We shall try to define and understand some of the terms used in quality management system. The standard ISO 9000:2005 is the basis on which the terms are defined.
9) Terms related to Audit
Terms related to Audit as defined in ISO 9000:2005 are:
9.1) Audit
ISO 9000 definition:
“Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.”
NOTE 1 Internal audits, sometimes called first-party audits, are conducted by, or on behalf of, the organization itself for management review and other internal purposes, and may form the basis for an organization’s declaration of conformity. In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.
NOTE 2 External audits include those generally termed second- and third-party audits. Second-party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations,such as those providing certification/ registration of conformity to ISO 9001 or ISO 14001.
NOTE 3 When two or more management systems are audited together, this is termed a combined audit,
NOTE 4 When two or more auditing organizations cooperate to audit a single auditee, this is termed a joint audit.
NOTE 1 Internal audits, sometimes called first-party audits, are conducted by, or on behalf of, the organization itself for management review and other internal purposes, and may form the basis for an organization’s declaration of conformity. In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.
NOTE 2 External audits include those generally termed second- and third-party audits. Second-party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations,such as those providing certification/ registration of conformity to ISO 9001 or ISO 14001.
NOTE 3 When two or more management systems are audited together, this is termed a combined audit,
NOTE 4 When two or more auditing organizations cooperate to audit a single auditee, this is termed a joint audit.
Explanation:
An audit is a systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.Audits are structured and formal evaluations.The organization must plan and document its system for auditing. It must have management support and resources behind it.
Audits must be performed in an impartial manner.An audit is an evidence gathering process. Audit evidence is used to evaluate how well audit criteria are being met. Audits must be objective, impartial, and independent, and the audit process must be both systematic and documented.
There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits.
Organizations use first party audits to audit themselves. First party audits are used to confirm or improve the effectiveness of management systems. They’re also used to declare that an organization complies with an ISO standard (this is called a self-declaration). Of course, such a declaration is credible only if first party auditors are genuinely independent and free of bias. If you decide to use first party auditors to make a self-declaration of compliance, make sure that they aren’t auditing their own work. Second party audits are external audits. They’re usually done by customers or by others on their behalf. However, they can also be done by regulators or any other external party that has a formal interest in an organization. Third party audits are external audits as well. However,they’re performed by independent organizations such as registrars (certification bodies) or regulators.
ISO 19011 2011 also distinguishes between combined audits and joint audits. When two or more management systems of different disciplines are audited together at the same time, it’s called a combined audit; and when two or+ more auditing organizations cooperate to audit a single auditee organization it’s called a joint audit.
ISO 19011 2011 should be used by those who carry out first and second party audits. ISO/IEC 17021 2011 should be used by those who carry out third party audits.
Audits must be performed in an impartial manner.An audit is an evidence gathering process. Audit evidence is used to evaluate how well audit criteria are being met. Audits must be objective, impartial, and independent, and the audit process must be both systematic and documented.
There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits.
Organizations use first party audits to audit themselves. First party audits are used to confirm or improve the effectiveness of management systems. They’re also used to declare that an organization complies with an ISO standard (this is called a self-declaration). Of course, such a declaration is credible only if first party auditors are genuinely independent and free of bias. If you decide to use first party auditors to make a self-declaration of compliance, make sure that they aren’t auditing their own work. Second party audits are external audits. They’re usually done by customers or by others on their behalf. However, they can also be done by regulators or any other external party that has a formal interest in an organization. Third party audits are external audits as well. However,they’re performed by independent organizations such as registrars (certification bodies) or regulators.
ISO 19011 2011 also distinguishes between combined audits and joint audits. When two or more management systems of different disciplines are audited together at the same time, it’s called a combined audit; and when two or+ more auditing organizations cooperate to audit a single auditee organization it’s called a joint audit.
ISO 19011 2011 should be used by those who carry out first and second party audits. ISO/IEC 17021 2011 should be used by those who carry out third party audits.
9.2) Audit programme
ISO 9000 definition:
“Set of one or more audits planned for a specific time frame and directed towards a specific purpose”
NOTE An audit programme includes all activities necessary for planning, organizing and conducting the audits.
NOTE An audit programme includes all activities necessary for planning, organizing and conducting the audits.
Explanation:
An audit programme is a set of one or more audits planned for a specific time frame and directed towards a specific purpose. It is set of arrangements that are intended to achieve a specific audit purpose within a specific time frame. It includes all of the activities and resources needed to plan, organize, and conduct one or more audits.ISO 19011 expects organizations to appoint audit program managers. They are responsible for setting objectives, assigning responsibilities, allocating resources, and monitoring performance. Audit programme gives at a glance information about time frame, audit intervals, responsibility and resources. It helps in adhering to audit frequency. It may include may include first, second and third party audit at, if any.
9.3) Audit criteria
ISO 9000 definition:
“Set of policies, procedures or requirements.”
NOTE Audit criteria are used as a reference against which audit evidence is compared.
NOTE Audit criteria are used as a reference against which audit evidence is compared.
Explanation:
Audit criteria refers to Set of policies, procedures or requirements used as a reference. Audit criteria are used as a reference against which audit evidence is compared.. Audit evidence is used to determine how well audit criteria are being met. Audit evidence is used to determine how well policies are being implemented, how well procedures are being applied, and how well requirements are being followed.When requirements are used as audit criteria, auditors often use the terms conformity and nonconformity to indicate whether or not requirements are being met. However, when legal requirements are used as audit criteria, auditors tend to use the terms compliance and noncompliance (instead of conformity and nonconformity). for e.g during the audit of iso 9001:2008 standards, the requirements of ISO 9001:2008 becomes the audit criteria.
9.4) Audit evidence
ISO 9000 definition:
“Records, statements of factor other information which are relevant to the audit criteria and verifiable.”
NOTE Audit evidence can be qualitative or quantitative.
NOTE Audit evidence can be qualitative or quantitative.
Explanation:
Audit evidence includes records, factual statements, and other verifiable information that is related to the audit criteria being used. Audit criteria include policies, procedures, and requirements. Audit evidence can be either qualitative or quantitative. Objective evidence is information that shows or proves that something exists or is true. Audit evidence should be identified , recorded, documented and evaluated against audit criteria to determine audit findings.
9.5) Audit findings
ISO 9000 definition:
“Results of the evaluation of the collected audit evidence against audit criteria.”
NOTE Audit findings can indicate either conformity or nonconformity with audit criteria or opportunities for improvement.
NOTE Audit findings can indicate either conformity or nonconformity with audit criteria or opportunities for improvement.
Explanation:
Audit findings result from a process that evaluates audit evidence and compares it against audit criteria. Audit findings can show that audit criteria are being met (conformity) or that they are not being met (nonconformity). They can also identify best practices or improvement opportunities. Audit evidence includes records, factual statements, and other verifiable information that is related to the audit criteria being used. Audit criteria include policies, procedures, and requirements.
9.6) Audit conclusion
ISO 9000 definition:
“Outcome of an audit provided by the audit team after consideration of the audit objectives and all audit findings “
Explanation:
Audit conclusions are drawn by the audit team after the audit has been completed and after audit findings and audit objectives have been considered. Audit findings result from a process that evaluates audit evidence and compares it against audit criteria.
9.7) Audit client
ISO 9000 definition:
“Organization or person requesting an audit”
NOTE The audit client may be the auditee or any other organization that has the regulatory or contractual right to request an audit.
NOTE The audit client may be the auditee or any other organization that has the regulatory or contractual right to request an audit.
Explanation:
An audit client is any person or organization that requests an audit. Internal audit clients can be either the auditee or audit program manager whereas external audit clients can include regulators or customers or any other parties that have a legal or contractual right or obligation to carry out an audit.
9.8) Auditee
ISO 9000 definition:
“Organization being audited.”
Explanation:
“Organization being audited.”
Explanation:
An auditee is an organization (or part of an organization) that is being audited. Organizations can include companies, corporations, enterprises, firms, charities, associations,and institutions. Organizations can be either incorporated or unincorporated and can be privately or publicly owned.
9.9) Auditor
ISO 9000 definition:
“Person with the demonstrated personal attributes and competence to conduct an audit.”
NOTE The relevant personal attributes for an auditor are described in ISO 19011.
NOTE The relevant personal attributes for an auditor are described in ISO 19011.
Explanation:
An auditor is a person who is trained and tasked to carry out audits. Auditors collect evidence in order to evaluate how well audit criteria are being met. They must be objective, impartial, independent, and competent. ISO 19011 distinguishes between internal and external auditors. Internal auditors perform first party audits while external auditors perform second and third party audits.
9.10) Audit team
ISO 9000 definition:
“One or more auditors conducting an audit, supported if needed by technical experts.”
NOTE 1 One auditor of the audit team is appointed as the audit team leader.
NOTE 2 The audit team may include auditors-in-training.
NOTE 1 One auditor of the audit team is appointed as the audit team leader.
NOTE 2 The audit team may include auditors-in-training.
Explanation:
An audit team is made up of one or more auditors, one of whom is appointed to be the Lead Auditor. The audit team may also include audit trainees. When necessary, audit teams are also supported by guides and technical experts. Guides and technical experts assist auditors but do not themselves act as auditors.
The Lead Auditor is responsible for:
The Lead Auditor is responsible for:
- Leading the team and deciding on allocation of audit activities
- Communicating with the auditee to confirm audit plans
- Monitoring the performance of auditors within the team
- Check for adequacy any checklists and other documented preparations of the audit team members
- Authorising the final report before being provided to the auditee
- Managing any conflicts between auditors and auditees
- Lead team meetings to discuss progress at regular intervals throughout the audit
- Decide upon any non-conformances or follow-up action required based on collated findings
- Conducting the entry and exit meetings
- Collating the findings of each auditor involved in the audit.
All other auditors are responsible for:
- Participate in the planning of the audit
- Prepare for the audits
- Submit checklists to the Lead Auditor for review of adequacy
- Report findings and perceived non-conformances to the lead auditor within sufficient timeframes
- Provide any information requiring follow-up actions
- Attend and participate in team meetings to report on progress
- Conducting audit
9.11) Technical expert
ISO 9000 definition:
“(audit) Person who provides specific knowledge or expertise to the audit team.”
NOTE 1 Specific knowledge or expertise relates to the organization, the process or activity to be audited,or language or culture.
NOTE 2 A technical expert does not act as an auditor in the audit team.
NOTE 1 Specific knowledge or expertise relates to the organization, the process or activity to be audited,or language or culture.
NOTE 2 A technical expert does not act as an auditor in the audit team.
Explanation:
Technical experts support audit teams by providing specific expertise or knowledge about the organization, process, or activity being audited or about the auditee’s language or culture. They do not act as auditors.Technical experts should be under the supervision of an auditor, so as to meet the audit objectives in which an audit team may need to be supplemented by.To avoid Technical Experts to associate with the concerned auditee’ s competitors from the same industrial sector by other auditee; all technical experts should be required to sign a statement on avoiding conflicts of interest and on ensuring integrity, confidentiality before participating in the audit .
9.12) Audit plan
ISO 9000 definition:
“Description of the activities and arrangements for an audit.”
Explanation:
An audit plan specifies how you intend to conduct a particular audit. It describes the activities you intend to carry out in order to achieve your audit objectives. An audit is an evidence gathering process. Audit evidence is used to evaluate how well audit criteria are being met.Audit planning is a vital area of the audit primarily conducted at the beginning of audit process to ensure that appropriate attention is devoted to important areas, potential problems are promptly identified, work is completed expeditiously and work is properly coordinated. “Audit planning” means developing a general strategy and a detailed approach for the expected nature, timing and extent of the audit. The auditor plans to perform the audit in an efficient and timely manner.
An Audit plan is the specific guideline to be followed when conducting an audit.It helps the auditor obtain sufficient appropriate evidence for the circumstances, helps keep audit costs at a reasonable level, and helps avoid misunderstandings with the client. It addresses the specifics of what, where, who, when and how:
What are the audit objectives?
Where will the audit be done? (i.e. scope)
When will the audit(s) occur? (how long?)
Who are the auditors? How will the audit be done?
An Audit plan is the specific guideline to be followed when conducting an audit.It helps the auditor obtain sufficient appropriate evidence for the circumstances, helps keep audit costs at a reasonable level, and helps avoid misunderstandings with the client. It addresses the specifics of what, where, who, when and how:
What are the audit objectives?
Where will the audit be done? (i.e. scope)
When will the audit(s) occur? (how long?)
Who are the auditors? How will the audit be done?
9.13) Audit scope
ISO 9000 definition:
“Extent and boundaries of an audit.”
“Extent and boundaries of an audit.”
NOTE The audit scope generally includes a description of the physical locations, organizational units, activities and processes, as well as the time period covered.
Explanation:
Audit Scope refers to the activities covered by an audit. Audit scope includes, where appropriate: audit objectives; nature and extent of auditing procedures performed; Time period audited; and related activities not audited in order to delineate the boundaries of the audit.The range of activities that are the focus of an audit. The scope includes all areas of importance in an audit.The scope of an audit is a statement that specifies the focus, extent, and boundary of a particular audit. The scope can be specified by defining the physical location of the audit, the organizational units that will be examined, the processes and activities that will be included, and the time period that will be covered.
9.14) Competence
ISO 9000 definition:
“(audit) demonstrated personal attributes and demonstrated ability to apply knowledge and skills.”
Explanation:
Competence means being able to apply knowledge and skill to achieve intended results. Being competent means having the knowledge and skill that you need and knowing how to apply it. Being competent means that you know how to do your job.Competence is the ability of an individual to do a job properly. A competency is a set of defined behaviors that provide a structured guide enabling the identification, evaluation and development of the behaviors in individual employees.Some scholars see “competence” as a combination of practical and theoretical knowledge, cognitive skills, behavior and values used to improve performance; or as the state or quality of being adequately or well qualified, having the ability to perform a specific role.Competency is sometimes thought of as being shown in action in a situation and context that might be different the next time a person has to act. In emergencies, competent people may react to a situation following behaviors they have previously found to succeed. To be competent a person would need to be able to interpret the situation in the context and to have a repertoire of possible actions to take and have trained in the possible actions in the repertoire, if this is relevant. Regardless of training, competency would grow through experience and the extent of an individual to learn and adapt.