Audit of the quality of the production environment. Audit of the enterprise quality system. Product quality audit

One of the most important tasks of the quality system is the task of organizing and conducting internal quality checks and analyzing their results. Such checks are a type of control activity called auditing. There are three main types of audits:

· financial audit;

· audit of inventories;

· quality audit.

Together they form a system of control over the main results of the enterprise. The first two types relate to the sphere of economic management and are not considered here.

Audit (verification), in accordance with the definition given in GOST R ISO 9000-2001, is “a systematic, independent analysis and documented process of obtaining audit (verification) evidence and objectively evaluating it in order to determine the degree of fulfillment of agreed audit (verification) criteria. »

A quality audit is carried out to obtain a picture of the operation of the quality system at an enterprise over a certain period of time. The purpose of internal auditing is to collect evidence in the form of “observations” that will identify nonconformities in processes, products and the quality system.

The main objectives of a quality audit are usually the following:

· determine the operation and effectiveness of the quality management system;

· obtain information on how well the quality management system works;

· determine the level of compliance with standards (ISO 9000) and quality management system procedures;

· check the quality of product production or service provision;

· assess the impact of changes in the organization on the quality management system;

· identify possible improvements to the quality management system.

There are three types of quality audits (checks):

· product-oriented audit;

· process-oriented audit;

· audit focused on the quality system.

A product-oriented audit is designed to evaluate the quality of a product (a specified number of finished products). During the audit, the compliance of product quality with consumer requirements, technical specifications, control and technological documentation is interconnectedly analyzed, and a conclusion is made on the effectiveness, feasibility and condition of the documentation. A product-oriented audit therefore goes far beyond product quality control and also covers the relevant elements of the quality system. The main objectives of this type of quality audit are:

· product quality control;

· proof of the stability of the product manufacturing process;

· providing conclusions from the final test results.

A quality system-focused audit is designed to broadly evaluate the effectiveness of the entire quality system. During the audit, the compliance of all instructions (methodological and work instructions, as well as testing instructions, etc.) with the requirements of the regulatory documents taken as a basis is analyzed, as well as the compliance of the quality assurance activities carried out at the enterprise with the requirements at all stages of the product life cycle. The main objectives of a quality system-oriented audit are:

· registration of the actual state of the quality system;

· clear identification of bottlenecks;

· “activating” the correct attitude of enterprise employees to existing regulations.

A process-oriented audit is designed to evaluate the quality of a production method or process. During the audit, the compliance of the quality of the process with work instructions, technological requirements and other regulatory documentation is analyzed, as well as the compliance of the products at the output of the process with technical specifications and consumer requirements. In this case, as well as during a product audit, the effectiveness, feasibility and state of documentation are simultaneously considered and thereby the state of the QS elements in the enterprise is considered. The most important objectives of a process-oriented audit include:

· checking the possibility of compliance with technological parameters;

· documenting process performance and quality parameters;

· identification of process bottlenecks.

In addition, each of the listed types of quality audit can be performed:

· 1st party (internal audit), when an enterprise, based on a set of regulatory documents, checks, for example, its quality system; When conducting internal audits, as a rule, a combination of audits focused on the quality system, processes and products is used; analysis is aimed primarily at processes with failures;

· 2nd party and 3rd party (external audit), when the enterprise analyzes the quality system used by the supplier (2nd party audit) or an independent third party checks the enterprise for compliance with the existing and subject to agreement set of regulatory documents.

A third party audit can be carried out both at supplier enterprises on behalf of the consumer enterprise, and at the enterprise on its behalf. A 3rd party audit usually ends with either the development of an audit brief, the development of an audit report, or the issuance of a certificate (if the 3rd party is a certification body). 3rd party audits should not:

· lead to a shift of responsibility for meeting quality requirements from the enterprise personnel to the audit firm;

· lead to expansion of the functions of the quality system beyond the limits necessary to achieve the intended quality indicators.

10.2. Regulatory requirements for quality audit

The GOST R ISO 9000-2001 standard does not consider the entire range of control activities at the enterprise. As a minimum requirement, the standard requires the supplier to establish and maintain documented procedures for planning and conducting internal quality audits to verify that quality activities and associated results conform to planned activities and to determine the effectiveness of the quality system. An approximate quality circle for the internal quality audit process is shown in Figure 10.1.

Internal quality audits should be planned based on the status and importance of the various activities to be audited. They should be carried out by personnel not directly responsible for the activity being audited. The results of inspections must be recorded and brought to the attention of the personnel responsible for the inspected area of work. Managers responsible for this area must promptly implement corrective actions for deficiencies identified during the inspection process.

Rice. 10.1. Approximate circle of internal audit process quality

Post-audit activities should monitor and record the implementation and effectiveness of corrective actions taken. The results of internal quality audits form part of the input data for management review.

10.3. Audit technology

The audit process usually includes three main stages:

· preliminary verification of documentation;

· on-site inspection;

· Preparation of an audit report.

System documentation for quality assurance is verified in its entirety whenever possible. In addition, the results of previous audits are analyzed. Previous audit reports are reviewed. The main attention is paid not only to deviations, but also to the provided corrective actions and notes on their implementation.

Along with a general check of quality assurance measures based on selected individual documents and departments, a targeted, in-depth check is carried out using a sample scheme. On-site testing usually includes:

· an introductory conversation, which is usually conducted by the lead auditor; during this conversation, the goals and objectives of the audit are explained to all employees of the department; already during the introductory conversation and preliminary check of documentation, certain documents and elements are selected for more detailed consideration during the audit;

· audit conversations with individual employees (surveys), usually at their workplaces; during their course, assumptions made when working with documents are checked and objects for random checks are identified; audit questions are asked, as a rule, on the basis of checklists (“questionnaires”); Clear speech, generally understandable formulations, explanations and explanatory questions help to remove the uncertainty of the participants and eliminate difficulties in mutual understanding. In order to avoid misunderstandings, it is recommended to repeat the interviewee’s answers in your own words, especially in cases where the answer reveals a deviation from the required state;

· random checks, during which the data of audit interviews and the results of a preliminary study of documents are checked; if during audit conversations and spot checks a so-called critical deviation is identified, the audit is terminated;

· final conversation, during which the main results of the audit are summed up; it is carried out by the chief auditor; during it, the justification for the assessments of deviations is given; At the end of the conversation, a report on deviations is signed by the chief auditor and the person responsible for the audit from this unit (enterprise).

During the on-site review, as well as throughout the audit, it is important to avoid premature conclusions. It often happens that ambiguities are cleared up in a subsequent conversation with the responsible employee. An assessment can only be made after the completion of the on-site inspection; the assessment must be explained during the final conversation.

The survey result must be confirmed by a practical test (inspection). On-site testing can always only be carried out on a random basis. During the audit, auditors determine the existence and scope of relevant regulations and rules, as well as the degree of compliance with them. Contradictions discovered during the audit must be identified, recorded and considered by the auditor.

Any quality system audit is carried out on the basis of “objective” documentation:

· card file of recipients of orders, certificates of receipt and cover letters;

· stamps of control services on documentation, their endorsement, appropriate markings;

· statements, lists, etc.

As a rule, this check can only be carried out on site and only selectively. The depth and scope of the review should be determined by the audit team leader in each case in a manner that provides evidence of compliance with the required condition (e.g., quality assurance methods, standards, work instructions) or, if deviations are identified, a determination of their significance and scope.

In addition to random documentation checks, other types of random checks are possible, for example:

· a specific batch of material is selected and during the audit, all work and changes associated with it are checked, starting from the selection of a supplier, issuing an order, incoming control, labeling and up to the issuance and use of material and documentation;

· a specific drawing is selected and all work related to this drawing is checked, starting from execution and verification, making changes and up to distribution and exchange between design and engineering departments;

· a measuring device is selected, used in production or in the testing department, against which the verification system is checked from start to finish.

This type of spot check is also important. In this case, the numbers of documentation, batches of material, measuring instruments, drawings, parts and assemblies, etc. are recorded. and the inspection includes all relevant quality assurance instructions, work instructions, specifications and test documentation.

The report is the result of the work of a team of auditors, so its preparation should be approached carefully. It reflects all stages of the audit - both preliminary work with documents and on-site inspections. When working with documents you must:

· record all checked pages or sections of quality system documents (handbook, methodological and work instructions);

· record the results of document verification;

· clearly record deviations and, if necessary, quote an excerpt from the text;

· draw up a report on deviations;

· if necessary, write down proposals for activities to improve matters.

Based on the results of on-site inspections:

· clearly record deviations and, if necessary, quote the audit protocol;

· assess deviations;

· If necessary, write down suggestions for improving work.

A good system of provisions and clearly stated checklist questions leave relatively little room for the auditor to make subjective decisions. This is intentional. Only what is actually detected can be considered a deviation. It is not allowed to make general conclusions, or additionally introduce personal or prospective requirements by the auditor.

It is necessary to distinguish between “random” and “systematic” deviations. In controversial cases, sampling should be expanded by checking similar elements of the quality assurance system in other organizational units. It is not the number of deviations that is decisive, but their significance for quality assurance. Minor deviations should appear in the report only if they could not be eliminated directly on site together with local responsible employees.

When assessing deviations, it is necessary to take into account their type, significance, frequency of occurrence and impact on quality assurance. For issues rated “unacceptable,” auditors are required to issue variance reports. Such reports must be signed by the person responsible for the audit from this unit (enterprise).

After conducting the on-site inspection, the auditor prepares a report. In the report, the auditor must present:

· audit participants;

· description of deviations;

· assessment of deviations;

· if necessary, provide proposals for corrective measures;

The sections “description of deviations” and “assessment of deviations” can be given in abbreviated form. In this case, the appendices to the report are:

· checklist (“questionnaire”);

· audit protocols;

· list of deviations.

Documents developed before the start of the audit include:

· audit plan, it indicates the name of the types of activities being audited, the qualifications of the auditors, the basis for the audit (scheduled or unscheduled audit, etc.), the procedure for reporting the audit results;

· audit program, it contains a list of quality system documents and additional documents that the auditor must check (for example, a quality handbook, methodological and work instructions, enterprise standards (STP) and drawings, technical specifications, test documentation, etc. ); a list of departments in which on-site inspection is carried out is given, indicating the time of inspection and information on the accompanying person;

· checklists that formulate the main list of questions for conducting audit interviews.

The documents that are developed during the audit include:

· protocols of audit conversations, in which the auditor records the place and time of the audit, data of the audited; element of the enterprise's activity being verified; results of interviews and examinations. You can record all the specified data in checklists;

· deviation protocols, which provide an assessment in the spirit of an audit of the detected deviations and, in some cases, provide the reasons for the nonconformities (when conducting a product- or process-oriented audit); compiled on the basis of protocols of audit interviews, reports of work experience, verification of corrective measures;

· audit report, in which the auditor records the actual state, identified deviations and their causes; considers the significance of deviations (assessment); in some cases gives conclusions and suggestions for improving the existing situation.

10.4. Auditor Tools

When conducting an audit, the auditor uses a checklist (checklist), and mainly uses personal experience and his qualifications.

One of the main methods of an auditor’s work is a survey. The auditor conducts the survey during the audit conversation - one of the stages of the audit. The effectiveness of the survey is largely determined by the questions that the auditor asks, so he prepares a list of such questions - a checklist - in advance. For audit firms, such checklists are essential.

At the same time, for the auditor, the checklist is not a dogma, but a guide to action, since if it is followed literally, there is a danger of an uncritical approach and formalism. Therefore, in the checklist, the auditor forms survey topics in the form of abstracts, and asks detailed questions as necessary. Auditing practice shows that:

· questions must be formulated quite clearly and unambiguously, they must be targeted, not involving evaluation;

· questions that can be answered “yes” or “no” are not informative, so they should be avoided (ask “open” questions rather than “closed” ones);

· there should be no trap questions or questions of an inquisitorial nature;

· questions should avoid hints at personal characteristics;

· technical details should be obtained only to the extent necessary for the assessment of processes and work operations; the auditor’s results that go beyond his competence cannot be used for an objective report, since they are partly based on assumptions;

· correctly formulated questions force the auditee to turn to his own knowledge about the things under consideration, and not to information already available to the auditor;

· questionnaires serve as a guide and guideline for conducting an audit; a questionnaire is not a dogma, but a guide to action.

The personal experience and qualifications of the auditor play an important role. Both the audit technique and the types of activities that the auditor can check depend on them.

The correct selection of audit team members is important. The success of an audit largely depends on the communication skills of all participants, which, depending on the psychological properties of the participants, are more or less susceptible to influence by auditors. In this regard, a special role is assigned to the head of the audit team, whose tasks for the department (company) being assessed include:

· conducting an introductory conversation;

· coordination of the audit;

· presentation of the audit results in the final conversation.

This requires the ability to conduct conversations with employees at various functional levels of the enterprise (customer), for example:

during the introductory and final conversation during an audit by the 2nd or 3rd party - with representatives of the board and heads of the quality department;

during the audit - with foremen, specialist workers, etc.

At the same time, he must always remember that this is not about persons, but about business. Therefore, all questions during the audit, as well as all statements on decisions made, must be asked or made in a businesslike and firm manner, but at the same time always in a spirit of positive cooperation. The auditor must be completely clear:

· about possible communication partners;

· the purpose of the audit;

· about external influencing factors during the audit (about the environment);

· about the concept of conducting an audit.

Managing often means helping others succeed, and this is especially true for an auditor! In this day and age, the audit leadership style must be collaborative rather than hierarchical or authoritarian. It must be aimed at achieving consensus and must be communicative. In other words, during the audit one must avoid orders, accusations, and one must not indulge in endless debates. Of course, during the conversation, the auditor must make it clear that he is in authority. But this power should be understood as the ability to persuade others.

Conversation and his ability to conduct a conversation are of decisive importance for the auditor. Therefore, he must be able to speak! His acquired specialized knowledge determines what he has to say, but how the conversation is conducted is decisive.

File1.doc

Section 1. INTRODUCTION.

Concept of quality audit.

“Auditor et altera pars” (Latin proverb, which can be translated into Russian as: “you need to listen to the other side”).

The word "audit" is derived from the Latin word "audire" - to listen. As you know, in many cases it is difficult to listen to your interlocutor without constantly interrupting him.

Quality audit is a permanent mechanism for monitoring the “health state” of the QMS.

First, let's get acquainted with the parable of the walrus who did not like bad news. The training of auditors in courses developed by the American Society for Quality Control (ASQC) began with this parable.

“Well, how are things going there?” - a large walrus croaked from his highest rookery on a high rock. He was waiting for good news.

Below, young walruses were conferring. Things weren't so good and they didn't want to go to the old man with bad news. He barked at them more than once.

“What should I tell him?” - thought Basil. The water has dropped, there is no such herring catch, we need to change the rookery. Telling the truth will cause anger?

They didn’t dare tell the truth: “Things are going great, boss!”

The next day everything happened again. They again did not tell him the truth, but said that a new herd of walruses had appeared, which fed on small change.

Then they said that they got rid of the sick and old.

Gradually all the walruses left for a new herd.

And finally, when the old walrus was left alone, he was very surprised and could not even roar: “Why? Everything was so good!”

Morality: What you like to hear is not always what you should know.

Everyone is familiar with the saying “Trust, but verify.” Its Arabic equivalent is: “Trust in Allah, but tie your camel.”

Even a very well-developed system and the strong determination of participants to avoid fatigue cannot hide the fact that theory and practice diverge under certain circumstances.

The purpose of Quality Audits is to verify the effectiveness of management programs implemented by management. The success of an audit largely depends on the ability and willingness of both parties (the auditee and the auditor) to meet each other halfway.

^ 1.2 Quality Audit Philosophy – Preventing Problems Before They Form .

And where there are problems, it is of particular importance:

Early detection of the problem;

Its depth;

Finding its root cause;

Leading the management program to prevent problems;

Their identification;

Preventing relapses.

Problems related to quality give rise to consumer dissatisfaction, decreased profits, and deterioration of the moral and psychological climate in the team.

A quality audit provides fact-based feedback to management, enabling them to make informed decisions. The first purpose of a Quality Audit is to be beneficial for the organization being audited:

For example:

The product is suitable for its intended purpose;

Instructions are valid and applied, etc.

^ 1.3.Terms and definitions.

Audit(verification): A systematic, independent and documented process of obtaining audit evidence and evaluating it objectively to determine the extent to which agreed audit criteria have been met.

^ Audit criteria: A set of policies, procedures, or requirements.

Audit Evidence: Records, statements of fact, or other information that are relevant to audit criteria and can be verified.

^ Audit findings (observations): The result of evaluating the collected audit evidence against audit criteria.

Conclusion based on the audit results: The audit output provided by the engagement team after considering the audit objectives and all audit findings.

^ Audit customer: The organization or person who ordered the audit.

Inspected organization: The organization being audited.

Auditor (expert): A person competent to conduct an audit.

^ Audit group (commission): One or more auditors conducting the audit, supported by technical experts if necessary.

Technical Expert: A person who provides the engagement team with knowledge or experience on a specialized issue.

^ Audit program: A set of one or more audits planned for a specific period of time and aimed at achieving a specific goal.

^ Audit Plan: Description of audit activities and measures.

Audit Scope: Contents and boundaries of the audit.

Competence: Demonstrated personal qualities and demonstrated ability to apply knowledge and skills.

Section 2. SCOPE, PRINCIPLES OF CONDUCTING QUALITY AUDITS

^ 2.1.Types of audits

Audits are divided into three types:

Product quality audit – is intended to determine whether the actual indicators of its quality correspond to the specified ones. Product audits are carried out at various stages of production.
Process audit – designed to assess the compliance of the process with established requirements.
Quality system audit – designed to evaluate the system against established requirements, as well as assess its effectiveness and efficiency.

^ 2.1.1 System audit – the requirement is realized: quality assurance affects everyone, this is the most labor-intensive and cumbersome process. Can be external and internal. The purpose of a system audit is to determine whether the QMS is functioning, assessing the ability to supply products or services that meet customer requirements.

The system audit is carried out in order to:

Check the appropriateness, compliance and effectiveness of all measures of the quality system as a whole;

Check the completeness of the quality system documentation;

Confirm compliance with the requirements of your own quality system or specified regulatory documents;

Find organizational or other shortcomings and determine measures to eliminate them;

Check implementation of corrective actions.

Scope: all divisions and areas of activity of the organization. A prerequisite is the presence of a clearly defined quality system in the organization, as well as a stated intention to comply with the requirements of a certain regulatory document.

^ 2.1.2 Process audit:

Less extensive than a system audit;

Targets one or more processes;

External or internal;

Less planning scope;

Useful for improving a specific process;

Less formal;

Conducted in less time.

Purpose of process audit:

Assessing the effectiveness of quality measures during the implementation of a certain process;

Confirmation of the ability to provide the required level of quality or identification of measures to correct existing deficiencies.

The basis for carrying out are:

Documents for the implementation, verification and testing of the process;

Installations;

Personnel qualifications.

Scope: - manufacturing process to be checked.

The process audit is carried out in order to:

Determine the ability of the process to provide the required level of quality;

Determine the required quality attributes for process quality; - systematically supplement process control.

This applies to a greater extent to the so-called “special processes”, which are characterized by the fact that it is impossible to measure the quality directly at the moment of the process (for example: welding, hardening, casting, painting, etc.)

With the help of a process audit, quality assurance capabilities are determined, it is clarified whether “production” can be controlled and whether all process parameters and the most important influencing factors are known. Process quality can be ensured using direct or indirect process parameters (for example, in spot welding, control of the welding pulse).

^ 2.1.3 Product audit – evaluation of the final product. Can be conducted internally: at the loading dock, pre-shipment, or across operations. Outside: at the consumer. If carried out by third parties, it can cause damage (anti-advertising). You need to find the problem before someone else does it for you!!

Purpose of product audit:

Assessing the effectiveness of quality assurance measures for specific products;

Confirmation of product quality or determination of necessary corrective measures.

Basis for carrying out:

Appropriate instructions on quality assurance methods;

Relevant documents for testing/manufacturing, processes (manufacturing).

Scope:

Controlled products.

Product audits are carried out in order to:

Determine the quality level;

Ensure the established level of quality;

Determine the required measures for adequate product quality;

Check the delivered products;

Determine the capabilities of the testing laboratory;

Determine the feasibility of testing.

^ 2.1.4 Audits can be internal or external .

Internal audit at the initiative of the organization in order to evaluate its work. It can be carried out either in-house or with the involvement of third-party auditors. Internal audit is being considered like audit 1 Ouch sides(on your own initiative and for yourself).

External audit (External audit) is an audit conducted by the company and aimed at an external source (supplier). Conducted by representatives of the organization or third-party auditors. The organization sends its auditors to the supplier. External audit is considered as an audit, held second side(or as an audit conducted on behalf of the first party - the organization at the second party - the supplier).

^ Third party audit . When an external organization, without being involved in any business of this organization, is engaged to conduct an audit, this is considered as a 3rd party audit or an independent audit, which can be internal or external. A third party is contracted on behalf of the first to audit its own activities or the activities of the second party, subject to the consent of the latter, depending on the objectives of the audit.

^ The organization may :

Enter into an agreement with recognized third-party audit specialists to evaluate its quality system from an independent point of view;

Enter into an agreement with a third party to conduct an audit of suppliers (with their consent) or require that the supplier order an audit of a third party, in order to objectively assess its activities, or for certification for compliance with a national or international standard;

Use third party auditing for the purpose of training and competence of its auditors;

The goal is to obtain a certificate of compliance with ISO standards. In this case, the third party conducting the audit must be registered.

^ 2.1.5 Special Purpose Audits.

General audit matrix.

Audit name	process	products	system
Audit to assess conformity	ABOUT	ABOUT	ABOUT
Audit of the organization's activities	ABOUT	ABOUT	X
External audit	ABOUT	ABOUT	X
Imposed (external) audit	ABOUT	ABOUT	X
Full-scale audit	ABOUT	ABOUT	X
Informal audit	ABOUT	ABOUT	ABOUT
Internal audit	ABOUT	ABOUT	ABOUT
Audit of management activities	ABOUT	ABOUT	X
Pre-contract examination	ABOUT	ABOUT	X
Audit of procedures	ABOUT	N.A.	X
Process audit	ABOUT	N.A.	N.A.
Product audit	N.A.	X	N.A.
Quality audit	ABOUT	ABOUT	X
Quality Assurance Program Evaluation	ABOUT	ABOUT	X
Self-audit	ABOUT	ABOUT	ABOUT
Supplier audit	ABOUT	ABOUT	ABOUT
Systems audit	N.A.	N.A.	X
Third party audit	ABOUT	ABOUT	ABOUT
Unannounced audit	ABOUT	ABOUT	ABOUT

Designations:

O – normal type of audit

X – audit can be of this type

NA – no audit

^ Audit to assess conformity – to confirm that a system, process or product does or does not comply with pre-established contract requirements, agreements, procedures. Example: Audit of compliance with ISO 9001 standards.

^ Audit of procedures– a form of audit for conformity assessment, which is aimed at checking documents and formalized procedures.

Assessment –

Revision of the system– if quality declines or significant changes in management.

^ Pre-contract examination – the goal is to assess the capabilities of a potential supplier.

Type	An object	Form
Imposed from outside	Your own organization	External
Seller survey	Provider	External
Pre-contract examination	Potential supplier	External
System audit (survey of the activities of the organization and its management)	Thorough inspection of the QMS and its compliance with the requirements	Internal or external
Assessment	More limited in depth than a system audit	Internal or external
Estimate	The effectiveness of a total quality program. Often conducted by a third party	Internal or external
Conformity assessment (quality system assessment)	Confirmation of the effectiveness of the QMS (on a small scale it can be carried out as a process or product audit)	Internal or external
Full audit (from start to finish)	The entire organization or the entire cycle of product creation from the beginning of design to decommissioning (a very lengthy and expensive process).	Internal or external

An audit is only a random check and has all its pros and cons.

^ 2.2.Principles of conducting audits.

Strict adherence to audit principles is the basis for maintaining and improving management/

The principles of auditing make auditing an effective and reliable method of supporting management and control policies, providing information on which the organization can improve its performance, and are a prerequisite for objective audit conclusions.

The audit principles include:

A) ethical behavior(ethical conduct) is the basis of professionalism.

Responsibility, integrity, ability to maintain secrecy and prudence are essential in an audit;

B) impartiality(fair presentation) - the obligation to present truthful and accurate reports.

Audit findings, audit opinions and records reflect the audit activities truthfully and accurately. Unresolved problems or disagreements between the audit team and the audited organization are reflected in reports (acts);

IN) professional diligence(due professional care) - diligence and ability to make the right decisions when conducting an audit.

The professional discretion of auditors is commensurate with the importance of the assignment and the trust placed in them by clients and other interested parties. An important factor is the required competence;

G ) independence(independence) - the basis for the impartiality and objectivity of conclusions based on the audit results.

Auditors are independent in their activities and free from bias and conflicts of interest. Auditors maintain an objective opinion throughout the audit process to ensure that findings and conclusions are based solely on audit evidence;

D) evidence-based approach(evidence-based approach) is a sound basis for achieving reliable and reproducible audit conclusions in a systematic audit process.

Audit evidence is based on samples of existing information because the audit is carried out over a limited period of time and with limited resources. The appropriate use of samples is closely related to the confidence placed in audit conclusions.

Section 3. AUDIT PROGRAM MANAGEMENT.

^ 3.1 General provisions

Depending on the size, type of activity and complexity of the organization being audited, the audit program may include one or more audits. These audits may have different purposes and may include joint or comprehensive audits.

The audit program also includes the activities necessary to plan and organize the specified number and type of audits and provide them with the resources necessary to conduct the audits efficiently and effectively within the specified time frame.

An organization may have several audit programs in place. Such a document is part of the planning process and it should be developed both for the business year and for a longer term (3 - 5 years) and approved by the relevant managers. The audit program must indicate the timing of repeat audits.

The audit program includes the following:

A) a number of internal audits of the organization’s system conducted this year;

B) second-party audits of management systems of potential suppliers of “critical” products, carried out within 6 months;

C) certification/registration audits and surveillance audits conducted by the environmental management system certification/registration body as a third party, within a time period agreed between the certification body and the customer.

The audit program also includes planning, provision of resources, development of procedures for conducting audits within the scope of the program.

An approximate form of the Program document is shown in the figure:

I affirm:

Supervisor_________________

_____________________________

Audit program ______________________ for 200__

(name of company)

No. item	Name of audit, organization	Date (month)	Mark on the implementation
1	Primary audit of the Quality Management System for compliance with the GOST R ISO 9001-2001 LRQA standard	March
2	Conducting an audit for compliance with specifications…….products by the certification body GOST R…	JUNE

Compiled by:_______________________________

Responsible for management

Audit program:______________________

If the organization being audited has both quality and environmental management systems in place, it is possible that the audit program will include a comprehensive audit. Particular attention must be paid to the competence of the audit team.

In a joint audit, two or more auditing organizations cooperate under the program. In this case, it is necessary to pay special attention to the division of responsibilities and provision of additional resources. Audit teams must have additional competencies and appropriate procedures. These issues need to be agreed upon before the start of the audit.

The organization's senior management must provide authority to manage the audit program.

Those responsible for managing the audit program should:

A) define, implement, monitor, review and improve audit programs;

B) determine and provide the program with the necessary resources.

A flow chart of the audit program management process is shown in Figure 1.

Figure 1 - Sequence of audit program management processes

1 Figure 1 illustrates the application of the PDCA (Plan-Do-Check-Act) cycle.

2 Numbers in parentheses indicate the relevant clause or section of this standard.

^ 3.2 Objectives and scope of the audit program

3.2.1 Objectives of the audit program

In order to plan and conduct audits, it is necessary to define the objectives of audit programs.

To determine goals, you need to consider:

A) management priorities;

B) commercial intentions;

B) requirements of the management system;

D) legal requirements, regulatory requirements and contractual requirements;

D) the need to evaluate the supplier;

E) consumer requirements;

G) needs of interested parties;

I) risks of the organization.

^ Examples of objectives of various audit programs:

A) ensuring compliance with the requirements for certification of the management system for compliance with the standard;

B) checking compliance with contract requirements;

C) obtaining and maintaining confidence in the supplier's capabilities;

D) assistance in improving the management system.

^ 3.2.2 Scope of the audit program

The scope of the audit program is influenced by the size, type of activity, complexity of the structure of the organization being audited, as well as:

A) the scope, objectives and duration of each audit performed;

B) frequency of audits performed;

C) the number, importance, complexity, degree of similarity, location of units to be audited;

D) standards, legal, regulatory and contractual requirements and other audit criteria;

E) accreditation or registration/certification needs;

E) conclusions based on the results of previous audits or analysis of the results of previous audit programs;

G) any problems related to language, culture or social issues;

I) opinions of interested parties;

K) significant changes in the organization or its activities.

^ 3.3. Responsibility for the audit program, resources and procedures

3.3.1. Responsibility for the audit program

Responsibility for managing the audit program rests with one or more individuals who have a general understanding of the principles of auditing, the competence of the auditor and the application of auditing techniques. These individuals must also have management skills, technical and economic knowledge in the area that will be tested.

Those responsible for managing the audit program should:

A) determine the objectives and scope of the audit program;

B) define responsibilities and procedures, and ensure that necessary resources are provided;

C) implement an audit program;

D) maintain records of the audit program;

E) monitor, analyze and improve the audit program.

^ 3.3.2 Resources for the audit program

When determining resources for the audit program, the following should be considered:

A) financial resources for the development, implementation, management and improvement of audit activities;

B) methods of conducting audits;

B) processes for achieving and maintaining competence and improving the performance of auditors;

D) the availability of auditors and technical experts with the competencies required to achieve the specific objectives of the audit program;

D) scope of the audit program;

E) travel time of auditors, accommodation and other needs for conducting an audit.

^ 3.3.3. Audit program procedures

Audit program procedures include:

A) planning and drawing up audit schedules;

B) ensuring the competence of auditors and audit team leaders;

C) selection of appropriate audit teams and distribution of roles and responsibilities;

D) conducting audits;

E) taking actions based on the audit results, if required;

E) maintaining records of the audit program;

G) monitoring performance indicators of the audit program;

I) reporting to senior management on all work done under the audit program.

For small businesses, the mentioned activity can be performed as a single procedure.

^ 3.4.Implementation of the audit program, records of the audit program.

The implementation of the audit program includes:

A) communicating the audit program to the parties involved;

B) coordinating and scheduling audits and other activities related to the audit program;

C) establishing and maintaining a process for assessing auditors and their continuous professional development in accordance with subclauses 7.6 and 7.5, respectively;

D) formation of audit teams;

E) providing necessary resources to audit teams;

E) conducting audits in accordance with the audit program;

G) management of audit records;

I) analysis and approval of audit reports and their distribution to audit clients and interested parties;

J) actions based on audit results, if required.

Records from the audit program should include:

A) records associated with individual audits:

Audit plans,

Audit reports (acts),

Nonconformity reports,

Reports on corrective and preventive actions,

Audit action reports, if required;

B) results of analysis of the audit program;

C) records of personnel involved in the audit:

Assessing the competence of the auditor and his activities,

Selecting an audit team

Maintaining and increasing competence.

Records must be stored and properly protected.

^ 3.5. Monitoring and reviewing the audit program

The implementation of the audit program should be monitored and, at certain intervals, the achievement of objectives and the identification of opportunities for improvement of the program should be reviewed. The results of the analysis should be reported to senior management.

Performance indicators should be used to monitor the following characteristics:

The ability of the audit team to implement the audit plan;

Compliance with audit programs and schedules;

Feedback from audit clients, audited organizations and auditors.

The review of the audit program should cover:

A) monitoring results and established trends;

B) compliance with procedures;

C) identifying the needs and expectations of stakeholders;

D) records from the audit program;

D) alternative or new techniques in the field of auditing;

E) consistency of actions of audit teams in similar situations.

The results of the audit program review can lead to corrective and preventive actions and improvements to the audit program.

External audit

External audit is carried out by organizations external to the enterprise - the customer of the product or, for example, a certification body. In this case, when the audit is carried out by the customer of the product, it is called a second party audit

The following forms of second party audit are practiced:

full audit for compliance with a specific standard,

partial audit relating to any aspect of the enterprise’s activities,

auxiliary audit carried out by the customer in the presence of several applicants for a contract,

* audit of compliance with contract requirements.

An external audit conducted by an organization independent of the enterprise and the customer is called a third-party audit. This type of audit is used for certification.

Of the types of quality audit considered, the highest degree of confirmation is provided by a third-party audit, which is determined by its scale, depth and higher qualifications of the specialists conducting it.

Conducting an external audit of an enterprise’s quality system from a procedural and methodological point of view is not fundamentally different from conducting an internal audit. But nevertheless, it is necessary to take into account certain distinctive features of the external audit, due to its specifics.

An external audit is always neutral in relation to the audited enterprise, since the specialists performing it do not work at this enterprise, but came either from the customer or from an independent organization (“third party”). Because of this, the conclusions of external experts, not influenced by local factors and customs, are more objective. At the same time, an external audit of a quality system has not only advantages but also disadvantages compared to an internal one, as can be seen from a comparison of its “pros” and “cons.”

External audit, unlike internal audit, is carried out only upon application. The enterprise, acting as the customer of the external audit, itself determines the goals of the audit and the document for compliance with which the audit should be carried out. The external audit program differs from the internal audit program by the mandatory indication of the audit language and the guarantee of confidentiality.

The participants in the quality system audit according to ISO 10011-1 are: the customer, the audited organization or audited unit, the auditor and the chief auditor.

Customer (client) -- the person or organization commissioned by whom the audit is carried out.

Table 1 - Advantages and disadvantages of external audit

Advantages

Flaws

1. Higher than with internal

audit, the level of objectivity of the conclusion, due to the impartiality of external auditors

2. Higher than with internal

audit, the efficiency of auditors, due to strict time frames

3. It’s easier to withstand criticism from others than criticism from your own employee.

4. External auditors are usually well-trained specialists, otherwise they will lose their jobs

5. Audit results can be used to advertise the enterprise

6. The audit results can be demonstrated to more than just one customer.

7. Audit costs can be more accurately determined than with internal audit

1. 1 Ignorance by external auditors of the production features of the audited enterprise

2. 2 Prejudice of employees of the audited enterprise towards auditors as outsiders

3. Lack of information from external auditors

formations about specific ways of communication at the audited enterprise

4. Ignorance by external auditors of non-

formal leaders of the audited enterprise

5.5 Confidential information cannot be used in the audit report

6. Lack of time during the audit, limiting the possibility of a more detailed examination of the system

7. Dependence of the work of external auditors on overtime work of employees of the audited enterprise

8. Selectivity of the audit, excluding

possibility of a full inspection of the quality system

The customer can be:

* an organization wishing to audit its own quality system for compliance with a certain standard,

a consumer who wants to audit the supplier’s quality system with the help of their own specialists or third party specialists,

an independent organization authorized to determine whether the quality system provides adequate management of the products or services provided (such as food, medicine, nuclear energy),

an independent organization accredited to conduct an audit with the aim of including the audited organization in the official register.

The audited (inspected) organization or the audited (inspected) unit is the organization or unit where the audit is carried out.

An auditor is a specialist qualified to audit a quality system. It should be noted that a quality system auditor is not just a specialist, but a specialist capable of analyzing and assessing such objects in the field of quality that cannot be directly measured. It is this ability that distinguishes an auditor, for example, from a specialist in a technical control service.

An auditor who is an employee of an enterprise is usually called an internal auditor. In contrast, an external auditor is an employee of a third-party (specialized or interested) organization. There are certain differences in the job functions of these auditors. So, for example, an external auditor should only record the inconsistencies he discovers, and the internal auditor, in addition, should also participate in the analysis of the causes of the identified inconsistencies and the development of measures to eliminate them.

The auditor appointed to direct the audit is the chief auditor, (if the audit is carried out by one auditor, then he performs the functions of the chief auditor).

The chief auditor has full responsibility for all stages of the audit. He must be competent and experienced in the field of overall quality management, and must also have the authority to make final decisions in controversial situations arising during the audit.

The interaction diagram of quality system audit participants is shown in Figure 2

Figure 2 - Scheme of interaction between quality system audit participants

Features of internal audit of quality management systems

Internal audit of the management system is one of the key processes of the management system. According to Western experts, if such management system processes as:

* management responsibility;

* corrective and preventive actions;

* internal audits (inspections);

* data analysis;

* constant improvement

are debugged and implemented in accordance with the requirements of the standard, then all other processes of the quality management system and environmental management system will not only work, but also be constantly improved.

During an internal audit, the compliance of activities in the organization’s management system with the requirements of certain documents is checked. Moreover, during the period of preparation of the management system for certification, internal audit is carried out for compliance with the requirements of the standard (for example, ISO 9001, ISO 14001) and other ISO standards (for example, ISO 19011). However, from the moment of certification of the management system, internal audit is carried out for compliance with the approved documents of the management system (Quality Policy and Objectives, Quality Manual, documented procedures and lower-level documents).

Internal audit of the management system allows you to solve the following tasks:

* confirmation of compliance of activities and their results in the management system with established requirements;

* analysis and elimination of the causes of identified inconsistencies;

* preventing the occurrence of quality problems;

* confirmation of implementation of corrective actions;

* assessment of the effectiveness of the functioning management system;

* establishing the degree of staff understanding of goals, objectives and requirements,

established by management system documents;

* identifying ways to further improve the quality management system and the environmental management system as a whole and in its individual processes.

There are three types of quality audit: product quality audit, process quality audit, quality system audit.

1) Product quality audit - quantitative assessment of compliance with established product quality indicators. A product audit can be carried out on its own and focus on one or more types of products. This type of audit is focused on the consumer (conducted from his point of view). It may be carried out by at least one auditor, but may require a large group of auditors. Product audit can be performed:

from the middle, i.e. within the enterprise, when the results of a technological process are considered, when each product is considered as an input material for the next process (or internal consumer);

from the outside, while the product audit can be carried out either at the materials supplier, or at the customer, or with the participation of the end consumer.

2) Process quality audit - analysis of process elements, assessment of its completeness and possible effectiveness. During the audit of the entire process, a certain time is allocated to the product audit. Such an audit is aimed at the results that are obtained as a result of the process. A significant and important part of the quality system audit is devoted to this type of audit. An independent process audit is the most common and convenient, one that brings the fastest and best results. The reason is that the supplier is more likely to accept the need for changes in a specific process than to deal with deep control system problems that affect the outcome of the system audit.

Process audit:

- less broad than a system audit;
- as usual, it is aimed at one or more specific processes of production;
- requires less planning than a system audit;
- can be very useful in improving the process being considered;
- less formal than a system audit;
- can be completed in a time from one hour to two days.

This type of audit verifies compliance with standards, methods, procedures, or other requirements.

3) Quality system audit is a documented activity that is carried out to obtain objective evidence that the elements of the quality system that are applied meet it, that it is developed, documented and effectively used in accordance with specific requirements. A system audit is aimed at the entire quality assurance system as a result of management activities, and thus includes a process audit. So, this is the most time-consuming type of audit. As usual, it lasts from two to five days. It is carried out in order to find out, on the basis of objective evidence, how the quality management system and plans of the organization are implemented and whether they meet the set of requirements placed on them.