Tags Posts tagged with "audits"

audits

2 5798
4 Steps to an Effective Internal Audit

An Internal audit is one of the most important aspects within any management system. It is through audits that gaps, potential problems and possible solutions will be identified in order to maintain and improve the effectiveness of the management system.

However, not all audits add value to the system and in order. Follow these 4 steps to ensure your audits are effective. 

1. Be Planned & Programmed

Your organization needs to carefully determine which processes will be audited – not all systems have to be audited at once or with the same frequency. In order to do this,  consider the results of previous audits, the complexity and risk of its processes and the maturity of each process.

Auditors should consider the natural rhythm of the process being audited, including the synchronization of processes and time and the availability of trained and experienced auditors.

Specific timetables should be elaborated and these must be informed in advance within the organization, detailing which processes are to be audited – and when.

2. Use Competent Auditors

Auditors must be competent, objective and impartial. They must demonstrate comprehensive knowledge of the processes and the standard which they are auditing against.

3. Objective Communication

The findings and their details, i.e., non-conformities, positive areas, and areas for improvement – should be communicated during the audit’s closing meeting to everyone involved. These findings should also be discussed with the auditee during the audit and before recording it.

Information must be communicated in an objective and friendly manner and any suggestions should be informed in a constructive manner.

4. Record & Monitor Results

The results and the corrective actions encountered during the audit must be recorded and monitored in order to ensure that non-conformities are taken care of and improvements are made.

It is also important to establish who will be responsible for monitoring the actions necessary for closing a non-conformity or implementing an improvement.

For an internal audit to be effective, it is essential for this process to be carried out together with auditors and auditees. The planning and programming of internal audits must be consider information given by all involved.

Understand that the purpose of an internal audit is to identify possible weaknesses and areas for improvement in order to ultimately increase the effectiveness of the organization’s processes and its management system in general.



0 2951

The internal audit process is essential for any organization that aims to maintain and improve their management system(s).  However, achieving an effective internal audit process can be a challenge, especially for small and medium-size organizations.

Audits need to be performed by trained and qualified auditors with the sufficient knowledge of the standard being used in order to ensure independence and objectivity. Some organizations do not have the time or budget to train existing workers to become their internal auditors or to employ someone with the required skills to perform these audits.



For those organizations, contracting out their internal audits is a feasible option. Some of the benefits organizations can obtain by doing so are:

  • Assure independence. Independence is likely to increase when the auditor does not belong to the organization. In some cases when a close relationship exists between auditors and auditees, independence and objectivity may be jeopardized.
  • Assure knowledge and skills. Most auditors from external organizations have years of training and experience. These auditors not only have the technical skills, but they also follow strict ethical guidelines.
  • Reduce costs. Employing an expert to perform the organization’s internal audits can be expensive. Contracting out will reduce the overall cost of internal audits.
  • Assure an up-to-date knowledge. As any other market, the internal audit market is competitive. This drives audit organizations to become more efficient and constantly improve the services they offer, which benefits the organization being audited.
  • Efficient use of time. Internal audits are time consuming. When they are outsourced, management has more time to focus on the core activities of their business.
  • Decrease the risk of disrupting internal audit. If an organization relies on one person to perform internal audits, a reliance on that person is created, which increases the vulnerability of process. This risk is reduced when the process is outsourced.

Outsourcing internal audits is an option that should be considered by small and medium-size organizations. However, each organization has its particular needs and circumstances and they should assess if it would suit them better to outsource internal audits or to create their own auditing team.

There are many organizations that offer audit services, and choosing one is a decision that should not be taken lightly. The time spent choosing the right one will assure an independent and objective audit which will contribute to the improvement of the organization’s management system(s).

 



2 14307
Difference Between Stage 1 & Stage 2 Audits - ISOUpdate.com

A Certification Audit is the first step for your organization once you have decided to undergo an assessment process. Your options include undergoing an assessment with a Certification Body (CB), or Registrar, like The Registrar Company, to determine if your management system complies with the requirements of a given standard (ISO 9001ISO 14001ISO 45001, etc). This Certification Audit is completed in two stages: Stage 1 and Stage 2. These audits differ in many ways: their purpose, duration, information reviewed, and sometimes even location. Therefore it is important to understand the difference between Stage 1 and Stage 2 Audits, and the effect your selection of CB will have on the process.

These audits differ in many ways: their purpose, duration, information reviewed and sometimes even in the location where it will take place.

The objective of a Stage 1 Audit is to determine an organization’s readiness for their Stage 2 Certification Audit.
During the Stage 1, your Certification Body’s auditor will review your management system documented information, evaluate your site-specific conditions, and have discussions with personnel. The auditor will look to see that objectives and key performance indicators, or significant aspects are in place and understood. They will review the scope of the management system and obtain information on your processes and operations, the equipment being used, the levels of control that have been established, as well as any applicable statutory or regulatory requirements. Internal audits and management reviews will be evaluated to ensure they are being planned and performed and the overall level of implementation of your management system will be assessed to determine if your organization is ready to move forward with the Stage 2 Certification Audit.



Your Certification Body will use the Stage 1 Audit to complete Stage 2 Audit planning, including a review of the allocation of resources and details for the next phase of the audit. Documented conclusions will be given to your organization that will outline your readiness as well as identify any areas of concern that could be classified as a nonconformance during the Stage 2 Audit.

A Stage 1 Audit is usually carried out over 1 or 2 days and typically occurs onsite. For organizations with more than 1 location, the audits are usually carried out at your central function location.

The Stage 2 Audit evaluates the implementation and effectiveness of your organization’s management system(s). During the Stage 2 audit, your Certification Body will determine the degree of compliance with the standard’s requirements and report any non-conformances or potential non-conformances that your organization will have to correct before the certification can be issued. If the Stage 2 audit is successful, your organization’s management system(s) will be certified.

The Stage 2 Audit includes:

  • All relevant documented information that evidences your management system’s conformity with all the standard’s requirements;
  • Key performance objectives and targets, looking at performance monitoring, measuring and reporting;
  • Evaluation of internal audits, management review and management responsibility for your organization’s policies;
  • All relevant processes, looking at operational control and the ability to carry them out as planned.

The duration of the Stage 2 Audit is determined in accordance with the relevant IAF Mandatory Documents.  Depending on the size and complexity of the organization this audit can range anywhere from 1 to many days.

Every organization undergoing a certification process should maintain open and clear communication with their Certification Body in order to clarify any questions that may arise before the audits take place. At TRC, customer service is our top priority, with every facet of our organization designed with your satisfaction in mind.

Associating your company with an internationally recognized and trusted certification shows your customers that you hold their satisfaction and expectations above all and adds real value to your bottom line through increased efficiency and reduced risk – and working with the best Certification Body for your unique needs should be top of mind. Certification can be a lengthy process, and you will be working closely with your Certification Body and Auditor for years to come, ensure you pick the best.

 

About the Author

TRC is internationally recognized and trusted. With a large network of auditors, TRC is an international certification body with local benefits. With dedicated Client Service Managers and family-owned and entrepreneurial values, our clients are family. We take the time to understand your business and your unique needs. TRC audits are more than a checklist, we highlight your corporate strengths, and find opportunities for improved processes to ensure you stay competitive and thriving. TRC works with you to ensure minimal disruptions so you receive the highest benefits from the auditing process. Learn about how we can help you today.


Read about The Characteristics of an Excellent Internal Audit



2 3769
What is a Pre-Assessment Audit? - ISOUpdate.com

Defining a Pre-Assessment Audit

A pre-assessment audit is one that is performed before a certification/registration audit takes place. This pre-assessment audit determines the degree of conformance of an organization’s management system(s) with the requirements of a standard (e.g. ISO 9001, ISO 14001, ISO 27001, etc.)

After putting the time and effort to implement a management system and before diving into a certification audit, many organizations choose to contracting the services another organization or person to perform a pre-assessment audit. This is a full audit of a management system against the requirements of a specific standard that allows organizations to identify any nonconformities and implemented corrective actions before the certification audit.



About the Pre-Assessment Audit

A pre-assessment audit is performed with the same independence and objectivity as a certification audit. The auditor(s) will conduct activities such as documentation review, process review, interview of process owners, etc, in order to gather the necessary information that evidence compliance.

Audits are performed on-site and are a complete assessment of the management system against the requirements of the relevant standard. As any other audit, all nonconformities and observations found will be presented in an audit report that will be delivered at the end of the process; this report will serve as a baseline for the organization to improve its processes and implement the necessary corrective actions.

Who Needs a Pre-Assessment Audit?

Any organization that has implemented a management system and wishes to determine its readiness to undergo a certification audit can seek a pre-assessment audit.

What are the Benefits of a Pre-Assessment Audit?

Some of the benefits of performing this audit are:

  • Helps organizations identify any non conformities and implement corrective actions.
  • Contributes in the optimal preparation for the certification audit.
  • An organization can focus its resources on weaknesses that might lead to nonconformities.
  • Depending on the outcome, organizations can decide to postpone a certification audit that has already been scheduled or, on the contrary, face the certification audit with a renewed confidence.
  • Helps organizations avoid unnecessary additional costs.

A Pre-Assessment audit can be conducted by qualified consultants, registrars, or competent individuals with experience and knowledge regarding the relevant industry sector and standard. It is important to remember that, just as an organization carefully chooses  a certification body or any other service, it should also take the time to choose the correct organization or person to perform its pre-assessment audits.




Did you find that article helpful? Continue learning about Audits & how to choose the correct organization or person for your Audit.

4 14013

Management systems such as ISO 9001, ISO 14001 and OHSAS 18001 require that internal audits are scheduled at planned intervals; they do not establish a specific frequency nor do they establish that all processes need to have an annual internal audit. Therefore, organizations must establish a frequency which is right for their business. But how often should you be having internal audits for compliance? Audits can be performed monthly, quarterly, twice a year, or once a year. It is important to understand the criteria which should be considered before defining an internal audit frequency, as not all processes should be considered on the same timeline.



Complexity of the Processes

  • Crucial or high-risk processes should be audited on a more frequent basis, perhaps quarterly or twice a year
  • Low-risk processes can be audited just once a year or every other year

Maturity of the Processes

  • Well established processes that run efficiently can be audited once a year or every other year
  • Newly developed processes should be audited more frequently, for example, quarterly, until they are stable

Past Experience

  • Processes that have a history of frequent deficiencies or non-conformities, should be audited on a more frequent basis, such as quarterly or twice a year
  • Processes with troubles achieving targets and objectives should also be audited on a more frequent basis, such as quarterly or twice per year


Other factors that may influence the frequency of auditing:

  • Budget for the execution of internal audits
  • Regulatory or customer requirements

There is no need to audit every process all at once; consider spreading out internal audits throughout the year by auditing different processes at different times. Auditing many processes all at once can be exhausting and process deficiencies or areas for improvement may be overlooked.

 

Although most standards do not require that all processes be audited every year, it is a common practice in many organizations. Some organizations with mature and well-established management systems may wish to schedule their audits over a 3-year time plan instead of annually. Every organization needs to take a close look at each of their processes, their management systems, and other applicable requirements to establish a rational schedule which fits their needs and is right for them.


This article was written by The Registrar Company and published with permission.

0 2831
Internal Auditor Training - ISOUpdate.com

Internal Auditors require 3 types of training; formal, theoretical and practical auditor training. 

Auditor Formal Training

Formal auditor training must consist of the following:

  • Audit principles
  • Objectives of an audit.
  • Types of audits.
  • Benefits of implementing internal audits.
  • Different auditing approaches.
  • Competences of an auditor.
  • Responsibilities of an auditor
  • How to Prepare for an audit
  • How to Conduct an audit
  • Reports and Follow-up
  • Evaluations

How to prepare for the audit: Establishing the audit program, defining the elements of the management system to be audited, preparation of checklists, selecting the audit team.

How to conduct an audit: How to contact the auditee, developing the audit plan, carrying out the opening meeting, how to gather evidences, defining findings, conducting the closing meeting.

Reports and Follow-up: Categorization of findings, preparing the report, approval and distribution of the report, monitoring.

Competence and evaluation of auditors: General, personal attributes, knowledge and skills, training and work experience, maintenance and enhancement of skills, auditor evaluation.

Auditor Theoretical Training

In addition to this basic auditor training regarding the skills, knowledge and competences of auditors and how to prepare, conduct and monitor audits, it is essential for internal auditors to fully know and understand the standard that they will be auditing against. Here an additional training session will be required. The most frequent standards that organizations use that require the execution of internal audits are ISO 9001, ISO 14001 and OHSAS 18001; however, the standards use will depend on the needs and objectives of each organization.

Auditor Practical Training

After an auditor has received this theoretical auditor training, they can now begin their practical training by participating in an internal audit. This practical auditor training usually is done following these steps:

  1. Participate in at least 2 audits as an observer or auditor in training. Here they usually participate in the planning stage of the audit but when the audit is being conducted they only observe; they do not take any actions in any of the activities during the audit.
  2. Participate in at least 2 internal audits with supervision of a lead auditor. Here they take a more active role in the preparation and in the conducting of the audit.
  3. After having successfully carried out a number of internal audits and having sufficient skills, knowledge and experience as an internal auditor, he or she may start to conduct audits as an internal auditor leader. This leader takes full action in all of the stages of the audit.

Note: Training can vary. Each organization may decide to train their auditors in a way that is best for them. It is important for auditors to receive a constant and progressive auditor training that allows them to acquired the necessary skills and knowledge to conduct objective and impartial audits that meet the objectives for which they audits are carried out for.


Looking for auditor training? Check our listing to see what’s available near you.

0 1700

In the past, most auditors used a formal clause approach when auditing a management system; today, many auditors are leaving behind the checklist that served as a useful guide to identify the conformance with applicable requirements, and are now using a process approach to perform their audits.

Some aspects that give importance to this approach are the following:

  1. Process Approach focuses on results, not on procedures.

    Management systems are not just a set of documented procedures; they are an active system of processes that address business risks and its applicable requirements. By reviewing the process and not just the procedures, it becomes easier to evaluate the results of the process and how effective these really are.

  2. Process Approach determines the effectiveness of the management system.

    Audits conducted using a process approach provide information on whether performance targets are being met, they identify opportunities to improve performance through better process control and determines how processes can be more effective and efficient in meeting the system’s applicable requirements.

  3. Process Approach evaluates links between departments and processes.

    Interactions between the processes of an organization can often be complex, resulting in a network of interdependent processes where the output of a process can be the input of another. By following the flow and continued work throughout the organization, it’s possible to review and evaluate the sequence and interactions of processes, their inputs and outputs and the effectiveness of these interactions.

  4. Process Approach determines whether the operations are under control and whether the controls are effective.

    The process approach not only focuses on whether controls are in place but also on how efficient these really are in maintaining and improving the effectiveness of the process and the system.

  5. Process Approach helps determine the depth of the problems through the organization.

    When a problem is found, it is easier to determine the severity of its impact on the system by reviewing the entire process and it’s interactions with other processes.

  6. Process Approach focuses on the benefits of correcting non-conformities related to improving organizational effectiveness.

    Process based audits help organizations in evaluating the effectiveness of their processes. It serves as a tool to identify weaknesses and opportunities to improve the existing connections between policy, requirements, performance, objectives and goals, which will ultimately contribute to the overall success of an organization.

Management systems are a complex set of interactions between different activities carried out in different areas of an organization. When these activities are viewed as being part of a process, it is easier to understand these interactions and how they go beyond the boundaries of a specific functional unit. Also, by auditing an entire process, the people involved in it will have a greater understanding of how their activities influence the overall effectiveness of the organization’s management system.

0 1731
External Audits

An audit is a process performed to gather evidence that support an organization’s compliance to specific requirements. Audits can be Internal (first party audits) or External (second and third party audits). The differences between the two types of external audits generates some confusions that we will clarify in this article.

The main differences rely on the interests between the organization performing the audit and the one being audited, and in the purpose of the audit.

  • Second party audits are external audits that occur when one organization audits another with which it either has, or is going to have, a contract or agreement for the supply of goods or services. They can also be done by regulators or any other external party that has a formal interest in an organization. These are usually done to verify operating conditions of a supplier to ensure it meets applicable requirements.
  • Third party audits are also external audits that are done independent of the organization being audited. They are performed by independent organizations such as registrars (certification bodies) or regulators, usually for certification, registration or verification purposes.

The reasons why these are performed also serves to set them apart.

Second party audits are carried out to:

  • ™Help customers ensure that suppliers have proper capabilities and controls in place.
  • ™Improve communication between both organizations.
  • Promote a clear understanding of the customer’s expectations.
  • ™Provide a path for the transfer of knowledge and good practices between both organizations.
  • Build customer confidence that the supplier will comply with legal and other applicable requirements.
  • Create good and mutually beneficial working relationships.

Third party audits are performed to:

  • Verify compliance to a specific standard or regulation.
  • Demonstrate compliance with all the requirements of a standard such as ISO 9001, ISO 14001, OHSAS 18001 to customers and other stakeholders.
  • Give confidence to customers that the best business practices are being implemented regarding quality, environmental or other management systems.

As mentioned before a second party audit is usually done by a customer and a supplier that wish to establish a business relationship and, in some cases, the audit is one of the requirements necessary to seal the deal.

On the other hand, third party audits can be mandatory (depending on the standard/regulation and the industry sector) or they can be voluntary. In both cases, the organization wishing to be audited will have to contract the services of a qualified organization to perform an independent and objective audit.

Both types of audits are done prior to executing a contract (Second party) or obtaining a certification/registration (Third party) and they both require periodic surveillance audits for verification purposes.

0 5194

There are different approaches to auditing; these can be performed by clause, department, tasks, etc. The most commonly used by auditors is the clause approach,  where the auditor goes by each clause, usually with a checklist, searching for evidence of requirement conformance and writing nonconformities (minors or majors) if any are found.

These approaches tend to focus mainly on procedures and not on the performance, outcomes and results of the organization’s processes. Hence, audits result in the correction of minor problems and not in the improvement of the system and its processes.

Also Read: Understanding the Process Approach to Auditing

Also Read: Get Your Company Ready for the ISO Implementation Process



The process approach to auditing focuses on reviewing the sequence and interaction of processes and their inputs and outputs. It analyzes the management system not just as if it were a set of documented procedures, but rather as an active system of processes that addresses business risk and its applicable requirements. The main elements that a process-approach audit reviews are:

  • Process Owners
  • Inputs and Outputs of the process
  • Resources
  • Methods/ Procedures/ Instructions
  • Controls/ Measurements/ Metrics
  • Documents/Records
  • Efficiencies/ Effectiveness

In order to take this approach, it is required to plan and perform the audits so they are based on the processes that achieve organization’s objectives. The audit needs to be conducted through business processes and across department boundaries; some of the processes that need to be audited are:

  • Business management
  • Marketing and sales
  • Resource management
  • Purchasing
  • Product / service production processes

Audits conducted with a process approach provide information on whether performance targets are being met, they identify opportunities for improving performance through a better control of processes and determine how processes can be more effective and efficient in meeting the applicable requirements. Some of the aspects that make this approach a valuable one are:

  • It focuses on results, not on procedures.
  • Determines the management system’s effectiveness.
  • Evaluates the outcomes and results of the system.
  • Evaluates linkages between departments and processes.
  • Follows flow of work throughout organization.
  • Determines if operations are under control and if controls are effective.
  • Allows judgment on significance of findings.
  • Helps determine depth of problems across organization.
  • Focuses on benefits of correcting nonconformities related to improving organizational effectiveness.

Organizations that wish to comply with a standard have to meet the requirements established in it, but in some cases, just meeting these requirements does not necessarily add value to the organization. In order for an organization to be competitive and successful, its operational processes must work together in achieving its goals and objectives. A process based audit assists organizations in assessing the effectiveness of these processes; it serves as a tool to identify weaknesses and opportunities to improve the connections between policy, requirements, performance, objectives and targets, which will ultimately contribute to an organization’s overall success.

Also Read: Understanding the Process Approach to Auditing

Also Read: Get Your Company Ready for the ISO Implementation Process