Quality System Procedure - Audits

Most recently edited by: Paul VanderWeele
Most recent edit date: Feb 25, 2022
Edits were authorized by: Paul VanderWeele

Table of Contents

Related Procedures
Purpose and Scope
Terms and Definitions
Training and Authorization
Additional Information

Required Procedures

Quality System Manual
ISO 19011:2018

QSP - Control of Nonconforming Work
QSP - Technical Records
QSP - Document Control and Management
QSP - Management Review

Internal Audits
External Audits

Purpose and Scope

The purpose of this Quality System Procedure is to expand upon the Quality System Manual in regards to Audits. This document provides details of audit-related terminology, guidance on how NAL categorizes and utilizes Audits, details about the different Audit Plans that NAL employs, and reference to training requirements and criteria for various functions of auditing.

There is also a dedicated SOP for Internal Audits and SOP for External Audits that go beyond the scope of this QSP.

Terms and Definitions

Audit

A systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.

Internal Audit

An audit conducted by NAL on behalf of itself. Also known as a 'First Party Audit'.

External Audit

An audit conducted by an independent organization on a NAL mangement system, or conducted by NAL on an independent organization's management system. External audits conducted by customers or interested parties are also known as 'Second Party Audits' while external audits conducted for compliance and certification are known as 'Third Party Audits'.

Combined Audit

An internal or external audit on two or more management systems

Joint Audit

An internal or external audit by two or more auditing organizations.

Audit Program

A list of one or more pre-planned audits including the audit scope of each audit.

Audit Scope

The extent of a management system to which an individual audit will cover, including details such as location, organizations involved, processes covered, and time frame.

Audit Plan

A description of the activities and arrangements for an individual audit, including details such as attending personnel, itineraries, and technical considerations.

Audit Objective

A functional goal or purpose in performing an audit. Objectives can include reviewing documentation, re-evaluating uncertainty, identifying risks, discovering opportunity for improvement, following up on a previous corrective action to ensure compliance, or something else relevant to the quality or operation of a mangement system.

Audit Criteria

The set of requirements used as a reference against which objective evidence is compared. Requirements may include policies, procedures, work instructions, legal requirements, and contractual obligations. "Compliance" or "Non-Compliance" are often used in an audit finding based on the type of criteria used.

Audit Method

An audit method is the process by which objective evidence is obtained during an audit by an auditor. Examples of Audit Methods include, but are not limited to, the following:

Involvement On-Site Off-Site
Human Interaction
  • Conducting Interviews
  • Completing checklists and questionnaires with auditee participation
  • Conducting document review with auditee participation
  • Sampling
  • Conducting Interviews
  • Observing work performed with remote guide
  • completing checklists and questionnaires
  • conducting document review with auditee participation
No Human Interaction
  • Conducting document review (e.g. records, data analysis)
  • Observing work performed
  • Conducting on-site visit
  • Completing chekclists
  • Sampling (e.g. products)
  • Conducting document review (e.g. records, data analysis)
  • Observing work performed via surveillance means, considering social and statutory and regulatory requirements
  • Analysing data
Objective Evidence

Data supporting the existence or verity of something. Objective evidence can be obtained through observation, measurement, test, or by other means. Objective evidence for the purpose of an audit, also known as Audit Evidence generally consists of records or other verifiable information relevant to the audit criteria.

Audit Evidence

Records, statements of fact, or other information, which are relevant to the audit criteria and verifiable.

Audit Finding

The results of evaluating collected audit evidence against audit criteria. Audit findings indicate Conformity or Nonconformity, and can lead to the identification of risks, opportunities for improvement, or recording good practices.

Audit Conclusion

The outcome of an audit, after consideration of the audit objectives and all audit findings.

Audit Report

A controlled document record containing the details of audit, including the Time Frame of the audit, the auditee, the audit team and team leader, the audit criteria, the audit objectives, the audit evidence, the audit findings, the audit conclusion, as well as any corrective actions or follow-up action taking in response to the audit.

Audit Client

The organization or person requesting an audit. Typically an accreditation body, or in the case of an internal audit: NAL itself.

Auditee

The organization as a whole or parts thereof being audited. Most internal and external audits involve NAL, or a component of NAL, being the Auditee.

Audit Team

One or more persons conducting an audit, supported if needed by technical experts. One auditor of the audit team is appointed as the audit team leader.

Auditor

A person who conducts an audit on the audit team.

Technical Expert

A person who provides specific knowledge or expertise to the audit team, but is not themselves an auditor. This knowledge or expertise can relate to the organization, an activity, a process, a product, a service, a discipline, a language, or a culture.

Observer

An individual who accompanies the audit team, but does not act as an auditor.

Audit Team Leader

The auditor holding responsibility and leadership of the audit. The audit team leader is accountable for the accomplishment of the audit plan and the completion of the audit report.

Audit Sampling

Audit sampling takes place when it is not practical or cost effective to examine all available information during an audit. When records are too numerous or too complexly dispersed to justify examining every item in the population, conventional sampling methods are utilized impartially to represent the population and to achieve audit objectives.

Management System

A set of interrelated or interacting elements of an organization to establish policies and objectives, as well as processes to achieve those objectives. A management system can address a single discipline or several disciplines, e.g. quality management, financial management or environmental management. The management system elements establish the organization’s structure, roles and responsibilities, planning, operation, policies, practices, rules, beliefs, objectives and processes to achieve those objectives. The scope of a management system can include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.

Risk

An effect of uncertainty deviating from the expected. Risk can be positive or negative, is often characterized by reference to potential events, and is often expressed in terms of a combination of: the consequences of an event the likelihood of it occurring.

Opportunity

A set of circumstances that makes it possible to do something, particularly something with a positive effect on the quality and success of a person or organization.

Conformity

Fulfilment of a requirement.

Nonconformity

Non-fulfilment of a requirement.

Competence

Ability to apply knowledge and skills to achieve intended results.

Requirement

Need or expectation that is stated, implied, or obligatory.

Process

A set of interrelated or interacting activities that use inputs to deliver an intended result.

Performance

Measurable result, either qualitative or quantitative, relating to the management of activities, processes, products, services, systems, or organizations.

Effectiveness

The extent to which planned activities are realized and planned results are achieved.

Training and Authorization

All NAL personnel are authorized to be observers, and can participate if approval is given by the audit leader of the audit.

All NAL personnel are authorized to be technical experts in any discipline they have demonstrated competence in and are authorized to perform.

All members of the Quality Management Team are authorized to be auditors and to supervise training of additional auditors. All auditors must be familiar with both the NAL Quality System Manual and ISO 19011:2018 - Guidelines for Auditing Management Systems.

Training and Monitoring for internal audits can be found in the SOP for Internal Audits, and generally consists of successfully completing an audit report for an internal audit compliant with ISO 19011:2018.

Training and Monitoring for external audits can be found in the SOP for External Audits, and generally consists of observing at least one external audit and completing (or assisting the completing of) one or more audit reports compliant with ISO 19011:2018.

Any personnel with competence in both internal audits and external audits is authorized to be an Audit Team Leader.

Additional Information

There is a foreword on ISO Guides available to help readers and writers understand the context and voluntary nature of ISO standards.

Types Of Audits:

1st Party Audit 2nd Party Audit 3rd Party Audit
Internal Audit External Provider Audit Certification and/or Accreditation Audit
Other External 'Interested Party' Audit Statutory, Regulatory, or other 'Compliance' Audit