Iso Audit Checklist For Training Department Objectives
There are audit checklists for ISO 9001, ISO 14001, ISO 27001, ISO 22301, ISO 55001, ISO 50001 and so on… We train auditors to develop these checklists in our training courses. However, this article is a response to frequent requests from the other side of the table, “Can we please have a checklist to help us to handle audits better?“.
Here is our response. This article gives guidance on preparing to receive an audit and on responding during audit. Auditors will appreciate this too. If you are well prepared for an audit it makes it easier for them to deliver value to you.
ISO Checklist Page 1 of 16 Company: Department: Completed by Date completed 4. Context of the organisation 4.1 Understanding the organisation and its context Clause ISO Requirements Reference in your system verification Area of concern? 4.1 Have you determined external and internal issues that are. Audit Checklist questionnaire to determine the non compliance of IT Security in conformity with ISO 27001, and to measure the effectiveness of information Security, contains downloadable 3 Excel sheets- 757 Checklist questions covering the requirements of IT Security under Responsibility & accountability of IT department, and Top management of an organization.
You can also download our audit checklist.
The following guidelines are directed to the person who has been assigned to liaise with the certification body and co-ordinate audit-related activities on behalf of your organisation. If there is no such a person, appoint one now.
Actually, the auditor is responsible for initiating or requesting many of the things in the checklist . Unfortunately, that does not always happen. Play safe; ensure that they do.
Immediately After the Previous Audit
Ascertain from the auditor the proposed dates of next audit. Also, ask the auditor to state the date, objective(s) and scope (i.e. which ISO standard and which clauses, which locations etc) of the next audit. Once the dates have been agreed, ask the appropriate persons to reserve these dates in their diaries.
- The results of the audit and the objectives/findings must be documented on the protocol “Findings”. In the row „Reference“ the objectives must be referenced to the nomenclature of the questions. Please use the numbers given in the checklist with 2 digits only (e.g. 4.2 for „Documentation requirements” of the ISO 13485).
- Introduction: Since the first edition of ISO 19011 was published back in 2002, many new management system standards have been published. This makes the need for a standardized framework for performing management system audits greater than ever before. ISO 19011 is that framework. The standard outlines a set of guidelines for performing audits on management.
When the audit report is received, ensure that it is communicated to the relevant persons and ensure that your corrective and preventive actions process gets to work on the findings and progress is monitored. Otherwise, there may be a last minute scramble before the next audit!
One Month before the Audit
Contact the auditor or the account manager of the certification body to reconfirm the audit and the name of the auditor or auditors (these sometimes change).
If you have not yet received a copy of the audit plan, or programme as it is sometimes called, ask for it. In the case of more complicated audits, it may be in everyone’s interest that you offer to help the auditor to develop the audit plan using your knowledge of the areas to be audited.
You should also check on the auditor’s logistical requirements for the audit. These typically include: a room, a guide, car parking space and directions to the audit location. It may be wise also to ask if there are any special dietary needs.
Email a copy of the audit programme to managers responsible for the areas to be audited and follow up to confirm that they have received it and that the appropriate people will be available. This may seem a bit over the top, but you know how unreliable internal communication can be!
Two Weeks before the Audit
Iso Audit Checklist For Training Department Objectives 2019
- Take care of the logistical arrangements. This includes:
- Reserving a room for the auditor
- Reserving car parking space, if required
- Notifying security if a special pass is needed
- Internet access (may need a password)
- Catering, if you are ordering lunch and refreshments
It would be wise also to verify that all outstanding actions from the previous audit have been completed and documentary evidence is available. This is usually the first thing that an auditor will examine. A swift close out of all actions will get you off to flying start.
Day of the Audit
Put a notice on the door of the auditor’s room, “Audit in Progress – Do not Disturb”. The auditor may conduct interviews elsewhere, but may wish to leave documents in the room and to conduct interviews there.
Before the auditor arrives, make sure that the room for the opening meeting is set up appropriately for the number of persons who will be attending the opening meeting.
Make sure that the signing in, visitor induction, safety brief etc are completed promptly on arrival. Auditors are not exempt and if the audit happens to include health and safety elements, it would be an even more embarrassing omission!
Iso Audit Checklist For Training Department Objectives Free
The audit itself will begin with a brief opening meeting. Inform senior managers that protocol requires that the auditor shall chair the meeting. So, after greeting the auditor, they can relax.
During the Audit
First priority – tea and/or coffee! The auditor might have had a long journey and regular refreshment will be much appreciated. No need to bring out the best silver, but try not to offer machine-made beverages in paper cups or a DIY kit with hot water in a thermos flask.
Try to calm nerves and offer practical advice to auditees. Here are some do’s and don’ts:
Do
- Listen to the question carefully
- Be open and answer honestly
- If you don’t know the answer, say so. Try to direct the auditor to someone who does
- Be prepared to show documentary evidence, if asked
- Politely point out anything the auditor has misunderstood
- Be positive at all times
Don’t
- Be late for your appointment
- Try to negotiate. It will waste time and you will lose
- Argue with the auditor. You will lose again
- Try to excuse mistakes or deflect attention. The auditor is not trying to pin blame
- Usurp the interview or talk over another person who is being interviewed
What if you want to invite the auditor to dinner? Certification bodies require their auditors to observe certain rules and the rules vary. So, don’t be offended if the auditor declines. If the auditor accepts, ensure that the hospitality is not excessive and don’t talk about the audit!
Closing Meeting
The closing meeting is where the auditor will give verbal and sometimes also written feedback on the audit findings. Once again, the auditor will chair the meeting.
Ask the auditor well beforehand who should attend. It won’t necessarily be everyone who attended the opening meeting. It is usually sufficient to invite persons from departments where nonconformities have been found. If others want to attend, don’t discourage them.
Some words of advice to attendees:
- Be punctual – expect the auditor to start on time
- Ensure you fully understand the findings. If not, ask the auditor to clarify.
- Take notes – you can use them to give immediate feedback to others
Summary
Most people’s reaction to audit is on a scale which varies from mild anxiety to sheer terror. By diligent management and following the guidelines in this article, you and your colleagues can be on the low end of that scale. You might even begin to enjoy the audit experience!
Recent Articles
Find out how we can help you, without obligation.
Call us on 01722 741281 or email enquiries@gablesmead.com
by J.P. Russell
To most, establishing program or department objectives seems like the normal thing to do. However, that isn’t always the case. Sometimes managers of programs or departments only focus on the purpose of their program or department. For example, the purpose of the audit program is to conduct audits. Therefore, all resources go into conducting as many audits as possible. Another example might be the shipping department where incoming material must be shipped ASAP. Establishing objectives or desirable outcomes goes beyond the purpose of a function. The aim is more about how the purpose is carried out and improved upon.
ISO 19011, Guidelines for auditing management systems, states that it is top management’s responsibility to ensure that audit program objectives are established. That doesn’t mean audit program managers should wait to hear from their boss before they establish objectives. On the contrary, audit program managers need to be proactive.
The audit program manager can start by determining the organization’s objectives and policies. An organization should have objectives to achieve their performance goals and obligations. Not all, but many policies may affect the audit department. Examples include safety, stewardship, ethics, and confidential information. A good starting point is to ensure audit program objectives are consistent with, and support, management system policies and objectives.
Iso Audit Checklist For Training Department Objectives
Next, audit program objectives can be established. There may be objectives for the entire function or specific audit program activities such as program management, plans, and performing audit services. Audit program objectives should relate to organizational objectives.
The program and individual audit objectives should also align with the needs and expectations of interested parties. For example, interested parties may include regulatory agencies, customers, suppliers, purchasing, and operations.
Audit program objectives direct program planning (department policy, procedures, guidelines, etc.). Plan what you do and do what you plan. Plans should align with objectives as well as the purpose of the function. One might ask, “Is this plan consistent with our objectives?” and “Is there anything we should change that would enhance our effectiveness to achieve our objectives?”
There should also be objectives for conducting audits. Providing an audit service is the purpose of the audit program. These objectives may relate to efficiency, safety, professionalism, and the code of conduct, and they should be consistent with audit program objectives. Perhaps an example objective would be to incorporate the seven lean wastes thinking when conducting the audit process to improve efficiency.
Audit program objectives can consider the following:
- Management priorities
- Commercial and other business intentions
- Characteristics of processes, products, and projects and any changes to them
- Management system requirements
- Legal and contractual requirements and other requirements to which the organization is committed
- Need for supplier evaluation
- Needs and expectations of interested parties, including customers
- Auditee’s level of performance, as reflected in the occurrence of failures, incidents or customer complaints
- Risks to the auditee
- Results of previous audits
- Level of maturity of the management system being audited
- Auditing organization risks
Examples of audit program objectives include:
- To contribute to the improvement of a management system and its performance
- To fulfill external requirements, e.g., certification to a management system standard
- To verify conformity with contractual requirements
- To obtain and maintain confidence in the capability of a supplier
- To determine the effectiveness of the management system
- To contribute to the identification of risks to the organization and verification of risk treatment actions
- To implement an eAudit program to reduce costs
- To evaluate the compatibility and alignment of the management system objectives with the management system policy, strategic direction, and overall organizational objectives
The objectives should be measurable. The idea here is to avoid vague generalizations such as “We will only use top-notch auditors or achieve performance excellence.” Plans for monitoring the achievement of program objectives will need to include determining the appropriate metrics. Some metrics will be obvious such as continued certification of the management system. Determining the metrics for other objectives such as the effectiveness of the management system may be more challenging. There may be some thought about appropriate metrics now or later as part of the monitoring performance process.
Plans should include how objectives are communicated. Objectives should be shared (note that there could be security exceptions). Informing people that need to know will only help the achievement of objectives. Communication of objectives could be done using several media options. For example, posters, intranet, emails, and virtual or face-to-face meetings.
Iso Audit Checklist For Training Department Objectives Template
Plans should take into account the need to update, delete, or replace certain objectives. Objectives need to be monitored and periodically evaluated and updated. For example, they may need to be updated due to changing organizational objectives or strategic direction or the results of monitoring the achievement of objectives. Typically, objectives are reviewed annually, but circumstances may require the objectives to be assessed more frequently.
Iso Audit Checklist For Training Department Objectives 2017
When appropriate, objectives should consider the type of audit. For example, on-site versus remote and internal versus external. The audit function of an organization may provide many different audit services beyond management system audits. Process audits are becoming increasingly popular due to the value they add to the organization. An ever-expanding supply chain has stressed the need for greater supplier accountability.
About the author
J.P. Russell is the founder and managing director of eLearning provider QualityWBT Center for Education (www.qualitywbt.com). He is also an ASQ fellow, ASQ-certified quality auditor, member of the U.S. Technical Advisory Group (TAG) 302 for management system auditing, member of the U.S. TAG for ISO technical committee 176. Russell is a recipient of the Paul Gauthier Award from the ASQ Audit Division and author of several ASQ Quality Press books about auditing, standards, and quality improvement.