Internal Systems Audits
1. Introduction:
This procedure describes how the management system is periodically audited to ensure the system is operating correctly and effectively
2. Purpose:
Audits are primarily designed to ensure:
(a) The management system documentation continues to adequately and correctly define the needs of the business
(b) The documented procedures continue to be practical, understood and observed by staff
(c) The training of staff is adequate
3. References:
Audit Lead Sheet
Audit Report Lead Sheet
4. Definitions:
5. Procedure
5.1. Schedule of Audits
The timing and frequency of audits vary as a function of the importance of the elements being audited and the previous audit •performance (results) of the department / area.
The audit schedule for the calendar year is developed and approved by the Systems Manager by no later than January of that year. As a minimum, the schedule ensures the following audits:
- All procedures for the Management System, Operations, Sales & Marketing, Human Resources, Finance & Administration need to be audited at least once per year
- Key Suppliers (contracted suppliers, warehouses etc) at least once per year
- Selected Agents - at least once per year
- Selected areas which are not part of the auditing schedule and the management system
5.2. Persons Performing Audit
Audits are carried out by management and supervisory staff who
- Have been certified as Internal Auditors by the Standards Organisation
- Are independent of the activity being audited. Normally, this means persons from another department; however, persons from the same department may conduct the audit provided their independent from the activity and freedom from departmental influence can be assured
The Systems Manager is responsible for ensuring appropriate training and assignment of auditing staff. The Systems Manager is also responsible to maintain a list of personnel with training in the conduct of audits
5.3. Preparation of Audits
- Review the Management System documentation applicable to the activity to be audited
- Review the previous Audit Report for the activity that was audited
- Contact the Departmental Manager to be audited and confirm mutually acceptable arrangement (pre-scheduled timetable for audit)
- Obtain and review the proposed check list
The Systems Manager is responsible for the adequacy of checklists, and procedures to be used by auditors and the identification of documentation applicable to the activity to be audited
5.4. Conduct of Audit
The audit is conducted using copies of audit check lists and/or system documentation relevant to the area/activity under audit.
The audit technique must ensure:
(a) It is clear that it is the system that is undergoing audit, not the staff. The objective is to ensure that any system breakdowns or inadequacies are identified, as well as opportunities for improvement.
(b) Questions and discussions are framed to encourage cooperation and input from the auditee (i.e. not a policing or interrogation style} It is vital that both the auditor and the auditee adopt a 'partnership' approach to the audit, rather than act as adversaries.
(c) Objective evidence of compliance is sought (heresay cannot be accepted)
(d) Instances of non-conformances are noted in sufficient detail to provide factual examples of areas/activities/procedures which are conflicting or require improvement or modification
5.5. Reporting of Audit Results
The results of the audit are compiled In a Report comprising
(a) An Audit Report Lead Sheet
(b) Completed Check List or marked up duplicate procedure (if used as check list) or detailed report identifying the detailed observations and examples of non-conformances witnessed during the audit
The Audit Report Lead Sheet should briefly summarise the outcome of the audit and identify any areas of non-conformance and opportunities for improvement. The audit report is submitted to the System Manager, together with any additional documentation necessary to support the findings or assist in their interpretation.
The System Manager is responsible for:
(i) Discussing the Audit Report with the Auditor
(ii) Distributing the Audit Report to the Auditee
(iii) Discussing the Audit Report and any necessary improvements with the Auditee
(iv) Raising any formal Corrective Action Requests which are considered necessary eg to set urgent timetable for attention to major non-conformance reports
(v) Determining the need for any unscheduled audits to verify satisfactory attention to minor non-conformances or Corrective Action Request identified in the Audit Report
(vi) Maintaining records of all Internal Quality Audits
(vii) Reporting any significant audit findings to the Management Committee
Note: Instances of minor non-conformances which do not detract from product or service quality and which can be quickly corrected without significant costs or system changes, need only be noted on the check list or the duplicate procedure (if used as check list) or in the detail report, for attention by the auditee, subject to review by the Systems Manager. Satisfactory attention to these minor matters can usually be verified during the next scheduled (or unscheduled) audit.
However, if non-conformance is considered to be a major problem (i.e. likely to adversely impact on product or service quality, or indicative of a systematic problem likely to recur and attract on-going costs or significant difficulties for the company), then it should be also highlighted on the Lead Sheet. The System Manager will review all audit reports and initiate any separate formal Corrective Action Request considered necessary.
5.6. Monitoring
The progress of Corrective Action Request is detailed in Departmental reports submitted to the Weekly Management Meetings. Departmental Managers also have the responsibility to correct other 'minor' non-conformance identified in the audit report. Monitoring of the implementation of corrective actions is described in 5.4.