envelopesupport@pillarassociates.com phone(803) 622-4536

This course is comprehensive training in lead auditor techniques, methodology, practices, and skills. It was designed and developed by a team who created and managed an accredited registrar. They know what training is best for lead auditors.

The course contains a solid body of quality management systems (QMS) auditing knowledge, accumulated from seven years of QMS audits.

Highlights of the session include

  • “Hands-on” training with over 15 class exercises
  • Quality management systems as required by IATF 16949:2016
  • IATF 16949:2016 requirements and intent
  • QMS historical perspective and regulations
  • QMS audit process
  • Evaluating system effectiveness
  • Evaluation of conformance
  • Audit reporting
  • Simulated audit or live audit
  • Review of automotive protocols: PPAP, SPC, APQP, FMEA, MSA

Outcome

  • An understanding of the IATF 16949 standard’s requirements and intent
  • A certificate of accomplishment (conditional on passing examination)
  • An understanding of the lead auditors responsibilities
  • How to create and execute an audit plan
  • An understanding of questioning techniques and communications
  • How to make an auditee feel at ease
  • How to determine the effectiveness of a quality management system
  • How to document nonconformances
  • Who Should Attend
  • IATF 16949 Auditors
  • IATF 16949 Implementers
  • Quality Program Managers
 

This course is an enlightening perspective on how CEOs and their staff can utilize IATF 16949 as a process improvement tool to gain efficiency in their operations while meeting the requirements of the IATF 16949 standard. It analyzes misconceptions and costs of establishing a process improvement program and how the decisions made while creating a quality management system determines a company’s operating standards. Example situations will show how senior managers must control the future of their company by involving themselves in this critical activity.

Highlights of the session include

  • The Importance of the CEO’s involvement
  • Using IATF 16949 as a tool to Support Business Process Improvement
  • Introduction to IATF 16949 and Overview of the Requirements
  • Background and Costs of a QMS
  • Process Improvement Elements and Clauses
  • Specific examples of Process Improvement in various companies
  • Implementation and Delegation of a QMS.

Who Should Attend

  • CEOs
  • Executive Managers
  • Managers

Outcome

  • A strategy for implementing IATF 16949 in your company as a cost reduction tool
  • An understanding of the standard’s requirements
  • Organizing resources and delegating responsibilities for the program
  • How to budget program costs and maximize your return on investment
  • Keys to gaining cooperation from your employees.
 

Participants will gain a strong working knowledge of the IATF 16949:2016/ISO 9001:2015 requirements, implications and interpretations.

Highlights of the session include

  • Base Requirements and objectives of IATF 16949:2016 and ISO 9001:2015
  • Automotive process-approach and risk-based auditing strategies
  • Clarification of the new and additional requirements
  • The responsibilities of top management
  • Leadership
  • Documentation and implementation of the Quality Management System
  • The Registration Process
  • Time saving practices and use of resources

Who Should Attend

  • Executive Managers
  • Managers and Leaders
  • Quality Assurance Personnel
  • Supervisors
  • Internal Quality Auditors
  • Management Representatives
  • Quality Management System Project Managers.

Outcome

  • Gain an understanding of IATF 16949:2016 and ISO 9001:2015
  • Learn control plan requirements
  • Learn what auditors look for
  • Understand documentation requirements
  • Time-saving advice.

Course Length

  • 16 hours (2 days).
 

This training workshop provides a step-by-step process for the identification of Aspects associated with any company preparing an Environmental Management System (EMS). The identification of company’s aspects and how those aspects interact or impact the environment is the heart and soul of any Environmental System. Aspects are also the most misunderstood topic in any environmental program This two-day course provides a through an understanding of the topic using a strong combination of lectures, workshops, exercises and group discussion. The course also incorporates a virtual visit to Lone Mountain Mining. This 45-minute slide presentation allows the student to actually see examples of aspects. Tools and techniques for prioritizing aspects are presented and exercises are explained so those students can apply these skills to their own company aspects.

Benefits

  • Learn the least understood topic in any EMS
  • Provides a comprehensive understanding of aspects.
  • Demonstrates tools for identifying a companies aspects
  • Explains methods for prioritizing aspects
  • Provides analytic tools for determining impacts
  • Helps identify positive impacts
  • Explains methods to address negative impacts
  • Provides methods for integrating aspects into a company’s comprehensive environmental management system.

Topics

  • What is an aspect
  • How should they be identified
  • How should they be prioritized
  • What impact do the aspects have on the environment
  • Types of impacts
  • How does a company integrate aspects and impact into their EMS.

Who Should Attend

  • The training is tailored for environmental personnel, managers, supervisors, and engineers.

Outcome

  • A full understanding of aspects and how to apply analytic tools to address them in an Environmental Management System
 

This course is designed to prepare participants on how to become internal quality auditors. They will learn basic auditing concepts, the key characteristics of a successful auditor, the design and development of an audit plan, schedule, checklist, report and how to document nonconformances.

Highlights of this session include

  • Purpose and scope of an internal quality audit
  • Basic auditing concepts and the auditing process
  • Key characteristics of an 14001 auditor
  • Design & development of an audit plan and schedule
  • Audit checklists
  • Documenting nonconformances
  • Audit reports
  • Common problems in an internal quality audit
  • 14001 Internal quality audits and continuous Improvement.

Topics

  • How to create an internal 14001 quality audit program in your company that helps you reduce operating costs
  • How to select and train auditors
  • How to create and execute an audit plan
  • An understanding of questioning techniques and communications
  • How to make an auditee feel at ease
  • How to determine the effectiveness of a quality management system.

Who Should Attend

  • Internal Auditors
  • Quality Managers
  • Management System Personnel
  • Supervisors
  • Management Representatives.

Outcome

  • A full understanding of aspects and how to apply analytic tools to address them in an Environmental Management System.
 

This course is comprehensive training in lead auditor techniques, methodology, practices, and skills. It was designed and developed by a team who created and managed an accredited registrar. They are lead auditors and know what training is best for lead auditors.

A slide presentation visually illustrates an actual company’s environmental aspects, a unique feature only in this course. Additionally, the course contains a solid body of environmental auditing knowledge accumulated from five years of EMS audits.

On successful completion of this course and post course assessment, participants will receive a Certificate of Attainment for the following internationally recognized competency units:

  • EXEMPLAR GLOBAL-EM (Environmental Management Systems)
  • EXEMPLAR GLOBAL-AU (Management Systems Auditing)
  • EXEMPLAR GLOBAL-TL (Leading Management System Audit Teams)

The modules above are certified under the EXEMPLAR GLOBAL Training Provider Examination Certification Scheme for environmental management system auditors and will enable successful participants to apply to EXEMPLAR GLOBAL for certification as a provisional auditor.

Highlights of the session include

  • “Hands-on” training with over 30 class exercises
  • Environmental Management Systems
  • EMS Historical Perspective and Regulations
  • EMS Audit Process
  • Evaluating System Effectiveness
  • Evaluation of Conformance
  • Audit Reporting.

Outcome

  • A strategy for implementing ISO 14001 in your company
  • An understanding of the standard’s requirements
  • How to create an internal quality audit program in your company
  • How to select and train auditors
  • How to create and execute an audit plan
  • An understanding of questioning techniques and communications
  • How to make an auditee feel at ease
  • How to determine the effectiveness of an environmental management system.

Who Should Attend

  • ISO 14001 Auditors
  • ISO 14001 Implementers
  • EMS Managers
 

This workshop provides customized training programs for companies in a group setting to develop and implement environmental management systems which conform to ISO 14001.

The participants meet twice a month for six months (12 sessions) with experienced and certified lead auditors. Each day session reviews 1or more elements of the standard and explain the requirements that must be put in practice and possibly documented. At the following session, the procedures created by the attendees at the last training session are critiqued (privately) by the instructors.

The program includes a one-day pre-assessment audit by a certified lead auditor.

Benefits

  • Generates significant cost savings for training through economies of scale.
  • Improves a company’s overall environmental programs.
  • Improves and enhances customer satisfaction.
  • Puts standardized processes in place.
  • Allows companies to learn from each other in a collaborative setting while maintaining individual identities.
  • Offers experienced, certified lead auditors as trainers who deliver the valuable hands-on experience and working knowledge of the accreditation process.
  • Provides a structured program that allows a company to create and implement a system with limited financial resources.
  • Allows companies to market themselves as ISO 14001 conforming suppliers.

Topics

  • Design and development of a quality management system (all applicable elements).
  • Review and evaluation of created practices and procedures by the participants.

Who Should Attend

  • The training is tailored for environmental personnel, managers, supervisors, and engineers.

Outcome

  • A fully documented environmental management system for your company at the end of six months.
  • A one-day pre-assessment audit at your company when all the documentation is completed. This audit will be conducted in accordance to a registrar’s procedures.

An audit programme should be established which can include audits addressing one or more management system standards or other requirements, conducted either separately or in combination (combined audit).

The extent of an audit programme should be based on the size and nature of the auditee, as well as on the nature, functionality, complexity, the type of risks and opportunities, and the level of maturity of the management system(s) to be audited.

The functionality of the management system can be even more complex when most of the important functions are outsourced and managed under the leadership of other organizations. Particular attention needs to be paid to where the most important decisions are made and what constitutes the top management of the management system.


Construction Worker 20024

The primary objective of this training course is to instruct Occupational Health and Safety (OH&S) auditors in the principles and practices specific to auditing for conformance with the national and internationally accepted norms and regulations relating to OH&S requirements.

A slide presentation visually illustrates an actual company’s OH&S hazards, a unique feature only in this course. Additionally, the course contains a solid body of OHSAS auditing knowledge.

On successful completion of this course and post course assessment, participants will receive a Certificate of Attainment for the following internationally recognized competency units:

  • EXEMPLAR GLOBAL-OH (Occupational Health & Safety Management Systems)
  • EXEMPLAR GLOBAL-AU (Management Systems Auditing)
  • EXEMPLAR GLOBAL-TL (Leading management System Audit Teams)

The modules above are certified under the EXEMPLAR GLOBAL Training Provider Examination Certification Scheme for occupational health and safety management system auditors and will enable successful participants to apply to EXEMPLAR GLOBAL for certification as a provisional auditor.

How You Will Benefit:

Meet the training requirements for auditor certification for OH&S audits

Understand the requirements of the OHSAS 45001 standard

Integrate OH&S audits with other management system audits

Benefit from “lessons learned” by experienced auditors

Agenda

  • Introduction to ISO 45001 and interpret the requirements
  • Outline of the responsibilities of the Lead Auditor and Auditor
  • Principles of National & International Legislation
  • Risk Assessment principles and approach
  • Risk control – Identify, understand, and manage health and safety hazards and risks
  • Policy development
  • Planning, Implementation, and Operation of an audit program
  • Document Review
  • Management Review
  • Audit Planning and approach
  • On-site verification – approach and techniques
  • Conducting the audit
  • The Process Approach
  • To be able to measure the efficiency and effectiveness of a process
  • Writing nonconformances – issues and approaches
  • Checking and Corrective Action

Who Should Attend:

  • 3rd party auditors
  • Internal audit managers and internal auditors
  • Consultants
  • OHSAS Managers
  • ISO Management Representatives
 

“A Practical Approach to ISO 9001” This is a two-day structured seminar and workshop. The CEO and staff are introduced to the ISO 9001 series of standards. Each of the requirements is described. An interpretation for each is presented. The intent and rationale of each topic are reviewed. Best practices examples for each requirement is illustrated. The participants have then posed questions concerning their proposed system. The answers to the over 200 questions addressing the 20 elements of ISO 9001 standard become the unique defining characteristics of the firms Quality Management System. Each of the decisions is reviewed and possibly challenged by the facilitator who has assessed over 250 other firms Quality Management Systems.

Highlights of the session include

  • The importance of the CEO’s involvement
  • Using ISO 9001 as a tool to support business process improvement
  • Background and costs of a QMS
  • Process improvement elements and clauses
  • Implementation and delegation of a QMS
  • Improving profits through ISO 9001

Outcome

  • A strategy for implementing ISO 9001 in your company as a cost-reduction tool
  • An understanding of the standard’s requirements
  • Organizing resources and delegating responsibilities for the program
  • How to budget program costs and maximize your return on investment
  • Keys to gaining cooperation from your employees

Who Should Attend

  • Executive Management
  • CEO

Course Length

  • Two-days Note: Since the key management personnel will be attending the session it is suggested that it be looked at as a retreat and held off-site where interruptions will be held to a minimum (weekends are often scheduled for this session).
 

This course is designed to instruct companies how to document “value-added” policies and procedures for the quality management system. Each element and clause of the standard is reviewed from an implementation and process improvement perspective. Relationships between elements of the standard are analyzed and the documentation structure and hierarchy of a quality management system is also defined. A common documentation format is analyzed and the importance of readability and clarity is discussed. The student will also learn how to implement the documentation and to understand the basics of document and data control.

Highlights of the course include

  • Introduction to ISO 9001 and Overview
  • Elements of the Standard
  • Process Improvement Elements and Clauses
  • Documentation Hierarchy and Structure (Level I, II and III)
  • Standard documentation format
  • Documentation strategy
  • Comparison of current documents to the requirements of the standard
  • Readability and clarity
  • Implementation and Delegation of a QMS
  • Discussion of Element 4.5 “Document Control

Who Should Attend

  • Executive Management Managers
  • Quality Assurance Personnel
  • Internal Quality Auditors

Outcome

  • How to create a documented quality management system that can be easily implemented and maintained.
  • How to utilize the standard as a continuous improvement and cost reduction tool.
  • How to write value added procedures and documents.
  • How to implement the procedures and get employee cooperation and feedback.

Course Length

  • Eight hours (one-day)
 

This course is designed to instruct participants how to become internal quality auditors. They will learn basic auditing concepts, the key characteristics of a successful auditor, the design and development of an audit plan, schedule, and audit checklist and report and how to document nonconformances. This course also covers how a well planned internal auditing program can result in continuous improvement.

Highlights of the session include

  • Purpose and Scope of an Internal Quality Audit
  • Basic Auditing Concepts and the Auditing Process
  • Key Characteristics of an Auditor
  • Design & Development of an Audit Plan and Schedule
  • Audit Checklists
  • Documenting Nonconformances
  • Audit Reports
  • Common Problems in an Internal Quality Audit
  • Internal Quality Audits and Continuous Improvement

Outcome

  • How to create an internal quality audit program in your company that helps you reduce operating costs.
  • How to select and train auditors.
  • How to create an audit plan.
  • An understanding of questioning techniques and communications.
  • How to make an auditee feel at ease.
  • How to determine the effectiveness of a quality management system.
  • Who Should Attend:
  • Internal Quality Auditors
  • Managers
  • Quality Assurance Personnel
  • Supervisors

Course Length

  • Two-days. Note: A third day of conducting an actual audit can be added
 

This course is an enlightening perspective on how CEOs and their staff can utilize ISO 9001 as a process improvement tool to gain efficiency in their operations while meeting the requirements of the ISO 9001 standard. It analyzes misconceptions and costs of establishing a process improvement program and how the decisions made while creating a quality management system determines a company’s operating standards. Example situations will show how senior managers must control the future of their company by involving themselves in this critical activity.

Highlights of the session include:

  • The Importance of the CEO’s involvement
  • Using ISO 9001 as a Tool to Support Business Process Improvement
  • Introduction to ISO 9001 and Overview of the Standard
  • Background and Costs of a QMS
  • Process Improvement Elements and Clauses
  • Specific examples of Process Improvement in various companies
  • Implementation and Delegation of a QMS

Who Should Attend:

  • CEO
  • Executive Managers
  • Managers

Outcome:

  • A strategy for implementing ISO 9001 in your company as a cost reduction tool.
  • An understanding of the standard’s requirements.
  • Organizing resources and delegating responsibilities for the program.
  • How to budget program costs and maximize your return on investment.
  • Keys to gaining cooperation from your employees.

Course Length:

  • Four-hours (1/2 day)
 

This course is comprehensive training in lead auditor techniques, methodology, practices, and skills. It was designed and developed by a team who created and managed an accredited registrar. They know what training is best for lead auditors.

The course contains a solid body of quality management systems (QMS) auditing knowledge, accumulated from seven years of QMS audits.

On successful completion of this course and post course assessment, participants will receive a Certificate of Attainment for the following internationally recognized competency units:

  • EXEMPLAR GLOBAL-QM (Quality Management Systems)
  • EXEMPLAR GLOBAL-AU (Management Systems Auditing)
  • EXEMPLAR GLOBAL-TL (Leading Management System Audit Teams)

The modules above are certified under the EXEMPLAR GLOBAL Training Provider Examination Certification Scheme for quality management system auditors and will enable successful participants to apply to EXEMPLAR GLOBAL for certification as a provisional auditor.

Highlights of the session include:

  • “Hands-on” training with over 15 class exercises
  • Quality management systems as required by ISO 9001
  • ISO 9001 requirements and intent
  • QMS historical perspective and regulations
  • QMS audit process
  • Evaluating system effectiveness
  • Evaluation of conformance
  • Audit reporting
  • Simulated audit or live audit

Outcome:

  • An understanding of the ISO 9001 standard’s requirements and intent
  • A certificate of accomplishment ( conditional on passing examination)
  • An understanding of the lead auditors responsibilities
  • How to create and execute an audit plan
  • An understanding of questioning techniques and communications
  • How to make an auditee feel at ease
  • How to determine the effectiveness of a quality management system
  • How to document nonconformances

Who Should Attend:

  • ISO 9001 Auditors
  • ISO 9001 Implementers
  • Quality Program Managers

Participants will gain a strong working knowledge of the ISO 9001 requirements, implications and interpretations.

Highlights of the session include:

  • Base Requirements and Objectives of the Standard Management
  • Responsibilities Documentation of the Quality Management System
  • Implementation of the Quality Management System The Registration Process

Who Should Attend:

  • Executive Managers
  • Managers
  • Quality Assurance Personnel
  • Supervisors
  • Internal Quality Auditors

Course Length:

  • 8 hours (one-day)

This course covers in-depth the requirements of Document and Data Control. It details the purpose and practice of document control and many ways of addressing this element including controlled documents, external documents, and reference documents. Common implementation problems associated with document control are also discussed.

Highlights of the course include

  • Documentation Hierarchy and Structure (Level I, II and III)
  • Standard Documentation Format
  • Documentation Strategies
  • Requirements of ISO 9001’s “Document and Data Control”
  • Common Document Control Implementation Problems
  • Who Should Attend:
  • Personnel responsible for documenting the quality management system
    Managers
  • Internal Quality Auditors

Outcome

  • How to create a documented quality management system that can be easily implemented and maintained.
  • An in-depth understanding of the requirements of document and data control.
  • How to avoid documentation pitfalls.

Course Length

  • Eight hours (one-day)

5.1 In general an audit program should be established which can include audits addressing one or more management system standards or other requirements, conducted either separately or in combination (combined audit).

The extent of an audit program should be based on the size and nature of the auditee, as well as on the nature, functionality, complexity, the type of risks and opportunities, and the level of maturity of the management system(s) to be audited.

The functionality of the management system can be even more complex when most of the important functions are outsourced and managed under the leadership of other organizations. Particular attention needs to be paid to where the most important decisions are made and what constitutes the top management of the management system.

In the case of multiple locations/sites (e.g. different countries), or where important functions are outsourced and managed under the leadership of another organization, particular attention should be paid to the design, planning and validation of the audit program.

In the case of smaller or less complex organizations the audit program can be scaled appropriately.

In order to understand the context of the auditee, the audit program should take into account the auditee’s:

  • organizational objectives;
  • relevant external and internal issues;
  • the needs and expectations of relevant interested parties;
  • information security and confidentiality requirements.


The planning of internal audit programs and, in some cases programs for auditing external providers, can be arranged to contribute to other objectives of the organization.

The individual(s) managing the audit program should ensure the integrity of the audit is maintained and that there is not undue influence exerted over the audit.

Audit priority should be given to allocating resources and methods to matters in a management system with higher inherent risk and lower level of performance.

Competent individuals should be assigned to manage the audit program.

The audit program should include information and identify resources to enable the audits to be conducted effectively and efficiently within the specified time frames. The information should include:

a) objectives for the audit program;
b) risks and opportunities associated with the audit program (see 5.3) and the actions to address them;
c) scope (extent, boundaries, locations) of each audit within the audit program;
d) schedule (number/duration/frequency) of the audits;
e) audit types, such as internal or external;
f) audit criteria;
g) audit methods to be employed;
h) criteria for selecting audit team members;
i) relevant documented information.

Some of this information may not be available until more detailed audit planning is complete.

The implementation of the audit program should be monitored and measured on an ongoing basis (see 5.6) to ensure its objectives have been achieved. The audit program should be reviewed in order to identify needs for changes and possible opportunities for improvements (see 5.7).


dot planThe audit client must ensure the audit program objectives are clearly stated and used to direct the planning and implementing the audits.  This will help ensure the audit program is implemented effectively.  Audit program objectives must be consistent with the audit client’s strategic business direction and support management system policy and objectives.

The objectives can be based on the following:

a) needs and expectations of external and internal relevant interested parties
b) product, service and project characteristics
c) requirements for processes, products, services and projects, and any changes to them;
d) management system requirements;
e) any stated need for evaluation of external providers;
f) auditee’s level of performance
g) maturity of the management system(s), as reflected in relevant performance indicators (e.g. KPIs),
h) the occurrence of nonconformities or incidents or complaints from interested parties;
i) identified risks and opportunities
j) results of previous audits

Here are some examples of audit objectives:

  • identify opportunities to improve the management system
  • help the auditee determine the context of the organization
  • evaluate risks and determine methods to address them
  • conform to all relevant requirements, e.g. legal, statutory and regulatory requirements, compliance commitments, requirements to become certified by a Certification Body (CB)
  • determine maintain confidence level in the capability of an external provider;
  • measure the management sytem
  • keep the management system aligned with the strategic direction of the organization.


Return to the ISO 19011 PDCA Audit Process Diagram


dot planThe objectives of the audit program can be affected by the risks and opportunities related to the context of the auditee.

The internal auditor(s) managing the program should identify the risks and potential opportunities associated with the audit and present them to the auditee sot they can be addressed.

The risks may be associated with the following:

a) planning,
  • failure to set relevant audit objectives
  • determine the extent, number, duration, locations and schedule of the audit
  • resources,
  • example allowing insufficient time, equipment and/or training for developing the audit program or conducting an audit
c) selection of the audit team,
d) communication, e.g. external/internal communication processes/channels;
e) implementation, e.g. ineffective coordination of the audits within the audit program, or not considering information security and confidentiality;
f) control of documented information, e.g. ineffective determination of the necessary documented information required by auditors and relevant interested parties, failure to adequately protect audit records to demonstrate audit program effectiveness;
g) monitoring, reviewing and improving the audit program, e.g. ineffective monitoring of audit program outcomes;
h) availability and cooperation of auditee and availability of evidence to be sampled.

Opportunities for improving the audit program can include:

  • allowing multiple audits to be conducted simultaneously
  • minimizing time and distances to the site;
  • matching the level of competence of the audit team to the level of competence needed to achieve the audit objective (this is why you should be trained)
  • aligning audit dates with availability of auditee’s staff.


Return to the ISO 19011 PDCA Audit Process Diagram


dot plan5.4.1 Roles and responsibilities of the individual(s) managing the audit programme

The individual(s) managing the audit programme should:

a) establish the extent of the audit programme according to the relevant objectives (see 5.2) and any known constraints;
b) determine the external and internal issues, and risks and opportunities that can affect the audit programme, and implement actions to address them, integrating these actions in all relevant auditing activities, as appropriate;
c) ensuring the selection of audit teams and the overall competence for the auditing activities by assigning roles, responsibilities and authorities, and supporting leadership, as appropriate;
d) establish all relevant processes including processes for:
— the coordination and scheduling of all audits within the audit programme;
— the establishment of audit objectives, scope(s) and criteria of the audits, determining audit methods and selecting the audit team;
— evaluating auditors;
— the establishment of external and internal communication processes, as appropriate;
— the resolutions of disputes and handling of complaints;
— audit follow-up if applicable;
— reporting to the audit client and relevant interested parties, as appropriate.
e) determine and ensure provision of all necessary resources;
f) ensure that appropriate documented information is prepared and maintained, including audit programme records;
g) monitor, review and improve the audit programme; h) communicate the audit programme to the audit client and, as appropriate, relevant interested parties.

The individual(s) managing the audit programme should request its approval by the audit client.

5.4.2 Competence of individual(s) managing audit programme

The individual(s) managing the audit programme should have the necessary competence to manage the programme and its associated risks and opportunities and external and internal issues effectively and efficiently, including knowledge of:
a) audit principles (see Clause 4), methods and processes (see A.1 and A.2);
b) management system standards, other relevant standards and reference/guidance documents;
c) information regarding the auditee and its context (e.g. external/internal issues, relevant interested parties and their needs and expectations, business activities, products, services and processes of the auditee);
d) applicable statutory and regulatory requirements and other requirements relevant to the business activities of the auditee.

As appropriate, knowledge of risk management, project and process management, and information and communications technology (ICT) may be considered.

The individual(s) managing the audit programme should engage in appropriate continual development activities to maintain the necessary competence to manage the audit programme.

5.4.3 Establishing extent of audit programme

The individual(s) managing the audit programme should determine the extent of the audit programme. This can vary depending on the information provided by the auditee regarding its context (see 5.3).

NOTE In certain cases, depending on the auditee's structure or its activities, the audit programme might only consist of a single audit (e.g. a small project or organization).

Other factors impacting the extent of an audit programme can include the following:
a) the objective, scope and duration of each audit and the number of audits to be conducted, reporting method and, if applicable, audit follow up;
b) the management system standards or other applicable criteria;
c) the number, importance, complexity, similarity and locations of the activities to be audited;
d) those factors influencing the effectiveness of the management system;
e) applicable audit criteria, such as planned arrangements for the relevant management system standards, statutory and regulatory requirements and other requirements to which the organization is committed;
f) results of previous internal or external audits and management reviews, if appropriate;
g) results of a previous audit programme review;
h) language, cultural and social issues;
i) the concerns of interested parties, such as customer complaints, non-compliance with statutory and regulatory requirements and other requirements to which the organization is committed, or supply chain issues;
j) significant changes to the auditee’s context or its operations and related risks and opportunities;
k) availability of information and communication technologies to support audit activities, in particular the use of remote audit methods (see A.16);
l) the occurrence of internal and external events, such as nonconformities of products or service, information security leaks, health and safety incidents, criminal acts or environmental incidents;
m) business risks and opportunities, including actions to address them.

5.4.4 Determining audit programme resources

When determining resources for the audit programme, the individual(s) managing the audit programme should consider:
a) the financial and time resources necessary to develop, implement, manage and improve audit activities;
b) audit methods (see A.1);
c) the individual and overall availability of auditors and technical experts having competence appropriate to the particular audit programme objectives;
d) the extent of the audit programme (see 5.4.3) and audit programme risks and opportunities (see 5.3);
e) travel time and cost, accommodation and other auditing needs;
f) the impact of different time zones;
g) the availability of information and communication technologies (e.g. technical resources required to set up a remote audit using technologies that support remote collaboration);
h) the availability of any tools, technology and equipment required;
i) the availability of necessary documented information, as determined during the establishment of the audit programme (see A.5); j) requirements related to the facility, including any security clearances and equipment (e.g. background checks, personal protective equipment, ability to wear clean room attire).

Return to the ISO 19011 PDCA Audit Process Diagram


dot do5.5.1 General

Once the audit programme has been established (see 5.4.3) and related resources have been determined (see 5.4.4) it is necessary to implement the operational planning and the coordination of all the activities within the programme. The individual(s) managing the audit programme should: a) communicate the relevant parts of the audit programme, including the risks and opportunities involved, to relevant interested parties and inform them periodically of its progress, using established external and internal communication channels; b) define objectives, scope and criteria for each individual audit; c) select audit methods (see A.1); d) coordinate and schedule audits and other activities relevant to the audit programme; e) ensure the audit teams have the necessary competence (see 5.5.4);
f) provide necessary individual and overall resources to the audit teams (see 5.4.4); g) ensure the conduct of audits in accordance with the audit programme, managing all operational risks, opportunities and issues (i.e. unexpected events), as they arise during the deployment of the programme; h) ensure relevant documented information regarding the auditing activities is properly managed and maintained (see 5.5.7); i) define and implement the operational controls (see 5.6) necessary for audit programme monitoring; j) review the audit programme in order to identify opportunities for its improvement (see 5.7).

5.5.2 Defining the objectives, scope and criteria for an individual audit

Each individual audit should be based on defined audit objectives, scope and criteria. These should be consistent with the overall audit programme objectives. The audit objectives define what is to be accomplished by the individual audit and may include the following: a) determination of the extent of conformity of the management system to be audited, or parts of it, with audit criteria; b) evaluation of the capability of the management system to assist the organization in meeting relevant statutory and regulatory requirements and other requirements to which the organization is committed; c) evaluation of the effectiveness of the management system in meeting its intended results; d) identification of opportunities for potential improvement of the management system; e) evaluation of the suitability and adequacy of the management system with respect to the context and strategic direction of the auditee; f) evaluation of the capability of the management system to establish and achieve objectives and effectively address risks and opportunities, in a changing context, including the implementation of the related actions. The audit scope should be consistent with the audit programme and audit objectives. It includes such factors as locations, functions, activities and processes to be audited, as well as the time period covered by the audit. The audit criteria are used as a reference against which conformity is determined. These may include one or more of the following: applicable policies, processes, procedures, performance criteria including objectives, statutory and regulatory requirements, management system requirements, information regarding the context and the risks and opportunities as determined by the auditee (including relevant external/internal interested parties requirements), sector codes of conduct or other planned arrangements. In the event of any changes to the audit objectives, scope or criteria, the audit programme should be modified if necessary and communicated to interested parties, for approval if appropriate. When more than one discipline is being audited at the same time it is important that the audit objectives, scope and criteria are consistent with the relevant audit programmes for each discipline. Some disciplines can have a scope that reflects the whole organization and others can have a scope that reflects a subset of the whole organization.


5.5.3 Selecting and determining audit methods

The individual(s) managing the audit programme should select and determine the methods for effectively and efficiently conducting an audit, depending on the defined audit objectives, scope and criteria. Audits can be performed on-site, remotely or as a combination. The use of these methods should be suitably balanced, based on, among others, consideration of associated risks and opportunities. Where two or more auditing organizations conduct a joint audit of the same auditee, the individuals managing the different audit programmes should agree on the audit methods and consider implications for resourcing and planning the audit. If an auditee operates two or more management systems of different disciplines, combined audits may be included in the audit programme.

5.5.4 Selecting audit team members

The individual(s) managing the audit programme should appoint the members of the audit team, including the team leader and any technical experts needed for the specific audit. An audit team should be selected, taking into account the competence needed to achieve the objectives of the individual audit within the defined scope. If there is only one auditor, the auditor should perform all applicable duties of an audit team leader.

NOTE Clause 7 contains guidance on determining the competence required for the audit team members and describes the processes for evaluating auditors. To assure the overall competence of the audit team, the following steps should be performed: — identification of the competence needed to achieve the objectives of the audit; — selection of the audit team members so that the necessary competence is present in the audit team. In deciding the size and composition of the audit team for the specific audit, consideration should be given to the following: a) the overall competence of the audit team needed to achieve audit objectives, taking into account audit scope and criteria; b) complexity of the audit; c) whether the audit is a combined or joint audit; d) the selected audit methods; e) ensuring objectivity and impartiality to avoid any conflict of interest of the audit process; f) the ability of the audit team members to work and interact effectively with the representatives of the auditee and relevant interested parties; g) the relevant external/internal issues, such as the language of the audit, and the auditee’s social and cultural characteristics. These issues may be addressed either by the auditor's own skills or through the support of a technical expert, also considering the need for interpreters; h) type and complexity of the processes to be audited. Where appropriate, the individual(s) managing the audit programme should consult the team leader on the composition of the audit team. If the necessary competence is not covered by the auditors in the audit team, technical experts with additional competence should be made available to support the team. Auditors-in-training may be included in the audit team, but should participate under the direction and guidance of an auditor.

Changes to the composition of the audit team may be necessary during the audit, e.g. if a conflict of interest or competence issue arises. If such a situation arises, it should be resolved with the appropriate parties (e.g. audit team leader, the individual(s) managing the audit programme, audit client or auditee) before any changes are made.

5.5.5 Assigning responsibility for an individual audit to the audit team leader

The individual(s) managing the audit programme should assign the responsibility for conducting the individual audit to an audit team leader. The assignment should be made in sufficient time before the scheduled date of the audit, in order to ensure the effective planning of the audit. To ensure effective conduct of the individual audits, the following information should be provided to the audit team leader: a) audit objectives; b) audit criteria and any relevant documented information; c) audit scope, including identification of the organization and its functions and processes to be audited; d) audit processes and associated methods; e) composition of the audit team; f) contact details of the auditee, the locations, time frame and duration of the audit activities to be conducted; g) resources necessary to conduct the audit; h) information needed for evaluating and addressing identified risks and opportunities to the achievement of the audit objectives; i) information which supports the audit team leader(s) in their interactions with the auditee for the effectiveness of the audit programme. The assignment information should also cover the following, as appropriate: — working and reporting language of the audit where this is different from the language of the auditor or the auditee, or both; — audit reporting output as required and to whom it is to be distributed; — matters related to confidentiality and information security, as required by the audit programme; — any health, safety and environmental arrangements for the auditors; — requirements for travel or access to remote sites; — any security and authorization requirements; — any actions to be reviewed, e.g. follow-up actions from a previous audit; — coordination with other audit activities, e.g. when different teams are auditing similar or related processes at different locations or in the case of a joint audit. Where a joint audit is conducted, it is important to reach agreement among the organizations conducting the audits, before the audit commences, on the specific responsibilities of each party, particularly with regard to the authority of the team leader appointed for the audit.

5.5.6 Managing audit programme results

The individual(s) managing the audit programme should ensure that the following activities are performed: a) evaluation of the achievement of the objectives for each audit within the audit programme; b) review and approval of audit reports regarding the fulfilment of the audit scope and objectives; c) review of the effectiveness of actions taken to address audit findings; d) distribution of audit reports to relevant interested parties; e) determination of the necessity for any follow-up audit. The individual managing the audit programme should consider, where appropriate: — communicating audit results and best practices to other areas of the organization, and — the implications for other processes.

5.5.7 Managing and maintaining audit programme records

The individual(s) managing the audit programme should ensure that audit records are generated, managed and maintained to demonstrate the implementation of the audit programme. Processes should be established to ensure that any information security and confidentiality needs associated with the audit records are addressed. Records can include the following: a) Records related to the audit programme, such as: — schedule of audits; — audit programme objectives and extent; — those addressing audit programme risks and opportunities, and relevant external and internal issues; — reviews of the audit programme effectiveness. b) Records related to each audit, such as: — audit plans and audit reports; — objective audit evidence and findings; — nonconformity reports; — corrections and corrective action reports; — audit follow-up reports. c) Records related to the audit team covering topics such as: — competence and performance evaluation of the audit team members; — criteria for the selection of audit teams and team members and formation of audit teams; — maintenance and improvement of competence. The form and level of detail of the records should demonstrate that the objectives of the audit programme have been achieved.


Return to the ISO 19011 PDCA Audit Process Diagram


dot checkThe individual(s) managing the audit programme should ensure the evaluation of:

a) whether schedules are being met and audit programme objectives are being achieved;

b) the performance of the audit team members including the audit team leader and the technical experts;

c) the ability of the audit teams to implement the audit plan;

d) feedback from audit clients, auditees, auditors, technical experts and other relevant parties;

e) sufficiency and adequacy of documented information in the whole audit process.

Some factors can indicate the need to modify the audit programme. These can include changes to:

audit findings;
— demonstrated level of auditee’s management system effectiveness and maturity;
— effectiveness of the audit programme;
audit scope or audit programme scope;
— the auditee’s management system;
— standards, and other requirements to which the organization is committed;
— external providers;
— identified conflicts of interest;
— the audit client’s requirements.

Return to the ISO 19011 PDCA Audit Process Diagram


Page 1 of 2