1. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Effective Internal Audit Planning: ISO 9000 Users Group - ASQ Section 509, Wednesday, January 20, 2010 By David Collingham, CQA/CQE Audit practices that add the most value!

2. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Outline Definitions of Key Audit Terms Types of Audits Nonconformance Types ISO 9001:2008 Internal Audit Requirement CommonNCRsissuedbyRegistrarsrelatedtoAudits Miss-Conceptions About Auditing What does the Industry and Product/Process have to do with Planning an Audit? How much do I invest in Auditing? Why do we Audit? First Party Audit Process Steps Planning Audits Typical Audit Schedules and Forms Effective Internal Auditor Planning 3. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Definitions of Key Audit Terms Effective - producing or capable of producing an intended result or having a striking effect Planning - the act or process of drawing up plans or layouts for some project or enterprise Audit - a methodical examination or review of a condition or situation Effective Internal Auditor Planning 4. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. First Party When a Company uses an internal person to perform an Audit on itself. Second Party When a Company uses an internal person to perform an Audit on its Supplier or an other organization. Third Party When a Company is Audited by a third party independent of the CompanysCustomer. Audit Types Effective Internal Auditor Planning 5. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Nonconformance Types Major When the Quality System exhibits a void where an element of the system has not been documented, implemented or is not effective. In addition, the nonconformance does risk the shipment or delivery of nonconforming material to the Customer Minor When the Quality System is documented, implemented and effective, but has exhibited a random nonconformance. The nonconformance does not risk the shipment or delivery of nonconforming material to the Customer Comment When an Auditor identifies an improvement opportunity that is not a major or minor Effective Internal Auditor Planning 6. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. ISO 9001:2008 Key Elements Key Value-adding activities Information flow Continual Improvement of the Quality Management System Customers Customers Requirements Satisfaction Management Responsibility Resource Management Measurement, Analysis and Improvement Product Realization Product OutputInput 4.0 5.0 6.0 7.0 8.0 Effective Internal Auditor Planning 7. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. ISO 9001:2008 Internal Audit Requirement Measurement, Analysis and Improvement 8.2.2 - Internal Audit The organization shall conduct internal audits at planned intervals to determine whether the quality management system: a) conforms to the planned arrangements, to the requirements of this ISO Standard and to the quality management system requirements established by the organization, and b) is effectively implemented and maintained. The audit program shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods shall be defined. The selection of the auditors and conduct of audits shall ensure objectivity and impartiality of the audit process. Auditors shall not audit their own work. 8.0 Effective Internal Auditor Planning 8. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. CommonNCRsissuedbyRegistrarsrelatedtoAudits Audit Plan/Schedule does not address all elements (major paragraphs) of the ISO 9001:2008 standard Audit Plan/Schedule does not address multiple facility locations, work shifts (shift 1, 2 & 3) or scope of business/registration Audit plan/schedule is not approved Audits are not completed as scheduled Audits are performed by personnel who audited their own work Audit results do not have written signature or electronic signature by Auditor with date Audits were not conducted in an effective manner Auditor(s) received no internal auditor training Effective Internal Auditor Planning 9. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Miss-Conceptions About Auditing There needs to be 35 Internal Audits performed for ISO 9001:2008 (i.e.4.1-4.2.2, 4.23, 4.24, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.4.3, 7.5.1, 7.5.2, 7.5.3, 7.5.4, 7.5.5, 7.5.6, 7.6, 8.1, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.3, 8.4, 8.5.1, 8.5.2, 8.5.3) I can not conduct 1 audit of the ISO 9001:2008 QMS each year We must use an outside contractor to perform our audits All the ISO 9001:2008 elements need to be audited every year Ifyoudontspend2-5 hours on each audit, then you are not doing your job The Auditor must prepare a checklist list using his or her own questions in order to perform an effective audit I can use typed audit checklists with typed in results with typed in names and dates (no written or electronic signature) If the Audit Report does not weight 3 pounds, then it must not have been performed correctly Wecantusethereceptionistorfinancepersontoconductaudits,because she/he does not know what we do Effective Internal Auditor Planning 10. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. What does the Industry and Product/Process have to do with planning an Audit? Critical, High Risk and High Exposure Industries/Products/Processes: Effective Internal Auditor Planning 11. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. High Risk High Complexity Critical to End Mission High Maintenance High Failure/Reject Rate Appraisal/ Prevention Investment; Audits High $ Risk Level 1 2 3 4 5 6 7 8 9 10 High How much do I invest in Auditing? Effective Internal Auditor Planning (*) Graph not to scale Point 2 Point 1 Industry/Product/Process Low Risk Low Complexity Not Critical to End Mission Low Maintenance Low Failure/Reject Rate 12. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Why do we Audit? Provides Senior Management an independent examination of business processes To identify improvement opportunities in processes/products/services Proactive approach to prevent/reduce the risk of producing defective product/services To identify needs for training, tools/fixtures, methods, etc. Enhances communication and training Provides a means for operator feedback Effective Internal Auditor Planning 13. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Audit Process Steps: A - Prepare Audit Schedule and Obtain Management Approval B - Schedule the Audit(s) C - Obtain Audit Requirements D - Examine prior Audit Results and Corrective Actions E - Prepare Audit Check List(s) and Any Other Support Questions F - Conduct Audit Investigation G - Record Audit Finds and Obtain Auditee Acknowledgment H - Prepare Audit Report I - Obtain Corrective Action(s) J - Follow-Up On Corrective Action(s) First Party Audit Process Steps Effective Internal Auditor Planning 14. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Effective Internal Auditor Planning Planning Audits What is the budget for conducting audits? Hours? Dollars? How many audits do we need to do? HowImIgoingtobevalue-added? What does Senior Management feel is critical to the business success? Gain a clear understanding of what is expected from conducting the audits? If we spend money from the Overhead Budget for conducting audits, what is expected for the investment? What are the critical processes/products that need to be examined? What does our past internal audit results tell us to focus on? Do we have any new areas/processes/staffing/equipment/vendors that requires more focus than other areas? What facility locations, functions, processes/products and work shifts need to be included in the schedule? What is the best time to conduct the audits? High Volume? Low Volume? Before Lunch? After Lunch? At the end of work shift? Etc. 15. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Effective Internal Auditor Planning Approved By: Jim Brown Date: 01/14/10 Example 1 Planning Audits (continued) 16. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. s Effective Internal Auditor Planning Approved By: Jim Brown Date: 01/14/10 Example 1 Planning Audits (continued) 17. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Effective Internal Auditor Planning Approved By: Jim Brown Date: 01/14/10 Example 1 Planning Audits (continued) 18. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. s Effective Internal Auditor Planning Approved By: Jim Brown Date: 01/14/10 Example 1 Planning Audits (continued) 19. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Planning Audits (continued) Effective Internal Auditor Planning Approved By: Jim Brown Date: 01/14/10 Example 1 20. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Typical Audit Schedules and Forms Effective Internal Auditor Planning AUDIT FORMS & RECORDS Procedure Schedule 21. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Typical Audit Schedules and Forms (continued) Effective Internal Auditor Planning AUDIT FORMS & RECORDS Audit Summary Audit Checklist 22. IQR-TRG-012010 Rev. A All Copy Rights Reserved by IQR. Jan. 20, 2010 www.IQRCORP.com By David Collingham, CQE/CQA International Quality Registrars Corp. Typical Audit Schedules and Forms (continued) Effective Internal Auditor Planning AUDIT FORMS & RECORDS Audit Summary Example