2. Audit Process

1. 2A Audit Preparation and Planning

When we talk of the audit process, The audit process broadly consists of four stages. The planning phase, the performance phase,the reporting and follow up. And these are the four subsections in the audit process. So in section two, which is the audit process,we will start with audit preparation and planning. Here we will be discussing all the planning that needs to be done for the audit. Then we will move to the next step, which is audit performance. Here we will be talking about the audit opening, the audit interviews, the closing meeting, etc. So whatever is done during the audit will be covered in audit performance. Then the third part will be Audit Reporting.The fourth part is audit follow-up and close out.The role of the auditor also includes the followup and closure of all the actions that are identified in the audit report. So these are the four topics which we will be discussing in section two. Let's start with audit preparation and planning. In audit preparation and planning, there are seven topics here. Topic number one is elements of the audit planning process. Topic number two is auditor selection. Third is audit-related documentation and consideration. Fourth, is planning related to logistics? The fifth one is the auditing tool and working papers. The 6th is auditing strategies, and the 7th is auditing plans. So these are the seven topics which we will be discussing here in Audit Preparation and Planning. So let's start with the elements of the audit planning process. So here in the audit planning process, we will be looking at some basic information related to audit planning. This is the foundation of audit planning. Here we will talk about verifying the audit authority who is authorising this audit. Then we will talk about the purpose, scope, and type of the audit. So, once we know these, then we can do further planning for this audit. While we are doing this audit, what's the scope, what's the type of audit? Then we will talk about identifying the criteria to audit against. This audit is against what? against the contract, against the ISO 9000 standard, against the ISO 14,000 standard, or whatever it is. So that also needs to be defined very early in the planning phase. Then we will be talking about identifying necessary resources; what all do we need? The most important resource in audit is Audit Team.So we will talk about that as well. The fifth element of audit planning is documentation requirements, which we will not be talking about here, but which we will be talking about later in sections two and three. But for now we will be talking about these four items, the first four items. Another important thing which you need to remember here is that in section two we are talking about the actual audit. But how is the audit programme managed then? That will be covered separately in section four. Section four will cover how the whole audit programme is covered and what section two, which is the current section, is covering. This covers an individual audit. So with this basic introduction, let's move onto the next video and talk about the first four items here, verifying audit authority, purpose, scope, and type of audit identifying the criteria to audit against and identifying necessary resources.

2. 2A1 Elements of the audit planning process

One was the audit authority, who is authorising this audit. So the audit authority could be internal or external, coming from the internal sources. Internal sources could be the organisational authority or the hierarchical authority. Organizational authority comes from organisations, policies, or procedures. So let's say your own organisation has decided to implement 9001. Maybe they want to go for certification, maybe they don't want to go for that certification. But let's say the organisation has committed to the requirements of 9001 or any other standard. So whatever audit you do for that, that's based on organisational authority because your organization's policies and procedures require that audit to be done. And here I am not talking about the external audit done by a third party here, I'm talking about the internal audits, what you are doing based on the policies and procedures that you have in the organization. The second internal source is the hierarchical authority. In this case, management may wish to have specific areas audited in order to improve performance. So here, the person who is authorising this audit is the management of the organization. So these are two internal sources for the audit. The external sources for audit could be contractors or standards, such as ISO 9001. The organisation might have a contract with the client where the contract requires that the client do an audit of this organization. So the source or the authority for that is the contract. Sometimes contracts even insist that the organisation will do internal audits and submit that report back to clients. So here also, even though this is an internal audit, this internal audit is done to satisfy the requirements of the contract. So here, the source of this audit is the contract. Another external source could be the 9001 standard. So if the company is certified to the 9001 standard and goes for an external audit, then the standard, which is9001, is the external source for the audit. Other external sources are regulatory bodies such as OSHA, FDA, and EPA. These are the bodies related to safety and health,food and drug administration, and environmental protection agencies. If they do this audit, then the source of that audit is the regulatory body. So you need to understand when you are planning the audit, what the source of this audit is, whether this is being done as a part of an internal policy,whether this is done as a part of a contract, ISO 9001 standard, or regulatory body. Understanding that will help you in planning the audit. The second element in the audit planning process is the purpose of the audit. Why is this audit being done? What's the objective of that? So here we want to define what is to be accomplished by this audit. One of the broad objectives of an audit is to ensure compliance, and the second is the improvement.So here I've listed some of the purposes of an audit, such as conformity of the management system and meeting relevant regulatory and statutory requirements. So the first two items are related to the compliance,whether the audition complies with these standards or not. So the next two, which are the effectiveness of the management system and identifying opportunities, are related to improvement. So even though you see four bullet items here, when it comes to audit purpose,there are two broad audit purposes. One is ensuring compliance; the second is improving. So it needs to be understood what the purpose of this audit is. Then in the second element, in addition to purpose, we need to look at the scope and the type of audit as well. So what is the audit scope? In audit scope, we define what is included and what is not included in the audit. What's the scope of this? We will say that plant A is only audited, not plants B and C. What functions are being audited? Let's say in this case, materials management is only being audited, and what are the processes or activities that are included and what are not included? So here in the materials management audit, the scope of this audit is from the receipt of material requisition to the receipt of material. So you need to define what the scope is, what is included, and what is not included. Understanding that is important for the planning of the audit. So this was the audit scope. For the third thing, which is the type of audit, you need to understand whether this is a first party, second party, or third party audit. Whether this is a product, process, or system audit, whether this is an internal or external audit, We have talked about these types of audits earlier. So this basically defines the purpose, scope, and type of the audit. This was element number two. In order to plan the process, element three is audit criteria. What is this audit against? This audit is against ISO 9001 or 14,000 standards. This audit is against any statutory or regulatory requirement. This audit is against any product or process specification, or against any internal policy, process, or procedures or contract. So you need to define what the audit criteria are. So this was the third element in audit planning. The fourth element is identifying necessary resources. All the resources we need to do this audit are available. That is how many auditors we need to cover the audit. The number of auditors will depend on whatever we have discussed earlier. What is the purpose of this audit? What is the scope? What is the type? Understanding these will help us in identifying how much effort is needed for this audit. Once we know how much effort is needed, then we need to understand the duration of this audit. Let's say if the duration of this audit is one day only, then we might probably have four auditors to do this audit. And let's say if this audit could be done in four days, then we might be good with one auditor. So, to define the number of auditors, to define the resources required to do an audit. We need to understand the duration of this audit. If there is a large amount of technical information to be processed, or if there are many technicalities involved, we may require the services of a subject matter expert. Also, as a part of the team that also needs to understand when we want to find out how many auditors we need to have. We need to consider pre and post audit activities. Let's understand that the audit is not that one auditor goes to the site, has the opening meeting, and closes the meeting. The audit process goes much beyond that. The auditor must do a lot of preparation, create a checklist, and do a lot of other planning things before the audit, and then there are a lot of activities associated with issuing the report, based on the actions identified in the audit. That also needs to be considered when thinking of the number of auditors required for the audit or the resources required for the audit. You also need to take into consideration the location of the audit. Where this audit is being done, how much travel is involved, and whether there is any language barrier. So for that, do we need to have a translator in the audit? And if there are any site restrictions, you can only work from this particular time to this time. So if there are more restrictions,then you will need more resources.

3. 2A2 Auditor selection

We also talked about the criteria against which this audit needs to be conducted and talked about the size of the audit team. So those were some of the elements of audit planning. Now here in this video we will be talking about auditor selection or audit team selection. What are the criteria, what are the requirements, what are the things to be considered when it comes to auditor selection or audit team selection? When we say audit team, the audit team could consist of a lead auditor, a number of auditors, and technical experts. If the audit requires just one auditor, then all three roles could be played by a single person. So the audit could be done by a single person or the audit could be done by a team. So when you have a team, you need to have one person assigned as the lead auditor or the audit team leader. And then some audits, which are complex in nature and which are technical in nature, might also have technical experts as a part of the audit team. So here we have some of the important things that we need to consider when selecting the audit team. The first thing is the overall competence of the audit team to meet the objective of the audit. So an audit has some scope, some criteria, some objectives. The team needs to be such that they should be able to meet the objective of the audit. So if the area to be covered is large, then you probably need more auditors and then you need a team leader. If the area which you are auditing is highly complex and technical in nature, in that case, you might need to have some subject matter expertise as a part of the theme. So this is something which needs to be considered when selecting the theme. What is the objective, scope, and criteria for the audit? The second thing is the complexity of the audit, about which we have already talked. A complex audit may necessitate the inclusion of more people or a subject matter expert as a member of the audit team. Another thing which we need to consider is whether this audit is a combined audit. And when I say combined audit, that means whether this audit consists of quality and environmental management systems, or is it an integrated management system auditor, this audit is done by two joint parties. So this also influences the selection of team members. Another important thing is the audit method. Whether this is an onsite audit, a remote audit, or a combination of both, In an onsite audit, the auditor or the audit team will go to the site, do the audit, collect evidence and make a report. Some of the audits could be done remotely, obtaining all the information through video conferencing, etc. And some might be a combination of these that also needs to be considered when we are selecting the audit team. Another important thing is that when selecting an audit theme, we need to ensure objectivity and impartiality. And that can be done by having an auditor that is not part of the work being done. So to avoid bias or impartiality, you need to have an auditor who is not in the same working area as you and who doesn't have a conflict of interest. And then, in addition to that, there are a lot of other things which you need to consider when selecting the audit team. One is the language of audit. So if your audit is done in a different country where there is a different language,you might need to have an interpreter there. And if this audit is done in a different social or cultural environment, that also needs to be taken into consideration when selecting the audit team. So, if you find yourself in such a situation, such as speaking a different language or having a different social or cultural characteristic, In that case, Either you make sure that the team which is doing this audit will be able to handle that situation. Or you might want to add some extra team members to that audit team who are familiar with the culture. Who is familiar with the language in which this audit is being done? So, these are some of the aspects which you need to consider when selecting the audit team. So after looking at those requirements, let's look at a few more things related to audit team selection. When you're selecting an audit team, you have the team members who have good team dynamics with the team leader. Sometimes you have an auditor in training. So these are new people. Maybe a student may be someone who is new to the auditing process. Those people could also be included in the team. But then this auditor in training needs to work under the guidance of an auditor. And also, before you start the audit or during the audit,if there is any need to make a change in the composition of the audit team, then all the appropriate parties need to be consulted and agree with that. Chief.

4. 2A3 Audit-related documentation and considerations

The objective scope, type of audit, the auditcriteria, and team members have been decided. The next thing is to start this audit. But even before you start this audit, there is some pre-ordered information this audit team needs to have. And for that, the audit team leader establishes contact with the audit and uses this contact to establish the communication channel. So here the auditor audit establishes a communication channel and the audit team leader will confirm the authority to conduct the audit. This audit is being conducted based on this particular authority. The audit team will then be informed of the audit objective scope, criteria, method, and audit team members by this team leader. But then to start the audit, the audit team needs some documents, some of which they can review before they start the audit. So that is another important thing that was done during the prearranged contact with the audit. And then, in addition to this, other things which are covered here are anylocation, specific arrangement for access, health and safety, security, confidentiality, et cetera. We will talk about these things later, but right now our focus is on requesting access to certain information for planning purposes, the documentation that the audit team needs before they start the audit. So when we talk of documentation, an atypical organisation has a hierarchy of documentation. So here, if you look at this slide, a typical organisation will have an AQM as the top level document. Then we'll have procedures below that, and then work instructions and forms. So this is a typical structure of documentation in any organization. Let's quickly look at these four types of documents. Starting with a quality manual prior to the issue of ISO 9001-2015, there was a requirement to have a quality manual. The organisation was supposed to create a quality manual which would give the overview of the quality processes in the organisation a high-level picture of the quality system in the organization. But under 901-2015, this requirement has been withdrawn. So there is no requirement to have a quality manual in ISO 9001-2015, but many organisations still keep a high-level document which explains how everything is working in the organization. They may call this a quality manual, or they may call it by some other name. So this is the top-level document and then below this are a number of procedures. Procedures provide a high-level overview of different processes in the organization. So procedures are generally multidisciplined. They tell them how each of these processes is connected together. But the procedures do not give too much detail; they do not tell how everything needs to be done. The how part is covered in the workinstruction, which is the next level of documentation. So here we have a work instruction which gives step-by-step instructions on how to do work. So far we have talked about quality manuals. We have talked about procedures, and we have talked about work instructions. The next level of documentation is forms. Here we fill in the information, the actual record of what has happened. That is also a part of quality system documentation. Prior to 9001 2015, there were two terms for documents and records. Documents will tell you how something needs to be done. Records and forms are basically evidence of those things being done. But with the issue of the 9001: 2015 version, these terms have been removed from the document and the record. These two terms have been removed from the standard. And instead of that, the single term here is documented information. So with this, we completed the high level overview of documentation in any organization, which consists of a quality manual, procedures, work instructions, and forms. And then, in addition to that, there could be some other types of documentation such as product specifications, drawings, inspection and test plans, inspection and test reports, and results of previous audits. So the organisation could have a number of documents. Now, when it comes to pre-audit planning,what documents does this audit team need? They might need some high-level documents for planning purposes,such as a quality manual, some specific procedures, and if this is a product audit, then they might need product specifications drawings. So, depending on the audit needs, the audit team might need to have a look at some of these documents before they start the audit. For planning purposes, most organisations have these documents in electronic form. So the audit team can request the audit to send those documents. But there is always a possibility that the auditor might decline to share those documents electronically with the auditor because some of these documents might be confidential in nature. So an organisation might allow the auditor team to look at those documents and see those documents during the audit, but they might not be willing to electronically transfer these documents. Some organisations might even want the audit team to sign a nondisclosure agreement that this information is confidential and will not be released to anyone else. So they might want the audit team to sign a nondisclosure or the confidentiality agreement. This is something which you need to consider when asking for documents from the audit team. And once again, at the preordered stage, the audit team doesn't need all those documents to be provided to them, they just need some of the documents so that they can plan for the audit. So, rather than requesting a plethora of documents that the audit team may or may not be able or willing to share with the audit team, the audit team should concentrate on a few basic documents that they require for planning purposes. So this was about the audit related documentation.

ExamSnap's ASQ CQA Practice Test Questions and Exam Dumps, study guide, and video training course are complicated in premium bundle. The Exam Updated are monitored by Industry Leading IT Trainers with over 15 years of experience, ASQ CQA Exam Dumps and Practice Test Questions cover all the Exam Objectives to make sure you pass your exam easily.