G
Gul_Dukat
Dear All I am hoping you can give me some pointers for a good process effectivity approach to systems audit.
I am currently preparing to carry out a systems audit on our Risk Management approach, ultimately against the requirements of AS9100 Revision C but also against our umbrella company's own risk management model. The aim of the audit is to clearly show the senior management board where we need to improve and give some idea of the standard and maturity of risk management approach, planning, realisation that we should be aiming for.
Having written previous versions of our QMS (I have now moved to lead the audit team rather than writing QMS) I am reasonably aware of what sort of risk management approach we currently have, what is good about it, how contiguous it is and where the gaps are, but I need help on the best way to present it.
I have looked at a turtle diagram approach but I don't think this could constitute the whole audit: after all I will need to write a report to management, surely the turtle diagram would only be a part of that? Should I create an "ideal turtle" and then compare the evidence I find to this, or should I create an "actual turtle" and compare that to ideal requirements? In your experience does completing the turtle diagram itself, clearly identify gaps and (non) compliance?
Any experience you can share would be very helpful. Thanks
I am currently preparing to carry out a systems audit on our Risk Management approach, ultimately against the requirements of AS9100 Revision C but also against our umbrella company's own risk management model. The aim of the audit is to clearly show the senior management board where we need to improve and give some idea of the standard and maturity of risk management approach, planning, realisation that we should be aiming for.
Having written previous versions of our QMS (I have now moved to lead the audit team rather than writing QMS) I am reasonably aware of what sort of risk management approach we currently have, what is good about it, how contiguous it is and where the gaps are, but I need help on the best way to present it.
I have looked at a turtle diagram approach but I don't think this could constitute the whole audit: after all I will need to write a report to management, surely the turtle diagram would only be a part of that? Should I create an "ideal turtle" and then compare the evidence I find to this, or should I create an "actual turtle" and compare that to ideal requirements? In your experience does completing the turtle diagram itself, clearly identify gaps and (non) compliance?
Any experience you can share would be very helpful. Thanks