Welcome!

Welcome!
Please also visit following blogs:
- 'EMS Awareness' Blog

Academic comments are invited.

Encouragement Support - National Centre for Quality Management. Please become a member of NCQM.

Keshav Ram Singhal

Various information, quotes, data, figures used in this blog are the result of collection from various sources, such as newspapers, books, magazines, websites, authors, speakers etc. Unfortunately, sources are not always noted. The editor of this blog thanks all such sources.

People from more than 145 countries/economies have visited this blog: Afghanistan, Albania, Algeria, Angola, Argentina, Aruba, Australia, Austria, Azerbaijan, Bahrain, Bangladesh, Belarus, Belgium, Belize, Benin, Bhutan, Bosnia and Herzegovina, Botswana, Brazil, Brunei, Bulgaria, Burundi, Cameroon, Cambodia, Canada, Chile, China, Colombia, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, Dominican Republic, Ecuador, Egypt, El Salvador, Estonia, Ethiopia, European Union, Fiji, Finland, France, Georgia, Germany, Ghana, Gibraltar, Greece, Guatemala, Guyana, Haiti, Honduras, Hong Kong S. A. R. (China), Hungary, Iceland, India, Indonesia, Iraq, Ireland, Israel, Italy, Ivory Coast, Jamaica, Japan, Jersey, Jordan, Kazakhstan, Kenya, Kuwait, Laos, Latvia, Lebanon, Lesotho, Libya, Lithuania, Luxembourg, Macao S. A. R. (China), Macedonia, Malawi, Malaysia, Maldives, Malta, Manila, Mauritius, Mexico, Moldova, Mongolia, Montenegro, Morocco, Mozambique, Myanmar, Namibia, Nepal, Netherlands, New Zealand, Nigeria, Niue, Norway, Oman, Pakistan, Palestinian Territory, Panama, Papua New Guinea, Peru, Philippines, Poland, Portugal, Puerto Rico, Qatar, Rwanda, Romania, Russia, Saint Lucia, Samoa, Saudi Arabia, Saint Kitts and Navis, Serbia, Seychelles, Singapore, Slovakia, Slovenia, Somalia, South Africa, South Korea, Spain, Sri Lanka, Sudan, Swaziland, Sweden, Switzerland, Syria, Taiwan, Tanzania, Thailand, Trinidad and Tobago, Tunisia, Turkey, Turks and Caicos Islands, UAE, Uganda, UK, Ukraine, USA, Uzbekistan, Venezuela, Vietnam, Zambia, Zimbabwe etc. Total visitors number crossed 100,000 on 14. 02. 2013. Total visitors number crossed 145,000 on 30. 09. 2013. Total visitors > 200,000 (from 01.08.2014)

Thursday, February 27, 2014

Understanding Management System Auditing - Six Principles of Auditing


Understanding Management System Auditing

Article - 3

Six Principles of Auditing

Keshav Ram Singhal

ISO 19011:2002 (the earlier version) mentioned five auditing principles - Ethical, Fair presentation, Due professional care, Independence, and Evidence-based approach, however the present version of the standard, ISO 19011:2011, Guidelines for auditing management systems, has mentioned six principles of auditing. First four principles discussed below are related to auditors and other two principles are related to the audit. These six principles are:

1. Integrity
2. Fair presentation
3. Due professional care
4. Confidentiality
5. Independence
6. Evidence-based approach

All above six principles provide basis to make the audit in a proper manner, so that an audit can be conducted inan effective and reliable manner. An audit provides information to the organization, thus providing opportunity to the organization to improve its performance. Audit conclusions will be relevant and sufficient, if audit principles are followed during the audit process.

Integrity



This is the first principle that relates to an auditor. The principle of integrity is the foundation of professionalism. Integrity is essential to auditing. An auditor should perform his auditing with integrity. Accordingly, the auditor should perform his work with honesty, diligence and responsibility. He should observe and comply with applicable legal (statutory and regulatory) requirements. He should demonstrate his competence while performing his work. He should perform his work in an impartial manner. He should remain fair and unbiased in all his dealings. He should be sensitive to any influences that may be exerted on his judgement while carrying out an audit.

Fair presentation

Fair presentation is the second principle that relates to an auditor. Fair presentation is the obligation on the auditor to report audit findings, audit conclusions and audit reports truthfully and accurately. It is expected from the auditor to also report – (i) significant obstacles encountered during the audit, (ii) unresolved diverging opinions between the auditor and the auditee.

Due professional care

Due professional care is the third principle that relates to an auditor. Due professional care requires the application of diligence and judgement in auditing. The application of diligence and judgement in auditing by the auditor reflects due professional care. It is for the auditor to exercise due professional care in accordance with the importance of task he performs. An auditor should exercise care in performing his task as the audit client(s) and other interested parties place confidence in him for doing so. The auditor should have the necessary competence to perform the task. The auditor should have the ability to make reasoned judgement (applying factual approach to decision making) in all audit situations. An auditor should remember that he performs a QMS audit to judge that the quality management system of the organization conforms to the planned arrangements to the requirements of ISO 9001:2008 QMS standard and requirements established by the organization. When an auditor is required to ascertain whether the quality management system of the organization is effectively implemented and maintained, then the application of diligence and judgement (factual approach to decision making) is required.

Confidentiality



Confidentiality is the fourth principle that relates to the security of information acquired during auditing activities. The principle of confidentiality is required to maintain security of information, which are revealed to an auditor during the audit process. ISO 19011:2011 has included this principle as a new auditing principle. It is required that an auditor should exercise discretion in the use and protection of information acquired during the audit process. An auditor should not use any information acquired during audit process for personal gain. Audit information should not be used inappropriately in a manner detrimental to the legitimate interests of the auditee. Proper handling of sensitive or confidential information is required from an auditor to keep the security of information.

Independence

Independence is the fifth principle that is the basis for the impartiality of an audit and the objectivity of the audit conclusions. An auditor should not audit his own work. Accordingly, (i) an auditor should be independent of the activity being audited; (ii) an auditor should be free from bias and conflict of interest, (iii) an auditor should maintain an objective state of mind throughout the audit process, (iv) an auditor should be free from prejudice or partiality that could affect objectivity, (v) an auditor should ensure that audit findings and audit conclusions are based on audit evidences.

Evidence-based approach

Evidence-based approach is the sixth principle that is the rational method for arriving at reliable and reproducible audit conclusions in a systematic audit process. Evidence-based approach as a principle of auditing is similar to the QMS principle ‘factual approach to decision making’. This principle is the rational method for reaching reliable and reproducible audit conclusions in a systematic way. Audit findings and audit conclusions should be based on audit evidences that are verifiable. An audit is conducted during a finite period of time and with finite resources, as such audit evidence should be based on samples of the information available. A QMS audit must be carried out in an objective manner. The auditing exercise mainly concentrates on gathering objective evidences. An appropriate use of sampling should be applied during auditing process.

If above six principles are applied while carrying out a QMS audit (including internal audit), the audit results will be useful to the organization and helpful for continual improvement of the system.

Monday, February 24, 2014

Scope and Vocabulary in ISO 19011:2011


Understanding Management System Auditing

Article - 2

Scope and Vocabulary in ISO 19011:2011

ISO 19011:2011 is an international standard that provides guidance on auditing management systems. Earlier version ISO 19011:2002 was a standard that was providing guidance on auditing quality and/or environmental management systems. There has been a number of other management system standards that have been published since then, therefore it is felt to widen the scope of the auditing guidance standard and as such ISO 19011:2011 has widen its scope. ISO 19011:2011 provides guidance on:
- Principles of auditing (Clause 4)
- Managing an audit programme (Clause 5)
- Conducting management system audits (Clause 6)
- Evaluation of competence of individuals involved in the audit process (Cause 7)

ISO 19011:2011 standard is applicable to all organizations that implement a management system and that require to conduct or manage management system audit (internal or external). The application of ISO 19011:2011 standard is possible to other types of audits, provided that special consideration is given to specific competence needed.

ISO 19011:2011 standard cites no normative reference.

For better understanding of the guidelines given in the standard, ISO 19011:2011 standard provides terms and definitions of following terms:
- Audit (3.1)
- Audit criteroa (3.2)
- Audit evidence (3.3)
- Audit findings (3.4)
- Audit conclusion (3.5)
- Audit client (3.6)
- Auditee (3.7)
- Auditor (3.8)
- Audit team (3.9)
- Technical; expert (3.10)
- Observer (3.11)
- Guide (3.12)
- Audit programme (3.13)
- Audit scope (3.14)
- Audit plan (3.15)
- Risk (3.16)
- Competence (3.17)
- Conformity (3.18)
- Nonconformity (3.19)
- Management system (3.20)

Most of the terms and definitions in ISO 19011:2011 standard have been adapted from ISO 9000:2005 standard.

ISO 19011:2002 (earlier version) included 14 terms and definitions, while the new version (ISO 19011:2011) includes 20 terms and definitions, thus adding following six terms:
- Observer
- Guide
- Risk (adapted from ISO Guide 73:2009)
- Conformity (adapted from ISO 9000:2005)
- Nonconformity (adapted ftom ISO 9000:2005)
- Management system (adapted from ISO 9000:2005)

Personnel involved in managing or conducting auditing should understand above terms. Understanding above terms will enable you to understand the ISO 19011:2011 standard ion a clear manner. We are not discussing these terms in this chapter and readers are advised to refer to the standard.