Auditing Procedure
A.8j | Effective Date : 01/06/2024 |
||
1.0 |
PURPOSE |
||
1.1 |
This procedure defines the conduct and reporting of:
|
||
a. | Stage 1 Audits of Client’s Management System. The purpose of these visits is to ensure that the client has an assessable system, and to prepare a plan for the initial Assessment (Stage 2 Audit). |
||
b. | Stage 2 Audit of Client's Management System. The purpose of the Stage 2 audit is to evaluate the implementation, including effectiveness, of the client‘s management system. |
||
c. | Visits to the client's premises to examine corrective action applied to CARs graded as Major. |
||
d. | Surveillance Audits, so that the continuing validity of certifications may be verified, and any significant changes or additions to the Client's System are assessed for compliance with the assessment criteria. |
||
2.0 |
SCOPE |
||
2.1 |
This procedure is applicable to : |
||
a. |
Stage 1 Audits which must be carried out prior to all Initial Assessments Stage 2 Audit. An exception to this is for Clients who are transferring from another Certification Body. The Director - Technical may authorise other situations that may warrant the waiving of Stage 2 audit. |
||
b. |
all Stage 2 audits and Triennial / Recertification Audits. |
||
c. |
Corrective Action visits becomes necessary whenever CARs graded as Major are raised during an Assessment, a Surveillance Audit or are still outstanding after an earlier CA visit. This procedure also covers special visits to examine relevant parts of the system in the event of notification of significant changes or where a complaint or other source of information indicates that the Client’s system may not be complying with the criteria. |
||
d. |
all Surveillance Audits, held at least annually, but usually six monthly between assessments, including planning for triennial assessments. |
||
3.0 |
DEFINITIONS & ABBREVIATIONS |
||||||||||||||
3.1 |
QMSI |
QMS International Certifications Pty Ltd |
|||||||||||||
3.2 |
DT |
Director - Technical |
|||||||||||||
3.3 |
DO |
Director - Operations |
|||||||||||||
3.4 |
CAR |
Corrective Action Request |
|||||||||||||
3.5 |
QMS |
Quality Management System |
|||||||||||||
3.6 |
CA |
Corrective Action |
|||||||||||||
3.7 |
SA |
Surveillance Audit |
|||||||||||||
3.8 |
Audit Team Leader |
The leader of an audit team. |
|||||||||||||
3.9 |
Audit plan |
Description of the activities and arrangements for an audit |
|||||||||||||
3.10 |
Non-conformity |
A failure to meet a requirement of the management system standard or the organization's documented management system. |
|||||||||||||
3.10.1 |
Major Non-conformity |
| |||||||||||||
3.10.2 |
Minor Non-conformity |
|
|||||||||||||
3.11 |
Audit Evidence |
Records, statements of fact or other information, which are relevant to the procedures or requirements being audited and which, are verifiable. |
|||||||||||||
3.12 |
Guide |
Person appointed by the client to assist the audit team. |
|||||||||||||
3.13 |
Observer |
Person who accompanied the audit team but does not audit. |
|||||||||||||
3.14 |
Technical Area |
Area characterized by commonalities of processes relavant to a specific type of management system. |
|||||||||||||
3.15 |
HACCP Study |
A HACCP Study corresponds to a hazard analysis for a family of products/services with similar hazards and similar production technology and, where relevant, similar storage technology. |
|||||||||||||
3.16 |
OH&S |
Occupational Health & Safety |
|||||||||||||
4.0 |
DETAILS OF PROCEDURE |
|
||||||||||||||||||||||||
S.No. |
Action |
Responsibility |
||||||||||||||||||||||||
4.1 |
Stage 1 Audit |
|
||||||||||||||||||||||||
4.1.1 |
Attend the client's facilities at the agreed time, with relevant audit forms for the visit. |
Auditor |
||||||||||||||||||||||||
4.1.2 |
The visit shall begin with a meeting with senior management, or just the Management Representative. This meeting must include a brief explanation of the assessment process and reporting, as well as a clear statement of the purpose of the visit and how it will proceed. During this meeting the QMSI procedures should be presented and explained to the client. |
Auditor |
||||||||||||||||||||||||
4.1.3 |
At the end of the meeting, and before or after a brief tour, ask the client to give an outline of the company and its Management System. This will lead into an assessment of the Organisation and Responsibility section of the standard and the client's Policy documents. |
Auditor |
||||||||||||||||||||||||
4.1.4 |
Audit the client’s management system documentation as per the checkpoints identified in (F.16) ‘Stage 1 Audit Report’. |
Auditor |
||||||||||||||||||||||||
4.1.5 |
Evaluate the client’s location and site-specific conditions and to undertake discussions with the client’s personnel to determine the preparedness for the Stage 2 Audit. |
Auditor |
||||||||||||||||||||||||
4.1.6 |
The above will be considered without regard for the actual practices of the client; i.e. the assessor should not audit the implementation, except in the case of internal document control. Any deficiencies found should be discussed with the client to ensure validity and understanding and then detailed on (F.16). |
Auditor |
||||||||||||||||||||||||
4.1.7 |
Review the client’s status and understanding regarding requirements of the standard, in particular with respect to the identification of processes, environmental aspects, occupational & food safety hazards, their key performance indicators and objectives. |
Auditor |
||||||||||||||||||||||||
4.1.8 |
Collect and confirm necessary information about scope (FSMS - Ensure that Scope shall include the activities, processes, products or services and production site(s) that are included in the FSMS), location(s), no.of employees, no. of shifts, product/environment/OH&S/FSMS related statutory & regulatory requirements and their compliance, exclusions, consultant, contact person, contact numbers, outsourced processes, key production and service provision processes. |
Auditor |
||||||||||||||||||||||||
4.1.9 |
FSMS Stage 1 Audit – Again an understanding of the organization’s FSMS and the organization’s state of preparedness for Stage 2 by reviewing the extent to which:
If an organization has implemented an externally developed elements of a FSMS,
|
Auditor |
||||||||||||||||||||||||
4.1.10 | Review the allocation of resources for Stage 2 Audit and agree with the clients on the details of the Stage 2 Audit. |
Auditor |
||||||||||||||||||||||||
4.1.11 |
Gain a sufficient understanding of the client's management system and site operations with a view to develop an effective audit plan for Stage 2 Audit. Develop a Plan for plan for the on-site evaluation of temporary sites including where applicable- i) a representative sample of high complexity temporary sites; and ii) a representative sample of medium complexity temporary sites; and iii) if only low complexity temporary sites exist, then a representative sample of low complexity temporary sites. |
Auditor |
||||||||||||||||||||||||
4.1.12 |
Check whether internal audits and management review are being planned and performed and adequate evidence available on the maturity of system implementation which support client’s readiness for the conduct of Stage 2 Audit. |
Auditor |
||||||||||||||||||||||||
4.1.13 |
Coordinate with other team members and incorporate their findings and finalize ‘Stage 1 Audit Report’ (F.16) identifying any areas of concern that could be classified as nonconformity during Stage 2 Audit. Take client’s sign on F.16 as a mark of their acceptance of audit report contents including documented conclusions with regard to fulfilment of the stage 1 objectives and readiness for Stage 2 audit. Finalise the tentative date(s) for Stage 2 audit with client, in determining the date gave consideration to time required by client to resolve areas of concern identified in Stage 1 audit. |
Audit Team Leader |
||||||||||||||||||||||||
4.1.14 |
Forward audit report to QMSI. |
Auditor |
||||||||||||||||||||||||
4.1.15 |
Review and approve any changes (audit man-days, location etc.) in its arrangements for Stage 2 and arrange updation of database. If any significant changes, which would impact the management system occur, consider the need to repeat all or part of Stage 1. Inform the client that the results of Stage 1 may lead to postponement or cancellation of Stage 2 |
Certification Supervisor |
||||||||||||||||||||||||
4.2 |
Stage 2 Audit / Triennial or Recertification Audit |
|
||||||||||||||||||||||||
4.2.1 |
Client to contact the Audit Team Leader or QMSI indicating readiness for Stage 2 Audit. |
Client |
||||||||||||||||||||||||
4.2.2 |
Review file, including Stage 1 Audit Report. Ensure that responses to Stage 1 Audit findings have been reviewed and accepted by Stage 1 Audit Team Leader. In the event this has not been done and the Stage 1 Audit Team Leader is no longer in the company, the newly appointed Audit Team Leader shall review the responses. |
Audit Team Leader |
||||||||||||||||||||||||
4.2.3 |
Select the entire assessment team in consultation with Lead Assessor as per Sec.9.1 of Management Manual. Ensure that the interval between Stage 1 and the Stage 2 audits is sufficient to ensure that any area of concern identified during Stage 1 audit can be resolved. |
TM |
||||||||||||||||||||||||
4.2.4 | While finalizing audit plan in consultation with Director - Technical and audit team, ensure that each team member is assigned responsibility for auditing specific processes, functions, sites, areas or activities taking into account the need for competence, and the effective and efficient use of the audit team, as well as different roles and responsibilities of auditors, auditors-in-training and technical experts. Changes to the work assignments ‘Audit Plan’ may be made as the audit progresses to ensure achievement of the audit objectives. |
Audit Team Leader |
||||||||||||||||||||||||
4.2.5 |
Ensure that an audit notice along with audit plan is prepared and sent to the client for acceptance and the assessors (as a formal appointment) for carrying out the assessment. The team leader shall also be sent Stage 1 Audit Report (F.16). |
Office Executive (Operations) |
||||||||||||||||||||||||
4.2.6 |
The Triennial assessment planning shall include a review of the past performance of the client which shall be taken into consideration in preparing the plan. The plan must ensure that the assessment is comprehensive enough to verify:
|
Audit Team Leader and QMSI to ensure |
||||||||||||||||||||||||
4.2.7 |
Prepare work documents (checklists, audit sampling plans etc.) as necessary for reference and for recording audit proceedings. Conduct audit team meeting, review audit plan and make changes if necessary. |
Audit Team Leader & Audit Team |
||||||||||||||||||||||||
4.2.8 |
Conduct and Chair Opening Meeting with the Clients’s management and, where appropriate, with those responsible for the functions of processes to be audited. Purpose of this meeting is to provide a short explanation of how the audit activities will be undertaken. The degree of details will be consistent with the familiarity of the client with the audit process and will cover the following points:
|
Do |
||||||||||||||||||||||||
4.2.9 |
A brief tour of the facility may be appropriate at the end of the meeting, as well as a brief private team meeting to instruct the other team members regarding the Style of the audit and peculiarities of the Client’s System. Where the audit of a particular activity on site requires specific competence, the team leader assigns the audit team member personnel accordingly. |
Audit Team Leader |
||||||||||||||||||||||||
4.2.10 |
The assessment shall then proceed as per the program. Audit findings summarizing conformity and detailing nonconformity and its supporting audit evidence shall be recorded in Assessor Notes and/or Corrective Action Request to enable an informed certification decision to be made or certification to be maintained. Discuss nonconformity with the client to ensure that they understand the problem and have opportunity to offer more evidence of compliance. A CAR shall be recorded against a specific requirement of the audit criteria and should be worded adequately, identifying in detail the objective evidence on which the nonconformity is based. At the end of discussions with a particular person all deficiencies shall be recapped, so that they (and the guide) will know what to expect as CARs the next morning or the Audit Closing meeting, whichever is appropriate? Do not give prescriptive advice or consultancy while explaining the audit findings and / or clarifying the requirements of ISO 9001/ISO 14001/ISO 45001/ISO 22000 standard. Also don’t suggest cause of nonconformities or their solution. Gradings should not be discussed, unless it is definitely a Major. ‘Opportunities for improvement or Observations’ may be identified and recorded in Assessor Notes, however, ensure that nonconformities are not recorded as ‘Opportunities for improvement or Observations’. |
Audit Team |
||||||||||||||||||||||||
4.2.11 |
During these audits auditor(s) spends majority of audit time to conduct interviews, observe processes and activities and review documentations & records to obtain information (audit evidence) relevant to the audit objectives, scope and criteria (including information relating to interfaces between functions, activities and processes) by appropriate sampling to:
|
Audit Team |
||||||||||||||||||||||||
4.2.12 |
During the audit, periodically assess audit progress and exchange information. Audit Team Leader shall reassign work as needed between the audit team members. A meeting shall be held at the beginning of each day by the team to discuss findings of the previous day and for the team leader to countersign all CARs raised. Then a meeting is held with the client inwhich the CARs are presented for signing, and the plan is reviewed. Resolve any diverging opinions between the audit team and the client concerning audit evidence or findings, and record unresolved points. |
Audit Team & Audit Team Leader |
||||||||||||||||||||||||
4.2.13 |
As the assessment progresses, consider CARs outstanding from previous SA visits and process them as appropriate. Areas of concerns identified during the Stage 1 shall either be noted as closed, or detailed on CARs by the assessors. The team leader shall ensure that all Stage 1 concerns are considered in this manner prior to preparing the report. |
Audit Team |
||||||||||||||||||||||||
4.2.14 |
Record details of audit evidence in ‘Assessor Notes’ (F.23). Notes should include: (i) area audited (ii) client representative (iii) procedures referred to (iv) management system standard requirements (clause number) (v) details of samples selected and (vi)sufficient comments to demonstrate the means of determining conformity or nonconformity with the specified requirements for each of the sites within the scope of the audit. Submit these ‘Assessor Notes’ to the Audit Team Leader. |
Audit Team |
||||||||||||||||||||||||
4.2.15 |
Where the available audit evidence indicates that the audit objectives are unattainable or suggests the presence of an immediate and significant risk (e.g.safety)/ threat to EMS/OHS, immediately report this to the client and, if possible, to QMSI to determine appropriate action. Such action may include reconfirmation or modification of the audit plan, changes to the audit objectives or audit scope, or termination of the audit until the risk is removed or significantly reduced. Report the outcome of the action taken to QMSI. |
Audit Team Leader |
||||||||||||||||||||||||
4.2.16 |
Review with the client any need for changes to the audit scope which becomes apparent as on-site auditing activities progress and report this to QMSI. |
Audit Team Leader |
||||||||||||||||||||||||
4.2.17 | Put great emphasis in determining the maturity of internal auditing and management review processes, as these are absolutely mandatory for achieving desired results out of implemented management system. |
Audit Team |
||||||||||||||||||||||||
4.2.18 | Also ensure that the client’s management system and performance are legally compliant based on the demonstrated implementation of the system and not rely on the planned or expected results. If non-compliant issues are identified, raise these issues as CAR and immediately communicate to the client's management/relevant personnel. |
Audit Team |
||||||||||||||||||||||||
4.2.19 |
When all items on the Plan have been assessed, the team shall come together to raise CARs from the last day, and to complete ‘Stage 2 Audit Report ‘(F.17). Identify positive as well as negative comments relating to the effectiveness of the organization’s management system with clear statements of conformity or nonconformity. Audit team will:
Request client to acknowledge the contents of Audit Report and CAR (F.14). |
Audit Team |
||||||||||||||||||||||||
4.2.20 |
The Audit Report shall clearly state the recommendation for approval or otherwise and point out that it is subject to review by QMSI management. OH&SMS - Any organization failing to demonstrate their initial or ongoing commitment to legal compliance, shall not be recommended for certification or continuation to be certified as meeting the requirements of an OH&SMS. Where the organization may not be in legal compliance, it shall be able to demonstrate it has activated an implementation plan to achieve full compliance within a declared date, supported by a documented agreement with the regulator, wherever possible for the different national conditions. The successful implementation of this plan shall be considered as a priority within the OH&SMS. |
Audit Team Leader |
||||||||||||||||||||||||
4.2.21 |
A Surveillance Audit Plan shall be completed for all sites of a multi-site Client. |
Audit Team Leader |
||||||||||||||||||||||||
4.2.22 |
Decide to hold a special Corrective Action visit in maximum three months time to clear up significant numbers of CARs, or if some element such as Internal Audit is not considered terribly reliable, and needs closer scrutiny, or where a CAR poses an immediate threat to EMS/OHS. The reasons for such a visit shall be clearly explained to the client. |
Audit Team Leader |
||||||||||||||||||||||||
4.2.23 |
Generally Minor CAR’s must be closed out before the next surveillance audit or they will escalate to a Major CAR. In the case of recertification, all CARs must be closed out prior to the expiration of the current certificate. |
Audit Team |
||||||||||||||||||||||||
4.2.24 |
The Closing Meeting shall be held with the client’s management and, where appropriate, those responsible for the functions or processes audited. OHSMS - Request the representative of organisation to invite the management legally responsible for OH&S, personnel responsible for monitoring employees' health and the employees' representative(s) with responsibility for OH&S to attend the closing meeting. Justification in case of absence shall be recorded on the Attendance Sheet. The purpose of the closing meeting, conducted by the lead assessor, is to present the audit conclusions, including the recommendation regarding certification. During closing meeting following elements will be discussed, however degree of details will be consistent with the familiarity of the client with the audit process:
|
Audit Team Leader |
||||||||||||||||||||||||
4.3 |
Corrective Action Visits |
|
||||||||||||||||||||||||
4.3.1 |
Conducting large, formal Opening Meeting is not necessary, unless the client requests one. However the visit shall begin with a discussion with at least the client’s MR, to review the CARs and to construct an informal plan for the visit. Any entire elements of the system which have been set for re-assessment should be programmed first. Issues relating to the reason for a special visit shall be treated as CARs or areas requiring re-assessment. |
Auditor |
||||||||||||||||||||||||
4.3.2 |
Examine objective evidence relating to each CAR to establish whether the CAR can be downgraded or closed, record the verification results on ‘Corrective Action Plan’ (F.15). CARs relating to re-assessed areas shall be closed or downgraded (if appropriate) before leaving the area. Raise new CARs if and when appropriate. |
Auditor |
||||||||||||||||||||||||
4.3.3 |
If time runs short before examining all CARs, elect to postpone examination of some Minor CARs until the next Surveillance Audit. However, all Major CARs must be reviewed during the visit. |
Auditor |
||||||||||||||||||||||||
4.3.4 |
At the end of the visit present any new CARs for signing by the client and complete audit report F.19. |
Auditor |
||||||||||||||||||||||||
4.3.5 |
Follow step 4.2.20 to 4.2.25. |
Auditor |
||||||||||||||||||||||||
4.4 |
Surveillance Audits |
|
||||||||||||||||||||||||
4.4.1 |
The frequency of Surveillance Audits is defined in the contract, and usually occurs annually (plus or minus one month), but must be held no more than twelve months between visits (no tolerance). If this is exceeded without suspension or withdrawal, the Director - Technical – QMS must explain and record the reasons why the approval has not been suspended or withdrawn. |
Director - Technical |
||||||||||||||||||||||||
4.4.2 |
At least one week prior to the visit, contact the client and the assessor to verbally confirm or adjust the visit date and time. Once these have been agreed they shall be sent in writing (mail or fax) to both the client and assessor along with Audit Plan. |
Director - Operations |
||||||||||||||||||||||||
4.4.3 |
Arrange to send following original documents to the appointed auditor:
|
Office Administrator |
||||||||||||||||||||||||
4.4.4 |
Prepare working documents (checklists, audit sampling plans, etc.) as necessary for reference and for recording audit proceedings. |
Auditor |
||||||||||||||||||||||||
4.4.5 |
Conduct Opening Meeting as per 4.2.8 above. |
Auditor |
||||||||||||||||||||||||
4.4.6 |
If there are any significant changes to the system (eg. Purchasing now computerised), those areas shall be assessed prior to auditing the areas identified on the SA Plan. If time becomes restrictive, the following priority order shall apply:-
|
Auditor |
||||||||||||||||||||||||
4.4.7 |
During audit, evaluate effectiveness of the management system: a) with regard to achieving the objectives established by the concerned client and b) in fulfilling requirements between recertification audits. |
Auditor |
||||||||||||||||||||||||
4.4.8 |
Raise CAR’s as appropriate and complete ‘Surveillance Audit Report’ (F.19). |
Auditor |
||||||||||||||||||||||||
4.4.9 |
In case of multi site organization, carry out audit on these sites/temporary sites as per 3 Years Audit Programme(F.32) [prepared during Contract Review as per ‘Certification of Multi-site Organization’ (A.11)] and generate following records – Attendance, CARs (F.14) & Assessor Notes (F.23). Arrange to send these documents to Lead Auditor before the audit at Central Office for inclusion in consolidated ‘Surveillance Audit Report’ (F.19). |
Auditor |
||||||||||||||||||||||||
4.4.10 | Follow step 4.2.8 to 4.2.25. |
Auditor |
||||||||||||||||||||||||
4.5 | Audit Reports |
|||||||||||||||||||||||||
4.5.1 | QMSI provides a written report to client for each audit. QMSI don’t suggest cause of nonconformities or their solution. Ownership of the audit report lies with QMSI. |
Audit Team Leader | ||||||||||||||||||||||||
4.5.2 | Audit team leader is responsible for the audit report and its content. Ensure that report is accurate, concise and clear to enable an informed certification decision be made. Following audit reports formats are used for different type of audits in addition to Audit Plan (F.12), Corrective Action Request (F.14) & Corrective Action Plan (F.15):
|
|||||||||||||||||||||||||
4.5.3 |
|
|||||||||||||||||||||||||
4.6 |
Instructions for Technical Experts |
|
||||||||||||||||||||||||
4.6.1 | Provide technical advice to auditors including advice on sector specific terminology, technical characteristics of processes and products and sector-specific processes and practices. Work under direction and close co-operation with competent auditor, but shall not perform an independent auditing function. |
Technical Experts | ||||||||||||||||||||||||
4.7 | Monitor / Evaluate and submit report on performance of Technical Expert(s). Use ‘Technical Expert Performance Review Form’ F.3 for recording the performance. |
Audit Team Leader | ||||||||||||||||||||||||
4.8 | Observers and guides |
|||||||||||||||||||||||||
4.8.1 | Ensure that observers, if any, do not influence or interfere in the audit process or outcome of the audit. |
Audit Team | ||||||||||||||||||||||||
4.8.2 | Ensure that each auditor is accompanied by a guide, unless otherwise agreed with the client. |
Audit Team Leader | ||||||||||||||||||||||||
4.8.3 | Ensure that guides, do not influence or interfere in the audit process or the outcome of the audit. Responsibilities of a guide can include:
|
Audit Team | ||||||||||||||||||||||||
4.9.1 | If a member of the audit team, in their professional judgement, discovers a breach of an Act of Parliament, or a contravention of a regulatory requirement, they should immediately brought it to the notice of Director - Technical. |
Audit Team Member | ||||||||||||||||||||||||
4.9.2 | Raise a non-conformity within maximum 3 days of receiving this information and urgently communicate to client for urgent action. |
Director - Technical | ||||||||||||||||||||||||