Auditing Human Resources and Finance Departments

M

mohamedaboalbanat

#1
Dear all,

i need you help, is there have to ask Human resources and fininca dept related to their activities organization structures and financially performance files though QMS internal audit 9001- 2008 and take a cop as evidences or not, in case of dept auditee refused to give and this is not allowed, i take major NC or what can i do, as well as we need the standard check list for those dept.
 
Elsmar Forum Sponsor

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#2
Good day mohamedaboalbanat,

If functions are similar between your organization and those I am accustomed to auditing in the U.S., Human Resource functions are auditable for their contribution in resourcing personnel. Organizational needs are identified and usually listed in a job description, then HR searches for candidates and participates in the hiring process.

Finance is usually not included in my ISO 9001 audits, and indeed the accounting documents could be kept away from the auditor. However, the organization's resourcing functions are auditable under 6.1 and management is responsible to provide adequate resourcing as per 5.1 (e). How such needs are identified, prioritized and fulfilled is indeed auditable but it could be done via an audit of management review.

I hope this helps!
 

dsanabria

Quite Involved in Discussions
#3
Dear all,

i need you help, is there have to ask Human resources and fininca dept related to their activities organization structures and financially performance files though QMS internal audit 9001- 2008 and take a cop as evidences or not, in case of dept auditee refused to give and this is not allowed, i take major NC or what can i do, as well as we need the standard check list for those dept.
First - it looks like you asked for how to audit 2 areas - Human Resources and Finance.


When auditing human resources look at the following items:

What to look for

Consideration by the organization of:
? competencies required by personnel performing work which affects quality
? personnel already performing the work have the required competencies
? what additional competencies are required
? how these additional competencies are to be obtained ? training of personnel (external or internal), theoretical or practical training, hiring of new competent personnel, assignment of existing competent personnel to different work
? training, hiring or reassigning personnel?
? reviewing the effectiveness of actions taken to satisfy competence needs
? periodically reviewing competence of personnel
? a specific training or information for new employee regarding quality:
- at company level
- at shop-floor level
? if commercial airworthiness requirements, people in charge of airworthiness release are aware of regulatory requirements

What to look for

Examples of objective evidence:
? discussions with top management to ensure they understand the importance of identifying the competencies required
? people competencies taken into account in risk analysis process
? competence requirements included in contract documents where the activities of subcontractors can have an impact on processes and/or product quality characteristics
? review of job descriptions, responsibilities and authorities, including education and training requirements
? training records and plan (status of the current year and of the previous year)
? competence matrix or some other method to understand competency requirements for processes or sub-processes
? nonconformity records, audit reports, customer complaints related to competence problems/ issues, e.g., training/instruction is the corrective action
? certification records (e.g., NDT, repair, auditors, authorized signatories, ...)


NOTE: Most company have the same information in each department to avoid coming in contact with sensitive information from employees. If it is duplicated then clarify it in your procedures, this way HR is not audited.




The second part of your question deals with finance department:

the first item that you need to do is develop a process map with emphasis on documents from receiving of material / product that goes to finance.
and you will do the following:


? how record formats are identified and controlled, including record ID?s
? retention times and conditions including the storage area
? who is responsible for storage of records
? are records legible
? filing of records
? destruction

you could also ask some basic question:

? Ask for electronic versus paper records
? How long are records kept regarding the statutory, regulatory and customer?s requirements?
? Is the method for controlling records of supplier?s part of the documented procedure?
? How are records communicated to the supplier, e.g., in supplier contracts?
? Existence of samples on retrieval, based on the retention requirements?


NOTE: Most company have copies of those records in the Quality department or in electronic format to avoid entering the finance department and observing sensitive information. So, clarify that process that finance department has the same information as the Quality department and it does not need to be audit - since it is duplicated.


Hope this helps :popcorn:
 

John Broomfield

Staff member
Super Moderator
#4
Dear all,

i need you help, is there have to ask Human resources and fininca dept related to their activities organization structures and financially performance files though QMS internal audit 9001- 2008 and take a cop as evidences or not, in case of dept auditee refused to give and this is not allowed, i take major NC or what can i do, as well as we need the standard check list for those dept.
mohamed,

Your organization is meant to be operating a process-based management system to conform to ISO 9001.

You do not say what your audit objective is. But let's say it is to determine effectiveness (of course, effectiveness includes conformity).

You could, therefore, focus your auditing on the planning, operation, monitoring and control of the following processes that are usually owned by these two departments:

Human Resources:

A. Recruiting employees (with the potential to become competent - 6.2)
B. Training employees (for competence - 6.2)

Accounting

C. Managing accounts receivable (for prompt receipt of customer payments - see 6.1)
D. Managing accounts payable (for prompt payment for conforming services and materials - see 7.4 and 8.3)

Other processes may be owned by these departments or they may have a part to play in other processes so you could sample these too.

Make sure you determine the objectives of these processes (see 4.1c) and test the understanding of those who work these processes. That provides the basis for gathering evidence of effectiveness and what the auditee is doing to deliver effectiveness during planning, operation, monitoring and control.

Lastly, as auditor try to see the process through the eyes and minds of those responsible for monitoring their processes (see 8.2.3). This reinforces the fact that the auditee should not be waiting for the auditor before improving anything.

Be prepared for push back if during the development of the management system these processes were not determined (see 4.1a) as being essential to the success of the organization in serving its customers.

John
 
T

t.PoN

#5
Let me take a wild guess:

The HR doesn't want to be audited so you wouldn't have a look at other employees salaries.

My suggestion is to clearly identify the scope of audit.

Agree at the scope of audit and what is the purpose of audit then send it to the HR department. if you don't want to look at employees paycheck, then they have no reason to refuse.

A good practice I've seen is that The financial auditors usually accompany the quality auditors at these department.
There is no limit for financial auditors, they have access to every record and every salary.
You can ask them for help to look at these records and audit what you want.

You can give them an audit trace
 

drgnrider

Quite Involved in Discussions
#6
Our HR keeps training records separate from the other confidential documents. when we ask for these records an HR representative is the one who rummages through the file and pulls the requested document.
 

John Broomfield

Staff member
Super Moderator
#7
Our HR keeps training records separate from the other confidential documents. when we ask for these records an HR representative is the one who rummages through the file and pulls the requested document.
drgnrider,

I agree, that's the way to it.

No reason for an auditor to rummage through confidential records.

Happy Christmas,

John
 

normzone

Trusted Information Resource
#8
Another bookmark added to my Elsmar Cove folder - while this is all old news to me it's so nicely summarized that I can use it to assist my internal auditors.

I sure hope this place remains viable - I rely on it.
 
Thread starter Similar threads Forum Replies Date
D Auditing Human Resources (ISO 9001) Internal Auditing 11
I Auditing HR (Human Resources) Processes Process Audits and Layered Process Audits 7
Raffy Auditing Human Resources and Daycare General Auditing Discussions 14
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
cscalise Suggestions for MDR Auditing tools EU Medical Device Regulations 1
J Auditing of Support Function IATF 16949 - Automotive Quality Systems Standard 9
D ISO 13485, FDA 21 CFR 820 and Auditing the Accounting Department ISO 13485:2016 - Medical Device Quality Management Systems 5
S Risk based internal auditing Internal Auditing 6
Randy Remote auditing (for disaster, disease, disturbance etc...) during the Neo Coronavirus Pandemic and Social Distancing Registrars and Notified Bodies 4
K ANVISA B-GMP Auditing requirements for Contract Manufacturers Other Medical Device Regulations World-Wide 0
F AS9100D Internal auditing requirements Internal Auditing 3
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
G Best Practices for IT auditing - Is a session-id necessary for a complete audit trail? IEC 27001 - Information Security Management Systems (ISMS) 0
I Questions to ask when auditing for Organizational Leadership and Planning for the QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C CE marking for general IVD (self-certified) & ISO 13485 QMS requirements - auditing EU Medical Device Regulations 6
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 3
tony s What is the automotive process approach for auditing? IATF 16949 - Automotive Quality Systems Standard 2
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
R I've been auditing for a CB for 18 years General Auditing Discussions 10
P Consultant Auditing Qualifications Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 144
M We still have not received our certificate due to a 'backlog' with our auditing body Registrars and Notified Bodies 25
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
A Agenda for 8D audit on Supplier's side - Auditing Corrective Actions General Auditing Discussions 5
U Internal auditing - Company employees or contract second party Internal Auditing 10
J Recomended Values - Auditing process in a supplier IATF 16949 - Automotive Quality Systems Standard 18
M Canada - Registrars that allow e-auditing for ISO 9001? Registrars and Notified Bodies 4
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
supadrai Auditing Organization dragging their heels on issuing our MDSAP Surveillance Audit Confirmation Letter - everyone is nervous ... are we the only ones? Canada Medical Device Regulations 7
Ed Panek Supplier Auditing - No purchases from our key suppliers in the last 24 months ISO 13485:2016 - Medical Device Quality Management Systems 5
P Auditing "process validation" process 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
Q Effective Auditing advice needed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
M Acceptance of remote auditing techniques - Can you help me with my research? General Auditing Discussions 0
GStough Auditing Against Criteria Unfamiliar to Auditee - Yea or Nay? General Auditing Discussions 11
Q Auditing Product and Services doubts ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
R Auditing support and management processes General Auditing Discussions 7
F It is acceptable moving remote locations staff to manufacturing plant for auditing? IATF 16949 - Automotive Quality Systems Standard 3
D MSDS / GHS Walk-through / Auditing Occupational Health & Safety Management Standards 6
Pmarszal Supplier Auditing Services (Audit Needed?) General Auditing Discussions 4
S ISO 9001 Audit Observations - Transitioning my career into auditing Career and Occupation Discussions 16
G AS9101 Rev F - Worksheets for internal auditing AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 11
N API Q2 clause 6.2.2.1 Auditing Outsourced Suppliers Oil and Gas Industry Standards and Regulations 5
M Auditing processes followed by employees placed on client's site Internal Auditing 4
S ISO 13485:2016 and MDSAP internal auditing ISO 13485:2016 - Medical Device Quality Management Systems 6
M Auditing a Contractor in EMS and Non Conformity Report General Auditing Discussions 1
Richard Regalado ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013) IEC 27001 - Information Security Management Systems (ISMS) 7
S ISO 9001:2015 - Internal Auditing - Audit to the Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Similar threads


















































Top Bottom