ISO Document Type:

Procedure (PRO)

Related To:

Related Department:

Administration

Issue no:

Code:

-- PRO-005

Approved By:

Management Representative

PRO - Internal Audit

System: LYRA (PVT) LIMITED Quality Management System

Table of Contents

PRO - Internal Audit
Purpose
Scope
Related Documents
Terms and Definitions
Responsibilities
Procedure
General Considerations
Planning Internal Audits
Audit Team
Conducting the Audit
Audit Activities
Auditor Qualification
Records

Purpose

This procedure outlines the process and responsibilities for internal audit of the QMS, considering planning, execution, reporting, and monitoring of internal audit findings.

Scope

This procedure is to be followed by all internal auditors and applies to all QMS internal audits.

Terms and Definitions

Audit: systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.
Audit Criteria: set of policies, procedures or requirements.
Audit Evidence: records, statements of fact or other information which are relevant to the audit criteria and verifiable.
Audit Leader: An auditor designated as responsible for the QMS audit and for preparing the final report.
Audit Plan: set of one or more audits planned for a specific time frame and directed towards a specific purpose.
Auditee: organization being audited.
Auditor: person with the demonstrated personal attributes and competence to carry out an audit.
Follow up audit: audit that includes the verification of the actions taken and the reporting of verification results.
Non scheduled audit: documented investigation that occurs as a result of non-conformities detected within the QMS.
Nonconformity: audit finding consistent in the non-fulfillment of a requirement.
Opportunity: audit finding consistent in any situation that has potential to become a problem or a potential department to improve.
Programmed Audit: Documented investigation that occurs as planned.
QMS: Quality Management System.

Responsibilities

Management is required to:

Provide assistance to the Internal Auditors.
Incorporate findings of the internal audit into operational activities.

Management Representative is required to:

Prepare periodical Audit Plan at CompanyCertification® Compliance Management Solution (CC-CMS) .
Select the audit team, ensuring that auditors are independent of the activity they have been assigned to audit.
Ensure the realization of planned audits.
Follow up the non-conformities and opportunities.

Management Representative is required to:

Approve the audit plan
Evaluate and approve audit reports

Audit Leader is required to:

Plan and conduct an audit.
Set dates and timetables with the audited departments responsible.
Conduct opening and closing meetings.
Brief the auditors, defining the requirements of each audit assignment and assisting in the preparation of audit checklists as needed
Draw up audit reports.

Management Representative are required to:

Undertake internal audits in an independent manner, in accordance with relevant Standards and instructions.
Observe all requirements relating to privacy and confidentiality.
Provide a draft report to analyze with the rest of the auditors.
Collect audit findings.

Procedure

General Considerations

Independence is essential to the effectiveness of the internal audit function. This independence is to be achieved primarily through the reporting lines and objectivity. Drafting policy and procedures, designing and installing operating systems are not internal audit function as they are likely to impair audit objectivity, and are to be excluded from any activities undertaken by Internal Auditors.
Internal auditors are to be given full access to any records, properties, resources and personnel as needed to fulfill internal audit objectives and responsibilities.
All information made available to Internal Auditors is to be treated in the strictest confidence by the Internal Auditors.

Planning Internal Audits

When preparing and revising the Internal Audit Plan, it must be taken into account performance indicator's critical relevance, importance and status, previous audits results and others.

All QMS processes must be audited at least Annually, even though, in preparing the plan, the Management Representative is to be sensitive to the peak workload periods and other sensitivities of processes to be audited.

The Internal Audit Plan should include:

Critical processes to be audited.
Involved Departments.
Audits Plan.
Indicative scope for each review.
Audit leader and team.

Audit Team

Internal qualified auditor: personnel qualified as auditor, according to Audit Qualification.
External qualified auditors: Internal auditors of other companies certified in ISO 9001
External qualified auditors - Independent qualified auditors.
In all cases designated auditors must be independent of processes to be audited.

Conducting the Audit

Preparing the Audit

The Management Representative will coordinate with the Management Representative . Management Representative or Management Representative will plan the Audit Task at CompanyCertification® Compliance Management Solution (CC-CMS) for notification of the Audit to the auditee, the audit planning, the departments to be audited, dates, timetable, etc.

Together with the auditor team analyzes documents such as:

Management Policies
Management Manual
Critical processes flowchart
Indicators
Previous internal and external audits.
Department specific documents (including procedures and work instructive)
Specifications and standards.
Regulatory documents.

Audit Activities

Opening Meeting

The opening meeting is an opportunity to introduce the members of the audit team to the audited and establish communication links with activities being audited. It is also an opportunity to review the scope and objectives of the audit and provide a short summary of the methods and procedures used to conduct it. Also, the details of the audit plan can be clarified, confirm the time and date for the closing meeting and any interim meetings.

Collecting Findings

In order to collect evidence, the auditors will analyze critical processes through interviews, examination of documents and records, and observation of activities and conditions in areas of concern. They will search for proves of the QMS implementation, such as if it is defined and documented, implemented or if it's effective. Information gathered through interviews should be tested or investigated by acquiring the same information from other independent sources, such as physical observation, measurements and records. All audit observations are documented, even if not originally covered on the checklist. Area management will be constantly informed of findings.
It must be audited the following:

All audit findings are recorded at CompanyCertification® Compliance Management Solution (CC-CMS) as a Audit Nonconforming Task Record (NCR).
Effectiveness indicators tendencies related to the objectives.
Non conformities closure and observations from previous audits.
If necessary, products will be audited by removing samples and analyzing them later.

Audit Team Meeting

If necessary, previous to closing meeting, audit team will meet in order to analyze findings and determine which ones will become non conformities or improvement opportunities.

Closing Meeting

Audit team meets with audited areas in order to present audit observations, conclusions regarding the effectiveness of the QMS.

Audit Report

The audit leader shall report audit general conclusions and findings in a manner which can be easily used to substantiate them and support reports in accordance with relevant professional standards. This will be done by using any charts and report software.
The Management Representative will generate the Audit Non-Conformance Task records and will follow-up audit activities at CompanyCertification® Compliance Management Solution (CC-CMS) .

Auditor Qualification

Internal audits must be conducted in a standardized and consistent manner. In order to achieve this, internal auditors should meet the following criteria:

Comply with background prerequisites;
Possess the appropriate personal attributes;
Demonstrate the requisite knowledge and skills;
Successfully complete all steps in the auditor qualification process.

Background Area	Prerequisite
Education	Completion of Secondary Education
Operation Experience	A minimum of one year of work experience in the organization.
Auditor Training/Certification	Completion of an auditor training and qualification course, to include a final evaluation.

The qualification process contains:

The criteria for auditing the QMS.
The general objectives of mandatory rules and regulations, and other applicable codes, guidelines and standards.
The procedures for performing the verification of compliance with the QMS requirements.

After training, personnel assigned to perform QMS audit should be able to:

Plan and organize audits by demonstrated knowledge of all the requirements of the QMS.
Conduct verification of compliance.
Utilize the basic knowledge of mandatory rules and regulations and other applicable codes, guidelines and standards.
Conduct the verification in accordance with agreed procedures.

Auditors should also have the following personal attributes:

Ethical in conduct;
Objective, fair and impartial in applying judgment;
Self-confident in knowledge and ability;
Honest and firm in convictions;
Focused on achieving objectives;
Observant of physical surroundings and activities;
Dedicated to operating in a teamwork environment;
Open to alternative ideas or methods;
Tactful in dealing with people;
Discreet in managing information;
Insightful and adaptable to different situations;
Analytical and logical in reaching conclusions.

The theoretical training shall include:

Audit techniques of examining, questioning, evaluating and reporting.
Knowledge and understanding of the QMS.
Mandatory rules and regulations.
Procedures relevant to the certification process.

In order to ensure the competence of Internal Auditors, the course will include a trial audit where trainers and experienced Internal Auditors accompany the trainees. The trainee's performance is assessed and feedback is given on the audit and on the report findings as part of the training process.Competence gained through attending the training should be demonstrated through written examination.
The Management Representative will annually assess whether internal auditors require further training
Also, internal auditors should have effective skills in the following areas:

Writing reports.
Communicating.
Working with people.
Using computer programs.

Management Representative are required to have additional leadership skills that enhance the performance of the Audit Team. Therefore, selection of a audit leader should be based on a demonstration of the following skills:

Planning the audit and making effective use of resources during the audit.
Representing the audit team in communication with the audited.
Organizing and directing audit team members.
Leading the audit team to reach audit conclusions.
Preventing and resolving problems and conflicts.
Preparing and completing the audit reports.
Internal Audit can be sub-contracted to a qualified auditor outside the company.

Records

Title	Responsible	Archive	Order	Retention	Disposition
Internal Audit Plan	Management Representative	[Archive]	By date	Permanent	Not Applicable
Audit Non-conformance Task Record	Management Representative	[Archive]	By date	2 years	Erased from CompanyCertification®
Internal Audit Check List	Management Representative	[Archive]	By date	Permanent	Not Applicable
Internal Audit Report	Management Representative	[Archive]	By date	Permanent	Not Applicable
Audit Non-conformance Log (NCR Log)	Management Representative	Online	By date	Permanent	Not Applicable

Document Distributed To:

Abdul Samad

PRO - Internal Audit