This procedure applies to audit which is to confirm the verify the status of Management System established, including organizations, policy and procedure of applicant client for certification, and also to confirm whether all the requirement related to certification scope are met before Quality Management System On-site stage 2 audit.
This procedure is to secure information on system implementation status of the organization and to effectively performing audit proceeded at the stage 2 audit, by confirming the adequacy of its certification system requirements as per organization with initial certification audit, re-certification audit and certification scope change (i.e. addition, extension etc., where necessary)
3.1 ISO 17021
3.2 Applicable Management System Standard (ISO 9001)
3.3 PRS.07 QMS On-site audit Procedure
4.1 Audit team shall confirm manual and related documents from applicant organization for certification (i.e policy, organization chart, audit plan matrix of department, mfg process flowchart etc) for performing document review/ stage 1 audit. In principle, stage 1 audit is to be performed on-site by visiting client organization for confirming important issues, and business type, business status and size, etc. of applicant organization.
4.2 Auditor who performed document review/ stage 1 audit shall inform applicable audit team of the result with a reasonable time frame before stage 2 audit.
4.3 Audit team leader shall prepare and send stage 1 audit plan notification and audit program to organization subject to audit before the audit starts.
4.4 In case after the audit date is firmly fixed, audit schedule is needed to adjust such as postponing the audit date due to unavoidable circumstances, audit team leader shall separately compromise it with organization subject to audit and after which the result agreed shall be reported to general manager of planning & management dept.
4.5 It is required to clearly define interface with all of other systems which are operated within the client’s organization or affect client’s operation, if any others. Only when such interface of Management System is confirmed to be clearly defined with appropriate interaction, documentation of other Management System may be integrated. In case of not integrated, interaction and the priority order among document of MS shall be defined.
5. Audit procedure
5.1 Conducting the opening meeting (ISO 17021 188.8.131.52)
5.1.1 A formal opening meeting, where attendance shall be recorded, shall be held with the client’s management, and where appropriate, those responsible for the functions or processes to be audited. The opening meeting, which shall usually be conducted by the audit team leader, shall include a short explanation of how the audit activities will be undertaken and the following elements.
5.1.2 The degree of detail shall be consistent with the familiarity of the client with the audit process.
1) introduction of the participants, including an outline of their roles;
2) confirmation of the scope of certification
3) confirmation of the audit plan (including type and scope of audit, objectives and criteria), any changes, and other relevant arrangements with the client, such as the date and time for the closing meeting, interim meetings between the audit team and the client’s management;
4) confirmation of formal communication channels between the audit team and the client;
5) confirmation of matters relating to confidentiality;
6) confirmation of relevant work safety, emergency and security procedures for the audit team;
7) confirmation of the availability, roles and identities of any guides and observers;
8) the method of reporting, including any grading of audit findings;
9) information about the conditions under which the audit may be prematurely terminated;
10) confirmation that the audit team leader and audit team representing the certification body are responsible for the audit and shall be in control of executing the audit plan including audit activities and audit trails;
11) confirmation of the status of findings of the previous review or audit, if applicable;
12) methods and procedures to be used to conduct the audit based on sampling;
13) confirmation of the language to be used during the audit;
14) confirmation that, during the audit, the client will be kept informed of audit progress and any concerns.
15) opportunity for the client to ask questions(E5R1)
5.2 Communication during the audit (ISO 17021 184.108.40.206)
1) During the audit, the audit team shall periodically assess audit progress and exchange information.
2) The audit team leader shall reassign work as needed between the audit team members and periodically communicate the process of the audit and any concerns to the client.
3) Where the available audit evidence indicates that the audit objectives are unattainable or suggests the presence of an immediate and significant risk(e.g. safety), the audit team leader shall report this to the client and, if possible, to the certification body to determine appropriate action. Such action may include reconfirmation or modification of the audit plan, changes to the audit objectives or audit scope, or termination of the audit. The audit team leader shall report the outcome of the action taken to the certification body.
4) The audit team leader shall review with the client any need for changes to the audit scope which becomes apparent as on-site auditing progress and report this to the certification body.
5.3 Observers and guides
The presence and justification of observers during an audit activity shall be agreed to by the certification body and client prior to the conduct of the audit.
NOTE) Observers can be members of the client’s organization, consultants, witnessing accreditation body personnel, regulators or other justified persons.
Each auditor shall be accompanied by a guide, unless otherwise agreed to by the audit team leader and the client. Guide(s) are assigned to the audit team to facilitate the audit. Guides do not influence or interfere in the audit process or outcome of the audit.
NOTE) The responsibilities of a guide can include:
1) establishing contacts and timing for interviews;
2) arranging visits to specific parts of the site or organization;
3) ensuring that rules concerning site safety and security procedures are known and respected by the audit team members;
4) witnessing the audit on behalf of the client;
5) providing clarification or information as requested by an auditor
5.4 Collecting and verifying information
1) During the audit, information relevant to the audit objectives, scope and criteria (including information relating to interfaces between functions, activities and processes) shall be collected by appropriate sampling and verified to become audit evidence.
2) Methods to collect information shall include, but are not limited to:
l Observation of processes and activities;
l Review of documentation and records.
5.5 Criteria necessary to be confirmed during the audit
1) auditing the client’s management system documentation
2) evaluating the client’s location and site-specific conditions and to undertake discussions with the client’s personnel to determine the preparedness for the stage 2 audit;
3) reviewing the client’ status and understanding regarding requirements of ISO 9001, in particular with respect to the identification of key performance or significant aspects, processes, objectives and operation of the management system;
4) collecting necessary information regarding the scope of the management system, processes and location(s) of the clients, and related statutory and regulatory aspects and compliance (e.g. quality, legal aspects of the client’s operation, associated risks, etc.);
5) reviewing the allocation of resources for stage 2 audit and agree with the client on the details of the stage 2 audit;
6) providing a focus for planning the stage 2 audit by gaining a sufficient understanding of the client’s management system and site operations in the context of possible significant aspects;
7) evaluating if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for the stage 2audit.
5.6 Identifying and recording audit findings (ISO 17021 220.127.116.11)
1) Audit findings summarizing conformity and detailing nonconformity and its supporting audit evidence shall be recorded and reported to enable an informed certification decision to be made or the certification to be maintained.
2) Opportunities for improvement may be identified and recorded, unless prohibited by the requirements of a management system certification scheme. However, audit findings which are nonconformities in accordance with following cases shall not be recorded as opportunities for improvement.
l The case that it has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all nonconformities that represent
– failure to fulfill one or more requirements of the management system standard, or
– a situation that raises significant doubt about the ability of the client’s management system to achieve its intended outputs
l The case that it has reviewed and accepted the client’s planned correction and corrective action for any other nonconformities.
3) A finding of nonconformity shall be recorded against a specific requirement of the audit criteria, contain a clear statement of the nonconformity and identify in detail the objective evidence on which the accurate and that the nonconformities are understood. The auditor however shall refrain from suggesting the cause of nonconformities or their solution.
NOTE) For the classification regarding minor nonconformity and major nonconformity, it is referred to stage 2 audit procedure.
4) The audit team leader shall attempt to resolve any diverging opinions between the audit team and the client concerning audit evidence or findings, and unresolved points shall be recorded.
5) Stage 1 audit findings shall be documented and communicated to the client, including identification of any areas of concern could be classified as nonconformity during the stage 2 audit.
5.7 Preparing audit conclusions
Prior to the closing meeting, the audit team shall:
1) review the audit findings, and any other appropriate information collected during the audit, against the audit objectives;
2) agree upon the audit conclusions, taking into account the uncertainty inherent in the audit process;
3) identify any necessary follow-up actions;
4) confirm the appropriateness of the audit program or identify any modification required (e.g. scope, audit time or dates, surveillance frequency, competence).
5.8 Conducting the closing meeting
5.8.1 A formal closing meeting, where attendance shall be recorded, shall be held with the client’s management and, where appropriate, those responsible for the functions or processes audited. The purpose of the closing meeting, which shall normally be conducted by the audit team leader, is to present the audit conclusions, including the recommendation regarding certification. Any nonconformities shall be presented in such a manner that they are understood, and the timeframe for responding shall be agreed.
NOTE) “Understood” does not necessary mean that the nonconformities have been accepted by the client.
5.8.2 The closing meeting shall also include the following elements. The degree of detail shall be consistent with the familiarity of the client with the audit process:
1) advising the client that the audit evidence collected was based on a sample of the information; thereby introducing an element of uncertainty;
2) the method and timeframe of reporting, including any grading of audit findings;
3) the certification body’s process for handling nonconformities including any consequences related to the status of the client’s certification’
4) the certification body’s post activities’
5) information about the complaint handling and appeal processes.
5.8.3 The audit team leader shall give the client opportunity for questions. Any diverging opinions regarding the audit findings or conclusions between the audit team and the client shall be discussed and resolved where possible. Any diverging opinions that are not resolved shall be recorded and referred to the certification body.
5.9 Audit report
5.9.1 The auditor who performed the audit shall prepare Audit program(EF040) for the next stage audit with the stage 1 audit report (EF044) and submit those to the planning & management department for such to be informed to the applicant.
5.9.2 The audit team may identify opportunities for improvement but shall not recommend specific solutions.
5.9.3 Ownership of the audit report shall be maintained by the certification body.
5.9.4 The audit team leader shall ensure that the audit report is prepared and shall be responsible for its content.
5.9.5 The audit report shall provide an accurate, concise and clear record of the audit to enable an informed certification decision to be made and shall include or refer to the following:
1) identification of the certification body;
2) the name and address of the client and the client’s management representative;
3) the type of audit (e.g. initial, surveillance or recertification audit);
4) the audit criteria;
5) the audit objectives;
6) the audit scope, particularly identification of the organizational or functional units or processes audited and the time of the audit;
7) identification of the audit team leader, audit team members and any accompanying persons;
8) the dates and places where the audit activities (on site or offsite) were conducted;
9) audit findings, evidence and conclusions, consistent with the requirements of the type of audit;
10) any unresolved issues, if identified.
5.10 Cause analysis of nonconformities (ISO 17021 9.1.11)
The certification body shall require the client to analyze the cause and describe the specific correction and corrective actions taken, or planned to be taken, to eliminate detected nonconformities, within a defined time.
5.11 Effectiveness of corrections and corrective actions (ISO 17021 9.1.12)
1) TQA shall ask applicant client to inform TQA of corrective action result after the organization’s completing corrective action, and advise the organization that on-site audit shall not be performed until corrective action taken is successfully completed. However, except when it is judged that such corrective actions are verifiable on site although they are not completed.
2) The certification body shall review the corrections, identified causes and corrective actions submitted by the client to determine if these are acceptable.
3) The certification body shall verify the effectiveness of any correction and corrective actions taken.
4) The evidence obtained to support the resolution of nonconformities shall be recorded.
5) The client shall be informed of the result of the review and verification.
6) Verification of effectiveness of correction and corrective action can be carried out based on a review of documentation provided by the client, or where necessary, through verification on-site.
7) The client shall be informed if an additional full audit, an additional limited audit, or documented evidence will be needed to verify effective correction and corrective actions (ISO 17021 9.1.13).
8) In the case that the correction and corrective action regarding nonconformity are acceptable, the auditor shall plan for the stage 2 audit.
9) Even if the stage 2 audit is planned in advance, the audit schedule, if necessary, shall be corrected by considering the corrective action of the stage 1 audit.
5.12 General Manager of planning & management dept. shall advise applicant organization that if there is any major changes in its system as followings which shall be reported to TQA in the form of documents.
1) Major changes in ownership, facilities and organization
2) Major changes in management system and procedures
3) Changes in certification standard and certification scope
5.13 Stage 1 audit at Surveillance audit
In case there is any major changes occurred in the management system of the organization already certified, the related documents received from the org. shall be received and then forwarded to the audit team for review.
5.14 Stage 1 audit at Special Surveillance Audit
5.14.1 It is applied in case of certification standards changes, and following shall be confirmed.
1) Planning & Management Dept. shall ask applicant organization for certification standards changes to submit it to the Dept. before audit for changes.
2) Documents received at Planning & Management Dept. from the org. shall be forwarded to audit team for review.
5.14.2 Matters to consider when performing document review according to certification standard changes
1) Interface between the changed part and the current system
2) Responsibilities and authorities as a result of the changes (work allocation)
3) Interface per elements and work instruction
5.15 Stage 1 audit at Re-certification audit/ Transfer Audit
It shall be performed in accordance with Re-certification Audit.
6. Record Control
6.1 All the record related to audit shall be maintained and controlled according to Record Control Procedure (PRS-16).
6.2 Applied Quality Record
1) Stage 1 Audit Report
2) Audit Plan Notification
3) Record of closed CA towards NCs from stage 1 audit