SAI-QMS-MP-003

Internal Quality Audit

 

Authorization Code: SAI/ QMS/MP/003
Title: PROCEDURE FOR INTERNAL QUALITY AUDIT
Area: CORPORATE
Version No.: 01
Revision No. : 00
Created by: MANAGEMENT REPRESENTATIVE
Approved by: CHANCELLOR
Date of version: 1st MAY 2015
Signature:

Distribution List

Distribution list Copy No. Distributed to Date Signature Returned
Date Signature

Change History

Date Version Created by Description of change
       
       
       
       

Table of Contents

  1. PURPOSE
  2. SCOPE
  3. REFERENCES
  4. ABBREVIATIONS / DEFINITIONS
  5. RESPONSIBILITIES
  6. METHOD
  7. APPENDICES


Back to top

1.0. PURPOSE

To describe all audit-related activities: writing the audit program, selecting an auditor, conducting individual audits and reporting.

The Internal Audit determines if the QMS is effectively implemented and maintained.


Back to top

2.0 SCOPE

This procedure is applied to all processes and/or areas at SAI within the QMS.

Users of this document are members of top management of SAI, as well as internal auditors.


Back to top

3.0 REFERENCES

3.1 ISO 9001:2008 – Quality Management Systems Requirements

3.2 SAI Quality Manual

3.3 Procedure for Corrective and Preventive Action


Back to top

4.0 ABBREVIATIONS / DEFINITIONS

4.1 Audit -Systematic

An Independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.

4.2 Internal Quality Audit

Audits conducted by SAI using internal QMS auditors who are Institute Staff

4.3 Audit Schedule

Information that forms the basis for conducting the audits it gives the dates for audit.

 

4.4 Audit Plan

Information directing the conduct of the individual audits within the schedule.

 

4.5 Audit Finding

The results and findings of the audit in relation to the standard.

 

4.6 Nonconformity

A failure to fulfill a requirement of the standard.

 

4.7 Observation

A result of a finding that does not necessarily constitute a non-conformity.

 

4.8 Audit report

Documentation that provides details of an individual audit exercise.

 

4.9 CAR

Corrective Action Request

 

4.10 Auditee

A unit of the Institute that is to be audited.


Back to top

5.0 RESPONSIBILITIES

5.1

The MR shall be responsible for the effective implementation of this procedure by appointing an audit team to audit processes and forward audit results for discussion to the Management Review Committee.

5.2

A Lead Auditor appointed by the QMR shall be responsible for leading the audit team and reporting of the findings of the audit to the appointing authority.


Back to top

6.0 METHOD

6.1 Internal Audit Planning

6.1.1

The MR approves an Annual program for internal audits, considering the status and importance of the process and/or area (part of the organization) that is audited, as well as results of previous audits.

6.1.2

One internal audit shall be conducted in the course of one year, ensuring cumulative coverage of the entire QMS scope. Internal audits shall conducted before management review.

6.1.3

Additional internal audits may be conducted in the case of:

  1. Significant reclamation from client (decision about whether the reclamation is significant and requires additional audit is made by C/MR)
  2. Significant non-conformity in process or repetition of the same non-conformity (decision about whether the conformity is significant and requires additional audit is made by C/MR)
  3. Significant change in system (decision about whether the change in system is significant and demands additional audit is made by C/MR)

6.1.4

The MR shall prepare an audit Plan that shall be communicated to the relevant process owners or auditees prior to the auditing exercise.

6.1.5

The audit plan shall indicate the area to be audited the week of the audit and the names of the auditors. A trained Lead Auditor(s) shall be appointed by the MR to carry out the audits. Qualification for the auditor(s) shall be by certification from credible institutions.

6.1.6

The auditor(s) shall be independent of the area being audited, but may at times be accompanied by a representative of the audited process area as part of the audit team.

6.1.7

The MR shall send a notification to all auditors indicating the audit number. The same shall be communicated to Head of department or Dean of school who shall make the necessary arrangements and communicate appropriately.

6.1.8

The Lead Auditor shall prepare an audit program for the area(s) to be audited, and this shall be augmented by audit check lists and other forms and working papers. The auditor shall obtain a copy of auditees documents for the area to be audited from the MR before the audit.

6.1.9

The Director QA is responsible for coordinating planning the internal audit, reporting about results of internal audits and maintaining records on behalf of MR.

6.2 Appointing Internal Auditors

6.2.1

The MR shall appoint internal auditors and a leader of the auditor team (if there are more internal auditors). The leader of the audit team shall be a trained Lead Auditor from a recognized institution.

6.2.2

An internal auditor shall be someone from the SAI or a person outside the Institute. Criteria for appointing internal auditors shall be:

  1. Knowledge of principles of auditing;
  2. Possession of general knowledge for specific areas of audit;
  3. Knowledge of standards ISO 19011 and ISO 9001
  4. Necessary competence – achieved through education and/or experience.

6.3 Conducting individual internal audits

6.3.1

The team leader and/or members of the auditor team shall define criteria, audit scope and methods of audit.

6.3.2

The internal audit is conducted in two phases:

  1. Document audit;
  2. Audit of compliance with documentation.

6.3.3

Criteria of the audit can be compliance with ISO 9001 and/or alignment with legal requirements and requirements of external parties that SAI agreed to.

6.3.4

Gathering of data is performed through reviewing existing documentation, personal observation and interviews.

6.3.5

A checklist for internal audit shall be used for conducting the internal audit.

6.3.6

Opening and closing meetings shall be held between auditors and auditees to guide the start of the auditing exercise and inform auditees about findings made during the audit. This may be formal/informal.

6.2.7

Internal auditors shall be selected in such a way as to ensure objectivity and impartiality, i.e. to avoid conflict of interest, because auditors are not allowed to audit their own work.

6.4 Internal audit reporting

6.4.1

All non-conformances found during an audit shall be recorded and brought to the attention of the auditee, who shall sign the corrective action reports (CAR’s) and agree on when corrective actions shall be carried out

6.4.2

On the basis of the audit findings, the internal auditor (or internal audit team leader if there are more internal auditors) shall make an internal audit report that is delivered to Director, QA.

6.4.3

Lead auditors shall prepare 2 copies of the audit report in the format given and submit the audit findings to the

  1. Management Representative and
  2. The head of department being audited

6.4.4

The internal audit report shall contain identified non-conformities (major and/or minor) that require corrective actions, identified potential non-conformities that require preventive action, good practice identified, any areas within the audit scope not covered and recommendations for improvement of the QMS.

6.4.5

The internal audit report shall be delivered to top management within the deadline defined by MR.

6.5 Follow-up activities

6.5.1

The owner of the process in which the non-conformities are identified shall ensure that all necessary corrections and corrective actions for removing non-conformities and their cause are undertaken without unnecessary delays. They shall detail the root cause of the problem before identifying the appropriate action to prevent recurrence

6.5.2

Two weeks after date of audit, the auditors shall carry out follow-up audits to assess auditees’ progress in implementing appropriate corrective actions and record the findings.

6.5.3

Corrective and preventive actions are undertaken according to the Procedure for Corrective and Preventive Actions.

6.5.4

After performing corrective actions, if necessary, audit follow up may be conducted according to the Procedure for Corrective and Preventive Actions in order to assess the effectiveness or verification of corrective actions.

6.5.5

The status of corrective actions resulting from the audit shall be reported to the QMR for input at the next scheduled Management Review meeting if the necessary action has not been taken within the agreed period of time.

6.5.6

The audit reports shall be summarized by the MR and a report on the entire audit presented at the Management Review meeting.

6.5.7

Records of audit programs, audit plans, audit findings and corrective actions shall be maintained in the departmental audit files at the Director QA office.

 

6.6 Managing Records kept on basis of this document

Record name Code Storage Responsibility 
Retention Time Location
Internal  Audit Checklist SAI/QMS/MP/003/1 2 years Office of Director QA MR
Internal Audit Checklist SAI/QMS/MP/003/2 2 years Office of Director QA MR
Internal Audit Checklist SAI/QMS/MP/003/3 2 years Office of Director QA MR

 

Only MR can grant other employees the right to access the Annual Internal Audit Program, the Internal Audit Report and the Internal Audit Checklist.


Back to top

7.0 APPENDICES

7.1     Appendix 1 – Internal Audit Checklist

Internal Audit Checklist for ISO 9001

ISO 9001 Clause Requirement of the standard Compliant Yes/No Evidence
4.1 Are the processes necessary for the QMS determined, described, managed and applied in the organization?
4.2.1 Did the organization document the Quality Policy, quality objectives, Quality Manual, and procedures and records required by ISO 9001 and all documents and records defined as necessary by the organization?
4.2.2 Does the Quality Manual include the scope of the QMS and justification for exclusions, procedures or reference to procedures and interaction between the QMS processes?
4.2.3-01 Does the organization have a documented procedure that defines document approval, review and update?
4.2.3-02 Did the organization ensure that changes, current revision status and relevant versions of applicable documents are legible and readily identifiable and available at point of use?
4.2.3-03 Did the organization apply suitable identification of obsolete documents to prevent their unintended use?
4.2.4 Did the organization establish records to provide conformity to requirements of the QMS and defined needs for identification, storage protection, retrieval, retention and disposition of records?
5.1-01 Did top management demonstrate its commitment to development and implementation of the QMS by emphasizing the importance of meeting customer, statutory and regulatory requirements?
5.1.-02 Did top management established the Quality Policy and quality objectives, conduct a management review and ensure availability of resources?
5.2 Is top management committed to meeting customer requirements and enhancing customer satisfaction?
5.3 Does top management ensure that the Quality Policy is appropriate to the purpose of the organization and demonstrates a commitment to comply with the requirements and continuous improvement of the QMS, providing a framework for quality objectives communicated within the organization and reviewed?
5.4.1

 

Does top management ensure that quality objectives, including those needed to meet product requirements established, are measurable and aligned with the Quality Policy?
5.4.2-01

 

Does top management plan the QMS in order to comply with requirements from clause 4.1 and quality objectives?
5.4.2-02

 

Does top management ensure the integrity of the QMS if planning and applying changes to the QMS?
5.5.1

 

Are responsibilities and authorities defined by top management communicated within the organization?
5.5.2

 

Did top management appoint a management representative who has the responsibility and authority to ensure processes needed for establishing, implementing and maintaining the QMS, and who reports to top management on QMS performance and need for improvement and promotes awareness of customer requirements throughout the organization?
5.5.3

 

Did top management establish appropriate communication processes within the organization and communication regarding the effectiveness of the QMS?
5.6.1

 

Does top management conduct a QMS review that includes assessing opportunities for improvement and need for changes to the QMS including Quality Policy and Quality objectives at planned intervals and maintain records about the review in order to ensure its continuous suitability, adequacy and effectiveness?
5.6.2

 

Does the management review include information on results of audits, customer feedback, process performance and product conformity, status of preventive and corrective actions, follow-up action from previous management reviews, changes that could affect the QMS and recommendations for improvement?
5.6.3

 

Do outputs from the management review include decisions and actions related to improvement of effectiveness of the QMS and its processes, improvement of product related to customer requirements and resources needed?
6.1

 

Does the organization define and provide resources needed for implementation and maintenance of the QMS, continual effectiveness improvement and enhance customer satisfaction by meeting their requirements?
6.2.1

 

Are personnel performing work affecting conformity to product requirements competent, on the basis of education, training, skills and experience?
6.2.2-01

 

Did the organization determine necessary competence of personnel and provide training to achieve necessary competence and review and record effectiveness of actions taken?
6.2.2-02

 

Are personnel aware of relevance and importance of their activities and how they contribute to achievement of the QMS?
6.3

 

Did the organization determine, provide, and maintain the infrastructure needed to achieve conformity to product requirements including buildings, workspace, associated utilities, and equipment and supporting services?
6.4

 

Did the organization determine and manage the work environment needed to achieve conformity to product requirements?
7.1-01

 

Does the organization plan and develop processes needed for product realization, and is its planning compliant with the requirements of the other processes of the QMS?
7.1-02

 

While planning product realization, did the organization determine, as appropriate, quality objectives and product requirements and the need to establish process documents and provide resources specific to the product?
7.1-03

 

While planning product realization, did the organization determine, as appropriate, required activities of verification, validation, monitoring, measuring, controlling and testing specific for product criteria for product acceptance and records needed?
7.1-04

 

Are the planning outputs in a form suitable for the organization’s method of operations?
7.2.1

 

Did the organization determine requirements specified by the customer, including requirements for delivery and post-delivery activities, requirements not stated by the customer, statutory and regulatory requirements regarding the product and any additional requirements considered necessary?
7.2.2-01

 

Did the organization review and approve product requirements and its ability to meet requirements regardless of whether the requirements are documented prior to commitment to supply product to the customer, and maintain a record about the review?
7.2.2-02

 

Did the organization ensure that contractual requirements and other requirements differing from those previously expressed are resolved and defined?
7.2.2-03

 

Does the organization maintain records about results and actions arising from this review, update appropriate documents, and notify relevant personnel in case of changed requirements?
7.2.3

 

Did the organization determine and implement effective arrangements for communicating with customers related to product information inquiries, contract or other handling and customer feedback including customer complaints?
7.3.1-01

 

Does the organization plan design and development of product by determining design and development stages, review, verification and validation actions that are appropriate to each design and development stage and responsibilities and authorities for design and development?
7.3.1-02

 

Does the organization manage the interfaces between different groups involved in design and development to ensure effective communication and clear assignment of responsibility?
7.3.1-03

 

Is planned output updated, as appropriate, as design and development progresses?
7.3.2-01

 

Does the organization determine, maintain records and review inputs adequacy related to product, functional and performance requirements, statutory and regulatory requirements, information derived from previous similar designs and other requirements essential for design and development and record maintenance?
7.3.2-02

 

Are outputs suitable for verification against input product requirements, and do they contain information for purchasing, production and service provision, reference to product acceptance criteria and specified product characteristics essential for its safe and proper use and approved prior to release?
7.3.3-01

 

Are output elements of design and development suitable for verification against input elements and prior to release?
7.3.3-02

 

Do design and development outputs meet the input requirements, provide appropriate information for purchasing production and service provision, contain or reference product acceptance criteria and specify characteristics of the product that are essential for its safe and proper use?
7.3.4-01

 

Is a systematic review of design and development conducted in appropriate phases according to planned arrangements in order to evaluate the ability of the results of design and development to meet requirements, and to identify any problems and propose necessary actions?
7.3.4-02

 

Among the participants of the design and development review, are representatives of functions concerned with design and development stages present, and are records maintained?
7.3.5

 

Do design and development output elements meet the input requirements, and are verification records maintained?
7.3.6-01

 

Does design and development result in the product meeting specified requirement for specified or intended use, or application, where known?
7.3.6-02

 

Is validation done prior to delivery or implementation of the product, and are records about validation and any necessary actions maintained?
7.3.7-01

 

Does the company identify changes in design and maintain related records, review them, verify, validate, and where applicable, accept prior to implementation?
7.3.7-02

 

Does the design and development review include evaluation of effects of changes to the assembly parts and already delivered products, and are related records maintained?
7.4.1

 

Did the organization establish criteria for selection, evaluation and reevaluation of suppliers based on their ability to supply product in accordance with the organization’s requirements, and maintain records about results?
7.4.2

 

Is purchasing information adequate and contain a description of the purchased product, including, where appropriate, approval of product, procedures, processes and equipment, requirements for qualification of personnel and QMS requirements?
7.4.3-01

 

Did the organization establish and implement the inspection or other activities necessary to confirm that purchased product meets specified purchase requirements?
7.4.3-02

 

Did the organization state the intended verification arrangements and method of product release in the purchasing information when the organization or its customer intends to perform verification at the supplier’s premises?
7.5.1-01

 

Does the organization plan and execute production and service provision in managed conditions that include, as applicable, availability of information that describes the product characteristics, work instructions, and, as necessary, use of suitable equipment?
7.5.1-02

 

Does the organization provide conditions that include availability and use of monitoring and measuring equipment, implementation of monitoring and measurement and implementation of product release, delivery and post-delivery activities?
7.5.2-01

 

Does the organization validate all production processes and service provision where resulting output can’t be verified by subsequent monitoring or measurement?
7.5.2-02

 

Does validation include all processes where deficiencies become apparent only after the product is in use or the service has been delivered?
7.5.2-03

 

Does validation demonstrate the ability of these processes to achieve planned results?
7.5.2-04

 

Does the organization establish arrangements for this processes including, where appropriate, defining criteria for the review and approval of processes, equipment and personnel qualification and use of specific methods and procedures?
7.5.2-05

 

Did the organization establish requirements for records and revalidation?
7.5.3-01

 

Does the organization, where appropriate, identify product during its realization in a suitable way?
7.5.3-02

 

Does the organization identify product status considering requests for monitoring and measuring?
7.5.3-03

 

Does the organization control and maintain unique identification of the product?
7.5.4-01

 

Does the organization carefully handle customer property while it is under the organization’s control or being used by the organization?
7.5.4-02

 

Did the organization identify, verify, protect and safeguard customer property provided for use or incorporation into the product, and does the organization report to the customer and maintain records if customer property is lost, damaged, or otherwise found unsuitable for use?
7.5.5

 

Does the organization preserve the product and constituent parts of a product during internal processing and delivery to the intended destination in order to maintain conformity to requirements including identification, handling, packaging, storage and protection?
7.6-01

 

Does the organization determine monitoring and measurement to be undertaken and the monitoring and measuring equipment needed to provide evidence of conformity of product to determined requirements?
7.6-02

 

Does the organization establish processes to ensure that monitoring and measurement can be carried out and are carried out in a manner that is consistent with the monitoring and measurement requirements?
7.6-03

 

Is measuring equipment calibrated or verified, or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards, and in cases when such standards don’t exist, are the bases used for calibration and verification recorded?
7.6-04

 

Is measuring equipment adjusted or re-adjusted as necessary and identified in order to determine its calibration status?
7.6-05

 

Is measuring equipment safeguarded from adjustments that would invalidate the measurement result?
7.6-06

 

Is measuring equipment protected from damage and deterioration during handling, maintenance and storage?
7.6-07

 

Does the organization assess and record the validity of the previous measuring results when the equipment is found not to conform to requirements and take appropriate action on the equipment and any product affected?
7.6-08

 

Does the organization maintain records of the results of the calibration?
7.6-09

 

Does the organization confirm the ability of computer software to satisfy the intended application in cases when it is used for monitoring and measurement of specified requirements?
8.1-01

 

Does the organization plan and implement the monitoring, measurement, analysis and improvement processes to demonstrate conformity to the product requirements and the QMS, and continual improvement of the effectiveness of the QMS?
8.1-02

 

Does this include determination of applicable methods, including statistical techniques and the extent of their use?
8.2.1-01

 

Does the organization monitor information relating to customer perception as to whether the organization has met customer requirements?
8.2.2-01

 

Does the organization conduct internal audits at planned intervals to determine whether the quality management system conforms to the planned arrangements, to the requirements of the ISO 9001:2008 standard, and to the quality management system requirements established by the organization?
8.2.2-02

 

Does the organization conduct internal audits at planned intervals to determine whether the quality management system is effectively implemented and maintained?
8.2.2-03

 

Does the organization plan the auditing program, considering status and importance of the processes and areas to be audited, as well as results of previous audits?
8.2.2-04

 

Does the organization define the audit criteria, scope, frequency and methods?
8.2.2-05

 

Does the organization select auditors and conduct audits to ensure objectivity and impartiality of the audit process and prevent auditors from auditing their own work?
8.2.2-06

 

Does the organization establish documented procedures to define the responsibilities and requirements for planning and conducting audits, establishing and maintaining records and reporting results?
8.2.2-07

 

Does the management responsible for the area being audited ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected non-conformities and their causes?
8.2.2-08

 

Do the follow-up activities include the verification of actions taken and reporting of verification results?
8.2.3-01

 

Does the organization apply suitable methods for monitoring and, where applicable, measurement of the quality management system processes?
8.2.3-02

 

Do methods of monitoring and measurement demonstrate the ability of the processes to achieve planned results?
8.2.4-01

 

Does the organization monitor and measure the characteristics of the product to verify that product requirements have been met?
8.2.4-02

 

Does the organization maintain evidence of conformity with the acceptance criteria?
8.2.4-03

 

Do records indicate the person(s) authorizing release of product for delivery to the customer?
8.2.4-04

 

Is the release of product and service to the customer prevented until the planned arrangements have been satisfactorily completed unless otherwise approved by a relevant authority and, where applicable, by the customer?
8.3-01

 

Does the organization ensure that product that does not conform to product requirements is identified and controlled to prevent its unintended use or delivery?
8.3-02

 

Does the organization establish a documented procedure to define the controls and related responsibilities and authorities for dealing with non-conforming product?
8.3-03

 

Does the organization, where applicable, deal with non-conforming product by taking action to eliminate the detected nonconformity?
8.3-04

 

Does the organization, where applicable, deal with non-conforming product by authorizing its use, release or acceptance under concession by a relevant authority and, where applicable, by the customer?
8.3-05

 

Does the organization, where applicable, deal with non-conforming product by taking action to preclude its original intended use or application?
8.3-06

 

Does the organization, where applicable, deal with non-conforming product by taking action appropriate to the effects, or potential effects, of the nonconformity when non-conforming product is detected after delivery or use has started?
8.3-07

 

Does the organization subject corrected product to re-verification to demonstrate conformity to the requirements?
8.3-08

 

Does the organization maintain the records of the nature of nonconformities and any subsequent actions taken, including concessions obtained?
8.4-01

 

Does the organization determine, collect and analyze appropriate data to demonstrate the suitability and effectiveness of the QMS and to evaluate where continual improvement of the effectiveness of the QMS can be made?
8.4-02

 

Does the analysis of data provide information relating to: customer satisfaction, conformity to product requirements, characteristics and trends of processes and products, including opportunities for preventive action and suppliers?
8.5.1

 

Does the organization continually improve the effectiveness of the QMS through the use of the Quality Policy, Quality objectives, audit results, analysis of data, corrective and preventive actions and management review?
8.5.2-01

 

Does the organization take action to eliminate the causes of nonconformities in order to prevent recurrence?
8.5.2-02

 

Are corrective actions appropriate to the effects of the nonconformities encountered?
8.5.2-03

 

Does the organization establish a documented procedure to define requirements for reviewing nonconformities (including customer complaints)?
8.5.2-04

 

Does the organization establish documented procedures to define requirements for determining the causes of nonconformities?
8.5.2-05

 

Does the organization establish documented procedure to define requirements for evaluating the need for action to ensure that nonconformities do not recur?
8.5.2-06

 

Does the organization establish documented procedures to define requirements for determining and implementing action needed?
8.5.2-07

 

Does the organization establish documented procedures to define requirements for records of the results of action taken?
8.5.2-08

 

Does the organization establish documented procedures to define requirements for reviewing the effectiveness of the corrective action taken?
8.5.3-01

 

Does the organization determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence?
8.5.3-02

 

Does the organization ensure that preventive actions are appropriate to the effects of the potential problems?
8.5.3-03

 

Does the organization ensure that a documented procedure has been established to define requirements for determining potential nonconformities and their causes?
8.5.3-04

 

Does the organization ensure that a documented procedure has been established to define requirements for evaluating the need for action to prevent occurrence of nonconformities?
8.5.3-05

 

Does the organization ensure that a documented procedure has been established to define requirements for determining and implementing action needed?
8.5.3-06

 

Does the organization ensure that a documented procedure has been established to define requirements for records of results of action taken?
8.5.3-07

 

Does the organization ensure that a documented procedure has been established to define requirements for reviewing the effectiveness of the preventive action taken?

 

7.2    Appendix 2 – Internal Audit Program

Annual Internal Audit Program

This annual program is written for the period from July to June.

Internal audits according to ISO 9001 standards will be conducted in the following way:

No. Month Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun
Organization unit/process
 

1.

 

2.
3.
4.
5.
6.
7.
8.
9.
10.

Legend:

– Planned Audit

 

– Realized Audit

– Postponed Audit

 

 

___________________

[signature]

[name]

[job title]

 

7.3    Appendix 3 – Internal Audit Report

Audit scope:
Criteria:
Objectives:
Audit team:

 

1.)                [name of auditor], team leader

 

2.)          [name of auditor], team member

Date of audit:

 

Audit Summary:
General observations:
Non-conformities:
Good practices identified:
Processes/areas from Audit scope that haven’t been audited:

 

Document is distributed to:

 

___________________

[signature]

[name]

[job title]