Practical Audit Tools Session 2: Auditor Competence, Audit Planning, & Audit Reporting Jim Lamar Quality Manager, Saint-Gobain NorPro 12 October 2017
Practical Audit Tools
Session 2:
Auditor Competence, Audit Planning, & Audit Reporting
Jim Lamar
Quality Manager, Saint-Gobain NorPro
12 October 2017
Quality @ Saint Gobain NorPro
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
• Saint-Gobain – very large French conglomerate, founded in 1665 (over 350 years old!)
• NorPro – a very small subsidiary of SG
• Catalytic Products – a business element of NorPro– Located in Bryan, TX
– Producing ceramic carriers for the chemical industry
– When you drink out of a PET water bottle or wear polyester clothing odds are that the Ethylene Oxide that made the MEG that made the PET was made in a reactor using a catalyst made from our carriers.
The tools we’ll look at today are
generalized versions of the ones
used at NorPro.
Today’s Topics
• Process Approach (a Powerpoint picture)
• Audit Conduct (a Word Checklist)
• Audit Planning
• Auditor Competency (an Excel workbook)
• Audit Reporting
3 preformatted tools to help you document your audit
process performance effectively and efficiently
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
• Process Flowchart and Checklist covered in 1st half of this extended session
• Auditor Competency, Planning, and Reporting covered in 2nd half.
Audit Planning / Reporting Tool
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
One tool – three provisions:
1. Tracking of auditor qualification &
experience
2. Planning for the audit (who, what, when &
where)
3. Reporting the audit findings
We’ll take a look at each of these pieces separately
Auditor Qualification
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
ISO 19011:2011 Clause 7 Competence and evaluation of
auditors contains several pages dedicated to this topic!
Here’s a snippet of specific interest:
7.2.4 Achieving auditor competence
Auditor knowledge and skills can be acquired using a combination of the
following:
– formal education/training and experience that contribute to the development of
knowledge and skills in the management system discipline and sector the auditor
intends to audit;
– training programmes that cover generic auditor knowledge and skills;
– experience in a relevant technical, managerial or professional position involving
the exercise of judgement, decision making, problem solving and communication
with managers, professionals, peers, customers and other interested parties;
– audit experience acquired under the supervision of an auditor in the same
discipline.
Our Auditor Competence tab
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
{Text}
Auditors Tab
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
• Very simplistic
• Minimal formulas / calculations
• Tracks qualification as well as experience level
• We use the site field to help ensure we include
independent (cross site) auditors on our internal
teams
• We make this information available to the planning
process – our next topic
Audit Planning
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
• 6.3.2.2 The scale and content of the audit plan may differ,
for example, between initial and subsequent audits, as well
as between internal and external audits. The audit plan
should be sufficiently flexible to permit changes which can
become necessary as the audit activities progress.
• The audit plan should cover or reference the following:
– a) the audit objectives;
– b) the audit scope, including identification of the organizational
and functional units, as well as processes to be audited;
– c) the audit criteria and any reference documents;
– d) the locations, dates, expected time and duration of audit
activities to be conducted, including meetings with the
auditee’s management;
– e) the audit methods to be used, including the extent to which
audit sampling is needed to obtain sufficient audit evidence
and the design of the sampling plan, if applicable;
– f) the roles and responsibilities of the audit team members,
as well as guides and observers;
– g) the allocation of appropriate resources to critical areas of the
audit.
Again, since ISO
9001 does not
provide much help
in how to plan or
report an audit,
we turn to ISO
19011:2011
The Audit Plan
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
• Lead auditor and client work together to define the plan
• Audit team selection is via drop downs
• Fill in the yellow field at the top for what site and when to conduct
the audit
• Define the scope of the audit by ungrouping the desired processes
(shown on next slide)
Audit Scope
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
• For each process (e.g. QA Lab) select the assigned auditor for that
process (drop downs in column J)
• Agree on estimated timing (column M) to cover the necessary topics
• Coordinating with the client – select the timing for that section of the
audit (column K)
Tracking our Progress
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
• Column I is included to help the lead auditor keep track of progress during the course of the audit – say at
lunch time and/or end of the day updates for longer audits
• Put a “Y” in this column and you can use the filter button to display only the remaining (blank) topics
• Don’t need this feature? Hide column I with the Data-Group option at the top of the screen.
Audit Reporting
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
Once again, ISO 9001
does not provide much
help in how to plan or
report an audit so we
turn to ISO
19011:2011.
Same requirements as
the audit plan with the
addition of the
findings, evidence,
and conclusions
6.5 Preparing and distributing the audit report
6.5.1 Preparing the audit report
The audit team leader should report the audit results in
accordance with the audit programme procedures.
The audit report should provide a complete, accurate,
concise and clear record of the audit, and should include or
refer to the following:a) the audit objectives;
b) the audit scope, particularly identification of the organizational and
functional units or processes audited;
c) identification of the audit client;
d) identification of audit team and auditee’s participants in the audit;
e) the dates and locations where the audit activities were conducted;
f) the audit criteria;
g) the audit findings and related evidence;
h) the audit conclusions;
i) a statement on the degree to which the audit criteria have been fulfilled.
Audit Reporting - Findings
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
• Nonconformances, Opportunities for Improvement and Noteworthy
observations can be reported on the AUDIT FINDINGS tab• Column B is a drop down selection field.
• Column C is a text entry field with suggested instructions for how to use it.
• Column D is a drop down selection field
• Column E is a text entry field
Audit Reporting – Findings 2
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
Out in Column G is a field that you may or may not choose to use. It concatenates
the information from columns B, C, D and E into a single field. We post the
contents of this concatenated field into our Corrective Action System as the
description of the issue. We find it useful for the description of the issue to include
the process, the clause, the description and everything all in one spot. If that’s not
a value added feature for you, hide, delete or just ignore that column. It doesn’t
cost any extra . . .
Audit Reporting - Summary
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
Customize for your organization
Demographic info for this audit
is auto-filled from the planning
tab
Rows 17 and 18 are formatted
to allow the auditor team to
summarize their conclusions.
The date defaults to today
(=now()) but can be changed to
meet your needs
Lead Auditor name is auto-
filled
How We Use These Tools
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
1. To initiate an audit, we make a copy of the ISO 9001-2015 Audit Plan-Report.xlsx workbook
and rename it to be used for the audit, for example Bryan TX Dec 2017 Audit Plan-
Report.xlsx
2. The client selects a lead auditor and together they develop the audit plan, selecting an
appropriate audit team and defining the scope by expanding the desired processes on the
AUDIT PLAN tab
3. We make a printed copy of the checklist for the audit team.
4. The pages of the checklist that are assigned to each auditor are distributed for the conduct
of the audit.
5. At the end of each day the audit team assembles to review their progress and their
findings.
6. The lead auditor will help with documentation of the findings on the AUDIT FINDINGS tab.
7. At the end of the audit the checklist pages are gathered up and put back in numerical order.
The cover page is completed by the lead auditor then the entire packaged is scanned and
saved as a PDF file, becoming part of the audit record – I mean retained documented
information. . .
8. The findings are reviewed as a team and the lead auditor summarizes the audit on the
REPORT SUMMARY tab. The completed workbook is then stored as part of the audit
record. (dang it – there I go again with old terminology! Old habits are hard to break!)
Developer Notes
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
• There is a tab on the Excel workbook called
Developer Notes
• Usually hidden (not needed for audit planning
and reporting) – it is visible on the version being
made available to make it easier for you to
customize for your use
• Nothing fancy being done in the background, but
you’ll need to know where data validation fields
come from and that sort of thing
Developer Notes - 2
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
Color coded by tab, I’ve tried to provide a listing of all
the formulas and data validation ranges used so you
can make this template your own.
Final Guidance
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
• To be effective:
– You must develop your own
process model. It may look a
lot like the general example
provided, or it may be very
different, but it must be YOUR
process.
– The checklist provided is organized around the process
model provided so once you’ve developed your process
you must then pick and choose which ISO topics apply to
each process step.
– The planning and reporting template is also organized
around the process model, so it too must be customized
to fit your specific site requirements.
End of Session 2
October 12 - 13, 2017 26th Annual ASQ Audit Division Conference: The Intercontinental Addison
Some thumb drives available with the tools
presented today.
When these run out, leave your business card
and I’ll email the documents.
If questions later, drop me a note:
Best thing about these tools: