710 likes | 776 Views
Lead auditor Training T-1380. This work has been produced by DGL (Aust) Pty Ltd This induction package has been designed for usage on DGL’s intranet. Before you get started.
E N D
Lead auditor Training T-1380 This work has been produced by DGL (Aust) Pty Ltd This induction package has been designed for usage on DGL’s intranet
Before you get started You may have already acquired knowledge in the area identified in this package as you may have completed some specialized training. Or you may have been working within the industry for some time. Should you identify any improvement opportunities in the information contained in this package or have difficulties completing the package please contact National Training and Compliance Manager DGL (Aust) Pty Ltd PO BOX 1594 EAGLE FARM QLD 4009 Ph 07 3868 1001 Fax 07 3868 1055
Fundamentals Of Quality Management Systems • Meaning Of the term - Quality • Quality has many meanings ---- many of them are subjective, such as the term “excellent” or “outstanding” quality. In the quality management field, quality has a more specific meaning. • Definitions • According to ISO 9000:2000, quality is defined as “ the degree to which a set of inherent characteristics fulfills requirements”. • Requirements that need to be fulfilled in a contractual situation typically relate to the provision of a specific product, service or intangible item such as intellectual property. Requirements may be stated or implied. In a contractual situation, stated needs are specified in contract requirements and translated into specific product or service features, functions and characteristics with specified acceptance criteria. • Implied needs on the other hand are basic features and characteristics that are identified and defined by the manufacturer, based on knowledge of the marketplace expectations. For example, the implied characteristic of a watch is its basic ability to provide accurate time. Stated characteristics may be “options” stated by the marketplace, such as being waterproof, serving as a stopwatch, and having light, alarm, month and day features
It could therefore be stated that ‘quality’ includes all of the characteristics of an organization’s products, services, processes, support and management system that contribute to meeting requirements and enhancing customer satisfaction. • An organization applying this broader definition would then have to consider the following four facets of quality due to:• Defining marketplace requirements and opportunities• Designing the product to meet marketplace requirements• Consistently conforming to product design• Providing product support throughout the product’s life cycle.An effective ISO 9001 quality management system must address all four facets of quality.
The ISO definition goes further in that it may include related characteristics beyond product or service such as delivery, packaging, labeling, billing, as well as, processes and systems within the supplier’s organization. A customer may specify some or all these characteristics. • A problem or nonconformity in any of these areas may lead to customer dissatisfaction. An organization must ensure that it has systems and controls to assure that it can consistently fulfill all these requirements and enhance customer satisfaction. • The needs of customers vary and change over time. Therefore, companies should review quality requirements periodically. Requirements may also come from regulatory, statutory, industry and other sources. An organization must be aware of and ensure that all these diverse requirements are defined and met.
History of ISO standards • 2.0 ISO 9000 Quality Management StandardsAs a result of many lessons learned during the 2nd World War about the quality of ordnance, some basic principles were formulated, such as, the MIL-Q-9858A military quality standard published by the US Department of Defense. • NATO later published similar standards as the AQAP series of documents. In England, the British Standards Institution (BSI) developed the first “commercial” quality assurance standard in 1979. These standards were designated as BS 5750 series, Part 1, 2, and 3. • Despite the commonality among these early quality standards, there was no consistency until ISO Technical Committee 176 issued the ISO 9000 series of standards in 1987. • The International Organization for Standardization (ISO) is a worldwide federation of national standards bodies (ISO member bodies). The American National Standards Institute (ANSI) is the US member body to ISO. The American Society for Quality (ASQ) administers the technical advisory group (TAG) to TC 176 on behalf of ANSI.
In 1987, the Standard was produced in five parts: • ISO 9000 was a guide to the selection and use of the appropriate part of the ISO 9000 series of standards. • ISO 9004 was a guide to overall Quality Management and the Quality System elements within the ISO 9000 series. It also provided guidance in other areas, such as, marketing and quality costing. • ISO 9001 related to Quality System Requirements for design, development, production, installation, and servicing. • ISO 9002 related to Quality System Requirements for production, installation, and servicing, in other words, where the design is externally done or is static. • ISO 9003 specified the Quality System to be used for final inspection and test. • The ISO 9000 series of standards were reissued in 1994 to include clarifications and again in 2000 to reflect a new process approach and expand on the requirements and guidance.
Time Line: The development of quality standards can be summarized as: • 1963 MIL Q9858A US Military1969 NATO AQAP NATO1970 US10 CFR 50 US Federal Regulation1971 ASME Boiler Code Mechanical Engineering1979 BS 5750 British Standard1985 CSA Z.299 Revision Canadian Standard – sector specific1987 ISO 9000 International Standard1991 ISO 10011 International Standard1994 ISO 9000 Revision International Standard2000 ISO 9000 (New Structure) International Standard2002 ISO 19011 International Standard
The current ISO 9000 family is a coherent set of quality management system standards consisting of: • ISO 9000Describes fundamentals and terminology for a quality management system. • ISO 9001Specifies requirements for a quality management system and can be used to demonstrate an organization’s capability to provide products that fulfill customer and applicable regulatory requirements and aims to enhance customer satisfaction. • ISO 9004Provides guidance on improving the performance (effectiveness and efficiency) of an organization and satisfaction of customers and other interested parties. • ISO 19011Provides guidance on auditing quality and environmental management systems and forms the basis for this training
The ISO 9000 series of standards are subject to continuous review. This course uses the ISO 9001: • Use simple language and terminology • Describe business activities using a process model approach • Address continuous improvement • Improve compatibility with other standards • Address customer satisfaction more strongly • Ease ISO 9000 and ISO 14000 integration
The ISO 9000 series of standards are subject to continuous review. This course uses the ISO 9001 standard. : • Use simple language and terminology • Describe business activities using a process model approach • Address continuous improvement • Improve compatibility with other standards • Address customer satisfaction more strongly • Ease ISO 9000 and ISO 14000 integration
ISO 9001 audits • An audit is a systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. • Audits are structured and formal evaluations. The term systematic means the company must plan and document its system for auditing. It must have management support and resources behind it. • Audits must be performed in an impartial manner, which requires auditors to have freedom from bias or other influences that could affect their objectivity. For example, having responsibility for the work, or a vested interest or shares in a supplier or third party company they are assigned to audit, would be conflicts of interest.
Internal audits must be carried out to a documented procedure according to clause 8.2.2 of ISO 9001. The procedure must address the responsibilities for conducting the audits, ensuring independence, recording results, and reporting to management. All of these topics will be covered in this Training. • Audits obtain objective evidence of conformity with requirements. The evidence must be based on fact and may be obtained through observation, measurement, test, or by other means. • Evaluating the extent to which audit criteria are fulfilled involves an assessment of both implementation and effectiveness. Is the organization practicing what it described in its documentation? Are the practices being carried out well? The presence of nonconformities in a department or process may indicate the system is ineffective for those areas.
Always establish the objectives of the audit. Audit objectives are not limited to the ISO 9001 standard. Clear audit objectives help determine the scope and depth of the audit, as well as, the resources needed. Being clear on the objectives provides focus and helps the auditor from being distracted and going off on unnecessary detours beyond the scope of the audit. • Audit objectives include:• Evaluating conformity of documentation to ISO 9001• Judging conformity of implementation to documentation• Determining effectiveness in meeting requirements and objectives• Meeting any contractual or regulatory requirements for auditing• Providing an opportunity to improve the quality management system• Permitting registration and inclusion in a list of registered companies• Qualifying potential suppliers
The stage 1 readiness audit includes a documentation review (or audit of intent) compares the quality management system documentation to the ISO 9001 standard. If an auditee does not have a documented system for a required part of ISO 9001, a nonconformity is issued. • At the stage 2 audit the auditor must then establish the extent to which that intent has been put into practice, in other words, implemented. Next, and equally important, the audit must assess and evaluate whether the practice is effective in achieving the defined objectives. • This (implementation) and (effectiveness) stage is the active part of the audit where the auditor checks practices against the documentation. This is commonly termed the conformity audit. If a procedure states that a process will operate in a particular way, and the auditor finds that the process is operating in another way, then the nonconformity will be issued against the procedure. Since the overall assessment is against the Standard, the relevant clause of ISO 9001 will also be referenced
Contract Requirements: The requirements placed on one organization by another take priority and such requirements may be considered during an audit. • Regulatory Requirements: These requirements are mandatory and cannot be avoided by contract or any other means. The requirements are audited only to the extent that the organization has evidence to show compliance. The external quality systems auditor does not do an in-depth audit of such requirements.Quality Management System Improvements: Audits generally uncover weaknesses in the system requiring corrective action. However, there may be several areas where controls may be barely adequate, leaving plenty of opportunity for improvement. These opportunities may come to light during the audit or may be pointed out by the auditee. Management must be made aware of all such opportunities so that decisions may be made to take appropriate actions if warranted to improve the system.
Many companies either because of contractual requirements, or for performance improvements, pursue quality system registration. The consequence of successful registration leads to the Registrar listing the company on a Register of Certified Companies. This register is made available to the public as a reference for sourcing of registered suppliers and for purchasing decisions. Thus, registration may provide a competitive edge for many companies. • Although not a mandatory requirement, many companies choose to audit their suppliers as a basis for qualifying them as an approved source of supply. This may be done by the company itself or may be subcontracted to a consultant.
Managming an ISO audit program • Authority for Audit ProgramAn ISO 9001 audit program may include of one or more audits, depending on the size, nature and complexity of the organization to be audited. These audits may have a variety of objectives and may also include joint (multiple auditing organizations) or combined (QMS and EMS) audits.
An audit program also includes all activities necessary for planning and organizing the types and number of audits, and for providing resources to conduct them effectively and efficiently within the specified time frames. • An organization may establish more than one audit program. The organization’s top management should grant the authority for managing the audit program. Those assigned the responsibility for managing the audit program should:a) Establish, implement, monitor, review and improve the audit programb) Identify the necessary resources and ensure they are provided. • If the organization to be audited operates both quality management and environmental management systems, combined audits may be included in the audit program. In such a case, special attention should be paid to the competence of the audit team.
Two or more organizations may cooperate, as part of their audit programs, to conduct a joint audit. In such a case, special attention should be paid to the division of responsibilities, the provision of any additional resources, the competence of the audit team and the appropriate procedures. Agreement on these considerations should be reached before the audit commences. • Examples of ISO 9001 audit programs include the following:a) A series of internal audits covering an organization-wide quality management system for the current year.b) Second-party management system audits of potential suppliers of critical products to be conducted within six months.c) Registration and surveillance audits conducted by a registrar on a quality management system within an agreed time period. An audit program also includes appropriate planning, the provision of resources and the establishment of procedures to conduct the audits within the program
Establishing the ISO 9001 Audit ProgramAudit program objectivesObjectives should be established for an audit program to direct the planning and conduct of audits. These objectives should be based on consideration of: • a) Management prioritiesb) Commercial intentionsc) Management system requirementsd) Statutory, regulatory and contractual requirementse) Need for supplier evaluationsf) Customer requirementsg) Needs of other interested partiesh) And risks to the organization
Examples Of Audit Program Objectives: • a) To meet requirements for registration to a management system standard • b) To verify conformance to contractual requirements • c) To obtain and maintain confidence in the capability of a supplier • d) To contribute to the improvement of the management system
Extent Of An Audit ProgramThe extent of an audit program can vary and will be influenced by the size, nature and complexity of the organization to be audited, as well as, by the following: • a) The scope, objective and duration of each audit to be conductedb) The frequency of audits to be conductedc) The number, importance, similarity and locations of the activities to be auditedd) Standards, statutory, regulatory and contractual requirements and other audit criteriae) The need for accreditation or registrationf) Conclusions of previous audits or results of a previous audit program reviewg) Any language, cultural or social issuesh) The concerns of interested partiesi) Significant changes to an organization or its operations
Audit FrequencyThe client determines the audit frequency for 3rd party audits. Factors that may cause the frequency to increase include: • • Significant change in management, organization, policy, techniques, or technology • • Requests by the customer or regulatory body • • Changes to the quality management system • • Results of recent audits • • Status and importance - internal audit results
Audit Frequency for Internal AuditsClause 8.2.2 Internal audits are scheduled on the basis of the status and importance of the activity to be audited, as well as, previous audit results.Status - Refers to the past history of weakness, problems, and customer complaints. Increase the audit frequency to improve control and confidence.Importance - Refers to the criticality of the process or activity to the quality of the product or service (critical internal or external suppliers). Also reflects top management’s priorities.Audits - refers to the results of previous internal and external audit results. You must consider past audit findings and coverage in setting audit frequency. • > The complete quality management system must be audited at least once a year. Weak areas or activities must be audited more often. Top management determines the frequency of internal audits with the help of the Management Representative.> Audit frequency is also determined by contractual or regulatory requirements, as well as, significant changes in ownership, policies, products, processes, technology, control systems, documentation, or the organization.
Audit Activities • Initiating The AuditAppointing the audit team leaderThose assigned the responsibility for managing the audit program should appoint the audit team leader for the specific audit. Where a joint audit is conducted, agreement should be reached between the audit organizations, before the audit commences on the specific responsibilities of each organization, particularly with regard to the authority of the team leader appointed for the audit. • Registrars have defined rules and guidelines for audit planning derived from Guide 62 and ISO 19011. The leader has responsibility for planning, conducting, and reporting the audit, following these rules and guidelines. The leader is briefed on the objectives and scope of the audit and is then required to specify the resources necessary to carry out the audit, in terms of staff days, and the number of auditors required, including any with special technical expertise. • This latter point about technical expertise merits some discussion. There are some schools of thought that say that an auditor does not need technical knowledge of the area they have to audit. The auditor needs knowledge of quality management systems and the Standard. This is, of course, partly true. However, auditors will be required to use all applicable senses during an audit. Familiarity with the kinds of processes going on around the audit will allow auditors to determine conformity, or otherwise, quicker and with probably less doubt, than if they have little experience of that industry. • With lack of knowledge or experience, it will take auditors longer to reach the same decision based on the same evidence than it would take an experienced auditor. The team leader may be chosen on the basis of particular experience or it may be decided to include a member in the team who has particular expertise.
Defining Audit Objectives, Scope And CriteriaWithin the overall objectives of the audit program, an individual audit should be based on documented objectives, scope and criteria. The audit objectives define what is to be accomplished by the audit and may include the following:a) Determining degree of conformity of the QMS, or parts of it with audit criteriab) Evaluating the capability of the QMS to ensure compliance with statutory, regulatory and contractual requirementsc) Evaluating effectiveness of the QMS in meeting specified objectivesd) Identifying areas for potential improvement of the QMS • The objectives can be many and diverse, but it is essential to be clear on the objectives at the beginning of the audit process. The client should define audit objectives. • The audit scope describes the extent and boundaries of the audit, such as:• Applicable requirements of ISO 9001• Physical locations - facilities, plants, offices• Organizational activities - products, processes, departments, functions• Date the quality management system was formally in effect
The Client initiates the audit (2nd and 3rd party) and decides the scope with help from the Lead Auditor. The Auditee may be contacted, if necessary. The Client, with help of the Lead Auditor, must determine what resources are needed and ensure that adequate resources are provided to achieve the objectives for the scope of the audit.The client decides the frequency. Remember the client may be the auditee, customer, or registrar or regulatory body.The audit criteria are used as a reference against which conformity is determined and may include:• Applicable policies and procedures• Standards, laws and regulations• ISO 9001 and organization management system requirements• Industry requirements• Business sector codes of conductThe audit scope and criteria should be defined between the audit client and the audit team leader in accordance with audit program procedures. The same parties should agree to any changes to the audit objectives, scope or criteria.Where a combined audit is to be conducted, the audit team leader should ensure that the audit objectives, scope and criteria are appropriate to the nature of the combined audit.
Conducting On-Site ActivitiesHaving made all the preparations with the auditee and confirmed all arrangements, it is proper etiquette for the team leader to contact the auditee a few days in advance of the audit to verify all the arrangements are in place. The audit team will then visit the organization’s facility on the scheduled date, to conduct the on-site audit activities. • If you recall from our earlier notes, the ISO 9001 audit is conducted in two stages. Please review these stages before continuing. • The on-site activities include a number of distinct activities: Conducting the opening meeting Communicating during the audit Defining roles and responsibilities of audit participants Collecting and verifying information Generating audit findings Preparing audit conclusions Conducting the closing meeting
6.1.1 Conducting The Opening MeetingThe opening meeting, sometimes called the entry meeting, pre-audit conference, or start up meeting, is typically held at the location of the audit. Good practice demands the auditors arrive together, neither early nor late, otherwise it can be embarrassing for both parties and, what is more, it is unprofessional. • This meeting, as any other, requires preparation by the team leader. The meeting is usually held in a manager's office or the company's conference room. It will usually begin with a welcome and introductions by a member of the auditee management. The audit team has prepared an agenda to ensure that all necessary points are covered quickly and efficiently. • It should be remembered that this meeting may be the first time the two parties (auditor and auditee) have met, therefore, it is an opportunity to make introductions and maybe “break the ice” since many of the auditees may be feeling tense. The way the opening meeting is carried out can set the style or tone for the remainder of the audit. The opening meeting is the place to establish the rules of conduct for the audit. Matters to be addressed include:
Introduction of personnelThe lead auditor should introduce the team and explain the way they are organized if there is more than one group, particular specialists in the group, etc. It is normally a requirement to record the attendees at this meeting. Passing around an attendance sheet and asking everyone present to record their name and position is a practical solution
Audit purpose and scopeJust in case there is any doubt about why the audit is being carried out, and the extent to which the company is going to be examined, the team leader needs to restate these points. In certain situations, the auditee may require evidence or a statement about the team's authority, although matters such as these tend to be covered during the preparation stage. The team leader may also tell the auditee about the audit organization, e.g., the Registrar.
Review of the audit planThe plan will have been discussed, developed, and agreed with the auditee. However, plans may have to be altered slightly and these possibilities should be covered at this stage. The plan should have enabled the company to ensure that someone represents them in each department and has been made aware of the audit and will therefore be available as defined by the plan. The team leader should confirm the intention to keep to the plan to the extent possible.
Guide(s) for the Auditor(s)The team leader will determine, if they have not been advised already, who the guides are and whom they will accompany. The roles of the guide should be discussed. Is the guide to have the authority to agree to the facts surrounding audit findings? Is the guide there merely to provide the auditor an escort from one part of the facility to another?
Audit MethodsDescribe briefly the methods that the auditors will use to gather objective evidence, such as interviews, observations, document and record reviews, and trend analysis.
Reporting methodsThe method of recording nonconformities, and of presenting the audit report that will be left by the auditors at the end of the audit, will need to be explained by the team leader. • When facts are to be agreed with a company representative during the audit, will the guide or the departmental representative be required to sign for acknowledgment and understanding of the facts? If it is the auditor's procedure to gain a signature at this point, the team leader needs to explain the approach to the company representatives.
Audit is a SampleThe team leader should make it clear that the audit is a sampling activity and subject to those limitations. A good statement to make is “This assessment is based on representative samples and, therefore, nonconformities may exist that have not been identified”. Both conforming and nonconforming aspects will be seen and missed. The team leader should assure management, however, that they will make samples as representative as possible and draw only reasonable conclusions.
ConfidentialityThe audit is confidential between the two parties, as well as, the information gained before, during, or after the audit. This confidentiality binds third party auditors. RAB registered auditors and lead auditors are bound by the Code of Conduct. The lead auditor should make a statement to this effect.
LogisticsLogistics covers all the other arrangements transport, protective clothing, lunch arrangements, and facilities for use by the auditors (office). Lunch arrangements need to be confirmed. Typically these take the form of a working lunch onsite or a short lunch off premises. Audit legend contains all the usual stories of huge three or four-hour banquets laid on for the auditors, usually at a considerable distance from the company. These are not practical and should be avoided. Again, many of these points would have been raised at the preliminary meeting and the arrangements are confirmed at this opening meeting.
RestrictionsAlthough any major restrictions to the auditors will tend to have been made clear during the planning stage, these may need confirmation or discussion during the opening meeting. Such restrictions include clean areas or hazardous areas where particular arrangements for protective clothing have to be made. • The restrictions may include sensitive union areas where there has in the past been conflict or layoffs. Usually there is no problem in such areas if the reasons for the audit are explained to the staff. There may be “no go” areas or secret areas. Sometimes companies maintain certain areas as restricted because the work going on there is concerned with development of considerable importance to their market position. • Companies involved in certain types of government work may have areas covered by the Official Secrets Act and appropriate (and lengthy) clearance is necessary for these areas. The various restrictions, if any, should be considered by the team leader and complied with, if legitimate.
Other points that can arise might unsettle an inexperienced team leader. Auditors find that each audit is different and a degree of flexibility is essential. For example, an audit carried out on an organization used to being audited by customers will not require a great deal of explanation about the audit, although they will want certain assurances. On the other hand, if the company is not used to being visited in this way, it may need extensive explanations and the auditors, therefore, need to be flexible. • Sometimes, the auditors might find that the auditee representatives are not particularly senior. While the team leader might have expected to find some top management at the opening meeting, they need not be concerned if all the correct preparations have been carried out beforehand. The auditors cannot insist on meeting anyone in particular or someone in a senior position. Some auditors consider that this shows interest and commitment by top management. This may be true. Other auditors are more guided by the evidence of action and involvement by top management in the working of the system.
ClarificationThere may be questions or points the auditees wish to raise and the team leader should deal with these items during the opening meeting. The team leader also needs to confirm the current issue status of the key documents in the quality management system. • When all the above and any other matters have been dealt with, the team leader should bring the opening meeting to a close by thanking management and confirming the date, time, and location of the closing and any interim (end of day management briefings) meetings.
Perspective On First, Second and Third Party Audits • GeneralNo matter whether an audit is to be carried out by an organization on itself or on its suppliers, or by a third party on behalf of someone else, the principles involved in setting it up, in planning it, carrying it out, and reporting it are much the same. However, we should consider these situations and highlight the similarities to be clear about the differences. There is also an overall picture that should be appreciated in order to establish the significance of each type of audit.
First PartyThe first party audit is an audit carried out by a company on itself to determine whether its systems and procedures are consistently improving products and services, and as a means to evaluate conformity with the procedures and the standard. • Each second and third party audit should consider the first party audits carried out by the company in question. Ultimately, the only systems that should need to be examined are those of internal audits and reviews. In fact, the second or third parties themselves have to carry out internal or first party audits to ensure their own systems and procedures are meeting business objectives. • Within any company, therefore, the real benefit to be gained from auditing will come from these “self” audits. The value of an internal auditor is as a representative of the quality assurance resource of the company. What is the point in someone “independent” doing the auditing, if all the auditing effort is put into ensuring that the business has the right people, materials, resources, systems, etc.? If the effort is put into providing the support necessary to do a good job, why do a bad one? However, it is accepted that some companies still have a long way to go before the above state is reached.
The need for an audit system, whether for external or internal audit, is paramount. Audits will be scheduled according to a plan, usually looking at various processes, their sequence and interaction with other processes within the QMS, with some flexibility built in to allow for realigning a particular effort. There is a need to prepare for each audit with an audit plan and checklist.Formal opening meetings are not typical, except in fairly large organizations. The auditor meets briefly with the department manager and gets on with the audit. • The auditor is examining the work and outputs of colleagues. This puts an added strain on the auditor and the auditee. The auditor will sometimes be in a difficult position because of this tension. How can both the auditors and the system be protected? • There are two aspects considered here the system that is installed in partnership with everyone in the company - and the credibility of the auditor.
SystemThe system set up to carry out audits often has senior management's signature appended to it. That, of course, means that the manager knows precisely what has been signed and believes absolutely in its value. That was not true of some managers in the past. They willingly signed such procedures and expected the system to work properly without them. They called it “delegation”. • Many other managers realized that the audit could be a very powerful and useful tool and applied it to problem areas using people trained in investigative techniques. • Because they wanted it to happen, they involved themselves in its operation; some of them even underwent the training with their colleagues. Such managers are running successful departments and organizations. People could see by their management’s actions, as well as, their statements that they meant what they said
A second aspect of the system for internal audits is that of escalation. The previous point made reference to management’s full interest in the system. There should no doubt of this in the company. It is so important that the operation of the internal audit system should be close to the policy statement in the Quality Manual. The audit procedure should include a clause for escalation. Managers get the system they deserve. • Records of internal audits tend to be limited in comparison with those of external audits. There may not be reports, as such, issued only the requests for corrective action (CAR) and a way of monitoring them. The auditors should keep all their checklists so that over a period of time they can ensure that as comprehensive an audit program as possible is being carried out. They should also keep their notes in a secure place.
Auditor Competence Requirements • 9.1 General for ISO 9001 Lead AuditorsConfidence and reliance in the audit process depends on the competence of those conducting the audit. This competence is based on the demonstration of:• Personal attributes• The ability to apply knowledge and skills• The gaining of knowledge and skills through: o Education o Work experience o Auditor training o Audit experience • ISO 9001 Lead Auditors develop, maintain and improve their competence through continual professional development and regular participation in audits.
Personal Attributes an auditor should be: • • Ethical – fair, truthful, sincere, honest, discreet• Open-minded – willing to consider alternative ideas• Diplomatic – tactful in dealing with people• Observant – aware of surroundings and activities• Perceptive – instinctively aware of and understands situations• Versatile – be able to adjust to different situations• Tenacious – persistent, focused on achieving objectives• Decisive – reaches timely conclusions• Self-reliant – functions independently
Knowledge and SkillsAn auditor should have knowledge and skills in: • Audit principles, procedures and techniques:• Apply audit principles, procedures and techniques• Plan and organize work effectively• Conduct audit within agreed time schedule• Prioritize and focus on matters of significance• Collecting objective audit evidence• Understand sampling and its limitations• Verify accuracy of collected information• Evaluate adequacy of audit evidence and other factors affecting audit findings and conclusions• Use work documents to record audit activities• Maintain confidentiality and security of information• Communicate effectively