ISO 9001:2015 INTERNAL AUDITOR TRAINING

COURSE
July 23, 2024
GITCHIA Institute of Global Certification (Pvt.) Ltd.

TRAINER INTRODUCTION TO GITCHIA

Muhammad Waqas • Conformity Assessment Body
3 LA’s ( ISO 9001:2015, ISO 14001:2015, ISO • Working in 35+ Countries
45001:2018)
• Accredited by 8 International Forum
Training on ISO/IEC 17021 & ISO/IEC 17025
• Working in Pakistan since 2017
• Website: www.gitchia.com
Contact Number: 0309-3337793
Email: [email protected]
 WHAT IS A MANAGEMENT SYSTEM?

A management system is the way in which an organization manages the

INTRODUCTIONS
interrelated parts of its business in order to achieve its objectives. These objectives
can relate to a number of different topics, including product or service quality,
operational efficiency, environmental performance, health and safety in the
workplace and many more.

Example: QMS, EMS, OH & S And FSMS

QUALITY MANAGEMENT SYSTEM (QMS)?

A Quality Management System (QMS) is a structured framework designed to manage and improve an
organization's quality and performance consistently. It encompasses a set of processes, policies, and
procedures aimed at ensuring that products or services meetr exceed customer expectations while
adhering to applicable regulatory requirements.

A Quality Management System (QMS) is a set of policies, processes, and procedures required for
planning and execution in an organization's core business area. It provides a framework for achieving
quality objectives and includes monitoring and measurement of performance
KEY PRINCIPLES QUALITY MANAGEMENT SYSTEM (QMS) KEY COMPONENTS QUALITY MANAGEMENT SYSTEM (QMS)
Customer Focus: Understanding and meeting customer needs and expectations are central to quality management. • Documented Processes
Customer satisfaction is a key indicator of the effectiveness of a quality management system.
• Quality Policy
Leadership: Leadership plays a crucial role in establishing and maintaining a quality-focused culture within an
organization. Leaders set the direction, create unity of purpose, and foster engagement • Quality Objectives
Engagement of People: Employees at all levels are the heart of an organization. Involving and empowering them • Roles, Responsibilities and Authorities
enhances their contribution to achieving organizational objectives
• Monitoring and Measurement
Process Approach: A systematic approach to managing activities as processes helps ensure that resources are used
effectively, and desired outcomes are consistently achieved. • Documentation and Record Keeping
Continuous Improvement: Regularly assessing and improving processes leads to enhanced efficiency, • Training and Competence
effectiveness, and flexibility, resulting in overall better performance.
Relationship Management: An organization and its external providers (suppliers, partners) are interdependent, and
a mutually beneficial relationship enhances the ability to create value.

IMPORTANCE OF QUALITY MANAGEMENT SYSTEM BENEFITS OF QUALITY MANAGEMENT SYSTEM

Implementing a Quality Management System (QMS) brings forth a multitude of benefits for organizations across
Quality management plays a key role in ensuring the success, sustainability, and reputation of various industries. Here are some key advantages associated with having a strong Quality Management System
businesses. Here are several key reasons highlighting the significance of quality management:
• Consistent Product and Service Quality • Customer Retention
• Customer Satisfaction • Employee Engagement • Customer Satisfaction • Global Recognition
• Competitive Advantage • Customer Retention • Compliance with Standards and Regulations • Increased Accountability
• Cost Efficiency • Decision-Making Based on • Operational Efficiency • Documentation and Traceability
Data • Cost Savings • Supply Chain Improvement
• Compliance and Risk
• Risk Management: • Reduced Defects and Rework
Mitigation • Global Recognition
• Continuous Improvement • Leadership Alignment
• Continuous Improvement • Organizational Efficiency • Employee Engagement • Strategic Alignment
• Enhanced Reputation • Data-Driven Decision Making • Sustainability
• Market Reputation and Brand Image
• Competitive Advantage
International Organization for Standardization (ISO) What is Accreditation
• The International Organization for Standardization is an international standard-setting body composed of Accreditation involves the assessment of the competence and impartiality of
representatives from various national standards organizations. Founded on 23 February 1947, the organization
promotes worldwide proprietary, industrial, and commercial standards an organization and the compliance of their work to nationally and
• 25000 Developed Standards internationally recognized standards or schemes, such as the ISO/ IEC 17021
• Proposal Stage Requirements for bodies providing audit and certification of management
• WD = Working Draft (Preparatory stage )
systems.

• CD = Committee Draft (Preparatory stage )

Certification:
Effectively, certification is the third-party confirmation via audit of an
• DIS = Draft International Standard organization's systems or products for example ISO 9001:2015 Certification
• FDIS = Final Draft International Standard
• IS=International Standard

Overall Scenario of ISO/TC176

ISO 17021 & 17011 • Development of generic quality management system standards that have broad application:
• All Market Sectors
ISO/IEC 17021 • Both Private And Public Organizations
Conformity assessment — Requirements for bodies providing audit and certification • Approx. 2.1 million certifications to ISO 9001 worldwide
of management systems BUT
ISO/IEC 17011:2017 • It’s about more than just “certification”
Conformity assessment — Requirements for accreditation bodies accrediting
• “Certification to ISO 9001” should be a result of a well- implemented quality
conformity assessment bodies management system!
 Pakistan's Centralized Regulatory Infrastructure
Pakistan's Centralized Regulatory Infrastructure is as below:

Pakistan Standards & Quality Control Authority (PSQCA) (1 December 2000)

Pakistan's Regulatory Infrastructure for Pakistan National Accreditation Council (PNAC)

ISO Certification
Certification Bodies (CBs)

Pakistan Standards & Quality Control Authority

Pakistan National Accreditation Council
The Pakistan Standards & Quality Control Authority is an autonomous body & ISO Member body
subordinate to the Ministry of Science and Technology of the Government of Pakistan. Its main
objective is to regulate and enforce quality standards in Pakistan. Anything that is certified by the The Pakistan National Accreditation Council was formed in the year 1998,
PSQCA is issued the Pakistan Standards label.
after Pakistan joined the World Trade Organization (WTO). The main objective of
• The Authority started functioning on 1 December 2000, comprising three integrated Components, the Council is to regulate and accredit laboratories and certification bodies.
namely Standards Development Centre (SDC), Quality Control Centre (QCC), and Technical
Services Centre (TSC). The PSQCA is now acting as National Enquiry Point (NEP)for Pakistan.
QUALITY MANAGEMENT SYSTEM ISO 9001:2015
The ISO 9001:2015 standard is one of the most widely known standards for quality
management system to achieve customer satisfaction as outcome, is implemented by over 850,000
organizations in
163 countries. The ISO 9001 standard has become an international reference for
Quality
Management requirements in Business-to-business relationships. ISO 9001 helps organizations
of any type and size with “Quality Management System” including:
• Fulfilling interested parties’ quality requirements
• Following applicable regulatory requirements
• Enhancement of PDCA cycle
• Achieving improvement through risk-based strategy
• Reduce the cost of nonconformities
Technical Committee Quality management and quality assurance ISO/TC 176
History of QMS
ISO 9001 FAMILY
• ISO 9000 Quality management systems – Fundamentals and vocabulary
• ISO 9001 Quality management systems – Requirements
• ISO 9004 Managing for the sustained success of an organization – A quality management approach
• ISO 10001 Quality management – Customer satisfaction – Guidelines for codes of conduct for organizations
• ISO 10002 Quality management – Customer satisfaction – Guidelines for complaints handling in organizations
• ISO 10003 Quality management – Customer satisfaction – Guidelines for dispute resolution external to organizations
• ISO 10004 Quality management – Customer satisfaction – Guidelines for monitoring and measuring
• ISO 10005 Quality management systems – Guidelines for quality plans
• ISO 10006 Quality management systems – Guidelines for quality management in projects
• ISO 10007 Quality management systems – Guidelines for configuration management
• ISO 10008 Quality management – Customer satisfaction – Guidelines for business-to-consumer electronic commerce
transactions
• ISO 10012 Measurement management systems – Requirements for measurement processes and measuring
equipment
History of ISO 9001:2015
SCOPE OF ISO 9001:2015
This International Standard specifies requirements for a quality management system when an
organization:
a) Needs to demonstrate its ability to consistently provide products and services that meet
customer and applicable legal requirements
b) Aims to enhance customer satisfaction through the effective application of the system, including
processes for improvement of the system and the assurance of conformity to customer and
applicable legal requirements.
KEY PRINCIPLES OF ISO 9001:2015
• Customer Focus: Organizations should understand and meet customer requirements, aiming
to enhance customer satisfaction
• Leadership: Leadership plays a crucial role in establishing and maintaining the QMS. Leaders
are expected to demonstrate commitment, provide a clear vision, and create a culture that
encourages engagement and the pursuit of quality objectives
• Engagement of People: Involving people at all levels of the organization fosters a sense of
ownership and commitment. Employees are considered valuable contributors to the QMS, and
their competence, empowerment, and involvement is highlighted.
• Process Approach: ISO 9001 promotes a process approach to managing activities. This
involves identifying, understanding, and managing interrelated processes as a system,
contributing to the organization's effectiveness and efficiency in achieving its objectives.
APPLICABILITY OF ISO 9001:2015
All the requirements of this International Standard are generic and are intended to be applicable
to any organization, regardless of its type or size, or the products and services it provides.
• ISO 9001 is applicable across all industries, including manufacturing, services, healthcare,
education, and more.
• It is suitable for organizations of all sizes, from small and medium-sized enterprises (SMEs)
to large corporations.
• ISO 9001 is relevant to both public and private sector organizations.
• Non-profit organizations can benefit from ISO 9001 to enhance their operational efficiency
and service delivery.
• ISO 9001 is recognized and accepted internationally, making it valuable for organizations with
a global presence.
CONTINUE…….
• Improvement: Continuous improvement is a fundamental principle of ISO 9001. Organizations
are encouraged to continually enhance their performance, products, and processes. This
involves a systematic approach to identifying opportunities for improvement and implementing
changes
• Evidence-Based Decision Making: Decisions within the organization should be based on
analysis and evaluation of data. Evidence-based decision-making ensures that choices are
informed and aligned with the organization's goals.
• Relationship Management: Establishing and maintaining mutually beneficial relationships
with relevant interested parties, including suppliers, contributes to the overall success of the
organization
 WHAT BENEFITS DOES THE NEW VERSION BRING?
The new version of the standard brings the user a number of
benefits. For example, ISO 9001:2015:
• Puts greater importance on leadership engagement
• Helps address organizational risks and opportunities in a
structured manner
COMPARISON BETWEEN ISO 9001:2015 AND ISO 9001:2008
• Uses simplified language and a common structure and terms, which are particularly helpful to
organizations using multiple management systems, such as those for the environment, health & safety, or
business continuity
• Addresses supply chain management more effectively
• Is more user-friendly for service and knowledge-based organizations

CLAUSES ISO 9001:2008 CLAUSE ISO 9001:2015

Clause 4: Quality Management System Clause 7: Product Realization Clause 4: Context of the Organization 7.5 Documented Information
1. General Requirements 1. Planning of Product Realization 1. Understanding the Organization and its Context Clause 8: Operation
2. Understanding the Needs and Expectations of 8.1 Operational Planning and
2. Documentation Requirements 2. Customer-Related Processes
Control Interested Parties 8.2 Requirements for Products
Clause 5: Management Responsibility 3. Design and Development and Services
3. Determining the Scope of the Quality Management System 8.3 Design and
1. Management Commitment 4. Purchasing Development of Products and Services
2. Customer Focus 5. Production and Service Provision 4. Quality Management System and its Processes (if applicable)
8.4 Control of Externally Provided Products
3. Quality Policy 6. Control of Monitoring and Measuring Equipment and Services
4. Planning Clause 8: Measurement, Analysis, and Improvement Clause 5: Leadership 8.5 Production and Service
Provision
5. Responsibility, Authority, and Communication 7. General
5. Leadership and Commitment 8.6 Release of Products and
6. Management Review 8. Monitoring and Measurement
Services
Clause 6: Resource Management 9. Control of Nonconforming Product
6. Policy 8.7 Control of Nonconforming Outputs
7. Provision of Resources 10. Analysis of Data 7. Organizational Roles, Responsibilities, and Authorities
8. Human Resources 11. Improvement Clause 9: Performance Evaluation
Clause 6: Planning 9.1 Monitoring, Measurement,
9. Infrastructure Analysis, and Evaluation
10. Work Environment 8. Actions to Address Risks and Opportunities 9.2 Internal Audit

9. Quality Objectives and Planning to Achieve Them 9.3 Management Review

10. Planning of Changes
Clause 10: Improvement
Clause 7: Support 10.1 General

11. Resources 10.2 Nonconformity and Corrective Action

12. Competence 10.3 Continual Improvement

13. Awareness
 ISO 9001:2015 vs. ISO 9001:2008
MAJOR CHANGES IN ISO 9001:2015 ISO 9001:2015 Clause Number Equivalent ISO 9001:2008 Clause Number
Context of the Organization 1 Scope 1 Scope
ISO 9001:2015 emphasizes the need for organizations to understand their internal and external context, including the 2 Normative Reference 2 Normative Reference
needs and expectations of interested parties.
3 Terms and Definitions 3 Terms and Definitions
Leadership 4 CONTEXT OF THE ORGANIZATION 4 QUALITY MANAGEMENT SYSTEM
The new standard places a greater emphasis on leadership and top management's involvement in the quality 4.1 Understanding the organization and its context 4.1 General Requirements
management system (QMS).
4.2 Understanding the needs and expectations of 4.2.2 Quality Manual
Risk-Based Thinking interested parties
ISO 9001:2015 introduces the concept of risk-based thinking, requiring organizations to identify and address risks and 4.3 Determining the scope of the quality management 4.2.3 Control of Documents
opportunities that could affect the QMS. system

Process Approach 4.4 Quality management system and its processes 4.2.4 Control of Records
The process approach is more prominent in ISO 9001:2015, with a focus on understanding and managing the 5 LEADERSHIP 5 MANAGEMENT RESPONSIBILITY
interactions between different processes within the organization.
5.1 Leadership and commitment 5.1 Management Commitment
Documentation 5.2 Policy 5.2 Customer Focus
The new standard takes a more flexible approach to documentation, allowing organizations to determine the level of 5.3 Organizational roles, responsibilities and authorities 5.3 Quality Policy
documentation required based on their needs and the complexity of their processes.

ISO 9001:2015 Clause Number ISO 9001:2008 Clause Number ISO 9001:2015 Clause Number Equivalent ISO 9001:2008 Clause Number
6 PLANNING 5.4.1 Quality Objectives 7.4 Communication 7.2.1 Determination of Requirements Related to the
Product
6.1 Actions to address risks and opportunities 5.4.2 Quality Management System Planning
6.2 Quality objectives and planning to achieve them 5.6 Management Review 7.5 Documented Information 7.2.2 Review of Requirements Related to the Product

6.3 Planning of changes 5.5.1 Responsibility and Authority 7.5.1 General 7.2.3 Customer Communication

5.5.2 Management Representative 7.5.2 Creating and Updating 7.3 Design and Development
7 SUPPORT
7.1 Resources 5.5.3 Internal Communication 7.5.3 Control of Documented Information 7.3.1 Design and Development Planning

5.6 Management Review 8 OPERATION 7.3.2 Design and Development Inputs

7.1.1 General
6 RESOURCE MANAGEMENT 8.1 Operational planning and control 7.3.3 Design and Development Outputs
7.1.2 People
7.1.3 Infrastructure 6.1 Provision of Resources 8.2 Requirements for products and services 7.3.4 Design and Development Review

7.1.4 Environment for the operation of processes 6.2 Human Resources 8.2.1 Customer communication 7.3.5 Design and Development Verification

7.1.5 Monitoring and measuring resources 6.3 Infrastructure, 6.4 Work Environment 8.2.2 Determination of requirements related to products 7.3.6 Design and Development Validation
and services
7.1.6 Organizational knowledge 7 PRODUCT REALIZATION
8.2.3 Review of requirements related to products and 7.3.7 Design and Development Changes
7.2 Competence 7.1 Planning of Product Realization services
7.3 Awareness 7.2 Customer Related Processes 8.2.4 Changes to requirements for products and services 7.4.1 Purchasing Process
 ISO 9001:2015 Clause Number
8.3 Design and development of products and services
8.3.1 General
8.3.2 Design and development planning
8.3.3 Design and development inputs
8.3.4 Design and development controls
8.3.5 Design and development outputs
8.3.6 Design and development changes
8.4 Control of externally provided processes, products
and services
8.4.1 General
8.4.2 Type and extent of control
8.4.3 Information for external providers
8.5 Production and service provision
8.5.1 Control of production and service provision
ISO 9001:2015 Clause Number
10 IMPROVEMENT
10.1 General
10.2 Nonconformity and Corrective Action
10.3 Continual Improvement
Equivalent ISO 9001:2008 Clause Number
7.4.2 Purchasing Information
7.4.3 Verification of Purchased Product
7.5.1 Control of Production and Service Provision
7.5.2 Validation of Processes for Production and Service
Provision
7.5.3 Identification and Traceability
7.5.4 Customer Property
7.5.5 Preservation of Product
7.6 Control of Monitoring and Measurement Equipment
8 MEASUREMENT, ANALYSIS, AND IMPROVEMENT
8.1 General
8.2 Monitoring and Measurement
8.2.1 Customer Satisfaction
8.2.2 Internal Audit
Equivalent ISO 9001:2008 Clause Number
ISO 9001:2015 Clause Number Equivalent ISO 9001:2008 Clause Number
8.5.2 Identification and traceability 8.2.3 Monitoring and Measurement of Processes
8.5.3 Property belonging to customers or external 8.2.4 Monitoring and Measurement of Product
providers
8.5.4 Preservation 8.3 Control of Nonconforming Product
8.5.5 Post-delivery activities 8.4 Analysis of Data
8.5.6 Control of changes 8.5.1 Continual Improvement
8.6 Release of products and services 8.5.2 Corrective Action
8.7 Control of nonconforming outputs 8.5.3 Preventive Action
9 PERFORMANCE EVALUATION
9.1 Monitoring, measurement, analysis and evaluation
9.1.1 General
9.1.2 Customer satisfaction
9.1.3 Analysis and evaluation
9.2 Internal audit
9.3 Management review
Clause-by-Clause Comparison
ISO 9001:2015 made several changes to the clauses of the standard, including the introduction of new clauses and the
reorganization of existing ones.
1. Structure and Terminology:
• ISO 9001:2008: Had a prescriptive approach with specific requirements and used the term "procedures."
• ISO 9001:2015: Adopts a more flexible approach and uses the term "documented information" instead of "procedures." It
emphasizes the high-level structure (HLS) for easier integration with other management system standards
2. Process Approach:
• ISO 9001:2008: Focused on individual processes with less importance on the interconnectedness of processes.
• ISO 9001:2015: Integrates a more comprehensive process approach, emphasizing the interconnectedness of processes
within the organization's management system
3. Risk-Based Thinking:
• ISO 9001:2008: Highlighted preventive action to address potential issues.
• ISO 9001:2015: Introduces risk-based thinking, encouraging organizations to identify and address risks and opportunities,
leading to better decision-making and proactive management
4. Context of the Organization: 7. Performance Evaluation:
• ISO 9001:2008: Did not explicitly require an assessment of the internal and external context. • ISO 9001:2008: Focused on monitoring and measurement.
• ISO 9001:2015: Introduces the context of the organization, requiring organizations to understand internal and • ISO 9001:2015: Expands requirements for performance evaluation, including monitoring, measurement, analysis,
external factors that impact their QMS and set objectives aligned with that context. and evaluation of the QMS processes.

5. Leadership and Commitment: 8. Continual Improvement:

• ISO 9001:2008: Mentioned management commitment but did not emphasize leadership as explicitly. • ISO 9001:2008: Emphasized continual improvement but did not provide specific guidance.
• ISO 9001:2015: Places a stronger emphasis on leadership involvement and commitment to the effectiveness of the • ISO 9001:2015: Encourages a more dynamic approach to continual improvement, aligning it with organizational
QMS. goals and strategic direction.

6. Documented Information: 9. Transition Period:

• ISO 9001:2008: Prescribed specific documents like quality manual, procedures, and records. • ISO 9001:2008 to ISO 9001:2015: Organizations were provided a transition period to migrate to the new standard.
• ISO 9001:2015: Shifts from a prescriptive approach to a more flexible one, requiring organizations to determine the ISO 9001:2008 certificates became obsolete after September 2018.
necessary documented information based on their needs.

10. Benefits of ISO 9001:2015: 13. Nonconformity and Corrective Action (Clauses 10.2, 10.3):
• Enhanced flexibility, risk management, and overall effectiveness. • ISO 9001:2008: Addressed corrective action in response to nonconformities.
• More alignment with organizational strategy and leadership involvement • ISO 9001:2015: Expands the concept to include the broader term "correction" and emphasizes the need to evaluate
the need for corrective action

11. External Providers (Clause 8.4):

• ISO 9001:2008: Referred to as "Purchasing" and focused on the control of purchased products. 14. Interested Parties (Clause 4.2):
• ISO 9001:2015: Introduces the concept of "interested parties" and requires organizations to determine relevant
• ISO 9001:2015: Expanded to cover the broader concept of "external providers," emphasizing the need to control
interested parties and their requirements.
external processes and services.

12. Customer Satisfaction (Clause 9.1.2): 15. Annex SL Structure:

• ISO 9001:2008: Included a requirement for monitoring customer satisfaction but lacked specific details.
• ISO 9001:2015: Provides more guidance on monitoring and measuring customer satisfaction and emphasizes the
need to determine criteria for evaluation.
• ISO 9001:2015: Adopts the Annex SL structure, facilitating alignment with other management system standards,
making integration more straightforward.
Annex A: Clarification of new structure, terminology and concepts
16. Organizational Knowledge (Clause 7.1.6): ISO 9001:2015
• ISO 9001:2015: Introduces the concept of managing organizational knowledge, emphasizing the need to capture,
maintain, and make use of organizational knowledge. Introduction
• Quality management principles
17. Change Management (Clause 6.3):
• Process approach
• ISO 9001:2015: Includes specific requirements for managing changes within the organization, ensuring that changes
are controlled and do not negatively impact the QMS. • Plan-Do-Check-Act cycle
• Risk-based thinking
• Relationship with other management system standards

ISO 9001:2015 ISO 9001:2015 ( PDCA cycle)

Plan:
Establish the objectives of the system and its processes, and the resources needed to deliver results in
accordance with customers’ requirements and the organization’s policies, and identify and address risks
and opportunities.
Do:
Implement what was planned.
Check:
Monitor and (where applicable) measure processes and the resulting products and services
against policies, objectives, requirements and planned activities, and report the results.
Act:
Take actions to improve performance, as necessary
 4. CONTEXT OF THE ORGANIZATION
QUALITY MANAGEMENT SYSTEMS — REQUIREMENTS
• Determining Internal and External Issues

1. Scope • Understanding the needs and expectations of interested parties

• Determining the scope of the quality management system
2. Normative references
• QMS and its Processes
3. Terms and definitions
• Inputs required and the outputs expected from the processes
• Maintain documented information to support the operation of its processes

5. LEADERSHIP 6. PLANNING
• Leadership and Commitment • Actions to Address Risks and Opportunities
• Quality Policy • Establish Quality objectives
• Promoting Continual Improvement • Planning to achieve the quality objectives
• Customer focus • Planning of changes
• Risks and opportunities that can affect conformity of products and services
7. SUPPORT
• Resources, Competence, Awareness and Communication
• Infrastructure
• Environment for the operation of processes
• Monitoring and measuring resources
• Organizational knowledge
9. PERFORMANCE EVALUATION
• Monitoring, measurement, analysis and evaluation
• Customer satisfaction
• Performance and the effectiveness of QMS
• Conformity of products and services;
• The performance of external providers
8. OPERATION
• Operational planning and control
• Plan, implement and control the processes
• Requirements for the products and services
• Design and development of products and services
• Control of externally provided processes, products and services
• Control of nonconforming outputs
INTERNAL AUDIT
• Internal Audit Planning
• Conducting Internal Audits of the QMS
• Establishing Audit Criteria and Scope
• Selection of Internal Auditors
• Documenting Audit Findings
• Implementing Corrective Actions against Audit Findings
• Reviewing Audit Results with Top Management
• Documenting Internal Audit Processes
MANAGEMENT REVIEW MANAGEMENT REVIEW
• Conducting Management Reviews of the QMS Management review outputs
Management review inputs • Opportunities for improvement
• Status of actions from previous management reviews • Any need for changes to the quality management system
• Changes in external and internal issues • Resource needs
• Performance and effectiveness of QMS • Retain documented information as evidence of the results of management reviews
• Adequacy of resources;
• Effectiveness of actions taken to address risks and opportunities
• Opportunities for improvement

10. IMPROVEMENT NONCONFORMITY AND CORRECTIVE ACTION

• Determine and select opportunities for improvement
• Enhance customer satisfaction
• Implementing Improvement Actions
• Improving products and services to meet requirements
• Correcting, preventing or reducing undesired effects
• Identifying Nonconformities
• Take action to control and correct it
• Evaluate the need for action to eliminate the cause(s) of the nonconformity
• Implement any action needed
• Review the effectiveness of any corrective action taken
• Documenting Corrective Action
• Documenting nature of the nonconformities and any subsequent actions taken
 WHAT IS AN AUDIT?
An audit is a systematic process where objective evidence is obtained and evaluated to
determine if a business has fulfilled a set of criteria or requirements.

An audit follows a methodical process to objectively examine and prove that an organization
WHAT IS AN AUDIT? abides by specific rules, standards, and regulations. Proof often comes in the form of documents
and reports of business operations, protocols, and practices relevant to the scope, objectives,
and criteria of the audit plan

INTERNAL AUDIT
TYPES OF AUDITS Internal Audit refers to an ongoing audit function performed within an organization by a separate
internal auditing department.
1. Internal Audit
EXTERNAL AUDIT
2. External Audit External Audit is an audit function performed by the independent body which is not a part of the
organization.
• Second Party Audit • Second-party – customers, clients, vendors, and other stakeholders working with the company
• Third Party Audit • Third-party – independent auditing bodies (for certification) and government agencies (for
statutory compliance)
7 PRINCIPLES OF AUDITING

• Integrity - Uphold fairness, honesty, and responsibility when managing audit programs and performing audits.

• Fair presentation – Present audit findings and conclusions with veracity, objectivity, accuracy, timeliness, and
completeness.

• Due professional care – Exercise due diligence and reasonable judgment-making in all audit situations.

• Confidentiality – Safeguard audit information sources, especially sensitive or confidential ones.

KEY NOTES OF
• Independence – Ensure an impartial, bias-free judgment throughout the audit process. ISO 19011:2018
• Evidence-based approach – Anchor the audit findings and conclusions on verifiable evidence with appropriate
sample sizes.

• Risk-based approach – Incorporate risks and opportunities in the entire audit process lifecycle—from plans to
communication materials.

TERMS AND DEFINITIONS

AUDIT PROCESS
Planning: ISO and IEC maintain terminological data bases for use in standardization at:
Define audit scope, objectives, and criteria. Develop an audit plan.
• Audit
Execution:
– Systematic, independent and documented process for obtaining objective evidence and
Conduct fieldwork, gather evidence, and assess compliance and effectiveness.
evaluating it objectively to determine the extent to which the audit criteria are fulfilled
Reporting:
• Combined Audit
Document findings, conclusions, and recommendations in an audit report.
– Audit carried out together at a single auditee on two or more management systems
Follow-up:
Track corrective actions and verify their implementation • Joint Audit
– Audit carried out at a single auditee by two or more auditing organizations
• Audit Programme
• Audit evidence
– Arrangements for a set of one or more audits planned for a specific time frame
– Records, statements of fact or other information, which are relevant to the audit criteria and
and directed towards a specific purpose
verifiable
• Audit scope
• Audit findings
– Extent and boundaries of an audit
– Results of the evaluation of the collected audit evidence against audit criteria
• Audit plan
– Description of the activities and arrangements for an audit • Audit conclusion

• – Outcome of an audit, after consideration of the audit objectives and all audit
Audit criteria
findings
– Set of requirements used as a reference against which objective evidence is
compared • Audit client
• Objective evidence – Organization or person requesting an audit
– Data supporting the existence or verity of something [In the case of internal audit, the audit client can also be the auditee or the individual(s) managing
the audit programme. Requests for external audit can come from sources such as regulators,
contracting parties or potential or existing clients]

• Observer
• Auditee
– Individual who accompanies the audit team but does not act as an auditor
– Organization as a whole or parts thereof being audited
• Management system
• Audit team
– Set of interrelated or interacting elements of an organization to establish policies
– One or more persons conducting an audit, supported if needed by technical experts [One auditor of and objectives, and processes to achieve those objectives
the audit team is appointed as the audit team leader; The audit team can include auditors-in- ,
training] • Risk
• Auditor – effect of uncertainty
– person who conducts an audit • Conformity:
• Technical expert - Fulfilment of a requirement
– Person who provides specific knowledge or expertise to the audit team • Nonconformity:
- Non-fulfilment of a requirement
• Competence
– ability to apply knowledge and skills to achieve intended results
• Requirement ISO 19011:2018 - Guidelines for auditing management systems
– Need or expectation that is stated, generally implied or obligatory
1 Scope
• Process
– Set of interrelated or interacting activities that use inputs to deliver an intended result 2 Normative references
• Performance:
3 Terms and definitions
- Measurable result
4 Principles of auditing
• Effectiveness
– Extent to which planned activities are realized and planned results achieved

5. MANAGING AN AUDIT PROGRAMME 6. PERFORMING AN AUDIT

1. General 1. General
2. Establishing the audit programme objectives 2. Initiating the audit
3. Establishing the audit programme 3. Preparing audit activities
4. Implementing the audit programme 4. Conducting the audit activities
5. Monitoring the audit programme 5. Preparing and distributing the audit report
6. Reviewing and improving the audit programme . 6. Completing the audit
7. Conducting audit follow-up
 ESTABLISHING AN AUDIT PROGRAM
7. COMPETENCE AND EVALUATION OF AUDITORS
An effective audit program consists of the following components:
1. General
2. Determining auditor competence to fulfil the needs of the audit programme • Goals and objectives of the audit program
3. Establishing the auditor evaluation criteria
• Opportunities and risks associated with the audit program
4. Selecting the appropriate auditor evaluation method
• Type of audit(s) – internal, external
5. Conducting auditor evaluation
• Scope – extent, location, limitations
6. Maintaining and improving auditor competence
• Schedule – amount (how many times), frequency (how often), duration (how long)
• Method – remote, on-site, combination
• Criteria for the auditing process – to determine conformity with rules or standards
• Requirements for audit team selection
• Other relevant documents and information

CONDUCTING AUDIT
PLANNING
The initial phases of an audit consist of planning out details, ranging from the audit objectives
to audit teams. The tasks involved in this stage of the auditing process include the following:

• Determining the objectives for conducting the audit

• Forming and selecting qualified members of the audit team
• Designating roles and responsibilities for auditors
• Preparing a checklist of tasks and action items for the audit
• Identifying the scope, location, amount, and frequency of audits
• Setting procedures to review the auditing process
 AUDIT REPORTING
• Prepare an audit report documenting the audit findings, conclusions, and recommendations.
• Include details such as audit scope, objectives, criteria, methodology, and any identified non-
conformities or opportunities for improvement.
• Review the report internally for accuracy and completeness before sharing it with the auditee.
FOLLOW-UP AND CLOSURE
• Share the audit report with the auditee and discuss the findings, conclusions, and recommendations.
— the audit plan and other relevant arrangements with the auditee, such as the date and time for the closing
• Address any corrective actions or improvements required by the auditee based on the audit findings.
• Close out the audit process once all actions have been completed and verified.
— relevant access, health and safety, security, emergency and other arrangements for the audit team;
— activities on site that can impact the conduct of the audit.
The presentation of information on the following items should be considered, as appropriate:
— the method of reporting audit findings including criteria for grading, if any;
— conditions under which the audit may be terminated;
— how to deal with possible findings during the audit;
— any system for feedback from the auditee on the findings or conclusions of the audit, including complaints or
appeals.
OPENING MEETING
The purpose of the opening meeting is to:
a) confirm the agreement of all participants (e.g. auditee, audit team) to the audit plan;
b) introduce the audit team and their roles;
c) ensure that all planned audit activities can be performed.
Confirmation of the following items should be considered, as appropriate:
— the audit objectives, scope and criteria;
meeting
— formal communication channels between the audit team and the auditee;
— the language to be used during the audit;
— the auditee being kept informed of audit progress during the audit;
— the availability of the resources and facilities needed by the audit team;
— matters relating to confidentiality and information security;
CLOSING MEETING
A closing meeting should be held to present the audit findings and conclusions.
The closing meeting should be chaired by the audit team leader and attended by the management of the auditee
and include, as applicable:
— those responsible for the functions or processes which have been audited;
— the audit client;
— other members of the audit team;
— other relevant interested parties as determined by the audit client and/or auditee.
 CLOSING MEETING
As appropriate, the following should be explained to the auditee in the closing meeting:
a) advising that the audit evidence collected was based on a sample of the information available and is not
necessarily fully representative of the overall effectiveness of the auditee’s processes;
b) the method of reporting;

THANKS
c) how the audit finding should be addressed based on the agreed process;
d) possible consequences of not adequately addressing the audit findings;
e) presentation of the audit findings and conclusions in such a manner that they are understood and
acknowledged by the auditee’s management;
f) any related post-audit activities (e.g. implementation and review of corrective actions, addressing audit
complaints, appeal process).

Any diverging opinions regarding the audit findings or conclusions

Gitchia Institute of Global

Certification (Private)
Limited

Website: www.gitchia.com Ph.#: 042-

35445641