Audit Plan comments requested

W

Willyboy

#1
Hello,

I'm new to ISO and this site. I was asked to be my employer's IA this past May. I've performed some job watching and manual reviewing. In a month, or maybe less, I need to do a much more "formal" IA. I have drawn up a plan and would appreciate any input. The names have been changed. One Q for sure, should the company president (audit client) actually sign the plan. We are a small division (20 or so employees) of a larger organization (140 or so). I want to do this correctly, but want to be careful about being "too correct" and/or formal.

Thanks.

Audit Plan for the John Doe Corporation (JDC)


Date: 09-08-2009


This audit plan must be reviewed and accepted by the audit client, John Doe, President of The John Doe Corporation, before the audit activities begin.


The time period covered by this audit will be from ____________ to ____________ and will include both the Second Street workshops and the Fifth Street location.


It is expected that this audit will take no longer than two full days, including the audit results preparation and closing meeting to discuss the audit findings.


JDC's representatives will be Snuffy Smith and various members of JDC management.


This internal audit will be performed by Suzie Que, an employee of JDC from the administration department.


Objectives





The objectives of this internal audit are to:
  1. a) meet management priorities and objectives;
    b) verify conformance with contractual requirements with outside customers;
    c) meet statutory and regulatory requirements;
    d) obtain and maintain confidence in the capability of a supplier;
    e) determine the extent of JDC's conformity to its quality management system (QMS);
    f) identify and/or recommend opportunities for the improvement of JDC's QMS;
    g) meet the needs and/or requirements of other interested parties such as external auditors, board of directors, etc.
    h) assist JDC in meeting its goals and requirements for certification and/or compliance to the ISO 19011:2008 standards.
Scope and Criteria


This audit applies to:
a) all clauses of the QMS of JDC;

b) conclusions and/or results of previous internal and external audits;
c) the concerns of interested parties;
d) the daily operations of the JDC workshops and its staff;
e) and any other area that may have an impact on JDC reaching its stated objectives, policies and mission.


Methods used to collect information will include personal interviews, observation of activities and review of documents.


Plan Accepted By: __________________________________


Date: __________________________
 
Elsmar Forum Sponsor
B

brahmaiah

#2
Hello,

I'm new to ISO and this site. I was asked to be my employer's IA this past May. I've performed some job watching and manual reviewing. In a month, or maybe less, I need to do a much more "formal" IA. I have drawn up a plan and would appreciate any input. The names have been changed. One Q for sure, should the company president (audit client) actually sign the plan. We are a small division (20 or so employees) of a larger organization (140 or so). I want to do this correctly, but want to be careful about being "too correct" and/or formal.

Thanks.

Audit Plan for the John Doe Corporation (JDC)


Date: 09-08-2009


This audit plan must be reviewed and accepted by the audit client, John Doe, President of The John Doe Corporation, before the audit activities begin.


The time period covered by this audit will be from ____________ to ____________ and will include both the Second Street workshops and the Fifth Street location.


It is expected that this audit will take no longer than two full days, including the audit results preparation and closing meeting to discuss the audit findings.


JDC's representatives will be Snuffy Smith and various members of JDC management.


This internal audit will be performed by Suzie Que, an employee of JDC from the administration department.


Objectives






The objectives of this internal audit are to:
  1. a) meet management priorities and objectives;
    b) verify conformance with contractual requirements with outside customers;
    c) meet statutory and regulatory requirements;
    d) obtain and maintain confidence in the capability of a supplier;
    e) determine the extent of JDC's conformity to its quality management system (QMS);
    f) identify and/or recommend opportunities for the improvement of JDC's QMS;
    g) meet the needs and/or requirements of other interested parties such as external auditors, board of directors, etc.
    h) assist JDC in meeting its goals and requirements for certification and/or compliance to the ISO 19011:2008 standards.
Scope and Criteria


This audit applies to:
a) all clauses of the QMS of JDC;

b) conclusions and/or results of previous internal and external audits;
c) the concerns of interested parties;
d) the daily operations of the JDC workshops and its staff;
e) and any other area that may have an impact on JDC reaching its stated objectives, policies and mission.


Methods used to collect information will include personal interviews, observation of activities and review of documents.


Plan Accepted By: __________________________________


Date: __________________________
This is not an Audit Plan.It is an audit notification by the boss.
What is required in the standard is an annual audit plan .
V.J.Brahmaiah
 

howste

Thaumaturge
Super Moderator
#4
Hello,

I'm new to ISO and this site. I was asked to be my employer's IA this past May. I've performed some job watching and manual reviewing. In a month, or maybe less, I need to do a much more "formal" IA. I have drawn up a plan and would appreciate any input. The names have been changed. One Q for sure, should the company president (audit client) actually sign the plan. We are a small division (20 or so employees) of a larger organization (140 or so). I want to do this correctly, but want to be careful about being "too correct" and/or formal.

Thanks.
Hi Willyboy, welcome to the Cove! :bigwave:

What are you hoping to accomplish with the audit plan? My first impression is that your plan is definitely too formal. The intent of an audit plan is generally to communicate information about the audit to those involved in the an audit. In my view, the most important things you want to communicate before the audit would be the audit objectives (what are we trying to accomplish) and the scope (what will we audit/not audit). If there are only 20 people at your site, most of what's in your plan might be communicated verbally.

Here's what ISO 19011 says about an audit plan, but it seems for focused on external audits:
ISO 19011 said:
The audit plan should cover the following:
a) the audit objectives;
b) the audit criteria and any reference documents;
c) the audit scope, including identification of the organizational and functional units and processes to be audited;
d) the dates and places where the on-site audit activities are to be conducted;
e) the expected time and duration of on-site audit activities, including meetings with the auditee’s management and audit team meetings;
f) the roles and responsibilities of the audit team members and accompanying persons;
g) the allocation of appropriate resources to critical areas of the audit.
The audit plan should also cover the following, as appropriate:
h) identification of the auditee’s representative for the audit;
i) the working and reporting language of the audit where this is different from the language of the auditor and/or the auditee;
j) the audit report topics;
k) logistic arrangements (travel, on-site facilities, etc.);
l) matters related to confidentiality;
m) any audit follow-up actions.
By the way, Brahmaiah is probably referring to a TS 16949 requirement for an annual internal audit plan. No other standard I'm aware of has a requirement for an annual plan. Please don't let this confuse you if it's irrelevant to your QMS.
 
W

Willyboy

#5
The standard is 19011. I thought that I might be getting too formal. I've already verbally told the president, QA Mgr and others that my IA would go over the items that
I had previously reviewed to see if any corrections were made.

I will also be doing some job watching to see if it matches the work instructions; reviewing corrective and preventive actions; looking at safety issues, etc.

I am going to go through my notes and past audits and make a list of items to follow up.

We have a quarterly management review meeting next week. I will let everyone know again my plans and thoughts for the IA.

Thanks. Any and all comments are appreciated.
 

howste

Thaumaturge
Super Moderator
#6
h) assist JDC in meeting its goals and requirements for certification and/or compliance to the ISO 19011:2008 standards.
The standard is 19011.
I'm a little confused. ISO 19011 is an audit guidance standard, and the latest version is dated 2002. It's not a standard for which certification is available. Is the standard you are using for your quality management system actually ISO 9001:2008?
 
B

brahmaiah

#7
What standard?

Prove it.
"8.2.2 Internal audit

The organization shall conduct internal audits at planned intervals to determine whether the quality
management system

a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to
the quality management system requirements established by the organization, and

b) is effectively implemented and maintained.

An audit programme shall be planned, taking into consideration the status and importance of the processes and
areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods
shall be defined. The selection of auditors and conduct of audits shall ensure objectivity and impartiality of the
audit process. Auditors shall not audit their own work.

A documented procedure shall be established to define the responsibilities and requirements for planning and
conducting audits, establishing records and reporting results.

Records of the audits and their results shall be maintained (see 4.2.4).

The management responsible for the area being audited shall ensure that any necessary corrections and

corrective actions are taken without undue delay to eliminate detected nonconformities "

How are the above highlighted underlined sentences interpreted.How do you define frequency of audit if you donot have an annual audit plan.Are you again giveing an example of a one man company getting a QMS certificate?
V.J.Brahmaiah
 

howste

Thaumaturge
Super Moderator
#8
How do you define frequency of audit if you donot have an annual audit plan.Are you again giveing an example of a one man company getting a QMS certificate?
V.J.Brahmaiah
I'm sure that he's contesting the word annual, not the word plan. In my copy of ISO 9001:2008, which it appears you're quoting, the word annual does not appear. However ISO/TS 16949:2009 does require an annual internal audit plan.
 
B

brahmaiah

#9
I'm sure that he's contesting the word annual, not the word plan. In my copy of ISO 9001:2008, which it appears you're quoting, the word annual does not appear. However ISO/TS 16949:2009 does require an annual internal audit plan.
Well my interpretation is probably because I am a trained TS 16949 LEAD AUDITOR.Some times this overlapping crops in.
Thanks for the clarification.
V.J.Brahmaiah
 
W

Willyboy

#10
Howste, you're right. The standard is 9001:2008, not 19011:2002(E). I have been spending time reading both. You saved me a bit of embarrassment. Thanks.

Actually I've been spending time reading QE 19011S:2004 for guidance in developing the audit.

Upon re-reading, I see that the "plan" can be given verbally to small organizations. We are a division (20 or so employees) of a larger group (around 130-140). There will be about 8-10 people at the Management Review meeting.

My biggest concerns with my original post (plan) were being too formal and not covering the right areas. If I tell everyone next week that I plan to re-audit the manuals, look for back up data, do some more job watching and walk throughs to look at the physical plant for NC's, I'm now thinking that this might cover the bases, but may not be the best way.

I downloaded an Internal Audit Opening Meeting Checklist from this site and it covers the Introduction, Scope, Obj's and Criteria, plus a short summary of how the audit will be undertaken and a review of the audit client's expectations and questions. I need to fill in the blanks.

The above checklist is actually pretty close to what I came up with in my original plan, just not as detailed.

Should the audit client sign off on this? Like I said, we are small and everybody knows each other, but I want to have things proper and professional when we have our external audit this fall.

We are trying first for a "Letter of Compliance", if that is the correct term, before we go for certification.

Like I mentioned in my original post, I'm new at this and have a lot to absorb. Thanks for all the help to everyone posting a reply.
 
Thread starter Similar threads Forum Replies Date
Q Internal audit plan template Internal Auditing 12
D Requirement of Pharmacovigilance (Drug Safety) Risk Based Strategic and Tactical Audit Plan General Auditing Discussions 0
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
M Internal Audit Plan in Retail Internal Auditing 10
E ISO 9001:2015 - Internal Audit Plan Clauses General Auditing Discussions 8
M Medical Device News Health Canada - Medical Device Single Audit Program (MDSAP) Transition Plan Canada Medical Device Regulations 2
L Please review my ISO 9001:2015 Internal Audit Plan Process Audits and Layered Process Audits 7
J AS9100D - Good ways to document an internal audit plan / schedule Internal Auditing 25
J VDA audit, control plan - My hair is almost gone now VDA Standards - Germany's Automotive Standards 5
K Is an annual "audit schedule" the same thing as an audit scope/ audit plan? Internal Auditing 8
A ISO 14001:2015 transition audit - Major NC due to the procedure and audit plan ISO 14001:2015 Specific Discussions 10
Q Internal Audit of a Plan or other document - Closure Plan Internal Auditing 1
D Please share your IATF 16949 Internal Audit Plan and Schedule Internal Auditing 13
M MDSAP Audit Plan - Please share an Audit Plan/Schedule/Agenda ISO 13485:2016 - Medical Device Quality Management Systems 7
W Registrar Practices - Audit Plan with Scope, Dates/Times, etc. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
S Is Audit Plan / Agenda required for Internal Audits? Internal Auditing 2
H Part 147 AMTO Audit Plan example and Audit Report Format wanted EASA and JAA Aviation Standards and Requirements 1
A Developing a ISO 9001:2015 Internal Audit Plan and Schedule Internal Auditing 40
R Vertical Supplier Audit Plan Supplier Quality Assurance and other Supplier Issues 4
Q Effectiveness Plan for CAPA initiated from External Audit US Food and Drug Administration (FDA) 3
F ISO/TS 16949 internal audit scope and annual plan Internal Auditing 2
V Internal Audit using Plan, Do, Check, Act - Way to go? Internal Auditing 11
Q Chrysler required FMEA and Control Plan Document Audit Forms and Process Audit Check FMEA and Control Plans 7
L R2 Certification Internal Audit Plan, Audit Sheet, and Schedule Manufacturing and Related Processes 2
S Internal Audit Plan per Risk Analysis Internal Auditing 5
R Audit Plan MNC (Minor Nonconformance) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
J How to audit a confidential business plan IATF 16949 - Automotive Quality Systems Standard 2
K Is my Internal Audit Plan on the right track? Internal Auditing 0
D ISO 9001 CB Audit - Corrective Action Plan ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
S Observation from BSI Audit of our Internal Audit Plan Internal Auditing 8
S Process Audit Plan Terminology Process Audits and Layered Process Audits 5
I The Beginning of an Audit Programme / Plan Internal Auditing 4
V Seeking Internal Audit Plan form or template Internal Auditing 5
B Creating an Audit Mechanism (System/Plan) General Auditing Discussions 3
K Should Internal Audit Plan be Approved by Top Management? Internal Auditing 19
T TS 16949 Clause 7.5.1.1 - Audit Finding - Control Plan Requirements IATF 16949 - Automotive Quality Systems Standard 11
J AS9100 Rev C Internal Audit Procedure/Plan - Addressing 8.2.2 - Customer Requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
M Will a Business Plan be included in an ISO 9001 Audit? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 22
ScottK Using Customer Audits as part of the Internal Audit Plan for ISO9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
S External Audit Non-Conformance - Control Plan and Inspection Issues IATF 16949 - Automotive Quality Systems Standard 1
S Quality Auditing System - Audit Plan per guidance from ISO 19011 Internal Auditing 8
J AS9100 Rev.B Registrar Audit Plan for Stage 2 Audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
D Flowcharts of Processes Delayed my Internal Audit Plan ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
A Control Plan and Audit Registration - PPAP - Packing Instructions APQP and PPAP 5
T Internal Audit Plan using Oracle GRC (Governance Risk and Compliance) modules Internal Auditing 4
K Annual Internal Audit Plan to Audit Everything? IATF 16949 - Automotive Quality Systems Standard 11
P Work plan to support Internal Audit Programme Internal Auditing 6
M Internal Audit Plan for every Procedure? Internal Auditing 9
Y Preparing an audit plan for ISO 13485, MDD and CMDR for medical imaging company Imported Legacy Blogs 8
T Internal Audit Plan/Schedule wanted Internal Auditing 19

Similar threads

Top Bottom