR’S ROLE

An auditor needs to ensure that the organisation continues to adapt and

improve the quality management system to ensure it remains adequate and
suitable for the context of the organisation.

CLAUSE 10.3 POSSIBLE AUDIT QUESTIONS

The table below lists possible audit questions based on ISO 9001 requirements.

ITEM POSSIBLE QUESTIONS

1 How does the organisation ensure processes for continual
improvement established and effective?
2 How would the organisation demonstrate continual improvement to
interested parties if needed?
3 How does the organisation ensure the overall intended outcomes of
the quality management system are being met to achieve continual
improvement and enhance quality performance?

CLAUSE 10.3 AUDIT INSIGHTS

The following are insights relevant to this clause.

• Continual improvement may not be able to be demonstrated due to a lack
of documented information.
• The outcomes of the management review process may not be used as
inputs to continual improvement.

www.iqmslearning.co.uk 145
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

GROUP DISCUSSION
The overall intent of an audit is to confirm an organisation’s quality management
system is effective in managing the quality of their products, services and
processes.

In your role as an auditor, what quality management components and

processes would you expect to find during an audit?

In your role as an auditor, what evidence would you seek to verify the
organisation has established, implemented and maintained an effective quality
management system?

146 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 10: Clause Identification

Objective:

Identify the most appropriate clause of ISO 9001 for each requirement.

Task:

Read each requirement and identify the most appropriate clause number from
ISO 9001.

www.iqmslearning.co.uk 147
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Which clauses of ISO 9001 cover these requirements?

REQUIREMENT CLAUSE

1. Availability of the quality policy 5.2.2.c

2. Customer communication

3. Determination of risks and opportunities

4. Calibration of measuring instruments

5. Review of design and development changes

6. Determination of the boundaries and applicability of the quality

management system

7. Product identification

8. Elimination of causes of nonconformities

9. Supplier evaluation

10. Monitoring of customer perception

11. Documented information of staff training and education

12. Process efficiency

148 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

www.iqmslearning.co.uk 149
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

150 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 11:
ISO 19011 Guidance for
Auditing

www.iqmslearning.co.uk 151
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 11 INTRODUCTION: DAY 2

ISO 19011 GUIDANCE FOR
AUDITING Auditing Clause 7:
Support

Auditing Clause 8:
Operation

Auditing Clause 9:
Performance
Evaluation

Auditing Clause 10:

Improvement

ISO 19011 Guidance

for Auditing

Estimated
2 hours
Duration:

Background This module provides an overview of the Standard ISO 19011: Guidelines
information: for Auditing Management Systems, including principles, terms and
definitions.

Module • Understand the structure of the ISO 19011 Standard

objectives:
• Understand the intent of the principles within the Standard that
underpin the audit discipline
• Understand the terms and definitions within the Standard that apply to
the audit process

• Clarify the range of roles and responsibilities applicable to the audit

process.

Slides: 83 - 101

Activities: Activity 11: Auditor Attributes, page 161

Activity 12: Roles and Responsibilities, page 167
Activity 13: Audit Objective, Scope & Criteria, page 171
Activity 14: Auditor Competencies, page 176

152 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

OVERVIEW OF ISO 19011

The ISO 19011:2018 document “Guidelines for Auditing Management
Systems” provides guidance for organisations in establishing an audit
programme, planning and conducting audits, and managing the competence
and evaluation of auditors and audit teams.

The guidelines document can be used by organisations of any size, for audits
of varying scope and scale, conducted by individual auditors or audit teams.

The guidelines document concentrates on internal (first-party) audits and

audits conducted by organisations on their external providers and other
interested parties (second-party). The guidance it provides can also be useful
to those who conduct management system certification (third-party) audits,
although they would follow the requirements of ISO/IEC 17021:2015.

ISO 19011:2018 can be applied to audits of single discipline management

systems, combined audits when two or more management system disciplines
are audited together, or audits of integrated management systems.

The guidelines document is intended to be flexible with the guidance

dependent on the size, complexity and of maturity of an organisation and its
management system.

www.iqmslearning.co.uk 153
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Key ISO 19011 Sections

Section 3 sets out the key terms and definitions used in the ISO 19011
Standard. All efforts have been taken to ensure that these definitions do not
conflict with definitions used in other standards.

Section 4 describes the principles on which auditing is based. These principles

help the user to understand the essential nature of auditing and they are
important in understanding the guidance set out in Sections 5 to 7.

Section 5 provides guidance on establishing and managing an audit

programme, establishing the audit programme objectives, and coordinating
auditing activities. Significant additional requirements relating to management
of risks, associated with successful execution of audit programmes, have been
incorporated into ISO 19011 guidance.

Section 6 provides guidance on planning and conducting an audit of a

management system.

Section 7 provides guidance relating to the competence and evaluation of

management system auditors and audit teams.

Annex A provides additional guidance for auditors on planning and conducting

audits.

Note: The previous Annex A in ISO 19011: 2011, which related to sector
specific auditing guidance, has been deleted and has been replaced by Annex
B (which has now become the new Annex A).

ISO 19011 adopts the approach that when two or more management systems
of different disciplines are audited together, this is termed a “combined audit”.
Where these systems are integrated into a single management system, the
principles and processes of auditing are the same as for a combined audit.

ISO 19011 provides only guidance, however users can apply this to develop
their own audit related requirements. In addition, any other individual or
organisation with an interest in monitoring conformance to requirements, such
as product specifications or laws and regulations, may find the guidance in ISO
19011 useful.

154 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CONTENTS OF ISO 19011

1 Scope

2 Normative References

3 Terms and definitions

4 Principles of auditing

5 Managing an audit programme

5.1 General
5.2 Establishing the audit programme objectives
5.3 Establishing the audit programme
5.4 Implementing the audit programme
5.5 Monitoring the audit programme
5.6 Reviewing and improving the audit programme

6 Performing an audit
6.1 General
6.2 Initiating the audit
6.3 Preparing audit activities
6.4 Conducting the audit activities
6.5 Preparing and distributing the audit report
6.6 Completing the audit
6.7 Conducting audit follow-up

7 Competence and evaluation of auditors

7.1 General
7.2 Determining auditor competence to fulfil the needs of the audit
programme
7.3 Establishing the auditor evaluation criteria
7.4 Selecting the appropriate auditor evaluation method
7.5 Conducting auditor evaluation
7.6 Maintaining and improving auditor competence

Annex A (informative) Additional guidance for auditors for planning and

conducting audits.

www.iqmslearning.co.uk 155
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITING TERMS AND DEFINITIONS

Clause 3 of ISO 19011:2018 provides a range of terms and definitions that are
used throughout the Standard.

The intent is to ensure all interested parties involved in an audit have a

consistent understanding of the terms and definitions used and applied
throughout the audit.

The following is a brief explanation of the meaning of the main terms and
definitions.

Audit

An audit is a process by which evidence is gathered to determine how well audit

criteria are being met. Audits must be objective, impartial and independent and
the audit process must be both systematic and documented.

There are several types of audit:

• 1st Party – this is an internal audit, i.e. within an organisation

• 2nd Party – this is an external audit, undertaken by a customer of its

supplier organisation/s.

• 3rd Party – this is undertaken by an independent auditor such as a

certification body to verify an organisation’s management system complies
with a requirements standard.

Combined Audit

An audit carried out together at a single auditee on two or more management

systems.

When two or more discipline-specific management systems are integrated into

a single management system this is known as an integrated management
system.

156 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Audit Programme

The audit programme means all the activities and resources needed to plan,
organise and conduct one or more audits within a specific timeframe.

Audit Scope

This is a statement that specifies the focus, extent and boundaries of the audit.
It can relate to physical location, organisational units, processes and activities,
and the period to be covered.

Audit Plan

The plan details how a specific audit will be carried out and the activities
needed to achieve the audit objectives.

Audit Criteria

This includes policies, procedures, obligations and requirements. When

requirements from a standard are used as audit criteria, auditors may use the
terms conformity and nonconformity to indicate whether they are being met.
However, when legal requirements are used as criteria, auditors tend to use
the terms compliance and non-compliance.

Objective Evidence

Records, statements of fact or other information relating to the audit criteria,

obtained through observation, interview or other means to verify or confirm
the existence of something.

Audit Findings

Results of the evaluation of audit evidence when compared against audit

criteria. Findings can indicate conformity or nonconformity, identify best
practice, observations or opportunities for improvement.

Audit Conclusion

Conclusions reached by the audit team following consideration of the audit

objectives and all audit findings.

Audit Client

The client can be either the person or the organisation that requests the audit.

For an internal audit this could be either the auditee or the audit programme
manager, but for an external audit it can be regulators, customers, or other
interested parties that have a contractual or legal right to carry out an audit.

Auditee

An organisation, part of any organisation, or person that is being audited and

that has responsibility for the process being audited.

www.iqmslearning.co.uk 157
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Auditor

The person undertaking the audit.

Audit Team

A team of two or more auditors undertaking an audit. One of the team is

appointed the audit team leader.

Technical Expert

A person with specific subject matter expertise or knowledge who is

nominated by the auditee or the auditor to provide technical guidance during
the audit. They do not act as auditors.

158 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PRINCIPLES OF AUDITING
Clause 4 of ISO 19011:2018 sets out seven general principles that guide the
performance of management system audits.

These principles are:

1. Integrity
2. Fair presentation
3. Due professional care
4. Confidentiality
5. Independence
6. Evidence-based approach
7. Risk-based approach

Adherence with these principles is necessary to ensure an audit is an effective

and reliable tool in support of management policies and controls.

In general, these can be defined as follows:

1. Integrity
To have integrity, auditors need to be honest, diligent and responsible in
the performance of their work, observe applicable legal requirements and
withstand any pressures that might seek to influence their professional
judgment.

2. Fair presentation
This means that auditors are obliged to report their findings in a truthful
and accurate manner and to ensure they report any significant concerns.

3. Due professional care

Auditors should ensure that they carry out their tasks with due care and
diligence and apply reasoned judgement in all audit situations. They
should be aware of the confidence placed in them by the audit client and
other interested parties.

www.iqmslearning.co.uk 159
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

4. Confidentiality
Auditors should always exercise the utmost discretion and sensitivity in
dealing with all information they acquire during an audit, ensuring that
confidential information is appropriately handled, and never using any
information for personal gain.

5. Independence
Auditors should always be independent of the activities being audited and
ensure that they are unbiased and objective.

6. Evidence-based approach
This means that auditors should ensure that the audit evidence can be
verified using appropriate samples.

7. Risk-based approach
Applying an audit approach that considers risks and opportunities
throughout planning, conducting and reporting of audits.

This will ensure audits are focused on areas of significance and

importance for the client and audit programme objectives.

A critical element of auditing is that no blame is allocated for any

problems that are identified. The focus is always on auditing the system,
not the people within the system.

An audit is an information gathering activity and should not be used as an

opportunity to “point the finger” or apportion blame. Indeed, allocating blame
may well result in one of the “interested parties” in the audit, or the employees
themselves, becoming defensive and concealing information. This behaviour
is hardly conducive to the free flow of information on which successful auditing
depends.

160 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 11: Auditor Attributes

Overview:

Auditors should possess the qualities to enable them to act in accordance with
the principles of auditing. Auditors should exhibit professional behaviour
during the performance of audit activities.

Task:

In your team, for the allocated terms, identify how an auditor could
demonstrate this during an audit.

www.iqmslearning.co.uk 161
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR ATTRIBUTE HOW THIS COULD BE DEMONSTRATED

1. Ethical

2. Open-minded

3. Diplomatic

4. Observant

5. Perceptive

6. Versatile

7. Tenacious

8. Decisive

9. Self-reliant

10. Open to
improvement

11. Culturally sensitive

12. Collaborative

162 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

ROLES AND RESPONSIBILITIES

The Audit Programme has a number of defined roles to ensure the
programme, and each audit scheduled within the programme is effectively
managed. All parties who are involved in a scheduled audit in some capacity
need to understand the scope of responsibilities and authority associated with
their role.

Audit Team Leader/Lead Auditor

The lead auditor is responsible for ensuring the efficient and effective conduct
and completion of the audit within the audit scope and plan approved by the
client. In addition, responsibilities and activities of the lead auditor should
cover:
• Consulting with the client and the auditee, if appropriate, in determining the
criteria and scope of the audit
• Obtaining relevant background information necessary to meet the
objectives of the audit, such as details of the auditee’s activities, products,
services, site and immediate surroundings, and details of previous audits
• Forming the audit team giving consideration to potential conflicts of
interest, and agreeing on its composition with the client
• Directing the activities of the audit team in accordance with the guidelines
of ISO 19011, including information about risk associated with the audit
• Preparing the audit plan with appropriate consultation with the client,
auditee and audit-team members, and again considering relevant risks
• Communicating the final audit plan to the audit team, auditee and client.
• Coordinating the preparation of working documents and detailed
procedures, and briefing the audit team
• Seeking to resolve any problems that arise during the audit, including risks
• Recognising when audit objectives become unattainable and reporting the
reasons to the client and the auditee
• Representing the audit team in discussions with the auditee, prior to,
during and after the audit
• Notifying the auditee without delay, of audit findings of critical
nonconformities
• Reporting to the client on the audit clearly and conclusively within the time
agreed within the audit plan
• Making recommendations for improvements to the management system, if
agreed in the scope of the audit

www.iqmslearning.co.uk 163
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Auditor

Auditor responsibilities and activities should cover:

• Following the directions of and supporting the lead auditor.
• Planning and carrying out the assigned task objectively, effectively and
efficiently within the scope of the audit and managing risks to all parties
• Collecting and analysing relevant and sufficient audit evidence to
determine audit findings and reach audit conclusions regarding the
management system
• Preparing working documents under the direct of the lead auditor.
• Documenting individual audit findings
• Safeguarding documents pertaining to the audit and returning such
documents as required
• Assisting in writing the audit report

Audit Client
Client responsibilities include:
• Determining the need for the audit
• Contacting the auditee to assure cooperation and initiating the process
• Defining the objectives of the audit
• Selecting the lead auditor or auditing organisation and, if appropriate,
approving the composition of the audit team
• Providing appropriate authority and resources to enable the audit to be
conducted
• Consulting with the lead auditor to determine the scope of the audit
• Approving the audit criteria and the audit plan
• Receiving the audit report and determining its distribution

Auditee
The responsibilities and activities of the auditee should cover:
• Informing employees about the objectives and scope of the audit.
• Providing the facilities needed for the audit team in order to ensure an
effective and efficient audit process, management of risks, H&S etc
• Appointing responsible and competent staff to accompany members of the
audit team, to act as guides to the site and to ensure that the audit team is
aware of health, safety and other appropriate requirements
• Providing access to the facilities, personnel, relevant information and
records as requested by the auditors
• Cooperating with the audit-team to achieve the audit objectives
• Receiving a copy of the audit report unless excluded by the client

164 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Observer

Simply watches the audit activities and does not participate in any way,
sometimes as a means to learn about ISO 9001 and auditing
systems/processes.

Trainee and Trainer Team Leader/Auditor

Trainees act under the guidance of the team leader. The Team Leader debriefs
the performance of the audit and the trainee should follow all instruction and
guidance given by the Team Leader.

Technical Specialist

Sometimes used for complex or technical issues. This person may not
necessarily be an auditor but provides guidance to the audit team regarding
what is and is not considered to be a risk. Such a person may help to verify
that the audit team has managed the risks associated with a particular
organisation’s management system. Technical specialists may also be used to
cover gaps in knowledge relating to social or religious customs or language
barriers.

Witness

Sometimes verifies the process being audited or the audit process itself. Their
role is similar to that of observer. Examples of where this may occur include
audits wherein an accreditation body witnesses a certification body conducting
an audit as part of the Certifying Bodies accreditation audit. Alternatively there
are some regulatory bodies and clients who may wish to witness audits being
conducted.

Guide

Assists the audit team, and acts on request of the Audit Team Leader. May
ensure that rules concerning safety and security procedures are known and
followed by the auditors on site and may also witness the audit on behalf of the
auditee. Should not exercise undue influence or interference.

Auditors can make mistakes and a timely query from a guide may avoid an
embarrassing situation. Notwithstanding this, a guide should never offer an
opinion and should avoid unnecessary “nit-picking”.

www.iqmslearning.co.uk 165
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Audit Programme Manager - This person defines and manages the

effectiveness of the audit programme/schedule including all relevant intrinsic
and extrinsic risks.

Examples of potential audit programme related risks are:

• Planning, e.g. failure to take account of context of the organisation,

strategic direction, policies and business objectives when scheduling
audits, often resulting in misplaced audit efforts and misguided definition
of audit purpose, scope, criteria and objectives
• Resources, e.g. insufficient time/physical resources and poor levels of
competence/capability to develop and manage an effective audit
programme and conduct truly valuable audits.

Note: Lack of awareness, commitment and competence of auditees within

the context of auditing, may also cause barriers to effective audit performance

• Communication, e.g. poor communication about the purpose and

objectives of the audit programme and why audits are essential to improve
the management system and help drive strategic success. Unclear or
untimely communication to audit teams.
• Implementation, e.g. poor coordination of the audits within the audit
programme, not ensuring necessary documented information is available,
failure to adequately manage audit records used to demonstrate
effectiveness of the audit programme.
• Monitoring, reviewing and improving the audit programme, e.g. lack of
monitoring, measurement and analyses of audit programme outcomes and
audit results.
• Ineffective monitoring/measurement of auditor abilities.

166 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 12: Roles and Responsibilities

In your team, review the information pertaining to roles and responsibilities of

the auditor and the auditee.

Determine the specific responsibilities of each party during each phase of an

audit.

Record your answer in the table provided and be prepared to share your answer
with the other teams.

www.iqmslearning.co.uk 167
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDIT PROCESS
AUDITOR AUDITEE
PHASE
PLANNING

CONDUCTING

REPORTING
OUTCOMES

168 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

DEFINING AUDIT OBJECTIVES, SCOPE AND CRITERIA

Each planned audit in the audit schedule should be based on documented
audit objectives, scope and criteria.
Without this vital information, the audit team leader will struggle to understand
where their efforts need to be focused when detailed planning is required.

Objectives

When scheduling audits it should be remembered why the audit is taking

place. It’s important to identify what issues exist and what action is required
to overcome these issues.

Audit objectives may include:

• Determine conformance of management system, or parts of it, with the
audit criteria
• Determine capability of (process or management system) to ensure
compliance with statutory, regulatory and contractual requirements
• Determine effectiveness of (process or management system) to meet
specified objectives
• Identify areas for potential improvement (process or management
system) including the effectiveness of how risks are determined and
responded to
• Determine the suitability and adequacy of the management system to
support the context and strategic direction of the organisation.
• Determine the efficiency of (process or management system) to
achieve objectives.

Scope

The scope needs to be consistent with the audit programme and audit
objectives.

The audit scope describes the extent and boundaries of the audit in terms of
factors such as physical locations, organisational units, activities and
processes, products and/or services to be audited, as well as, where relevant,
the time period covered by the audit.

www.iqmslearning.co.uk 169
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Criteria

The audit criteria are used as a reference against which conformity is

determined and may include applicable strategic issues, policies, procedures,
standards, laws and regulations, management system requirements,
contractual requirements or industry/business sector codes of conduct.

Responsibilities for determining Objectives, Scope and Criteria

The person managing the audit programme, or the audit client, should define
the audit objectives. The audit scope and criteria should be defined between
the audit client and the audit team leader in accordance with audit programme
procedures.

The same parties should agree to any changes to the audit objectives, scope
or criteria.

Where a combined audit is to be conducted, it is important that the audit team

leader ensures that the audit objectives, scope and criteria are appropriate to
the nature of the combined audit.

170 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 13: Audit Objective, Scope and

Criteria

Overview:

Defining the objective, scope and criteria for each scheduled audit is critical
to ensure client expectations are met, and the assigned audit team are able
to start planning and preparing within this context.

Task:

In your team, select an audit from the Audit Programme Template that you
reviewed in an earlier activity.

Define the objective, scope and criteria for the audit.

When defining the criteria, ensure any relevant regulations, legal

requirements, codes of practice, and customer requirements are included
in the criteria.

www.iqmslearning.co.uk 171
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Objective:

Scope:

Criteria:

172 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR COMPETENCIES
Confidence in the audit process and the ability to achieve its objectives
depends on the competence of those individuals who are involved in planning
and conducting audits, including auditors and audit team leaders.

This competence is based on the demonstration of:

• The personal attributes
• The ability to apply the knowledge and skills gained through the education,
work experience, auditor training and audit experience

This concept of competence of auditors is illustrated in the following diagram.

Some of the knowledge and skills are common to auditors of any management
systems types and some are specific to auditors of individual disciplines and or
industry sectors.

Auditor qualifications impact on the reliability of the audit findings and

conclusions.

Auditor Capabilities and Competence (Knowledge, Skills &

Behaviours)

Competence is achieved through a combination of education, training and/or

work and audit experience. The following information illustrates some of the
competencies for auditors.

www.iqmslearning.co.uk 173
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Interpersonal Skills of Auditors.

Effective auditors will need to:

• Recognise that people are individuals. No one approach will meet the
communication needs of all.
• Be aware that audits can be perceived as an imposing or threatening
situation for some. A non-threatening approach by the auditor will be
necessary.
• Read the body language and non-verbal cues of the auditees.
• Understand a range of questioning styles and techniques. Differing
question techniques will obtain differing responses.
• Understand themselves and their own preferred styles of communication

174 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Key Knowledge and Methodology based Competencies for Auditors

• Basic regulatory requirements relating to the product or service

• Key features of different types of businesses
• Key features in strategic or business plans
• Key process characteristics, management controls and performance data
• Key interdependencies between functions and processes
• Customer and awareness
• Evidence of effective teamwork and team/function performance
• Planned and organised operations
• Effective measurement and data analyses including proven techniques of
root cause analysis, e.g. FMEA, 8D, 5Ys etc
• Effective training and competence of people
• Customer and supplier involvements and potential impacts
• Positive leadership and management engagement at all levels
• Risk-based thinking and auditing how effectively managers apply it
• Opportunities for key audit trails
• Effective application of PDCA to manage improvements at all levels in
management systems and organisation structures

Other Key Competencies

Auditors should possess knowledge and skills across the following key areas:
• Understand applications of the principles, procedures and techniques of
auditing
• Understand application of the regulations and other considerations that are
relevant to the audit management system, and the conduct of the audit
• Establish, plan and task the activities of an audit team
• Communicate effectively with the auditee and audit client
• Organise and direct audit team members
• Prevent and resolve conflict with the auditee and/or within the audit team
• Prepare and complete the audit report

Discipline and Sector Specific Knowledge and Skills

Auditors should have the discipline and sector-specific knowledge and skills
that are appropriate for auditing the type of management system and sector.

www.iqmslearning.co.uk 175
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 14: Auditor Competencies

Overview:

Effective management systems auditors need a range of key competencies

to ensure they are able to conduct audits with confidence and meet the
expectations of the audit programme manager, client, and auditee
organisation.

Task:

In teams, discuss and list what knowledge, skills and personal attributes that
effective management systems auditors need to undertake their role.
Brainstorm a list of competencies that effective auditors would require. For
example:

Knowledge – Relevant ISO Standard

Skills – Listening

Personal Attributes – Empathy

Use the flip charts provided and your personal notes and be prepared to share
your work with the rest of the class.

176 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

www.iqmslearning.co.uk 177
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

COMPETENCIES OF AUDITORS
Auditors should possess the knowledge and skills necessary to achieve the
intended results of the audits they are expected to perform.

All auditors should possess generic knowledge and skills and should also be
expected to possess some discipline and sector-specific knowledge and skills.

Audit team leaders should have the additional knowledge and skills necessary
to provide leadership to the audit team.

An auditor’s technical knowledge and skills must be underpinned with

appropriate personal attributes and interpersonal skills.

Summary of Key Competencies for Auditors

Auditors should possess knowledge and skills across the following key areas:
• Understand applications of the principles, procedures and techniques of
auditing
• Understand the conduct of an effective audit in the context of the auditee’s
organisational situation
• Understand application of the regulations and other considerations that are
relevant to the audit management system, and the conduct of the audit
• Practice personal attributes necessary for the effective and efficient
conduct of a management system audit
• Establish, plan and task the activities of an audit team
• Communicate effectively with the auditee and audit client
• Organise and direct audit team members
• Prevent and resolve conflict with the auditee and/or within the audit team
• Prepare and complete the audit report

178 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Summary of Personal Attributes of a Management System Auditor

Auditors should possess the necessary qualities to enable them to act in

accordance with the principles of auditing discussed earlier in the course.

Typical personal attributes which should be displayed by effective auditors

include:
• Ethical: fair, truthful, sincere, honest and discreet
• Open-minded: willing to consider alternative ideas or points of view
• Diplomatic: tactful in dealing with people
• Observant: actively observing physical surroundings and activities
• Perceptive: aware of and able to understand situations
• Versatile: able to readily adapt to different situations
• Tenacious: persistent and focused on achieving objectives
• Decisive: able to reach timely conclusions based on logical reasoning and
analysis
• Self-reliant; able to act and function independently whilst interacting
effectively with others
• Acting with fortitude; able to act responsibly and ethically, even though
these actions may not always be popular and may sometimes result in
disagreement or confrontation
• Open to improvement; willing to learn from situations, and striving for better
audit results
• Culturally sensitive: observant and respectful to the culture of the auditee
• Collaborative: effectively interacting with others, including audit team
members and the auditee’s personnel

Interpersonal Skills of Auditors

Effective auditors will need to:

• Recognise that people are individuals. No one approach will meet the
communication needs of all
• Be aware that audits can be perceived as an imposing or threatening
situation for some. A non-threatening approach by the auditor will be
necessary
• Read the body language and non-verbal cues of the auditees
• Understand a range of questioning styles and techniques. Differing
question techniques will obtain differing responses
• Understand themselves and their own preferred styles of communication.

From this base the effective auditor will be in a position to recognise what
he/she has to learn regarding more effective communication techniques.

www.iqmslearning.co.uk 179
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Human Relations while Auditing

Principles of good human relations must be understood and utilised before

auditing practices can be fully effective. Some fundamental principles, which
can contribute to effective human relations, are described below.

Empathy

This is the ability of one person to put himself/herself in another person's place,
to understand the problems and pressure, which burden someone else. When
empathy is applied to contacts with other people, there is less chance of
criticism or misunderstanding.

Sincerity

If the advice of another person is sought, it is usually to obtain some special

information that is needed. It does no harm to admit a little ignorance of a
subject when seeking the advice of an expert.

Individuality

Approach people as individuals and not as stereotypes. For example,

engineers are no more organised and logical than are pharmacists, lawyers, or
any other group. Preconceived notions of behaviour patterns are a common
obstacle to communication.

Flexibility

Don't be immovable. Practice the simple human skills of courtesy, patience and
understanding. These attributes can produce results that are otherwise
unattainable.

Everyone is an individual and everyone approaches a problem in an individual

manner. Each person has his or her own sensitivities based on personal
capabilities and past experiences.

Generic Knowledge and Skills for Auditors

Auditors should have knowledge and skills in the following areas.

(a) Audit principles, procedures and techniques: to enable the auditor to

apply those appropriate to different audits and ensure that audits are
conducted in a consistent and systematic manner. An auditor should be
able:
• To apply audit principles, procedures and techniques
• To plan and organise the work effectively
• To conduct the audit within the agreed time schedule
• To prioritise and focus on matters of significance

180 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

• To collect information through effective interviewing, listening,

observing and reviewing documents, records and data
• To understand and consider experts’ opinions
• To understand the appropriateness and consequences of using
sampling techniques for auditing
• To verify the relevance and accuracy of collected information
• To confirm the sufficiency and appropriateness of audit evidence to
support audit findings and conclusions
• To assess those factors that can affect the reliability of the audit
findings and conclusions
• To use work documents to record audit activities
• To document audit findings and prepare appropriate audit reports
• To maintain the confidentiality and security of information, data,
documents and records
• To communicate effectively, either through personal linguistic skills
or through an interpreter
• To understand the types of risks associated with auditing

(b) Management system and reference documents: to enable the auditor

to comprehend the scope of the audit and apply audit criteria. Knowledge
and skills in this area should cover:
• Management system standards or other documents used as audit
criteria
• The application of management systems standards to different
organisations
• Interaction between the components of the management system
• Recognising the hierarchy of reference documents
• Application of the reference documents to different audit situations

(c) Organisational Context: to enable the auditor to comprehend the

organisation's structure, business and management practices,
knowledge and skills should cover:
• Organisational types, governance, size, structure, functions and
relationships
• General business and management concepts, processes and
related terminology, including planning, budgeting and management
of personnel
• Cultural and social aspects of the auditee

(d) Applicable legal and contractual requirements and other

requirements that apply to the auditee: to enable the auditor to work
within, and be aware of, the legal and contractual requirements that apply
to the organisation being audited, knowledge and skills specific to the
jurisdiction or to the auditee’s activities and products should cover:
• Laws and regulations and their governing agencies
• Basic legal terminology
• Contracting and liability

www.iqmslearning.co.uk 181
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Discipline and Sector Specific Knowledge and Skills

Auditors should have the discipline and sector-specific knowledge and skills
that are appropriate for auditing the particular type of management system and
sector.

It is not necessary for each auditor in the audit team to have the same
competence; however, the overall competence of the audit team needs to be
sufficient to achieve the audit objectives.

The discipline and sector-specific knowledge and skills of auditors include the
following:
• Discipline-specific management system requirements and principles, and
their application
• Legal requirements relevant to the discipline and sector, such that the
auditor is aware of the requirements specific to the jurisdiction and the
auditee’s obligations, activities and products
• Requirements of interested parties relevant to the specific discipline
• Fundamentals of the discipline and the application of business and
technical discipline-specific methods, techniques, processes and
practices, sufficient to enable the auditor to examine the management
system and generate appropriate audit findings and conclusions
• Discipline-specific knowledge related to the particular sector, nature of
operations or workplace being audited, sufficient for the auditor to evaluate
the auditee’s activities, processes, and products (goods and services)
• Risk management principles, methods and techniques relevant to the
discipline and sector, such that the auditor can evaluate and control the
risks associated with the audit programme

Quality specific requirements

(a) Quality-related methods and techniques: to enable the auditor to

examine quality management systems and to generate appropriate audit
findings and conclusions.
(b) Processes and products, including services: to enable the auditor to
comprehend the technological context in which the audit is being
conducted.

Generic Knowledge and Skills of Audit Team Leaders

Audit team leaders should have additional knowledge and skills to manage
and provide leadership to the audit team, in order to facilitate the efficient and
effective conduct of the audit. An audit team leader should be able to:
a) Balance the strengths and weaknesses of the individual audit team
members
b) Develop a harmonious working relationship among the audit team
members

182 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

c) Manage the audit process including:

• Plan the audit and make effective use of resources during the audit
• Manage the uncertainty of achieving audit objectives
• Protect the health and safety of the audit team members during the
audit, including ensuring compliance of the auditors with the relevant
health, safety and security requirements
• Organise and direct audit team members
• Provide direction and guidance to auditors-in-training
• Prevent and resolve conflicts as necessary.
d) Represent the audit team in communications with the audit client and
auditee
e) Lead the audit team to reach the audit conclusions
f) Prepare and complete the audit report.

www.iqmslearning.co.uk 183
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITOR EVALUATION
The evaluation of auditors and audit team leaders should be planned,
implemented and recorded in accordance with audit programme procedures to
provide an outcome that is objective, consistent, fair and reliable. The
evaluation process should identify training and other skill enhancement needs.

The evaluation of auditors occurs at the following different stages:

• The initial evaluation of persons who wish to become auditors
• The evaluation of the auditors as part of the audit team selection process
• The continual evaluation of auditor performance to identify needs for
maintenance and improvement of knowledge and skills.
• The following four-step process may be used in each of these stages of
evaluation

184 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

STEP 1 – IDENTIFY THE PERSONAL ATTRIBUTES, AND THE

KNOWLEDGE AND SKILLS TO MEET THE NEEDS OF THE AUDIT
PROGRAMME

In deciding the appropriate knowledge and skills, the following should be

considered:
• The size, nature and complexity of the organisation to be audited
• The objectives and extent of the audit programme
• Certification/registration and accreditation requirements
• The role of the audit process in the management of the organisation to be
audited
• The level of confidence required in the audit programme
• The complexity of the management system to be audited

STEP 2 – SET THE EVALUATION CRITERIA

The criteria may be quantitative (such as the years of work experience and
education, number of audits conducted, hours of audit training) or qualitative
(such as having demonstrated personal attributes, knowledge or the
performance of the skills, in training or in the workplace).

STEP 3 – SELECT THE APPROPRIATE EVALUATION METHOD

Evaluation should be undertaken by a person, or a panel, using one or more

method selected from those in the following table (over the page). In using the
table, the following should be noted:
• The methods outlined represent a range of options and may not apply in
all situations
• The various methods outlined can differ in their reliability
• Typically, a combination of methods should be used to ensure an outcome
that is objective, consistent, fair and reliable

www.iqmslearning.co.uk 185
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Evaluation Method, Objectives and Examples

EVALUATION
OBJECTIVES EXAMPLES
METHOD

Review of To verify the background Analysis of records of

Records of the auditor. education, training,
employment and audit
experience.
Positive and To provide information Surveys, questionnaires,
Negative about how the personal references,
Feedback performance of the testimonials, complaints,
auditor is perceived. performance evaluation,
peer review.
Interview To evaluate personal Face-to-face and
attributes and telephone interviews.
communication skills, to
verify information and
test knowledge and to
acquire additional
information.
Observation To evaluate personal Role playing, witnessed
attributes and the ability audits, on- the-job
to apply knowledge and performance.
skills.
Testing To evaluate personal Oral and written exams,
attributes and knowledge psychometric testing.
and skills and their
application.
Post-Audit To provide information Review of the audit report
Review where direct observation and discussion with the
may not be possible or audit client, auditee,
appropriate. colleagues and the
auditor.

STEP 4 – CONDUCT THE EVALUATION

In this step, the information collected about the person is compared against
the criteria set in Step Two (2). Where a person does not meet the criteria,
additional training, work and/or audit experience are required, following which
there should be a re-evaluation.

186 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

The relationship between the stages of evaluation can be illustrated as

follows:

Development
of competence

Criteria
not met

Initial
evaluation

Criteria
Continual evaluation
met
of performance

Criteria
met

Criteria
not met

Auditor

Not Maintenance and improvement

selected of competence

Audit team
selection

Auditing

Figure 4: Relationship between the Evaluation Stages

www.iqmslearning.co.uk 187
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

QUESTIONING TECHNIQUES
One of the greatest tools an auditor can call on is the question, artfully asked.
Effective questioning can result in saving time, receiving invaluable
information and developing effective relationships. On the other hand poor
questioning can invade privacy, cause animosity and result in resentment
- thus souring relationships. If questioning is a technique that can be utilised
for a wide variety of purposes, it is one that must be used with thoughtful care.
Auditors must know how to get important information in a way that does not
make the auditee feel interrogated or defensive.

Open questions encourage effective answers that may involve obtaining much
valuable information. An example might be “How do you feel about the need
for this step in the production process?”

Open questions are the “auditor’s powerful information gathering questions”.

Other examples of open questions and the type of information they seek are:

• What? – to verify activities and/or controls, inputs are done/used

• Why? – to verify purpose and/or value of activities/management controls
• When? – to test timing, sequence, flow of the process
• How? – to understand and verify the methods by which things are done
• Where? – to confirm location(s) of the activities/processes being audited
• Who? – to confirm Role/Responsibility/Authority/Accountability
• Please show me – to get hands and eyes on evidence
• ‘What if?’ questions test if a manager is doing Risk-based thinking

Closed questions probe for specifics - for example, “Do you have a process
for obtaining regular feedback from the customer regarding the quality of the
service provided?” This in particular requires only a “yes” or “no” answer.

Reflective questions clarify and ensure understanding - for example, “Are you
saying that there are two processes available which can provide the same
result?”

188 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Questions can be used for many reasons - and before you ask a question
of another you should first clarify why you are asking it. Examples are:
• To check understanding
• To establish reasons
• To act as a devil’s advocate
• To discover the source
• To focus attention
• To obtain feedback
• To stimulate reflective thinking
• To follow-up
• To obtain evaluations
• To explore resources

No matter what type of question you ask, or no matter why you are asking it,
there are two main rules you should follow:
Rule 1: Ask straightforward questions.
Rule 2: Wait for the answer and listen actively.

Most poor communicators forget Rule 2.

There are also a number of guides you can follow when asking questions.
1. Ask straightforward questions. Avoid complex constructions.
2. Follow-up question areas until it is clear what actually takes place.
Auditees often may skim over an important area. Additional questions may
have to be asked to determine what happens and when.
3. It may be necessary to phrase a question so that a negative response
can be made easily - such as “That step can often be omitted - can you
give me an example of when you have to do this.”
4. Find out the “why” behind actions. Actions may have many different
applications or reasons. The auditor may need to explore the reasons
behind an action, step or process.
5. Use comments in place of questions to reduce the questioning
appearing more like an interrogation. For example, “I can imagine there
are some really tough problems encountered during that process.”
6. Make use of contrasts and comparisons. Instead of saying “What is that
process like?” ask “How does the method of registration for regular guests
differ from registering those attending conferences?”
7. Ask to have technical or trade jargon clarified. If an auditee
representative uses jargon that you do not understand, do not let it go for
fear of appearing uninformed.

www.iqmslearning.co.uk 189
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

8. Avoid expressing value judgments in questions.

9. Start out with a broad question and follow-up more specifically.
10. Avoid collecting information not relevant to the scope of the audit. The
core role is to gain information about specific processes or services. The
criterion of relevance should apply. The auditor should not be
concerned with accumulating facts, no matter how interesting,
outside the scope of the audit.

When asking the auditee questions you must also be conscious of reading their
behaviour from their responses and body language. If you see that a situation
is developing into a crisis and must be addressed, approach it calmly. You will
accomplish this by keeping your emotions under control. When you stay
calm and in control, others follow your lead. You can then communicate, take
constructive actions and begin solving the problem.

190 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

LISTENING SKILLS
Effective questioning is an extremely important skill for an auditor. But the
world's best questioner will have it all count for nothing if the skill of effective
and active listening is not well developed.

Listening is the key to effective communication. We can all hear but we do not
all listen actively. Active, or effective, listening unlocks the door to mutual
understanding. Poor listening skills, or selective hearing, have been
recognised as a cause for concern for many hundreds, if not thousands, of
years. William Shakespeare (1564 – 1616) once IQMS Learning d “Give every
man thine ear, but few thy voice. Take each man’s censure, but reserve thy
judgment”. This comment was reinforced almost 100 years later by Matthew
Henry (1662 – 1714) who stated: “There’s none so deaf as those that will not
hear.”

Listening not only opens the gateway to understanding, it is also a strong

mechanism in developing rapport and trust. These, in turn, foster mutual
cooperation that makes the job of the auditor so much easier.

What are the major behaviours that differentiate between a good and a bad
listener? In a training programme, managers were asked this particular
question and came up with the following list:

Poor Listeners vs. Good Listeners

POOR LISTENERS GOOD LISTENERS

Interrupt Patient
Change subject Eye contact
Impetuous Summarise to clarify
Inattentive Put you at ease
Negative body language Short prompts given
Easily distracted Have empathy
Yes, but…. People Take time to listen
Impatient Look attentive
Switch off Ask open questions
Take over the conversation Don’t interrupt
Curt Show interest
Too talkative Concentrate
Very critical Pass few judgments

www.iqmslearning.co.uk 191
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Auditors spend about 80% of their time listening. So what are some techniques
for effective listening?

Hugh Mackay in his book: Why Don't People Listen? Pan, Sydney, 1994, sets
out some techniques which he calls:

Seven Tricks of the Trade of Good Listeners

1. They receive the message before they react to it. Good auditors
postpone their judgments and evaluations until the auditee has finished
speaking, and they understand what is being IQMS Learning d.
Interrupting the auditee is of course valid when they are consistently "off'-
track" to the audit and are not good listeners to our questions.
2. They resist the distraction offered by "trigger" words. We all have
"triggers" that can set us off in pre-determined direction - set by our
previous experience gained in similar circumstances. Our own beliefs and
prejudices can then come to the forefront and get in the road of taking into
account the auditees viewpoint.
3. They ask themselves “What can I do about this? How can I use it?”
Good auditors listen for ways in which they can make the message relevant
to the audit - they search for relevance all the time. Always keep the end
in mind; that is, think of how this information will fit into the communications
during the closing meeting and audit report.
4. They work hard at listening. The more we can listen in small chunks
rather than large slabs, the better. Ten minutes of concentrated listening
seems about as much as most of us can handle in one go. That is why
auditing can be very tiring – listening to new people talk about issues we
are not necessarily familiar with.
5. They harness their thought-speed. Most of us talk at about 125 words
per minute, whereas when we think in words, this may be 500 words per
minute or more. Good auditors use their thought speed to concentrate
actively on what has been IQMS Learning d and anticipating where the
auditee may be heading. This is not done at the cost of focusing on actively
listening to what the auditee is currently saying, nor thinking for "triggers"
which would distort the message the auditor hears. By giving full attention
to the totality of the presentation, we can keep our distractions at bay.
Focusing on the speaker's intention is also valuable.
6. They try to empathise with the speaker. “What does it feel like to be him
or her?” is a valuable question for the auditor. Matching the energy of the
auditee is also a good way of establishing a quick rapport and enter the
spirit of the encounter. The ability to catch the auditee's mood and to
respond appropriately to it is a very valuable ability for auditors.
7. They reflect what they have heard. Good auditors will say things like
“Let me see if I got that straight. I understood you to say……” Or “If I heard
you correctly, you are saying that…….” This grounding and clarifying are
very important in any auditing situation. Again, keep the end in sight – we
need to be able to report on what we heard at the closing meeting and in
the audit report.

“When I listen, I have the advantage – when I speak, I lose it.”

Abraham Lincoln

192 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

BODY LANGUAGE
Are you aware that only about 10% of the impression you get of another person
is created by the words you use? This is, arguably, the major reason why
people often have misunderstandings when they communicate. The way
things are IQMS Learning d is usually much more important than what is
IQMS Learning d. The tone of the voice and the speed are important, but
perhaps the most important component is body language, which accounts for
more than 50% of the impression made.

Body language is comprised of movements, posture, handshakes, position of

the arms, facial expressions, eye movements, etc. There are also very slight
gestures or signals that are only just perceptible – but should not be ignored.

Deciphering other people’s body language is

important, but it is equally important to master
your own.

PERSONAL SPACE

The area we consider our personal space is fairly uniform across Australian
cities – although people living in rural areas tend to have an increase in spatial
distance. This personal space is broken down into four zones:
• Intimate Zone (15 – 46 cm): This is the most important of all the zones
and a person guards it well. Only those with whom we have a strong
personal relationship are permitted to enter this zone
• Personal Zone (46 cm – 1.2 m): This is the distance we stand from other
people on social occasions - e.g. at a party
• Social Zone (1.2 – 3.6 m): This is the distance we stand from strangers,
salespeople, and other people we do not know very well
• Public Zone (over 3.6 m): Whenever we talk to a gathering of people, we
tend to stand about this distance away

www.iqmslearning.co.uk 193
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Be conscious of getting too close to people with whom you are not familiar. If
you invade what they see as their personal space you are likely to make them
feel uncomfortable or ill at ease. When dealing with regional or rural people
be aware that you may need to increase the distance you perceive as personal
space. There are some exceptions – such as being in a crowd or in an
elevator. If you find yourself in this situation there are some generally unwritten
rules that you observe. These include – avoiding touch, avoiding eye contact
at all times, avoiding talking to anyone, and avoiding showing any emotion.

EYE CONTACT

We do much of our communicating through our eyes and we will often check a
person’s eyes to see if they are interested and paying attention to what we are
saying. Studies tend to indicate that people look at each other 50 – 60% of
the time as they converse, with the listener maintaining eye contact for a
greater percentage of the time when compared to the talker.

People tend to maintain better eye contact when they are:

• Interested in the subject
• Comfortable with the content
• Trying to influence the other person

People tend to avoid eye contact when they are:

• Uncomfortable with the talker or the subject
• Embarrassed or ashamed
• Trying to hide something

Much of our judgment of others is determined by the degree of eye contact. For
this reason it is important that auditors ensure that their eye contact is
perceived as appropriate. It is important to alter your degree of eye contact if
you are getting this signal that it is inappropriate.

When having a business discussion imagine that there is a triangle on the other
person’s forehead. By looking at this area you are creating a serious
atmosphere and the other person senses that you mean business. If your eye
contact falls below the other person’s eyes a social atmosphere develops.
Be aware that if your eye contact is across the eyes and below the chin to other
parts of the body this gaze is perceived as intimate.

GESTURES

The most important gestures are made with the hand. In most day-to-day
encounters, people use two basic palm positions - palm upwards or palm
downwards. When a person is being honest and open they will tend to hold
one or both palms out to the other person.

194 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Be aware also of the gestures given by your palm when asking for something.
The palm upwards indicates a submissive, non-threatening gesture - the
other person will not feel threatened or dominated. If you turn your palm down,
however, your request will seem more like an order. In this situation the
person may feel antagonistic towards you, depending on your relationship. The
palm down position is an indication of dominance. The palm position to be
most aware of is the first closed and the finger pointing outwards. This is an
aggressive signal and can be the most irritating of all gestures that a person
can use. If you are aware that you use this gesture, practice the palm up and
palm down positions and you will find you create a more relaxed atmosphere.

POSTURE

The positioning and movement of the auditor’s body can impact on the
effectiveness of communication. In particular, changes in posture can also
communicate messages to the auditee, e.g. suddenly sitting upright and
leaning forward may show intensity; standing up may signal “I’m finished now”;
or turning one’s back shows a cutting off of attention.

SEATING ARRANGEMENTS

When an auditor is communicating with an auditee at a table you should be

aware of the message that can be communicated by where you sit. At a
standard rectangular table the following positions are available:

A C
B

D E

www.iqmslearning.co.uk 195
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

In relation to person ‘A’ the following situations apply:

• Person B is in the corner position indicating a friendly or casual
conversation
• Person C is in the co-operative position - which is normally adopted if
people are mutually alike or working on a task together. It is an important
position to adopt if you are presenting something you wish to have
accepted. You need to be careful, however, not to be seen to invade
person A’s space
• Person D is in a defensive, or competitive, position. The table becomes
a barrier between the two and is often adopted when a person is being
reprimanded or to indicate a superior/subordinate relationship. You may
have noticed that doctors once used to adopt this position - but now most
want to put their patient at ease so they more often adopt one of the two
earlier positions and
• Person E is in an independent position - usually indicating they want to
keep their distance, or not get involved. It can be interpreted as hostile
and auditors should avoid this position if open discussion is required

IMPROVING YOUR BODY LANGUAGE

You can improve your body language by following this simple plan:
1. Find out your habits – obtain feedback from others, watch yourself on
video.
2. Identify your nervous gestures – normally something you do with your
hands when you are feeling uncertain or uncomfortable.
3. Over-exaggerate – place an over-emphasis on your positive gestures and
don’t be concerned with overdoing it.
4. Smile – only one-third of people are perceived as smilers and if you are
one of these you have an advantage. If you are in the two-thirds majority,
you may have to work on this – remember that while you may believe you
are smiling on the inside it is what people perceive that is important.
5. Be positive and open – people like positive and open people. As auditors
you may be placed in the groups of people perceived as over-serious, such
as technocrats, programmers, accountants, engineers, etc.

INTERPRETING BODY LANGUAGE

We have looked at some aspects of body language and there is certainly a lot
more you can learn on the subject. Learn all you can but keep one important
aspect in mind:

When you are interpreting body language you cannot look at one
single detail and then draw a conclusion on that alone. You must
try to evaluate body signals as a whole and compare them with the
overall situation.

196 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

SELECTING THE AUDIT TEAM

When selecting an audit team take into account the competence needed to
achieve the objectives of the audit. If there is only one auditor, the auditor
should perform all applicable duties of an audit team leader.

In deciding the size and composition of the audit team, consideration should
be given to the following:
• The type of management system against which the audit is to be conducted
• Audit objectives, scope, criteria and estimated duration of the audit
• Whether the audit is a combined or joint audit
• The overall competence of the audit team needed to achieve the objectives
of the audit
• Statutory, regulatory, contractual and accreditation/certification
requirements, as applicable
• The need to ensure the independence of the audit team from the activities
to be audited and to avoid conflict of interest
• The ability of the audit team members to interact effectively with the auditee
and to work together
• The language of the audit, and an understanding of the auditee's particular
social and cultural characteristics - these issues may be addressed either
by the auditor's own skills or through the support of a technical expert

www.iqmslearning.co.uk 197
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Both the audit client and the auditee can request the replacement of particular
audit team members on reasonable grounds based on the principles of auditing.
Examples of reasonable grounds include conflict of interest situations (such as
an audit team member having been a former employee of the auditee or having
provided consultancy services to the auditee), lack of technical
competence/expertise or previous unethical behaviour. Such grounds should
be communicated to the audit team leader and to those assigned responsibility
for managing the audit programme, who should resolve the issue with the audit
client and auditee before making any decisions on replacing audit team
members.

Remember – the better the match,

the better the result.

198 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 12:
Audit Planning & Preparation

www.iqmslearning.co.uk 199
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 12 INTRODUCTION: DAY 3

AUDIT PLANNING &
ISO 19011 Guidance
PREPARATION for Auditing
Audit Planning &
Preparation

Performing the Audit

Estimated
1 ¼ hours
Duration:

Background This module aims to provide students with an understanding of, and ability to
information: undertake the necessary planning and preparation to ensure the audit in
conducted in a timely manner to ensure the defined objective is achieved.

Module • Ability to plan and prepare for a scheduled audit

objectives:
• Ability to develop and disseminate an audit plan

• Ability to develop a suitable audit guidance tool

• Ability to allocate work to audit team members that utilises their

knowledge and skills.

Slides: 102 - 117

Activities: Activity 15: Document Review, page 209

Activity 16: The Audit Plan, page 214
Activity 17: Audit Checklist, page 227

200 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

OVERVIEW OF AUDIT ACTIVITIES

INITIATE THE AUDIT
 Establish Initial Contact with Auditee

 Determine Feasibility of Audit

PREPARE FOR THE AUDIT

 Gather Background Information
 Prepare the Audit Plan
 Assign Work to the Audit Team
 Prepare Work Documents

CONDUCT THE AUDIT

 Conduct Opening Meeting
 Manage Communication
 Collect & Verify Information
 Generate Audit Findings
 Prepare Audit Conclusions
 Conduct Closing Meeting

PREPARE & DISTRIBUTE

AUDIT REPORT
 Prepare the Audit Report
 Distribute the Audit Report

CONDUCT AUDIT FOLLOW-UP

(If specified in the Audit Plan)

Note: The level detail in each stage and related activity will be dependent on the
scope and objective of each audit.

www.iqmslearning.co.uk 201
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

INITIATE THE AUDIT

The initiation phase is used for the following:
• Establishing initial contact with the auditee
• Determining the feasibility of the audit, including consideration of any risks
that could impede the effectiveness of the audit itself and any discomfort
or harm to the auditor and/or auditee or the organisation as a whole.

When an audit is initiated, the responsibility for conducting the audit remains
with the assigned audit team leader until the audit is completed.

Where a joint audit or integrated audit is conducted, it is important to reach

agreement among the auditing organisations before the audit commences on
the specific responsibilities of each organisation, particularly with regard to the
authority of the team leader appointed for the audit.

DISCUSSIONS ABOUT RISKS RELATED TO THE AUDIT

Key areas of applying risk-based thinking (RBT) in management, conduct and
reporting of audits are:
• The risk of the audit not achieving its objectives
• The risk associated with the audit interfering with the auditee’s operations
• Risks to the wellbeing of the audit team and any other involved parties
• Risks that reports may be inaccurate/misleading
• Risks associated with changes made in response to audit reports
• Follow-up audits of correction and corrective actions is ineffective

Risks to the auditee organisation may result from the presence of the audit team
members influencing health and safety, environment and quality, and their
presence presenting threats to the auditee’s products, services, personnel or
infrastructure (e.g. contamination in clean room facilities).

202 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Other factors to consider when identifying risks could include the culture
diversity of the organisation, and the impact of issues such as cultural, language
and social issues or characteristics on the audit process need to be considered
when planning audits.

Any identified risks need to be considered when developing the audit plan, to
determine what actions are needed to mitigate any risks that may arise during
the audit.

ESTABLISHING INITIAL CONTACT WITH THE AUDITEE

The initial contact with the auditee about the proposed audit may be informal
or formal but should be made by those assigned responsibility for managing
the audit programme or the audit team leader. The purpose of the initial
contact is:
• Establish communication channels with the auditee’s representative
• Confirm the authority to conduct the audit
• Provide information on the audit objectives, scope, methods and audit
team composition, including technical experts
• Request access to relevant documents and records for planning purposes
• Determine applicable legal and contractual requirements and other
requirements relevant to the activities and products of the auditee
• Confirm the agreement with the auditee regarding the extent of the
disclosure and the treatment of confidential information
• Make arrangements for the audit including scheduling the dates
• Determine any location-specific requirements for access, security, health
and safety or other
• Agree on the attendance of observers and any guides for the audit team
• Determine any areas of interest or concern to the auditee in relation to the
specific audit

DETERMINING THE FEASIBILITY OF THE AUDIT

The feasibility of the audit should be determined, taking into consideration

such factors as the availability of:
• Sufficient and appropriate information for planning the audit
• Adequate cooperation from the auditee
• Adequate time and resources for conducting the audit

Where the audit is not feasible, an alternative should be proposed to the audit
client, in consultation with the auditee.

www.iqmslearning.co.uk 203
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PREPARE FOR THE AUDIT

The preparation phase is used for the following:
• Gathering Background Information
• Preparing the Audit Plan
• Assigning work to the audit team
• Preparation of audit work documents (guidance tools)

An initial review of system documentation can be conducted at this stage to

simply determine what documentation is in place, and provide guidance in
developing an audit plan and the development of audit work documents.

BACKGROUND INFORMATION & DOCUMENTATION

The collection of background information and relevant system

documentation prior to the audit will enable the audit team to develop a
suitable audit plan, develop a broad understanding the organisation, and
develop appropriate audit guidance tools that may be needed to ensure
suitable and sufficient evidence is collected during the audit.

Note: For certification of management systems, the review of relevant system

documentation is often referred to as a Document Review. This involves a
complete review of the organisation’s quality management system against the
clauses of the standard to ensure it is complete.

Time effectively spent in the planning phase will save time once the audit is
underway.

The relevant management system documentation of the auditee should be

reviewed in order to:
• Gather information to prepare an audit plan of the activities needed to be
undertaken to evaluate processes, functions and
• Establish an overview of the extent of the system documentation to detect
possible gaps

204 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

The background information should include, where applicable, detail about the
range of products and services, the volume of operations, the number and
type of employees, and any technology used by the organisation.

The documentation should include, as applicable, management system

documents and records, as well as previous audit reports. The document
review should take into account the size, nature and complexity of the
auditee’s management system and organisation, and the audit objectives and
scope.

It should be noted that many of the items mentioned above could be classified
as company confidential and the auditee may not wish to send either the
documents themselves or copies to an external party. This should be
negotiated with the auditee during the initial contact stage.

The auditee’s readiness for audit should be ascertained by an initial review

of relevant management system documents and records. This initial review
by the audit team leader, or leader’s nominee, should take into account the
size and complexity of the organisation as well as the objectives of the audit.

If the auditee’s management system documentation is found to be inadequate

- in that it does not satisfy the audit objectives or scope - the audit team leader
should notify the audit client, the audit programme manager and the auditee.
Further resources should not be expended on the audit until these concerns are
resolved to the satisfaction of the audit programme manager in consultation with
the audit team leader and, where applicable, the auditee.

If the information cannot be obtained before the audit, sufficient time must be
allocated at the start of the audit for information collection and document
review activities.

www.iqmslearning.co.uk 205
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDITING METHODS
An audit can be performed using a range of audit methods.

When developing an audit plan consideration should be given to the most

appropriate methods to be employed to conduct the audit in an effective and
efficient manner.

The audit methods chosen for an audit depend on the defined audit objectives,
scope and criteria, duration and locations of the audit, and the competence of
audit team members.

Applying a variety and combination of different audit methods can optimise the
efficiency and effectiveness of the audit process and its outcome.

On-Site vs. Remote Audit Methods

If an audit involves the use of an audit team with multiple members, both on-
site and remote methods may be used simultaneously.

Onsite audit activities are performed at the location of the auditee, whereas
remote audit activities are performed at any place other than the location of the
auditee, regardless of the distance.

In some instances it may necessary or appropriate to conduct some audit

activities remotely.

Interactive vs. Non-Interactive Methods

Interactive audit activities involve interaction between auditee personnel and

the audit team. Non-interactive audit activities involve no human interaction with
persons representing the auditee but do involve interaction with equipment
facilities and documentation.

206 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

The table below provides examples of audit methods that can be used, singly
or in combination, in order to achieve the audit objectives.

Onsite and Remote Auditing Methods

The responsibility of the effective application of audit methods for any given
audit in the planning stage remains with either the person managing the audit
programme or the audit team leader. The audit team leader has this
responsibility for conducting audit activities.

The feasibility of remote audit activities can depend on the level of confidence
between auditor and auditees personnel.

www.iqmslearning.co.uk 207
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PERFORMING THE DOCUMENT REVIEW

The auditee’s documentation should be reviewed to:
• Determine conformity of the system, as far as documented, with the audit
criteria and
• Gather information to support the audit activities

When reviewing the documentation, the auditor should consider if:

• Information in the documents provided is:
− Complete (all expected content is contained in the document)
− Correct (the content conforms to other reliable sources such as
standards and regulations)
− Consistent (the document is consistent in itself and with related
documents)
− Current (the content is up to date)
• Documents being reviewed cover the audit scope and provide sufficient
information to support the audit objectives and
• Suitability and effectiveness of the document control process adopted by
the auditee

The review may be conducted with the other audit planning and preparation
activities such as development of audit guidance tools, and may continue
throughout the audit, providing this is not detrimental to the effectiveness of the
overall audit.

If adequate documentation cannot be provided within the timeframe of the audit,

the audit team leader should inform both the person managing the audit
programme and the auditee. Depending on the audit objective and scope, a
decision should be made as to whether the audit should be continued or
suspended until the concerns about the documentation are resolved.

208 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 15: Document Review

Overview:

Prepare and conduct a document review for the audit of the case study
organisation

Task 1: Prepare and conduct a document review for the audit of the case
study organisation

Review the following documented information:

• Scope of the QMS
• Interaction of processes
• The extent of documented procedures
NB: It is not necessary to review the content of each procedure

Task 2: Determine if there is enough information for you to plan an audit.

• What additional information you might require to help you develop your
plan?

www.iqmslearning.co.uk 209
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

210 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PREPARING THE AUDIT PLAN

The audit team leader should prepare an audit plan based on the information
contained in the audit programme and in the documentation provided by the
auditee.

The plan provides the necessary information to the audit team, auditee and the
audit client. It also facilitates scheduling and coordination of the audit activities.

In preparing the audit plan, the audit team leader should be aware of the
following:
• The most suitable audit methods to be applied during the audit which can
include a combination of on-site and/or remote activities incorporating
interviews, observation, review of records, or a combination of techniques
used to gather evidence
• The most appropriate sampling techniques to be used to gather sufficient
evidence during the audit which can be judgement based sampling or
statistical sampling
• The composition of the audit team and its collective competence
• The risks to the organisation and the audit team related to the audit,
such as the presence of the audit team members influencing health and
safety, environment and quality, and their presence presenting threats to the
auditee’s products, services, personnel or infrastructure (e.g. contamination
in clean room facilities).
• Also consider the risks that could cause the audit to fail to deliver the audit
objectives vs the criteria through the agreed scope.

www.iqmslearning.co.uk 211
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDIT PLAN CONTENT

The extent of detail provided in the audit plan should be adapted to suit the size
and complexity of the audit. The scale and content of the audit plan may differ
between internal and external audit, with sufficient flexibility to permit changes
which may become necessary as the audit activities progress.

The audit plan should include:

• Audit objectives and scope including identification of the organisational and
functional units, as well as processes to be audited
• Audit criteria and any reference documents
• Communication plan with the auditee and audit team members (i.e. audit
team briefings)
• Locations, dates, expected time and duration of audit activities to be
conducted, including opening and closing meetings with the auditee’s
management
• Roles and responsibilities of the audit team members, as well as guides and
observers
• Arrangements for remote site audits as required
• Consideration of any predetermined risks to the audit itself and/or auditors
and auditees.

212 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

The audit plan should also cover the following, as appropriate:

• Identification of the auditee's representative for the audit
• The working and reporting language of the audit where this is different from
the language of the auditor and/or the auditee
• The audit report topics
• Logistical arrangements (travel, on-site facilities, etc.)
• Matters related to confidentiality and information security
• Remote auditing methods
• Any audit follow-up actions

The plan should be reviewed and accepted by the audit client, and presented
to the auditee, before the on-site audit activities begin.

Any objections by the auditee should be resolved between the audit team
leader, the auditee and the audit client. Any revised audit plan should be agreed
among the parties concerned before continuing the audit.

The audit plan should be sufficiently flexible to permit changes, such as any
changes in emphasis that may become necessary as the on-site audit activities
progress. Any revised audit plan should be agreed between the parties
concerned before continuing the audit.

www.iqmslearning.co.uk 213
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 16: The Audit Plan

Overview:

Developing an Audit Plan requires thought and consideration when determining

what audit activities must be undertaken to achieve the stated objective, within
the defined scope, in accordance with the agreed criteria.

Without a formal plan there is a real opportunity that vital aspects of the
management system may be overlooked or the audit objective will not be
achieved.

The audit plan that can be used as the basis for detailed preparation by the
audit team members, and communicated to the Auditee and Client outlining the
audit activities that will be conducted during the audit.

Task:

In your team develop an audit plan for the audit of the case study organisation.

Consider the topics listed on the previous pages as a guide on what to include
in your plan.

Your audit plan must include as a minimum:

• Audit objectives and scope
• Audit criteria and any reference documents
• Locations, dates, expected time and duration of audit activities, including
meetings with the auditee’s management (such opening and closing
meetings)
• Roles and responsibilities of the audit team members, guides and
observers

Be prepared to share your work with the rest of the group.

You can use the format provided in the example provided on the next page or
you can design your own Audit Plan.

214 www.iqmslearning.co.uk
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

www.iqmslearning.co.uk 215
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Audit Plan Example

Dudley Inks Ltd

Audit Objective:
To determine the extent to which the Dudley Ink’s Quality Management System is being
implemented across all facilities of the organisation.
Scope:
Dudley manufacturing plant, and support processes.
Audit Criteria:
ISO 9001,
Dudley Inks Quality Management System Documentation
iQPrint contract and procedures
Date: 14th May Y2
Representative of management: Billy Baxter
Audit Team: E Baggun (Lead Auditor) and A MacHine (Auditor)
Audit Guide: D Fender, Quality Manager
Process / Function Auditor Attendees

8:00 am Inductions and Site Tour EB, AM Quality Manager

8.30 am Opening Meeting EB, AM Management Team

9:00 am Management EB, AM Management Team

10.00 am Quality Management System EB Quality Manager

Sales Department AM Sales Manager

11:00 am Goods Inwards EB Logistics Manager

New Product Introduction AM NPI Manager

1:00 pm Manufacturing EB Manufacturing

Manager
Purchasing AM Purchasing
Manager
2:00 pm Human Resources AM HR Manager

3:00 pm Goods Out EB Logistics Manager

Maintenance and Calibration AM Maintenance

Manager
4:00 pm Auditors Team Meeting and Report EB, AM
Writing
4.30 pm Closing Meeting EB, AM Management Team

216 www.iqmslearning.co.uk
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

www.iqmslearning.co.uk 217
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

218 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PREPARING WORK DOCUMENTS (GUIDANCE TOOLS)

The audit team members should review all relevant information related to
their audit assignments and prepare their own work documents or audit
guidance tools as they are commonly termed.

Audit guidance tools indicate the issues to be investigated. Without such a

tool there is a real risk that:
• Essential issues will be forgotten
• Objective evidence will not be recorded in any systematic way
• Future reference to the actual audit activity will be very difficult

Audit Guidance tools come in many forms, with the most commonly known
listed below:
• Checklists
• Marked up procedures
• Flow charts
• Mind maps

There are a host of different tools available to choose from. Each has its own
advantages and disadvantages. The above lists the most frequently used and
a full explanation of each follows.

www.iqmslearning.co.uk 219
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

BENEFITS OF GUIDANCE TOOLS

• Guides the audit, providing balance and maintaining depth and scope. It
is not recommended that the tool be rigidly adhered to, as the auditor will
often need to investigate issues that are not detailed and also consider the
corrective action that may be required
• Audit guidance tools provide objective evidence as they indicate that the
audit was carried out as planned. The audit team must remember to keep
the audit tool as objective evidence for the audit process, as an audit report
does not always provide this detail
• It can be difficult to retain an accurate recollection of the details for all of
the areas or processes audited. Audit guidance tools act as a memory
aid and a useful reminder of what occurred, what objective evidence was
sighted, results, etc.
• When planning for the future, these tools can be invaluable. A new
auditor will find it useful to refer back to the audit tool when new audits are
being planned. Information can be obtained relating to what was done
previously, what issues the audit team encountered and what objective
evidence was examined
• Notes that are collected during the audit process can be collected and
collated as part of the audit tool
• The audit tool provides information when preparing audit findings and an
audit report

220 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CHECKLISTS

A checklist is a list of issues that require reviewing during the audit process,
however in many cases that is where the audit begins and ends.

Checklists are generally constructed through transposition of the audit criteria,

as shown below.

A checklist often fails as an effective audit guidance tool when it is used simply
as a list of questions that only confirm that an activity has been carried out. The
auditor must always be prepared to follow-up any other line of enquiry that could
provide information or objective evidence.

HUMAN RESOURCE MANAGEMENT

Process Element Checklist Prompt

Recruitment & – How are the candidate selection criteria
induction determined?
– What sources and methods of recruitment are
used?
– What is the method used (when, who, how) to
verify the candidate resume and qualifications?
– What KPIs are used to monitor performance of
the process?
– What records are kept?
Training – How are training needs identified?
– What method is used to determine the most
effective type of training needed (in-house,
external, on-the-job coaching etc.?)
– Is there are formal reporting requirement of
training completed to industry bodies?
– What KPIs are used to monitor performance of
the process?
– What records are kept?
Performance – When are performance reviews conducted?
Management – Are all staff (permanent, casual, contract)
included in the Performance Review cycle?
– What are the criteria used to evaluate
performance?
– How are ongoing performance issues
resolved?
– What KPIs are used to monitor performance of
the process?
– What records are kept?

www.iqmslearning.co.uk 221
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Care must be taken to ensure that the checklist prompts review the existence
and suitability of controls, acceptance ranges, KPIs, performance targets and
“usability” of the documented system. In particular, ensure that these measures
and targets reflect the system’s requirements.

Several variations of the checklist are sometimes referred to and each has a
particular application, e.g. criteria based, departmental based, ready-made and
custom-built.

Checklists, as far as possible, should be unique for every function or

department, and should reflect the actual activities under review.

MARKED UP PROCEDURES

This is possibly one of the simplest audit guidance tools to develop.

The concept is to make a photocopy of the procedure(s) to be audited and

highlight the specific tasks to be examined (e.g. using a colour highlighter or
by underlining words in soft or hard copies).

The areas to be examined are determined in the same manner as with a

checklist. The following figure illustrates this process.

This is a particularly useful tool when reviewing activities documented in plans

or registers (e.g. quality plan, HACCP plan, hazard register, aspects and
impacts register).

Procedure:
Performance Review Preparation for Manager
1. Review employees’ performance against the Position Description
and the established Performance Characteristics Guidelines.

Note: A copy of the Characteristics Guidelines is provided in

Appendix 1 and a description of each rating is provided in Appendix
2.
2. Review the objectives of the position, any record of achievements
you had noted during the review period, and factual evidence of
strengths and weaknesses you intend to discuss with the employee
during the review.

3. Complete the Performance Review form.

4. Review employees completed Performance Review form.

Figure 5: Marked up procedures

222 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

FLOW CHARTS

A flow chart is very useful in analysing the systems that have been implemented
and assists in determining the various decision points in a process.

Objective evidence and notes can be recorded directly onto the flow chart as
the audit progresses. This is very useful because at a glance, strength and
weaknesses can be highlighted graphically.

The danger in using flow charts as a guidance tool is that some auditors can
waste valuable time converting a documented procedure from a text document
into a flow chart, when in fact the guidance tool should be a flow chart of the
audit process rather than the procedure being audited.

Receive Customer
Order

Review
Requirements

No
Job Feasible? Inform Customer

Yes

Create Quotation

Send Quotation
to Customer

No Follow up with
Customer Order? customer within
10 days

Yes

Create internal
Job order

Figure 6: Flowchart Guidance Tool Example of the Order Processing Process

www.iqmslearning.co.uk 223
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MIND MAPS

Mind maps were developed in the late 1960s by Tony Buzan as a way of helping
students make notes that used only key words and images. They can be
constructed quickly and because of their visual quality, are much easier to
remember and review.

Mind maps work the way the brain works – which

is not in nice neat lines.

Mind maps are more visual and depict associations between key words. They
are much easier to recall than traditional (linear) notes. The non-linear nature
of mind maps makes it easy to link and cross-reference different elements of
the map.

How to Develop a Mind Map

1. Start with an area that is the main focus of the audit.

2. Extend a number of branches from the centre. Each branch should be thick
like a tree branch extending from the trunk. Write a single word on each
branch to express an aspect of the main audit focus.

3. Now draw more branches, extending from the first row of branches. Again
write single words to expand the depth of the audit.

4. Keep adding branches and words to expand the audit depth.

5. Print your words so that you can read and note your points quickly. You
will remember them better this way.

224 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Audit Mind Map Guidance Tool Example of the Audit Preparation Process

Memory is not linear. Any idea probably has thousands of links in your mind. Mind maps allow associations and links to be recorded and
reinforced. The mind remembers key words and images – not sentences. By using key words (or images) more information can be put
onto a single page.

www.iqmslearning.co.uk 225
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

COMPARISON OF AUDIT GUIDANCE TOOLS

The matrix below compares the advantages and disadvantages of each of the
Audit Guidance Tools reviewed.

Of course every auditor has their own methods and preferences so the choice
is an individual decision. The key point to remember is developing your
guidance tools as part of your preparation ensures you have an understanding
of the process, area or function to be audited.

COMPARISON OF AUDIT GUIDANCE TOOLS

Marked Flow Mind

Characteristic Checklist
Up Proc. Chart Map

Provides ready assessment ⚫ 

of compliance with
codes/standards/regulations.

Graphically reveals the ⚫ ⚫

logic/lack of logic of the
system’s design.

Useful for partial audits; aids  ⚫ ⚫ ⚫

in phased audits and timing
in a contract/project.

Good for training ⚫ ⚫ ⚫

inexperienced systems
auditors.

Deters preconceived ideas of  ⚫ 

auditor who compiled it.

Effective for integrated   ⚫ ⚫

management systems.

May already exist within  ⚫ ⚫

system documentation.

Reveals opportunities to   ⚫ ⚫
avoid/reduce inefficiencies.

Convenient when auditing on   ⚫ ⚫

departmental or individual
task basis.

Does not take significant ⚫ ⚫ ⚫

time to prepare.

May not allow sufficient   

space for the recording of
audit notes.

 – Partial ⚫ – Complete

226 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 17: Audit Checklist

Overview:

Each member of the audit team need to ensure they are well prepared for the
audit and able to undertake their assigned tasks with confidence.

The development of an Audit Checklist requires the auditor to read through all
available information relating to the audit criteria, and those aspects of the
management system that they have been assigned to review.

Questions can be relevant to legislation, their own documented system

including policies and procedures, and ISO 9001.

Task:

You are preparing for an audit.

The scope and criteria for this audit will be given to you by the trainer.

As the assigned auditor you now need to prepare an audit checklist to use
during the performance of the audit.

Be prepared to share your reasoning as to why you chose this tool.

www.iqmslearning.co.uk 227
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

228 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 13:
Performing the Audit

www.iqmslearning.co.uk 229
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 13 INTRODUCTION: DAY 3

PERFORMING THE AUDIT
ISO 19011 Guidance
for Auditing
Audit Planning &
Preparation

Performing the Audit

Estimated Duration: 7 ½ hours

Background This module aims to provide students with the knowledge and skills to
information: undertake audit activities to in accordance with the agreed audit plan.

Module • Ability to chair an opening meeting with auditee representatives to

objectives: confirm the agreed audit plan

• Ability to use a range of communication skills to effectively acquire

information within the scope of the audit

• Ability to ensure audit team members and the auditee representative

are kept informed of progress throughout the audit
• Ability to manage conflict should it arise during the course of audit
• Understand the need to collect an adequate sample of evidence is
collected to enable a confident conclusion can be achieved

• Ability to review the collected evidence in collaboration with the audit

team and reach decision

• Ability to chair a closing meeting with auditee representatives to

present the findings and reach consensus of the outcomes and
subsequent actions where required

Slides: 118 - 132

Activities: Activity 18: Opening Meeting, page 234

Activity 19: Personality Types, page 245
Activity 20: The Audit, page 258

230 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PERFORMING THE AUDIT

In accordance with the Audit Plan the audit is conducted to collect objective
evidence from a range of sources including interviews, observations, and
review of data and records.

The evidence collected will enable the audit team to reach a confident
conclusion.

During the audit the following key tasks are conducted:

• Conducting an Opening Meeting
• Conducting a Document Review
• Conducting Interviews and Observations
• Collecting evidence
• Evaluating all the evidence and reaching a conclusion
• Presenting findings in a Closing Meeting

www.iqmslearning.co.uk 231
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CONDUCTING THE OPENING MEETING

An opening meeting should be held with the auditee’s management, or, where
appropriate, those responsible for the functions or processes to be audited.

The purpose of the meeting is to confirm the agreement of all parties to the audit
plan, introduce the audit team, and ensure all planned audit activities can be
performed.

The degree of detail should be consistent with the familiarity of the auditee with
the audit process. In many instances, such as an internal audit, the opening
meeting may simply consist of communicating that an audit is being conducted
and explaining the nature of the audit.

For other audit situations, the meeting may be formal, and records of
attendance should be kept. The meeting should be chaired by the audit team
leader and the following items considered as topics to be discussed and
clarified during the meeting as appropriate:
• Thank the auditee on behalf of the client
• Initiate the Meeting Attendance Register (if required for larger meetings)
• Introduce the Audit team participants, including an outline of their
background and roles at the audit
• Have the auditee attendees introduce themselves and role in the
organisation
• Confirm the type of audit, objectives, scope and criteria
• Confirm the audit plan and other relevant arrangements with the
auditee, such as the date and time for the closing meeting, interim
meetings between the audit team and the auditee’s management and note
any required changes. Stress that the audit plan is flexible and can be
revised to suit customer’s business needs
• Reconsider risks affecting the success of the audit and risks to
auditors/auditees and the organisation as a whole
• Confirm formal communication channels between the audit team and
the auditee

232 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

• Confirm that the resources and facilities needed by the audit team are
available
• Confirm matters relating to confidentiality
• Confirm relevant work safety, emergency and security procedures for the
audit team
• Confirm the availability, roles and identities of any guides, observers,
including representative of the Accreditation Bodies/OEMs
• Explain audit process is a sample and, due to the limited time and
resources, an element of uncertainty exists in the results and all users of
the audit results should be aware of this uncertainty
• Explain the method of reporting, including any grading of audit findings,
as applicable
• Provide information about the conditions under which the audit may be
prematurely terminated
• Confirm that the audit team leader and audit team is responsible for the
audit and shall be in control of executing the audit plan including audit
activities and audit trails
• Confirm of the status of findings of the previous review or audit if applicable
• Identify the methods and procedures to be used to conduct the audit
• Confirm the language to be used during the audit
• Confirm that, during the audit, the auditee and the client will be kept
informed of audit progress, including any audit findings
• Determine the need for a plant tour
• Ask what the auditee objectives and expectations of the audit

At the end of the opening meeting opportunity should be given to the auditee to
ask any questions.

Refer to the Opening Meeting Agenda on the following page for ideas on what
topic could be covered in the meeting.

www.iqmslearning.co.uk 233
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 18: Opening Meeting

Overview:

An auditor needs to be able to participate in an opening meeting, in the capacity

of audit Team Leader or audit team member.

In your capacity of audit Team Leader you will be required to chair the meeting,
and as an audit team member you need to understand the requirements of the
opening meeting.

Task:

Review the Suggested Opening Meeting Agenda Topics list to guide your
team on what you believe should be covered during the opening meeting.

Below is a list of topics that could be covered during the opening meeting. The
level of detail and formality will be reflective of the formality of the audit.

Your task is to assign the running order for the opening meeting using these
topics.

234 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

ORDER TOPIC

Arrangements for Closing Meeting

Review Quality Objectives

Confirm Domestics: PPE, Lunch, Safety

Any Questions?

Methods for Reporting of Findings

Confidentiality Statement

Interview Top Management

Review of Quality Procedures

Refreshments

Introductions

Confirm the Audit, Scope and Objectives

Confirm the Audit Plan

Audit Recommendations

Confirm Guides

Clarification of Grading of Nonconformities

www.iqmslearning.co.uk 235
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

236 www.iqmslearning.co.uk
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

www.iqmslearning.co.uk 237
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MANAGING COMMUNICATION
ISO 19011 specifies the importance of communicating effectively between
the audit team and auditee organisation.

During an audit the audit team will need to use a range of communication skills
and techniques to ensure the audit is conducted in an effective and efficient
manner in accordance with the agreed objective and scope. This overarching
requirement will very much depend on the audit teams’ ability to communicate
effectively.

Depending upon the scope and complexity of the audit, it can be necessary to
make formal arrangements for communication within the audit team and with
the auditee during the audit.

The audit team should confer periodically to exchange information, assess

audit progress, and to reassign work between the audit team members as
needed.

During the audit, the audit team leader should periodically communicate the
progress of the audit and any concerns to the auditee and audit client, as
appropriate. Evidence collected during the audit that suggests an immediate
and significant risk (e.g. safety, environmental or quality) should be reported
without delay to the auditee and, as appropriate, to the audit client. Any concern
about an issue outside the audit scope should be noted and reported to the
audit team leader, for possible communication to the audit client and auditee.

Where the available audit evidence indicates that the audit objectives are
unattainable, the audit team leader should report the reasons to the audit
client and the auditee to determine appropriate action. Such action may
include reconfirmation or modification of the audit plan, changes to the audit
objectives or audit scope, or termination of the audit.

238 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

There will be a range of situations during the audit where you will need to:
• Engage the auditee to establish rapport and develop an effective
relationship
• Seek to understand and interpret how a process or functions operates
• Provide feedback on audit outcomes

To ensure you are able to communicate effectively, an auditor need to be able

to:
• Use general communication skills to establish rapport to facilitate an
open and productive conversation
• Use effective questioning techniques to establish insight and some level
of understanding
• Use active listening skills to ensure the accurate interpretation of the
message conveyed by the auditee
• Use conflict resolution skills to resolve any misunderstandings and
ensure feedback is received in a positive and constructive manner

COMMUNICATION

Communication is a skill – and it is can be learnt. It takes time to learn, but

time spent learning communication skills can provide you with the foundation
for success. Effective communication can make the difference between
achieving mediocrity and reaching the top of your profession.

Effective communication provides the positive relationships and mutual

understanding that are essential for covering the basics of all business goals -
including effective auditing. These basics focus on careful planning, accurate
research and preparation, getting the right team together and obtaining the
necessary resources.

The emphasis of this session is to understand and learn more about face-to-
face communication. Much of what you do as an auditor is done in association
with other people. People are involved virtually in everything you do. To work
through, or with, people requires you to have some understanding of them and
the communication process. Not only what you do, but also what you learn is a
direct result of communication. If you would like to tax the powers of your
imagination, try to name something you might have learned if you had never
had anyone else with whom to communicate.

We often tend to think of communication as an expression of our ideas to

someone else. Communication theories developed in the 1950s established
that communication was more about an exchange of ideas. We have
progressed beyond that point and we now believe that communication is not
only about an exchange of ideas but also involves: how you feel about the
ideas of others; and how you think others feel about your ideas.

Effective communication provides an exchange of ideas, feelings and attitudes.

If there is no agreement of ideas you have the basis for conflict. But this conflict
does not develop until there is a clash of feelings and attitudes. Strangely, many
disagreements take place when both parties are agreed on the “facts”.

www.iqmslearning.co.uk 239
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Effective Communication

Professor Albert Mehrabian of UCLA measured the difference between the

believability of the verbal, vocal and visual elements of our messages. Verbal
relates to the message itself – i.e. the words that you say; the Vocal element is
your voice (tone, projection, resonance) that carries the words; and the Visual
element is what people see – basically the expressions, or body language, that
is transmitted by your face and body.

If you give an inconsistent message when you are speaking to another

person, Professor Mehrabian found that the most believable aspect of the three
elements in your message is:

Verbal 7%
Vocal 38%
Visual 55%

TOTAL 100%

This research is based on what individuals believed when there was an

inconsistent message. If the message was consistent, all three elements
work together. Being aware of this can help us to provide consistency in our
messages.

Messages can also be misunderstood because people differ in their personal

histories and the experiences they have had. These experiences, together with
emotional responses lead to differences in the ways in which communications
are encoded, transmitted, received and understood. Different meanings are
attached to the words, pictures, sounds and gestures used during
communication.

There are other factors that can also serve to disrupt communications. We
could summarise these concepts under two headings:
• Physical Noise: For example, excessive heat or cold, noisy environment
• Psychological Noise: For example, limited vocabulary, inflated self-
concept, self-perceptions and personal values

The physical noise can often be objectively perceived and therefore often
controlled to a large degree. Psychological noise in this model is somewhat
more complex. This can normally be reduced through raising our
consciousness of potential noise and seeking mutual understanding. We must
actively seek to understand the other person’s point of view and to do this we
should: treat them with respect, listen to what they have to say, and
acknowledge their feelings.

This provides a challenge in seeking to achieve maximum understanding in

all forms of our communications. The greatest challenge facing all of us is the
same: we cannot win if we don’t try – and try as often as necessary.

240 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MANAGING CONFLICT
When resolving differences during an audit the most important goal for an
auditor is to manage conflict and the situation to enable the audit to progress
and achieve its intended objective.

There is always potential for misunderstanding to occur during the audit

process. This may be due to the approach taken by the auditor, that nature of
the auditing, the reporting of negative aspects of the management system, or
as a result of an auditee’s previous experience.

If such an issue occurs between the auditee and auditor, it is because each
person has unique ideas, feelings, motives and ways of behaving. If a
misunderstanding or different point of view does occur, the results can be
potentially destructive to interpersonal relationships. Auditors must ensure
that they develop techniques for the prevention of conflict.

Examples of where potential conflict situations can arise during an audit include:

Accuracy of the message provided by the auditor. So-called content conflicts

tend to be concerns over issues for which the correct answer can be discovered.
The auditor should remain focused on the objective evidence collected during
the audit and verify the facts.

Competing attitudes and beliefs are brought to bear on the issues. A

person’s attitudes and beliefs (values) serve as guidelines for measuring the
worth of various aspects of life. The objective evidence should remain the
focus of the audit reporting process, therefore minimising any difference in
views between the auditor and the auditee.

Ego conflicts occur when people view ‘winning’ or ‘losing’ as a measure of who
they are, what they are, how competent they are, who they have power over,
and how much they know. The best way to prevent ego conflicts is to remain
focused on the system and not an individual. An auditor should never strive
for a ‘win/lose’ outcome, but rather a position that offers a ‘win/win’ outcome.

www.iqmslearning.co.uk 241
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

LEVELS OF CONFLICT

Each conflict situation is different, but across all conflicts, a number of

recognisable levels or stages of conflict can be identified. These include:

Discomforts

Perhaps nothing is IQMS Learning d yet. Things don't feel right. It may be
difficult to identify what the problem is. Do you feel uncomfortable about a
situation, but not quite sure why?

Incidents

Here a short, sharp exchange occurs without any lasting internal reaction.

Has something occurred between you and someone else that has left you
upset, irritated or with a result you didn't want?

Misunderstanding

Here motives and facts are often confused or misperceived. Do your thoughts
keep returning frequently to the problem?

Tension

Here relationships are weighed down by negative attitudes and fixed opinions.
Has the way you feel about and regard the other person significantly changed
for the worse? Is the relationship a source of constant worry and concern?

Crisis

Behaviour is affected, normal functioning becomes difficult, extreme gestures

are contemplated or executed. Are you dealing with a major event like a
possible rupture in a relationship, leaving a job, violence?

RESOLVING CONFLICT

The basic aim of conflict management is to seek resolutions which achieve the
best possible balance between you, others, the situation and the
consequences.

There are usually four separate aspects to consider in a conflict situation.

These are:
• You – What effect do you have? What are your interests?
• Others – Who are they? What are their interests? What impact do they
have?
• The situation – Is there anything special that may impact on the conflict –
positive or negative?
• The consequences – What will happen as a result of the conflict? What
impact will it have on the implementation of our plans?

242 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Considering the four elements of – you, others, situation and consequences

– helps you to:
• Handle the emotions of the situation
• Concentrate on others – even those not directly involved
• Be assertive
• Recognise your interests and those of others involved
• Solve the conflict by focusing on the future

Conflict Resolution Techniques

There are a number of techniques you can use to manage conflict. Here are
some ideas that can be useful for handling conflict situations during an audit:
• Identify the stage that the conflict is in
• Talk about the conflict – get it into the open
• Use a discussion technique to come up with solutions
• Be assertive
• Respect the feelings of others
• Talk to someone in authority if the conflict is causing problems

Identify the stage that the conflict is in

In the early stages of conflict, people have disagreements and grumble at each
other, but get over it quickly. There can be an atmosphere of tension.

In the middle stages of conflict, people don’t get over problems quite so quickly.
The tension starts to build and people may start to become openly upset with
each other.

In the late stages of conflict, people are quite noticeably upset and tense with
each other.

There is a breakdown in communication.

Talk about the conflict – get it into the open

You need to discuss the problem. If possible, it is best to talk to the person with
whom you have the conflict, but it needs to be approached in a calm, open
manner so opinions can be voiced without further escalating the conflict.

Use a discussion technique to come up with solutions

Open and honest discussion helps to resolve conflict.

Each person involved should be able to have their say and contribute to the
discussion. Very often, conflict is caused by miscommunication where people
have not given or received the message correctly.

www.iqmslearning.co.uk 243
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Be assertive

Chances are the conflict exists because people were not assertive enough to
deal with the problem in the early stages.

Aggressive and dominating people only make conflict situations worse, so be

assertive - speak confidently and be prepared to say what you think is right.

Don’t blame others for the conflict

Respect the feelings of others

Recognising that each person involved has feelings about the situation. Let
each person speak their mind. Avoid blaming others.

Be flexible and willing to arrive at a solution where everyone wins.

Reaching a solution that is acceptable for all, requires people to be flexible.

This involves:
• Being prepared to accept that your way might not be the best way
• Being willing to change your opinion and ideas
• Not being stubborn
• Accepting that other team members might not agree with you
• Accepting that you can’t always have your own way
• Accepting whatever is the best decision for everyone involved, not just you

Talk to someone in authority if the conflict is causing problems

If a problem cannot be resolved, seek assistance from the audit team leader or
auditee representative. Leaving conflict unresolved can affect your success as
an auditor and overall effectiveness of the audit process.

Where you find yourself in a conflict situation, you need to determine what
response is best suited to the situation and the overarching needs of achieving
the audit objective.

With the overall goal to resolve the conflict efficiently and effectively you need
to ensure the approach you use will achieve this outcome. In general, there
are two overarching factors to consider when determining the best approach:
• The importance of the relationship with the other party and
• The importance of the issue which has caused or contributed to the conflict

244 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 19: Personality Types

Overview:

During an audit you will encounter a range of different people with different
personalities. Some personalities will be easy to engage with and manage,
whilst others might prove to be challenging.

An auditor must be able to manage different personality types to ensure the

person engages in the audit process and provide the required information
without conflict or tension.

Task:

Review the following personality types that you might come across during an
audit.

In your team, develop a list of possible strategies you would employee to deal
with each type.

1. Everything is Absolutely Fine Type: This individual will attempt to

impress you by showing only the best points of the system. The auditee
will gloss over weak points and will keep coming back to the strong areas
they are confident about.

Suggested approach:

www.iqmslearning.co.uk 245
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

2. Stick to the Bare Facts Type: When the auditee clams up you are, at
least for the present, on your own. What is going on? No information will
be volunteered.

Suggested approach:

3. Detail, Detail, Detail Type: This particular individual will swamp you with
so much detail that you will find it difficult to perform a satisfactory audit.

Suggested approach:

4. I Always Have the Right and Best Answer Type: This type of individual
is most difficult to deal with. They may attack your credibility and
competence to talk with them. Your questions or explanations will be met
with disdain.

Suggested approach:

246 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

www.iqmslearning.co.uk 247
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDIT EVIDENCE SAMPLING TECHNIQUES

Auditing is based on a sampling approach and often it is difficult to determine
the size of the sample to be taken. Auditors sometimes use sampling plans
where many samples are needed to create the desired confidence level in the
system; however, this will often incur considerable time.

Audit sampling takes place when it is not feasible or practical to examine all
available information during an audit, e.g. documented information is too
numerous or retained across multiple sites to justify the examination of every
item in the population.

Audit sampling of a large population is the process of randomly selecting a

representative sample of the items available to obtain and evaluate evidence
about some characteristic of that population, in order to form a conclusion
concerning the entire population.

To ensure that the auditor has confidence in achieving the audit objectives, they
should ensure that the sampling is representative of the population from which
it is selected. This will minimise risk and ensure that the auditor’s conclusion is
not biased.

The following steps may be taken when sampling:

• Plan the composition and extent of the population to be sampled and a
sampling method to address the objectives of the audit
• Determine the sample size
• Conduct the sampling activity
• Collate, evaluate and document the results

248 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

When determining the evidence sampling technique that will be used during the
audit, the auditor can use either judgement-based sampling or statistical
sampling.

Judgement-Based Sampling

Judgement-based sampling relies on the knowledge, skills and experience of

the audit team and can be based on:
• Previous audit results and experience within the audit scope
• Complexity of requirements (including legal obligations) to achieve the
objectives of the audit
• Complexity of the auditee’s operations including processes and
infrastructure
• Degree of change in the context of the organisation
• Known areas of risk
• Output from monitoring and review of operations

A risk inherent to judgement-based sampling is that there is no

statistical estimate of the effect of uncertainty in the findings of
the audit and the conclusions reached.

www.iqmslearning.co.uk 249
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

STATISTICAL SAMPLING

Statistical sampling uses a sample selection process based on probability

theory. If you decide that statistical sampling is necessary, then you will need
to decide whether to use attribute-based or variable-based sampling.

Attribute-based sampling is used when there are only two possible outcomes
for each sample e.g. conforming or nonconforming, when assessing completed
forms against the procedural requirements.

Variable-based sampling is used when the sample outcomes occur in a

continuous range, e.g. the number of security breaches over time.

The key elements that will affect the audit sampling plan are:
• Size of the organisation, since it affects the population size
• Number of competent auditors (available to share the sampling load)
• Frequency of audits during the year
• Time of individual audit i.e. duration available for samples to be taken
• Whether an externally required confidence level forces statistical sampling

Another important consideration in developing a sampling plan is the risk that

the auditor is willing to accept. This is called the “acceptable confidence level”.

For example, a sampling risk of 3% corresponds to an acceptable confidence

level of 97%. A sampling risk of 3% means the auditor is willing to accept the
risk of 3 out of 100 of the samples.

It is important to document the population that was sampled, the sampling

method and criteria, number of samples evaluated and the results.

250 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

DETERMINING SOURCES FOR OBTAINING OBJECTIVE

EVIDENCE
It is of paramount importance that during the planning phase consideration is
given to the sources for collecting objective evidence.

Sufficient time needs to be allocated to each activity noted on the audit plan to
enable auditors to take full advantage of obtaining the supporting facts and data
that will constitute the audit finding.

When developing the audit plan the following factors need to be determined:
• What aspects of the process, function or area will need to be reviewed
– scheduling and planning, preparation, manufacturing of product, delivery
of service, after sales support
• Who should be interviewed to provide an understanding of how the
process, function or area operates – managers, supervisors, front line
workers
• What information will need to be sampled – records, data, reports – to
ensure verifiable evidence is collected during the audit to enable a
conclusion to be reached and presented to the auditee and/or client at the
conclusion of the audit.

These factors will be used to determine the type and range of activities, and
personnel the audit team will need access to during the audit, and incorporated
in the audit plan.

www.iqmslearning.co.uk 251
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

ASSIGNING WORK TO THE AUDIT TEAM

The audit team leader should consult with the audit team members to assign
their individual responsibilities during the audit, considering their
competence and the need for objectivity and independence.

The outcome should ensure resources are used effectively and there are no
misunderstandings or potential conflicts between team members in regard to
their area of responsibility and associated level of authority.

The work assignments may be changed during the audit if necessary.

252 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CONDUCTING INTERVIEWS
Interviews are an important means of collecting information and should be
carried out in a manner adapted to the situation and person interviewed.

However, the auditor should consider the following:

• Interviews with persons from different levels and function, and
especially with persons performing activities or tasks under
consideration
• Whenever possible, the interview should be conducted during normal
working hours and at the normal workplace of the interviewed person
• Every attempt should be made to put the interviewed person at ease
prior to and during the interview
• The reason for the interview and any note-taking should be explained
• Interviews may be initiated by asking the persons to describe their
work
• The results from the interview should be summarised and reviewed
with the interviewed person
• The interviewed persons should be thanked for their participation and
co-operation

www.iqmslearning.co.uk 253
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

COLLECTING AND VERIFYING INFORMATION

During the audit, information relevant to the audit objectives, scope and criteria,
including information relating to interfaces between functions, activities and
processes should be collected by appropriate sampling and should be verified.
Only information that is verifiable may be audit evidence. Audit evidence should
be recorded.

The following flowchart diagram provides an overview of the process for

collecting and verifying information throughout the audit.

Use a range of sources of information which

Source of Information can include interviews, observations or
documents

Collected by Means of Consider the sample size needed to enable

Appropriate Sampling you to reach a confident conclusion

Collect evidence based on the facts

Audit Evidence gathered through the various sources of
information

Compare the evidence collected against

Evaluated Against Audit Criteria
the requirements of the criteria

Determine what the evidence is

Audit Findings highlighting about the process or area
being audited

Reviewed
Confirm that the evidence enables you to
reach decision

Reach a conclusion regarding the level of

Audit Conclusions
compliance

Figure 7: Collecting and Verifying Information adapted from ISO 19011:2018 Clause 6.4.7

254 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

SOURCES OF INFORMATION
Sources of information are determined during the planning stages when the
audit method is determined.

The method does determine what sources can be used to collect and verify
objective evidence.

Facts and information may be obtained from several sources, such as:
• Interviews
• Observations of activities and the surrounding work environment and
conditions
• Documented Information Maintained, for example: policy, objectives,
plans, procedures, instructions, licenses and permits, specifications,
drawings, contracts, orders;
• Documented Information Retained, such as inspection records, minutes
of meetings, reports or logbooks on customer complaints and other
relevant communication from external interested parties, audit reports,
monitoring programmes and results of measurements;
• Data summaries, analysis, and performance indicators;
• Information related to the auditee’s sampling programmes and related
processes used to control sampling and measurement processes;
• Reports from other sources, for example: customer feedback, external
reports and vendor supplier ratings;

Information should also be collected relating to interfaces between functions,

activities and processes.

Audit evidence should be identified and recorded.

www.iqmslearning.co.uk 255
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

OBTAINING AUDIT EVIDENCE

An auditor obtains evidence through using skills involved with listening,
observation and reading.

Audit evidence collected needs to be valid, reliable, articulate, current and

sufficient.

Auditors should ensure that during the audit process, that the sample size is
sufficient to establish confidence in the system. This may mean that the
sample size will vary depending on the nature of the objective evidence
sighted by the auditor and also the risk associated with the activity being
audited.

As a rule, the following questions should guide this issue:

• Is the sample size sufficient to establish conformance or deficiency?
• Would another auditor draw the same conclusion based on the
sample?

When collecting evidence, consideration should be given to the quality of the

available data, as sampling insufficient and inaccurate data will not provide a
useful result. The selection of an appropriate sample should be based on both
the sampling method and the type of data required, e.g. to infer a particular
behaviour pattern or draw inferences across a population.

The audit evidence collected during an audit will inevitably be only a sample of
the information available, since an audit is conducted during a finite period of
time and with limited resources. There is thus an element of uncertainty
inherent in all audits, and this should always be highlighted to the client and the
auditee.

Reporting on the sample selected could take into account the sample size,
selection method and estimates made based on the sample and the confidence
level.

256 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

SYSTEMATIC WORKING

It is essential that the auditor remains focused on why the audit is taking place
- to obtain facts and information. To do this you need to adopt effective fact
finding and observation skills. There is also a degree of tact and sensitivity, as
well as a large amount of common sense, required.

The auditor must adopt a systematic way of working – e.g. Tracing Forward or
Tracing Back. In these methods the auditor selects a particular product, or
project, and follows the process from commencement to completion. In these
ways a trail can be followed.

The Trace Forward method is most used when focusing on a particular process
– e.g. manufacture of a particular product.

On the other hand the Trace Back method is particularly useful when tracing
services – e.g. a restaurant.

Another method frequently used is the Random Department method. Using

this method an auditor visits all the departments that are of interest to the audit
objectives and scope. It is essential when using this method that the auditor is
diligent in ensuring that relevant areas or processes are not missed. An
experienced auditor who has a good knowledge of the organisation's
management system typically performs an audit in this manner.

It is important that regardless of which method is used the auditor avoids

adopting what one may describe as tunnel vision - i.e. focusing closely on a
process using particular senses and failing to observe other factors which may
become apparent on the periphery through other senses - such as odours and
sounds.

Following up on seemingly peripheral issues can alert the auditor to the fact
that there may be a problem. The auditor must be careful on these occasions
to avoid being deliberately diverted up a false trail to ensure less time is
available to be spent on the core task.

www.iqmslearning.co.uk 257
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 20: The Audit

Overview:

Throughout the audit, an auditor may be required to conduct a series interviews

with a broad range of personnel in an organisation from executive managers to
front line workers.

The ability to communicate effectively, using a range of question techniques, is

considered one of the most important skills for a contemporary auditor.

Auditors need to be able to ask the right question, at the right time, with the right
person.

Task:

Your team should appoint a different team leader whose responsibilities are to
prepare and lead the team in interviewing a member of the case study
organisation.

Review the specific area you have been assigned to focus on during the audit
interview.

Formulate a number of questions that will be asked during the interview to gain
specific facts from the interviewee.

Consider carefully the types of questions that you will use throughout this
activity and be prepared to expand on the questioning, depending on the
answers.

Each student will then conduct an audit interview of the trainer acting as the
auditee, with the other teams observing.

The key outcome of the interview process is to gain sufficient objective evidence
which may lead to a number of nonconformities that will be used in later
activities, so you should ensure that your questions are designed to gather this
evidence.

The student should make good notes that will be sufficient to construct any
relevant nonconformity statements and reports.

All team members must actively participate asking questions and taking notes.

Timing: All teams have 30 minutes to prepare audit questions, and each team
member has 15 minutes to conduct the audit interview and reach appropriate
conclusions.

258 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

www.iqmslearning.co.uk 259
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

260 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 14:
Reporting Audit Outcomes

www.iqmslearning.co.uk 261
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 14 INTRODUCTION:
DAY 4
REPORTING AUDIT
OUTCOMES
Performing the Audit

Reporting Audit
Outcomes

Estimated Duration: 1 ¼ hours

Module • Ability to chair a closing meeting with auditee representatives to

objective: present the findings and reach consensus of the outcomes and
subsequent actions where required

Slides: 133 - 147

Activities: Activity 21: Nonconformity Reporting, page 269

Activity 22: Closing Meeting and Reporting, page 279

262 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDIT FINDINGS
Collected audit evidence should be evaluated against the audit criteria to
determine audit findings. Audit findings can indicate either conformity or
nonconformity with audit criteria. When specified by the audit plan, individual
audit findings should include conformity and good practices along with their
supporting evidence, opportunities for improvement, and any recommendations
for the auditee.

Nonconformities should be recorded and supported by audit evidence, and

where appropriate graded. Nonconformities should be reviewed with an
appropriate auditee representative to obtain acknowledgment that the audit
evidence is accurate, and that the nonconformity is understood. Every attempt
should be made to resolve any divergence of opinion concerning the audit
evidence and unresolved points should be recorded.

The audit team should meet as needed to review the audit findings at
appropriate stages during the audit.

During the audit the audit team leader should periodically communicate the
status of the audit and any concerns to the auditee and audit client, as
appropriate.

Where the available evidence indicates that the audit objectives are
unattainable, the audit team leader should report the reasons to the audit client
and the auditee to determine the appropriate action, which may include
termination of the audit or a change in the audit objectives.

Any concern about an issue outside the audit scope should be noted and
reported to the audit team leader, for possible communication to the audit client
and auditee. Any need for changes in the audit scope which may become
apparent as on-site auditing activities progress should be reviewed with and
approved by the audit client and, as appropriate, the auditee.

www.iqmslearning.co.uk 263
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CONFIRMING AND COLLATING THE FINDINGS

When the on-site component of the audit has been completed, auditors then
meet to collate the observations uncovered during the audit. Auditors then
write up any nonconformities uncovered during the audit.

The auditors meeting will determine what the collective information means,
and prepare for the close out meeting.

This is an important opportunity to:

a) Review the audit findings, and any other appropriate information
collected during the audit, against the audit objectives
b) Agree on the audit conclusions, taking into account the uncertainty
inherent in the audit process
c) Prepare recommendations, if specified by the audit plan
d) Discuss audit follow-up, as applicable

Audit conclusions can address issues such as the following:

• Extent of conformity with the audit criteria and robustness of the
management system, including the effectiveness of the management
system in meeting the stated objectives
• Effective implementation, maintenance and improvement of the
management system
• Capability of the management review process to ensure the continuing
suitability, adequacy, effectiveness and improvement of the
management system
• Achievement of audit objectives, coverage of audit scope, and
fulfilment of audit criteria
• Root causes of findings, if included in the audit plan
• Similar findings made in different areas that were audited for the
purpose of identifying trends.

If specified by the audit plan, audit conclusions can lead to recommendations

for improvement, or future auditing activities.

264 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

REPORTING CATEGORIES
An overall summary of the management system’s strengths and weaknesses
should be provided to support the auditor’s findings on system compliance and
effectiveness.

Emphasis should be placed on the reporting of system compliance,

adequacy, effectiveness, performance and suitability.

If there are nonconformities, these may be written in a standard format to ensure

consistency for the auditee.

Many organisations use structured Nonconformity Reports (NCR) for the

purpose of reporting. Other terms used are: Corrective Action Requests (CAR),
Opportunities for Improvement (OFI), etc.

Nonconformity findings represent a non-fulfilment of a specified

requirement, and for many organisations are given the highest priority when
determining corrective actions.

www.iqmslearning.co.uk 265
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Nonconformities may be categorised according to the degree of any deficiency.

For example, nonconformity categories could include:

Critical Legal or licence or operational deficiency; critical requirement

that is not in place, lapsed or not being adhered to over a
period; could result in the audit being stopped temporarily and
reported to the audit client.

Major Serious departure from the audit criteria

• Absence or total breakdown of a system
• A number of minor nonconformities against one
requirement
High risk to the organisation that could have undesirable effect
on:
• operational activities and system/process performance
• customers
• products and services
• other stakeholders

Minor Often given a lower priority as these findings, whilst

representing a non-fulfilment of a specified requirement, are
recognised as being of lower risk to the organisation.
• A failure in some part of the organisation’s documented
quality system relative to ISO 9001
• A single observed lapse in following one item of the
company’s quality management system
• An isolated, witnessed incident of failure to comply with a
procedure or quality management system requirement
• A low risk to the organisation

If a critical nonconformity is found, the auditor must advise senior management

immediately so they have the opportunity to rectify the situation.

One other reporting category relates to improvements to the management

system, such as Risks, Opportunities for Improvement or Process
Improvements. These are typically suggestions regarding the improvement of
the management system. For organisations, whilst not the highest priority this
category is often the most valuable audit category.

Regardless of what these aspects are called the auditor would normally
conform to the language of the organisation – without deviating from the
facts. The hackneyed old phrase “When in Rome do as the Romans do” applies
normally in these situations.

The overarching need for audit report categories is to ensure that the audit
findings presented can be easily interpreted.

Regardless of the terminology, the structure of information contained in each

nonconformity is important.

266 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

THE NONCONFORMITY STATEMENT

These are statements of fact which can be substantiated, and upon which
action can be taken by the auditee’s management. The structure of a
nonconformity statement is critical to allow the organisation to identify the issue
and decide what action is needed.

When recording the nonconformity identified, a separate statement should be

written for each system problem or deficiency identified, unless they are of the
same type or similar in nature. In additions, the nonconformity statement should
comprise the three elements shown in the figure below.

Figure 8: The Nonconformity Statement

www.iqmslearning.co.uk 267
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

The points to be included when detailing nonconformity are:

• What is the nonconformity i.e. what is the problem in the system?
• The objective evidence to substantiate the nonconformity.
• What was observed?
• Where was it observed?
• Reference to the criteria i.e. standard or the internal procedure, or
legislation

EXAMPLES FOR WRITING NONCONFORMITIES

1. A system statement – “The system does not ensure that…”

2. The objective evidence – “During the audit of Triple Plastics Pty Ltd
maintenance department it was observed that…”
3. The reference – “This is contrary to the requirements of Triple Plastics Pty
Ltd procedure M123.”

EXAMPLE OF COMPONENTS OF A NONCONFORMITY

STATEMENT

1. Evidence Component - During an audit of the manufacturing plant of the

supplier organisation, the Customer Product Specification document used
as a reference by the production team is version 4 and has not been
updated for over 2 years.
2. Reference Component - This version of the document is contrary to the
Product Specification document referenced in the current Customer
Agreement Document which is version 8.
3. Explanation Component - Discussions with the auditee confirmed the
discrepancy between the documents.

The above nonconformity statement could also be worded as:

During the audit it was observed that the version of the Customer
Product Specification document used by the manufacturing team was
version 4, however version 8 has been stipulated to be used in the
current Customer Agreement.

External audits normally reference the organisation’s own documentation, the

reference standard and legislation where appropriate.

In many cases there will be a number of references to the documented

management system and / or the reference criteria. It is not necessary to list
each possible reference, but to identify the most relevant one.

When legislative/regulatory requirements are being audited it is common to list

all references applicable to the nonconformity.

268 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 21: Nonconformity Reporting

Overview:

Review the following situations and decide if there is a nonconformity or more

information is required and prepare either a nonconformity report or outline your
investigation.

Task:

For each incident, if you think that there is sufficient objective evidence of
nonconformity then you should complete a nonconformity report:
• Categorise it as major or minor.
• Write a statement of the nonconformity (what went wrong with what)
• You must identify objective evidence to support the finding
• The relevant clause of ISO 9001 against which it can be reported.
• The brief requirements of the clause

If you do not think that there is sufficient objective evidence of nonconformity

then complete the lower part of the report as follows:
• Make a clear statement of why you think there is insufficient evidence of
nonconformity
• Identify areas you would check for evidence that the situation is under
control.

www.iqmslearning.co.uk 269
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Situation 1 (Example of a Nonconformity Statement to review with your

Tutor)

The auditor reviews the management review minutes dated 17th September Year 1 sees that all
the top management team were present and that quality objectives have been reviewed. The
auditor notices that there is no mention of “the effectiveness of actions taken to address risks and
opportunities” and asks the Managing Director if this was covered. The managing director reply’s
that they spent longer on the company objectives and did not feel that it was not a priority to review
the actions taken to address risks and opportunities as the business was running just fine right now.
He added that they will review Risks and Opportunities if there is time at the next meeting in
September Year 2.

NONCONFORMITY STATEMENT TEMPLATE

NAME: Rob M Blind REF NUMBER NC1
DATE: 01 January Y2 LOCATION: Management
CATEGORY  Major  Minor  Observation

NONCONFORMITY STATEMENT
The process for conducting management review to cover all input
requirements is not effective

EVIDENCE
Management Review Dated 17th September Year 1
No Records in minutes of the effectiveness of actions taken to address risks
and opportunities being reviewed
It was stated that there was not enough time to review the actions taken to
address risks and opportunities during the meeting

CLAUSE AND REQUIREMENT

Clause 9.3.2(e) requires that management review input shall include a review
of the effectiveness of actions taken to address risks and opportunities

270 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Situation 2 (Example of an Audit Investigation to review with your Tutor)

The auditor sees a copy of company quality policy on display in reception and notices that it is
signed by Mike Andropos and dated five years earlier. The auditor checks with the MD and the
Quality Manager if this is the latest version and they confirm that it is the current version and that
there has been no need to update the policy. The auditors sees other that this same version is
also on the company website.

AUDIT INVESTIGATION TEMPLATE

NAME: Rob M Blind REF NUMBER 2
DATE: 01 January Y2 LOCATION: Management
REASON WHY THIS IS NOT A NONCONFORMITY

ISO 9001 does not stipulate how frequently the quality policy must be
updated so even though the policy is 5 years old it may still be applicable.

INVESTIGATION
• Check the policy to see that it is still appropriate to the business (5.2.1)
• Check to see if the Policy has been reviewed in the last 5 years (5.2.1)
• Check the Quality Objectives to verify that they are consistent with the Policy
(6.2.1.a)
• Check how the policy has been communicated (5.2.2 7.4)
• Check if staff and other people working under the control of the company are
aware of the policy (7.3)
• Check what the process will be for the company to review and update the policy
in the future. (7.5.2)

www.iqmslearning.co.uk 271
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Situation 3 (Decide and write a Nonconformity OR Audit Investigation)

The staff in scan and copy department were having difficulty processing online customer orders for
photo prints as the increased number of terminals was putting the existing server under strain. The
auditor noticed that on the company website they guaranteed next day delivery for standard prints.

The supervisor told the auditor that everyone was aware of the problem, but the company was
expanding more rapidly than expected and there would be no money available to upgrade the
computer system until next year at the earliest.

The auditor asked to see the complaints file and noted that there were an increasing number of
complaints relating to late deliveries of standard prints. The supervisor showed the auditor a pile
of pre-printed apology letters and IQMS Learning d that until the situation resolved itself they
were sending one of these out with all orders. Hopefully this would make things a little easier in
the short-term.

Situation 3 - NONCONFORMITY STATEMENT TEMPLATE

NAME: REF NUMBER

DATE: LOCATION:

CATEGORY  Major  Minor

NONCONFORMITY STATEMENT

EVIDENCE

CLAUSE AND REQUIREMENT

Auditor Signature

272 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Situation 3 - AUDIT INVESTIGATION TEMPLATE

NAME: REF NUMBER

DATE: LOCATION:

REASON WHY THIS IS NOT A NONCONFORMITY

INVESTIGATIONS (AUDIT TRAILS)

www.iqmslearning.co.uk 273
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Situation 4 (Decide and write a Nonconformity OR Audit Investigation)

The auditor checks the final inspection area the the staff are weighing boxes of recently printed
business directories (Order Number IPQ7689), they use the wieght to verify that the box contains
the correct number of directories. He looks at the work instruction CP7754 and verifies that this is
being conducted correctly. The auditor then checks the weigh scales for a calibration label but only
finds an etched serial number of the scales WSI885568. The inspectors states that the labels
always come off because the scales are in constant use but he thinks the scales are not due for
calibration for a few months yet.

Situation 4 - NONCONFORMITY STATEMENT TEMPLATE

NAME: REF NUMBER

DATE: LOCATION:

CATEGORY  Major  Minor

NONCONFORMITY STATEMENT

EVIDENCE

CLAUSE AND REQUIREMENT

Auditor Signature

274 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Situation 4 - AUDIT INVESTIGATION TEMPLATE

NAME: REF NUMBER

DATE: LOCATION:

REASON WHY THIS IS NOT A NONCONFORMITY

INVESTIGATIONS (AUDIT TRAILS)

www.iqmslearning.co.uk 275
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Situation 5 (Decide and write a Nonconformity OR Audit Investigation)

In the Purchasing Department the auditor checks a purchase order for Sun UV Gloss, product code
TMX101 and notes the supplier is Bertrand Lithographique SARL. The auditor asks how the
supplier Bertrand Lithographique was selected.

The purchasing clerk explains that Bertrand Litho is a new supplier that they had never used before
because their regular supplier, Quarks Ltd, could not meet the delivery date and the order was
placed with Bertrand Lithographique.

The clerk added that this was a special UV gloss so they had searched the internet and made a
number of enquiries however the price from this supplier was the best. The clerk states that they
were not able to visit the factory as it was in France but the credit check was good so they approved
the Bertrand Lithographique.

Situation 5 - NONCONFORMITY STATEMENT TEMPLATE

NAME: NUMBER

DATE: LOCATION:

CATEGORY  Major  Minor

NONCONFORMITY STATEMENT

EVIDENCE

CLAUSE AND REQUIREMENT

Auditor Signature:

276 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Situation 5 - AUDIT INVESTIGATION TEMPLATE

NAME: REF NUMBER

DATE: LOCATION:

REASON WHY THIS IS NOT A NONCONFORMITY

INVESTIGATIONS (AUDIT TRAILS)

www.iqmslearning.co.uk 277
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

THE CLOSING MEETING

A closing meeting, chaired by the audit team leader, should be held with the
auditee’s management and those responsible for the functions audited.

The purpose of this meeting is to:

• Thank the auditees for their co-operation and time
• Restate the audit objective, criteria and scope
• Present the audit result
• Explain the nonconformities
• Set a timetable for corrective action and a follow-up audit, if required and
• Indicate the timeframe for delivery of the audit report.

The degree of detail should be consistent with the familiarity of the auditee with
the audit process. For some audit situations, the meeting may be formal with
minutes, including records of attendance. In other instances the closing meeting
is less formal and may consist solely of communicating the audit findings and
conclusions.

As appropriate, the following should be explained to the auditee in the closing

meeting:
• Advising that the audit evidence collected was based on a sample of the
information available
• Method of reporting
• Process for handling of audit findings and possible consequences
• Presentation of the audit findings and conclusions in such a manner that
they are understood and acknowledged by the auditee’s management and
• Any related post-audit activities i.e. implementation of corrective actions,
audit complaint handling, or appeal process

278 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Any outstanding differences of opinion between the audit team and the
auditee should be discussed and if possible resolved. If not resolved, both
opinions should be recorded. Minutes of the closing meeting should be
maintained.

If specified by audit objectives and plan, the audit team leader should present
the audit team’s recommendations for improvements. It should be
emphasised that recommendations are not binding. It is the responsibility of
the auditee to determine the extent, the ways and means of improvement
actions.

During the closing meeting, the audit team leader should ensure that the
following issues are dealt with:
• Set up and taking the minutes, if appropriate
• Establish the attendance list, if appropriate
• Reiterate the purpose of the audit
• Present the audit observations
• Quote the evidence and
• Present conclusions

In some audits, it may be relevant for a draft audit report to be presented

during the closing meeting. In others, the report will not yet be written and the
meeting will be simply a verbal accounting of the findings.

If the auditee is present at this meeting and disagrees with any of the findings,
the auditor should handle the auditee’s justification of any disagreement with
patience and understanding. The auditee’s disagreement with any finding
should be noted by the auditor on the audit report. The matter should then be
referred to the client.

Regardless, it is important for the audit team to receive a commitment to

corrective action from the auditee before the meeting closes. This may be
through a formal written response to nonconformity reports or discussion on
action points to be attended to.

Refer to the Attendance Record Template and Closing Meeting Agenda

example on the following pages for guidance and ideas.

www.iqmslearning.co.uk 279
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

EXAMPLE AUDIT ATTENDANCE SHEET

Audit Number:
Name of Auditor:
Name of Auditee:
Department/Section:
Location:
Date Name Signature of Attendee
Pre-Audit Opening Closing
Meeting Meeting

280 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

EXAMPLE CLOSING MEETING AGENDA

Attendance Sheet

Purpose
The main purpose of this meeting is to verbally present the audit findings to
senior management representatives to ensure that they clearly understand
the results of the audit.

Observations

Key Nonconformity

Auditee Response to Observations, Nonconformities

www.iqmslearning.co.uk 281
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 22: Closing Meeting and Reporting

Overview:

The audit team conduct a closing meeting to present the audit outcomes to the
auditee organisation to ensure understanding and agreement is achieved
between both parties.

Task:

Your team is required to conduct a closing meeting with the auditee

organisation, presenting the nonconformities developed in the audit activity.
• Review the information you have collected during the previous activities
including the nonconformities developed in the previous activity
• Write a summary report and conclusions for the audit of your case study
organisation
• Nominate a member of your team to act as the audit team leader who will
chair the meeting
• Each auditor in the team will present at least one audit finding to the
organisation’s representatives

282 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

www.iqmslearning.co.uk 283
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

284 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

www.iqmslearning.co.uk 285
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Module 15:
Audit Follow-up

www.iqmslearning.co.uk 287
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

MODULE 15 INTRODUCTION:
DAY 5
AUDIT FOLLOW-UP
Audit Follow-up

Estimated Duration: 2 hours

Background This module aims to provide students with the knowledge and skills to
information: prepare and distribute an audit report, incorporating suitable record storage
methods and confidentiality considerations.

Module
objectives: • Ability to draft an audit report to ensure outcomes are accurately
documented in accordance with the agreed outcomes of the audit
closing meeting

• Understand the confidentiality considerations when disseminating the

final audit report.

Slides: 149 - 161

Activities: Activity 23: Audit Report and Corrective Action, page 295

288 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

PREPARING THE AUDIT REPORT

The audit report is the property of the audit client. The audit team members and
all report recipients should respect and maintain the confidentiality of the
report.

The audit team leader is responsible for the preparation, accuracy and
completeness of the Audit Report.

The Audit Report should provide an accurate record of the audit and should
contain audit conclusions on issues such as the following, if within the audit
objectives and scope:
• Extent of conformance of the management system to the audit criteria
• The effective implementation of the management system
• The ability of management review process to ensure the continuing
suitability and effectiveness of the management system

The audit report should provide a complete, accurate, concise and clear
record of the audit, and should include or refer to the following:
• The audit objectives
• The audit scope, including the identification of the organisational and
functional units or processes audited
• The audit criteria
• Identification of the audit client
• Identification of audit team leader and audit team members
• The dates and places where the on-site audit activities were conducted
• The audit findings supported by related objective evidence
• The audit conclusions and
• Statement on the degree to which the audit criteria has been fulfilled

www.iqmslearning.co.uk 289
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

The audit report may also include or refer to the following, as appropriate:
• The audit plan including time schedule
• List of auditee representatives
• Summary of the audit process, including any obstacles encountered that
may decrease the reliability of the audit conclusions
• Confirmation that the audit objectives have been achieved within the audit
scope in accordance with the audit plan
• Any areas within the audit scope not covered
• A summary covering the audit conclusions and the main audit findings that
support them
• Any unresolved diverging opinions between the audit team and the auditee
• Opportunities for improvement, if specified in the audit plan
• Good practices identified
• Agreed follow-up action plans, if any
• Statement of the confidential nature of the contents
• Any implications for the audit programme or subsequent audits

At times, this report may be drafted before the closing meeting; however it is
more common to prepare the report after leaving the audit site. For this reason
auditors must ensure that their notes are ordered and legible to allow for easy
reference after the fact and all objective evidence collected must be recorded
in detail.

There is no defined time for the preparation of the audit report, however most
auditors will agree that it should be written within one week of the audit to
ensure that the specifics of the audit are not forgotten. If the closing meeting
was purely a verbal accounting of the results of the audit, then it is important
that the report be approved and forwarded to the client as soon as possible to
enable them to begin actioning any findings.

290 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

COMPONENTS OF AN AUDIT REPORT

Components of an Audit Report provides guidance on the type of information
that could be included in a report.

The level of detail will be defined by the needs of the recipient of the report.

Introduction Audit Introduction:

(includes broad Demographics (audit number; team members; audit
statements) date; audit location/s; confidentiality requirements etc.).
Scope and objectives (as per audit plan).
Contribution of staff and management (auditees, guides
etc.).
Methodology (disclaimer – e.g. auditing is a sampling
approach and the findings are based only on what was
sampled during the audit).
System established (the degree to which to system is
implemented and maintained).

Body Summary of Findings:

(includes Previous audit findings (nonconformities and corrective
specific actions addressed).
statements
System’s strengths (start with positive aspects about the
based on
system audit findings).
auditor’s
findings) System nonconformities (any nonconformities raised).
Opportunities for improvement (finish with positive
aspects – system is conforming but is able to be
improved).
Recommendations (optional – may be presented at the
end of each segment outlined above in the summary of
findings or include as separate heading).

Conclusion Overall Summary:

(includes broad System’s ability to achieve business objectives (consider
statements) waste areas and cost).
Impact of system meeting customer requirements
(needs and expectations and level of satisfaction).
Effectiveness of the audit schedule as a management
tool.
Impact of system meeting certification or other
contractual requirements.

Attachments Documents:
(relevant Such as audit plan, audit guidance tools, samples, etc.
documents (whatever is appropriate).
related to the
audit activities)

www.iqmslearning.co.uk 291
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

DISTRIBUTING THE AUDIT REPORT

The audit report should be issued within the agreed time period. If this is not
possible, the reasons for the delay should be communicated to the audit client
and a new issue date should be agreed.

The audit report should be dated, reviewed and approved in accordance with
audit programme procedures.

The lead auditor should send the audit report to the client. Distribution of the
audit report should be determined by the client in accordance with the audit
plan. The auditee should receive a copy of the audit report (unless specifically
excluded by the client). Additional distribution of the report outside the
auditee’s organisation requires the auditee’s permission.

The audit is completed when all activities described in the audit plan have been
carried out and the approved audit report has been distributed.

DOCUMENTATION RETENTION & STORAGE

Documentation pertaining to the audit such as notes, copies of records, or the

final audit report should be retained or destroyed by agreement between the
participating parties and in accordance with audit programme procedures and
applicable statutory, regulatory and contractual requirements.

A system for filing reports should be established and any retained

documentation filed accordingly incorporating requirements relating to
document access authority. Only the appropriately authorised personnel should
be able to access or update audit records such as reports.

Retention periods will be defined by the type of audit conducted, and the legal
obligations of the organisation regarding their business record retention
requirements.

292 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CONFIDENTIALITY CONSIDERATIONS

Unless required by law, the audit team and those responsible for managing the
audit programme should not disclose the contents of all audit records
including the final report, or any other information obtained during the audit.

Explicit approval from the client and the auditee where appropriate, is required
before any information or records are disclosed to a 3rd party.

Final tasks to be completed at this stage may include:

• Updating the audit schedule
• Booking a follow-up audit, if required

www.iqmslearning.co.uk 293
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

COMPLETING THE AUDIT

Unless there is a situation that prevents the audit from being completed
according to the plan, agreement is reached with the audit client and the audit
is considered complete. All documentation relevant to the audit should be
retained or destroyed in accordance with the agreed audit procedures.

Unless required by law, the audit team should keep the contents of all audit
documents and other audit information confidential. If disclosure of the contents
of an audit document is required for any reason, the audit client and auditee
should be informed.

The audit team should consider including any lessons learned from the audit in
their continual improvement process.

294 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CONDUCTING AUDIT FOLLOW-UP

At the conclusion of the audit the need for corrections, preventive, or
improvement actions should be considered and agreed within a specific
timeframe.

It is not the auditors’ role to undertake and determine the exact action required
for a deficiency, however, auditors are often in a position to add further value
to the audit by suggesting possible immediate actions. This should be
approached carefully, as the auditee should not see any suggestions as
definitive solutions.

Preventive action can also be identified during the audit process and should
be treated in the same way as corrective action. Preventive action occurs when
there is a potential for a deficiency, and is proactive. Corrective action is
reactive in response to an actual deficiency.

The audit programme may specify follow-up by members of the audit team,
which adds value by using their expertise. In such cases, care should be taken
to maintain independence in subsequent audit activities.

In essence the audit provides options – not solutions.

www.iqmslearning.co.uk 295
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

CONDUCTING FOLLOW-UP AUDIT

The completion and effectiveness of corrective action should be verified. This
verification may be part of a subsequent audit, usually referred to as a follow-
up audit.

The process for a follow-up audit is very similar to that for any other audit
activity.

Where this type of audit differs, is that the scope is restricted to the deficiencies
previously identified.

Due to this, the audit guidance tools previously prepared can be used and the
planning and preparation prior to conducting the audit is lessened.

In a number of instances, verification may only require the review of

documentation and/or records to demonstrate that action has been taken, and
that it has been effective in addressing the issue.

296 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

The following table indicates the actions and responsibilities of those involved in the audit
follow process:

Identify the deficiency AUDITOR

Allocate responsibility for investigation AUDITEE

Identify ‘short term’ solution AUDITEE

Investigate and identify root cause of problem AUDITEE

Allocate responsibility and date for implementation AUDITEE

Verify implementation AUDITEE

Identify ‘long term’ solution AUDITEE

Allocate responsibility and effectiveness AUDITEE

Verify implementation and effectiveness AUDITOR or CLIENT

Close AUDITOR or CLIENT

www.iqmslearning.co.uk 297
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

At the conclusion of the follow-up audit, the auditor must make a conclusion as
to the completion and effectiveness of the previously proposed corrective
actions.

The following are some actions which may need to be considered:

If the action has been taken and has been effective, the auditor must record
this information in the audit report or the corrective action documentation used
by the organisation. The issue is considered closed or finalised.

If the action has not been taken or is incomplete, the auditor must record
this information in the audit report or the corrective action documentation used
by the organisation. Another time must be scheduled for follow-up.

If the action has been taken and is ineffective, the auditor must record this
information in the audit report or the corrective action documentation used by
the organisation. Another time must be scheduled for follow-up.

Note: Auditors should always assess the auditees consideration and responses
to emerging risks that are directly or indirectly associated with the implemented
corrections and corrective actions taken. This is to ensure that the soultions
implemented to solve one problem do not cause other problems or risk of other
problems occurring elsewhere.

298 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Activity 23: Audit Report & Corrective Action

Overview:

The ability to convey audit conclusions in a clear and concise manner is a vital
skill for an auditor to develop.

Task:

In your team, complete the audit report template provided by the trainer (a
similar template has been included in your Participant Guide).

Complete as many Sections as possible, using all the information you have
gathered throughout the planning, preparation and conducting phases of the
audit on the case study organisation.

Consider this information as a summary of findings. It is expected that more

detailed information would be included in an audit report you would write up for
your own organisation.

Discuss the nonconformities and the proposed corrective actions with the
trainer to reach agreement.

Note: Each student must complete an Audit Report template and NCR, and
include their name and signature on the document.

www.iqmslearning.co.uk 299
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

AUDIT REPORT TEMPLATE

Audit Date: Audit Location:

Audit Team Members: Auditee/s (Organisation):

Audit Objective:

Scope:

Audit Criteria:

Strengths:

Nonconformity Summary:

300 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

Opportunities for Improvement:

Audit Conclusion:

Auditor Name: Signature:

Auditee name: Signature:

www.iqmslearning.co.uk 301
ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

OPTIONAL / ADDITIONAL CORRECTIVE ACTION TEST

If time permits, your trainer will now facilitate one final test for you to confirm
your own personal and individual understanding how to effectively verify
effectiveness of;
• correction
• corrective actions
• associated emerging risks (i.e. applying risk-based thinking)

Your trainer will facilitate the test Corrective action TEST using the following
slides.

Time 20 minutes

Study the Nonconformity

scenario on the screen or in the
HANDOUT.
Analyse all of the actions the
manager has taken in response
to the nonconformity.

Now answer the four closed

questions on the screen and do
not let your colleagues see your
answers. You MUST answer
Yes or No to the 4 questions.

302 www.iqmslearning.co.uk
 ISO 9001:2015 LEAD AUDITOR COURSE
PARTICIPANT GUIDE

NOTES

www.iqmslearning.co.uk 303