In the magazine No. 4 (28) 2013 on page 52. we published an article by our author, the CEO of the group of companies “ international Management, quality, certification" under the title "Main trends and results of audits of food safety management systems". As an appendix to this material and in order to assist novice internal auditors, we suggest that you familiarize yourself with the DETAILED version of the checklist (which is given in table 4 in the article), which they can use to improve the effectiveness of the system.
|
Critical areas |
Active |
||||
| Work with providers | |||||
| 1. List of approved suppliers | □ | □ | □ | ||
| 2. All suppliers have implemented FSMS and are ISO 22000 certified (BRC, IFS, FSSC 22000) | □ | □ | □ | ||
| 3. All new suppliers are evaluated according to the PRP procedure, significant ones are audited | □ | □ | □ | ||
| Acceptance | □ | □ | □ | ||
| 4 Employees are aware of safety issues food products when receiving incoming products? | □ | ||||
| 5. When answering questions, staff demonstrate knowledge of key food safety factors when inspecting a food delivery vehicle | □ | □ | □ | ||
| 6. All purchases from approved suppliers | □ | □ | □ | ||
| 7. There is a description of all purchased raw materials according to 7.3.3. ? | □ | □ | □ | ||
| 8. Are these records available in the receiving area? | □ | □ | □ | ||
| 9. Do the acceptance records demonstrate compliance with the written procedures? | □ | □ | □ | ||
| 10. Is the temperature of all refrigerators and freezers monitored? | □ | □ | □ | ||
| 11. Are products stored at the correct temperature and humidity? | □ | □ | □ | ||
| 12. Is all documentation with requirements available? | □ | □ | □ | ||
| 13. Regular monitoring is carried out Vehicle delivering food products? | □ | □ | □ | ||
| 14. Is documentation with transport requirements available? | □ | □ | □ | ||
| 15. All delivery forms are completed | □ | □ | □ | ||
| Politics of wood and glass | |||||
| 16. No glass and wood in the production area? | □ | □ | □ | ||
| Marking and traceability | |||||
| 17. All perishable storage items are clearly labeled with date of purchase and used before expiration date | □ | □ | □ | ||
| 18. All pre-prepared and work-in-progress products are clearly labeled when stored. | □ | □ | □ | ||
| Storage | |||||
| 19. In all warehouses, food products are not stored on the floor, do not come into contact with the surface of the walls? | □ | □ | □ | ||
| 20. Are all products in storage containers closed and labeled with product name, production date? | □ | □ | □ | ||
| 21.Is all packaging in good condition? | □ | □ | □ | ||
| 22. Are all products shipped FIFO (first in, first out)? | □ | ||||
| 23. Is there enough space for storage? | □ | □ | □ | ||
| 24. Is there a designated area for potentially unsafe or recalled products? | □ | □ | □ | ||
| 25. Are warehouse temperatures and humidity within regulatory limits, monitored, recorded? | □ | □ | □ | ||
| 26. Are foods stored to prevent cross contamination from raw to cooked products in storage areas? | □ | □ | □ | ||
| 27. No opportunities for cross-contamination of finished products from raw materials? | □ | □ | □ | ||
| 28. Is all food with allergens stored separately? | □ | □ | □ | ||
| 29. Warehouse infrastructure in good condition, i.e. no cracks in the walls, impermeable floors, no condensation from air conditioners? | □ | □ | □ | ||
| 30. Are the hardware door seals in good condition? | □ | □ | □ | ||
| 31. Have corrective actions been developed for all previously identified nonconformities, are there relevant records? | □ | □ | □ | ||
| 32. Are chemicals and detergents stored separately and access restricted? | □ | □ | □ | ||
| 33. Are there any signs of pests in the warehouses? | □ | ||||
| 34. All necessary equipment verified and calibrated? | □ | □ | □ | ||
| 35. Records for OPRP points are maintained, all CAs are completed in a timely manner, there are records after the problem is fixed | □ | □ | □ | ||
| Cleaning (cleaning) | |||||
| 36. Is the cleaning schedule in an accessible place and is everyone familiar with it? | □ | □ | □ | ||
| 37. The Cleaning Performance PRP includes all the necessary information: Preparation Instructions detergents, frequency, list of chemicals to be used, list of equipment to use, who is responsible for what, etc.? | □ | □ | □ | ||
| 38. Are all cleaning schedules completed on time? | □ | □ | □ | ||
| 39. Are all the appropriate equipment and installations available to carry out the cleaning effectively? | □ | □ | □ | ||
| 40. Is the cleaning equipment clean, in good condition, stored according to specifications? | □ | □ | □ | ||
| 41. Are there disinfectants for work surfaces and are they always available for use during food preparation? | □ | □ | □ | ||
| 42. Are cleaning chemicals used correctly? | □ | □ | □ | ||
| 43. Safety certificates chemicals in stock? | □ | □ | □ | ||
| 44. Is cleaning performance verified regularly? Does the lab take swabs? Do you have express analysis? | □ | □ | □ | ||
| 45. All chemical substances for cleaning are stored in a separate warehouse from food products? | □ | □ | □ | ||
| 46. Are all chemicals stored in their containers and signed? | □ | □ | □ | ||
| 47. All new equipment is included in the PRP | □ | ||||
| 48. Dishwashers are working properly and are being serviced on schedule. Contact surfaces are washed with clean water | □ | □ | □ | ||
| Maintenance of instruments and equipment | |||||
| 49. Is all equipment in good condition and repaired in a timely manner? | □ | □ | □ | ||
| 50. Timely maintenance of Drainage Ventilation Lighting is carried out | □ | □ | □ | ||
| 51. All requests for equipment repair are completed on time | □ | □ | □ | ||
| 52. Broken equipment is separated from working | □ | □ | □ | ||
| 53. Fittings are in working condition, there are no gaps | □ | □ | □ | ||
| 54. In organizations Catering Dishes are clean and free of chips | □ | □ | □ | ||
| 55. All major equipment such as refrigerators, oven freezers, heat treatment equipment, temperature control instruments | □ | □ | □ | ||
| 56. All equipment involved in CCP monitoring is verified | □ | □ | □ | ||
| 57. All devices are in working condition, the surface is without chips and cracks | □ | □ | □ | ||
| 58. Are there programs for preventive inspection and repair of buildings, structures and equipment? | □ | □ | □ | ||
| 59. All lamps are covered with shatterproof protection | □ | □ | □ | ||
| Pest Control | |||||
| 60. Eat PRP pests | □ | □ | □ | ||
| 61. Pest control records kept | □ | □ | □ | ||
| 62. There is an agreement with a specialized service | □ | □ | □ | ||
| 63. There is a map of baits (traps) | □ | □ | □ | ||
| 64 Places of baits (traps) are known to workers | □ | □ | □ | ||
| 65. All poison has certificates | □ | □ | □ | ||
| Waste | |||||
| 66. Is there a PRP on waste? | □ | □ | □ | ||
| 67. Waste is removed at a certain % full of tanks? Are the locations of the tanks determined? | □ | □ | □ | ||
| 68. Are waste bins different in color and shape from good product bins? | □ | □ | □ | ||
| 69. Are waste containers tightly closed, kept clean and emptied at certain times? | □ | □ | □ | ||
| 70. Are garbage (waste collection) locations removed from production facilities? | □ | □ | □ | ||
| Personal hygiene | |||||
| 71. Is there a hygiene PRP? Is personal hygiene regularly monitored by the HACCP team leader, are any corrective actions taken immediately? | □ | □ | □ | ||
| 72. Are all washbasins suitably equipped and accessible in the production halls, foot pedal or touch control? | □ | □ | □ | ||
| 73 Presence of warm water, liquid soap and paper towels | □ | □ | □ | ||
| 74. Staff use gloves | □ | □ | □ | ||
| 75. No jewelry, watches | □ | □ | □ | ||
| 76. Is smoking and eating carried out in specially designated areas? | □ | □ | □ | ||
| 77. Personnel of production shops in protective clothing and headgear? | □ | □ | □ | ||
| 78. All staff understand the responsibility and report illness in a timely manner | □ | □ | □ | ||
| 84. Are sick workers not allowed to work? | □ | □ | □ | ||
| 79. First aid kit is available and painted in a bright color, protected from water | □ | □ | □ | ||
| 80. Do all staff comply with food safety requirements? | □ | □ | □ | ||
| 81. Are all staff trained in personal hygiene and food safety? | □ | □ | □ | ||
| Training and adaptation | |||||
| 82. Have all staff received FSMS training? | □ | □ | □ | ||
| 83. All employees have training materials | □ | □ | □ | ||
| 84. All new staff have gone through training covering the need for disease awareness, proper handwashing/correct use of gloves, and personal hygiene requirements. | □ | □ | □ | ||
| 85. All personnel have the necessary competence | □ | □ | □ | ||
| 86 Are training records kept regularly? | □ | □ | □ | ||
| Management of potentially hazardous products and complaints | |||||
| 87. Is there a mandatory documented procedure? All incidents, complaints about products are recorded and mandatory corrective actions are taken on them. | □ | □ | □ | ||
| Withdrawal of products | |||||
| 88. Is there a withdrawal procedure and all recalls and withdrawals are carried out according to the procedure? | □ | □ | □ | ||
| 89. Are all required forms completed? | □ | □ | □ | ||
| Production | |||||
| 90. Is the 2/4 hour rule used for all steps from production to freezing or distribution? | □ | □ | □ | ||
| 91. Are food products with allergens prepared separately? | □ | □ | □ | ||
| 92. Are all salads prepared before shipping? | □ | □ | □ | ||
| 93. All chemicals for hygiene and sanitation are included in the list | □ | □ | □ | ||
| 94. Proper use of equipment and instruments to prevent contamination? | □ | □ | □ | ||
| 95. Documents on cleaning in the field? | □ | □ | □ | ||
| 96. Have design documentation been carried out for all identified non-conformities? | □ | □ | □ | ||
| 97. Are all contact surfaces clean? | □ | □ | □ | ||
| 98. Are all chemicals stored separately to prevent contamination? | □ | □ | □ | ||
| 99. Is foreign matter prevented? | □ | □ | □ | ||
| 100. Is all the equipment working well? | □ | □ | □ | ||
| 101. Is all equipment clean? | □ | □ | □ | ||
| 102. Waste collected regularly? | □ | □ | □ | ||
| 103. Do staff understand what hazards threaten food safety? | □ | □ | □ | ||
| 101. The staff knows where the CCP is, and the person in charge is trained in monitoring, knows the critical limits and CA | □ | □ | □ | ||
| 105. Personnel in protective clothing? | □ | □ | □ | ||
| 106. Does the staff comply with the requirements of personal hygiene? | □ | □ | □ | ||
| 107. Are sick people not present in the production area? | □ | □ | □ | ||
| 108. Do you have the necessary hygiene products, washbasins, showers, sanitary checkpoints? | □ | □ | □ | ||
| 109. Are personnel's personal effects kept separate and not in contact with food? | □ | □ | □ | ||
| defrosting | |||||
| 110. Are all foods defrosted in the refrigerator? | □ | □ | □ | ||
| 111. Are all raw foods thawed separately from cooked foods? | □ | □ | □ | ||
| 112. Are all defrosted foods covered and labelled? | □ | □ | □ | ||
| 113. Is the purpose, date and time of removal from the freezer marked? | □ | □ | □ | ||
| 114. Are all defrosted foods labelled? | □ | □ | □ | ||
| 115. Can thawed foods be used within 3 days of being removed from the freezer? | □ | □ | □ | ||
| 116. Have all design documentation been developed for previously identified non-conformities? | □ | □ | □ | ||
| Heat treatment | |||||
| 117. Does the staff know where the cash registers and journal entries are? | □ | □ | □ | ||
| 118. Is the monitoring column filled in? | □ | □ | □ | ||
| 119. Gloves for direct contact with hands? | □ | □ | □ | ||
| 120 Will all PRPs be implemented to prevent contamination by microorganisms, physical and chemical hazards, allergens during the heat treatment process? | □ | □ | □ | ||
| 121. Do all staff comply with personal hygiene requirements and know these requirements? | □ | □ | □ | ||
| 134. Is all heat treatment equipment clean? | □ | □ | □ | ||
| 122. Does the laboratory take swabs for chemical and microbiological contamination? | □ | □ | □ | ||
| 123. No opportunities for cross contamination? | □ | □ | □ | ||
| 124. Are all staff healthy? | □ | □ | □ | ||
| 125. Have the temperature recorders been verified? | □ | □ | □ | ||
| 126. Is the risk of contamination after preparation controlled? | □ | □ | □ | ||
| Cooling | |||||
| 127. Is the temperature controlled in the cooling room? | □ | □ | □ | ||
| 128. Necessary records of control and/or monitoring are maintained in the CCP, OPRP. Are there cold rooms? | □ | □ | □ | ||
| 129. Is all the necessary documentation available? | □ | □ | □ | ||
| 130. Is all refrigerated food covered or blast frozen if possible? | □ | □ | □ | ||
| 131. Are all refrigerators and freezers hermetically sealed, do they have seals? | □ | □ | □ | ||
| 132. All finished products are protected from contact with raw materials | □ | □ | □ | ||
| 133. Are timely CAs being undertaken? | □ | □ | □ | ||
| 134. Is the temperature and time of cooling consistent with the requirements? | □ | □ | □ | ||
| 135. Are all PRPs taken to prevent contamination during refrigeration? | □ | □ | □ | ||
| 135. Are all containers labelled? | □ | □ | □ | ||
| Package | |||||
| 137. Have the required forms been completed? | □ | □ | □ | ||
| 138. Are records kept on monitoring temperature, humidity? | □ | □ | □ | ||
| 139. Does the staff know and follow the requirements of personal hygiene? | □ | □ | □ | ||
| 140. Are corrective actions taken immediately? | □ | □ | □ | ||
| 141. Are all PRPs being implemented, do staff know them? | □ | □ | □ | ||
| 142. Do staff wear gloves? | □ | □ | □ | ||
| 143. Is the cleanliness of the packaging controlled? | □ | □ | □ | ||
| 144. Is pest control in place? | □ | □ | □ | ||
| Transportation | |||||
| 145. Transportation PRPs are being implemented | □ | □ | □ | ||
| 146. All food products are packaged and stored at the appropriate temperature during transport | □ | □ | □ | ||
| 147. Is the temperature controlled before unloading? | □ | □ | □ | ||
| 179. Are all products protected from contamination? | □ | □ | □ | ||
| 148. Are control records kept in OPRP? Are they in a vehicle? | □ | □ | □ | ||
| 149. Are all drivers familiar with food safety requirements? | □ | □ | □ | ||
| 150. Finished products and raw materials are not transported at the same time? | □ | □ | □ | ||
| 152. Are corrective actions taken immediately? | □ | □ | □ | ||
| 152. Have all hazards been identified during transport? | □ | □ | □ | ||
| Consumers/internal complaints | |||||
| 153. Are all nonconformities recorded? | □ | □ | □ | ||
| 154. Do staff know the characteristics of the product (7.3.3.)? | □ | □ | □ | ||
| 155. Are the responsibilities and powers for dealing with complaints clearly defined? | □ | □ | □ | ||
| 156. Is the staff aware of customer complaints? | □ | □ | □ | ||
| 157. Are actions taken on all identified nonconformities and complaints? | □ | □ | □ | ||
| Changes in products and processes | |||||
| 158. Is there a description of all products? | □ | □ | □ | ||
| 159. Is validation performed when changes are made to the process? | □ | □ | □ | ||
| 160. When equipment is changed, adjustments are made to PRP, OPRP | □ | □ | □ | ||
| 161. Is staff trained during changes? | □ | □ | □ | ||
| 162. Did all complaints lead to changes? | □ | □ | □ | ||
| Documentation of the food safety management system | |||||
| 163. The last audit took place in the unit later than 12 months ago | □ | □ | □ | ||
| 164. All necessary programs updated? | □ | □ | □ | ||
| 165. All documentation is approved and up-to-date | □ | □ | □ | ||
| 166. Has the scope of the system changed? | □ | □ | □ | ||
| 167. Have the members of the HACCP group remained the same? | □ | □ | □ | ||
| 168. Product description has not changed | □ | □ | □ | ||
| 169. Flow Diagrams ( technological schemes) relevant | □ | □ | □ | ||
| 170. Hazard analysis completed | □ | □ | □ | ||
| 171. Are food safety goals being met? | □ | □ | □ | ||
Problem Report
Control accounting, as well as other areas economic activity must be carried out in all commercial enterprises without exception.
At the same time, one should remember about a large number of very different features of such procedures. They must be ordered, follow each other in a certain order.
Since this is one of the reasons for the absence of problems of various kinds during inspections by regulatory authorities.
A special checklist allows you to significantly simplify this kind of work. Its importance is difficult to overestimate. There are many variations of the format of such a document.
If possible, it is necessary to familiarize yourself in advance with its properties, the nuances of compilation. This way you can avoid a lot of problems in the future.
General information
This document contains the most detailed information about the list of issues on the audit. The sheet in question does not have a legal format.
But at the same time, certain rules must be observed when forming it. This will reduce the likelihood of complications in the process.
Before you start compiling such a list, you need to consider the following questions:
- what it is?
- the purpose of the document;
- legal base.
What it is?
The checklist itself is a special document that allows you to simultaneously solve a fairly large number of different tasks.
The document can be used by various institutions, regulatory organizations and officials. It is only important to remember the legal norms that take place in the case of drawing up a document of this type.
The document itself reflects the following questions:
The use of such documents has both advantages and disadvantages. The main disadvantages include the following:
| List of issues identified in the document | May be too narrow, resulting in an under-examined inspection |
| The checklist can be restrictive in some cases | The limiting factor for the auditor - he simply will not go beyond the questions posed |
| The document cannot replace | Standard Audit Plan |
| An inexperienced auditor may have some difficulties | With an understanding of the questions formulated in the list, he simply will not be able to intelligibly and clearly explain what exactly he is looking for in a particular case |
| The document should be as well prepared as possible | Duplicate questions can cause serious confusion |
In most cases, both the advantages and disadvantages of a document depend on many different kinds of factors.
First of all, this concerns the following points:
The checklist is a universal tool for the implementation of tasks related to audit and some other procedures that should be regularly carried out at the enterprise.
Such documents may include the following:
Purpose of the document
Users of this type of document today can be:
This sheet allows you to simultaneously or sequentially solve the following list of tasks:
- correctly, in accordance with legal regulations, plan the conduct of the audit itself;
- to carry out selective control, to carry out the most efficient planning of all your time;
- allows you to avoid missing any important stages of the audit;
- used as a means of memory;
- significantly simplifies the conduct of the audit itself;
- the audit is carried out in a structured, holistic manner;
- with the help of the checklist, it will be possible to communicate between various institutions, as well as employees conducting the check.
Also, such documents are often used to solve other problems. It is worth familiarizing yourself with all the main properties of such documents in advance. This will make it possible to avoid a large number of various difficulties.
Legal framework
Main legislative act, in accordance with which a document of this type should be compiled, is .
This legal document includes the following main sections:
| Audit activity | |
| List of main NAPs that also regulate this kind of activity | |
| What is an audit organization | |
| What is meant by the term "auditor" | |
| What does a statutory audit mean? | |
| Audit report | |
| List of basic rules, standards of actions carried out by auditors | |
| Denotes the complete independence of the various audit organizations | |
| Audit secrecy | |
| How is the quality control of the audit carried out? | |
| Auditor Qualification Certificate | |
| The procedure, as well as the grounds for the cancellation of the auditor's certificate | |
| Carrying out state control in the considered field of activity of the enterprise |
If possible, you should carefully read all the nuances of the legislation governing audit activities. Since it is these legal documents that must be observed without fail.
An example of filling out a checklist for internal audit
The process of compiling the type of sheet in question is quite simple, but has its own nuances. It will be possible to significantly simplify this kind of procedure by considering an example of a QMS internal audit checklist.
The compilation process itself can be carried out in various ways. First of all, the following fundamental questions will need to be considered:
- where to get the form;
- filling order;
- completed sample.
Where to get the form
An example in Excel for internal audit can be easily downloaded from the Internet. Whenever possible, only well-established and proven resources should be used.
Today, there are a fairly large number of private institutions involved in auditing. Free of charge, in the form of consultation, such enterprises can provide a sample of this document. Or for a fee.
Filling order
The procedure for completing the audit itself is not reflected in the legislation. But it is necessary, if possible, to adhere to the following algorithm:
Usually, an Excel sheet is used as the main format. The reason for this is the ease of compilation, as well as printing. Quite often, checklists are needed in paper format.
If necessary electronic document can be easily sent online. It should be remembered about some important nuances of the formation of this kind of sheet.
Completed Sample
The only one the right way to avoid the occurrence of various kinds of difficulties in compiling such a document - use an already completed sample.
Thus, it will also be possible to significantly speed up the procedure for carrying out such procedures. This is especially true for the question-writing part. Often it is at this stage that all sorts of difficulties arise.
Table 3.1
Audit check sheet No. _____
| The number and title of the clause of the applicable standard | Checklist (requirements) | Compliance (Not really) | № act of non-compliance | Note |
Preferably, each checklist contains a reference to a specific item in the applicable standard, system-wide Guidelines or other document against which compliance is being tested, as well as a field for marks of compliance, non-compliance and comments. The auditor should think over in advance the questions that he is going to ask in the audited unit and fix them in the checklist. During the audit, the auditor makes his notes in the checklist, which further facilitates the work of drawing up audit conclusions. The use of checklists and forms should not limit the scope of the audit activity, which may vary depending on the information collected during the audit. Working papers, including records of the results of their use, should be kept at least until the end of the audit. Documents containing confidential or proprietary information should be retained at all times by members of the engagement team in a manner that is appropriately secured.
3.4. Conducting an on-site audit
Conducting an on-site audit involves holding a preliminary meeting, exchanging information during the audit, collecting and verifying information, drawing conclusions on the audit, preparing an opinion on the results of the audit, and holding a final meeting.
The opening meeting is held to 26:
acquaint the audit team with representatives of the audited organization;
agree (confirm) the audit plan;
determine what is required of the organization's personnel during the audit;
make sure that accompanying persons are assigned to auditors;
answer questions from the audited organization.
The audit team leader can explain the audit methods and the procedures by which the audit is conducted. It is recommended that the role of maintainers be clearly defined at the introductory meeting, especially if the internal audit procedure provides for the signature of the maintainer on the non-compliance report. In this case, it must be explained that the escort acts only as a witness, and his signature confirms that this or that fact took place, and not that the situation is a non-compliance with the established requirements. Accompanying persons should perform the following responsibilities: providing contacts and scheduling interview times, ensuring visits to specific locations in the organization, ensuring that security policies and procedures are known to and followed by members of the audit team, acting as witnesses during the audit on behalf of the auditee , providing clarification or assisting in the collection of information. It should also be explained that escorts are not members of the audit team and therefore should not influence or interfere with the conduct of the audit.
During the meeting, the audit team leader should communicate the date, time and place of the closing meeting and give the auditee an opportunity to ask questions.
Before the auditors begin their duties, the team leader must ensure that the auditors are familiar with the safety regulations.
When conducting an audit in small organization there is no need to introduce the auditors to the audited personnel and provide them with accompanying persons. In this case, the opening meeting may simply consist of a presentation by the audit team leader on how the audit will be conducted.
During the audit process, there should be an ongoing exchange of information between the audit team and the auditee. The audit team should meet periodically to exchange information, evaluate the progress of the audit and, if necessary, redistribute responsibilities among the auditors. During the course of the audit, the audit team leader should periodically communicate to the auditee and the client about the progress of the audit and any issues, if applicable. Evidence collected in an audit that involves a significant risk (for example, safety, environment or quality) should be immediately brought to the attention of the auditee and, if necessary, the client. Any issue on a matter outside the scope of the audit should be noted and brought to the attention of the audit team leader for possible informing the audit client and auditee. If the available evidence indicates that the objectives of the audit are not achievable, then the audit team leader should communicate the reasons to the audit client and the auditee in order to determine how to proceed. These actions may include revalidating or changing the audit plan, or changing the objectives or scope of the audit, or terminating the audit. Any changes to the scope of the audit, which may be noticeable during the course of the audit, should be reviewed and approved as appropriate.
In the process of conducting an audit, information related to the objectives, scope and criteria of the audit, including information on the interaction of functions, activities and processes, should be collected by appropriate sampling and should be verified. The purpose of collecting information is to generate audit evidence. Audit evidence can only be information that can be verified. Audit evidence must be recorded. They are based on a selection of suitable data. Therefore, there is an element of uncertainty in an audit, and those preparing an audit opinion should be aware of this.
The choice of sources of information is carried out by the auditor depending on the volume and complexity of the audit. The sources of initial information for the auditor during the audit are 27:
documents regulating the activities of the unit and / or processes (regulations on the unit, job descriptions, procedures, work instructions, methods, orders, orders, permits, etc.);
plans, acts, registration logs (measurement logs), minutes of meetings, training programs and logs, labor tools, computer bases, infrastructure elements, work environment and etc.;
data received outside the audited unit, for example, from the quality service, from other units, etc.
An inspection is an examination made during an audit and based on the visual perception of the auditor. It is known that thanks to vision, a person receives up to 85% of the information coming to him. During the inspection, the auditor looks primarily for material evidence of compliance. This is especially important when checking in production facilities, laboratories, product storage warehouses, etc. The objects of the auditor's inspection can be 29:
documentation, procedures and records (availability, status, availability);
working environment, the state of workplaces (technology compliance, security);
infrastructure: equipment, tooling, tools, energy supply, transport, communications (availability, condition, technology compliance);
means of measurement, control and testing (availability, condition, compliance with technology, metrological rules and norms);
personnel (availability, qualifications, behavior);
products (order of circulation, technology compliance).
The choice of interlocutor should be made from among those who directly carry out the audited activity. It is desirable that they be employees of different job levels management. The audit planning process should include conversations with the owner (manager) of the process and, if necessary, with the supplier and consumer of the process.
Each conversation should be conducted with only one employee: a conversation with several employees at once is usually ineffective.
The reasons and topics of the conversation must be communicated to the employee before the conversation begins.
The conversation should be conducted in a manner appropriate to the situation (environment) and the personality of the interlocutor. It is desirable that during the conversation, the auditor and the interlocutor are, if possible, isolated from external interference (one-on-one conversation).
The interview should only take place during normal working time at the employee's normal workplace.
The conversation can be started by asking the interlocutor to describe his daily work (the order of its implementation, availability of resources, compliance with established requirements, criteria and methods for assessing the quality of work).
If the conversation is conducted by two (or more) auditors at once, then questions should be put mainly by one of them, and the other should take notes (precisely during the conversation, and not after it).
During the conversation, the auditor can stop the interlocutor, but only if he is clearly distracted from the topic. However, this should be done in such a way that the interlocutor does not get the impression that the information given by him is of little importance.
For the organization of the conversation is of great importance right choice way of formulating the question. Appendix 3 provides the types of questions that are recommended and not recommended in the practice of the auditor, and examples of their formulation. The choice of one or another type of question depends on the specific purpose of the conversation and the situation in which it is conducted. The preferred types of questions for the auditor are open-ended and clarifying. Suggestive, alternative, assertive and obstructing communication are not recommended. The personifying question type is invalid.
During the conversation, the auditor should remember that the evidence of the interlocutor can be considered as objective only when they are supported by relevant facts. Otherwise, they are subjective and therefore extremely difficult to use in audit evidence.
During the conversation, use questions that begin with the words “What”, “Who”, “For what”, “Where”, “When”, “How”, “Why”, and “Could you show me this, please? » (English experts consider these words-questions as words-assistants of the auditor):
The question "what?" implies a response that reveals the interlocutor's understanding of the subject of discussion.
The question "Who?" implies an answer that reveals what executive does the job in question (not the person).
The question "For what?" implies an answer about the goals and objectives of the work performed (procedure).
The question "Where?" implies a response about the place of work.
The question "When?" implies the answer at which stage of the procedure the action is performed.
The question "How?" implies an answer about the method and way of working.
The question "Why?" implies a response that reveals the rationale behind the previous answers.
The “Show” request enables the auditor to obtain visual confirmation of the information contained in the interlocutor’s answers.
The auditor's questions should not be biased, as the answers to them may also be biased.
The auditor does not have to answer the questions posed by him.
During the conversation, you should not use terminology that is incomprehensible to the interlocutor. If it becomes necessary to use a special term, then its meaning should be explained to the interlocutor.
A conversation conducted at the workplace should not be long, so as not to cause nervousness of the interlocutor.
Inconsistencies (existing or potential) identified during the conversation should be recorded in the auditor's journal (checklist) with an indispensable reference to the unfulfilled paragraph (section) of the regulatory document.
The auditor should summarize the information received during the conversation, formulate the main (positive and negative) impressions and key points. It is permissible to allow the interlocutor to read the comments made by the auditor.
At the end of the conversation, the auditor should thank the interlocutor for assistance and cooperation.
Information obtained during the conversation should be analyzed by comparing it with information on this topic obtained from conversations with other employees, and auditor's personal observations.
It should be borne in mind that the reasons for an unsuccessful conversation may be in the auditor himself: fuzzy questions, speech oversaturated with special terms, poor disposition for a conversation, a desire to hear what you expect in the answers, the wrong line of conduct.
The result of the collection of information is audit evidence. Audit evidence - records, a statement of facts or other information that is related to the audit criteria and can be verified 31 . Audit evidence can be qualitative or quantitative . Based on the collected audit evidence, it is necessary to form audit observations using information verification methods.
Audit Observations - Evaluation of the Collected Audit Evidence Depending on the Audit Criteria 32 . Audit observations may indicate compliance or mismatch audit criteria or opportunities for improvement . Observations, in turn, are the basis of the audit conclusion. The audit conclusion is the output of the audit provided by the audit team after considering the audit objectives and all audit observations 33 .
Methods for verifying information and generating audit observations include 34:
analysis;
proof;
evaluation.
Where the data obtained by the auditor is in quantitative form (for example, results data technical control, data on the number of detected nonconformities, data on the causes of nonconformities, etc.) it is advisable to present and analyze them using statistical methods. Simple statistical methods: graphs; checklist, histogram; Ishikawa scheme; Pareto chart; scatter chart. The objects of documentation analysis are:
documents of the quality and (or) environmental management system that apply to the activities of the audited unit or process;
records of the implementation of a specified process or activity and the results achieved.
Review of documents and records involves both the analysis of their content and the management of documents and records. The most significant results of the documentation review, including the collection of information, should be recorded in the auditor's log.
Significant characteristics of audit evidence are its reliability and sufficiency. Evidence is considered reliable if it inspires the auditor's confidence, is objective and verifiable. the sufficiency of evidence is determined by its completeness, which largely depends on the volume collected information. Failure to comply with the requirements for proof devalues the audit result.
Obtaining certificates is one of the most important and difficult moments in the work of the auditor. The following are a number of provisions that may be useful to the auditor in this area 35:
evidence forms the basis of the audit report and, therefore, without the necessary evidence, such an opinion cannot be reliable;
evidence can be considered objective if it contains information that can be recognized as true, based on facts and obtained by inspection, measurement, testing and other means;
when receiving evidence of compliance with procedures (instructions), the auditor must be sure that these procedures will be followed in the future, at least until the next audit;
the reliability of the audit certificate depends on many factors, but primarily on the degree of its confirmation and the qualifications of the auditor;
the more reliable the evidence, the lower the risk of an erroneous audit report (it should be noted that no one is free from erroneous conclusions and therefore certain elements of risk are inherent in the audit report).
identity (repeatability in time and places of application) of practical actions to the rules and norms established in the documentation of the quality management system;
fulfillment of the requirements of those sections of ISO 9001 that are mandatory for documentation in the organization;
availability and implementation of planned activities in the field of quality;
evaluating the effectiveness of processes;
effectiveness of corrective and preventive actions;
continuous improvement of activities, processes and management systems in general.
When evaluating evidence, there is a possibility of erroneous (incorrect) conclusions and, as a result, an incorrect conclusion based on the results of the audit. The probability of incorrect conclusions is reduced when using objective data, i.e. data based on measurements.
Audit evidence should be evaluated against audit criteria for
formation of audit observations. Audit findings may indicate either compliance or non-compliance with audit criteria. If this has been determined by the audit objectives, observations may indicate opportunities for improvement.
Non-compliance - non-fulfillment of the established requirement. The auditor should identify each discrepancy found by him and classify it according to the form of manifestation and degree of significance.
In the form of manifestation, the discrepancy can be actual or potential. AT difference from the actual, proven by evidence of a specific non-compliance with the established requirement, a potential non-compliance is a non-compliance, the likelihood of which in the future may be only predicted with a certain degree of accuracy. Examples of potential non-compliances can be unqualified instruction of production equipment operators, insufficient competence of employees in performing a documented procedure, - the value of the harmful substance release indicator is approaching the maximum allowable, etc. 37 .
According to the degree of significance (the magnitude of the risk of negative consequences if the non-compliance is not eliminated), non-compliances can be significant (category 1), insignificant (category 2) and notifications.
A major nonconformity is a nonconformity in the quality management system that is likely to result in non-compliance with product requirements.
Examples of significant non-compliance can be - unreasonable absence of activities stipulated by the requirements of ISO 9001, failure to comply with any requirement of ISO 9001, repeated (more than 2 times) non-compliance with the provisions of the quality management system document, ineffectiveness of the process, etc. 38 .
A minor nonconformity is considered to be a separate non-systematic omission, error, defect in the functioning of the quality management system, which can lead to non-fulfillment of product requirements, as well as to a decrease in the effectiveness of the functioning of the process or the management system as a whole. Examples of minor inconsistencies are the lack of objective evidence of familiarization of the unit employees with the documents of the quality management system, - separate fuzzy records when registering quality data, lack of updated copies of documented procedures, registration of quality data in violation of established forms 39 .
Notification - a critical judgment about the state of the surveyed object. Examples of notifications (remarks) can be the joint storage of existing and canceled documents of management systems, the lack of confirmation of familiarization of performers with technical documentation, - lack of an approved list of recognized suppliers to the organization, lack of evidence of a separate corrective action 40 . Auditor notices are, in fact, a warning, since an unresolved remark may eventually become a nonconformity. In this regard, the recording of comments, as well as inconsistencies, can be considered as an added value of the audit.
A discrepancy or notice found by the auditor should be considered jointly with a representative of the audited unit in order to obtain confirmation (recognition) that the audit evidence is correct and the discrepancy is understood. All possible differences of opinion in this case should be documented.
Nonconformities should not include deviations or deviations authorized by authorized persons and (or) the consumer. Departure Permit - Permission to deviate from the original specified requirements for a product before it is manufactured. Such authorization is usually limited to a quantity of production or a period of time. Permission to deviate - permission to use or release products that do not meet specified requirements. Permission to deviate usually covers the supply of products with non-conforming characteristics, subject to agreement with the consumer of restrictions on the time or quantity of these products. Each instance of deviation or deviation must be documented. Going beyond the scope of a waiver or deviation should be considered a non-compliance.
The discrepancy detected (identified) by the auditor and confirmed by the representative of the audited unit must be documented in the form of a protocol (act), in which the following must be noted:
time and place of detection (detection);
a summary of the discrepancy; - the significance of the nonconformity;
reference to a violation of the requirements of a specific document;
the need for correction or corrective action.
Nonconformities should be reviewed in conjunction with a representative of the auditee to obtain confirmation that the audit evidence is correct and the nonconformities are understood. Every effort should be made to resolve any disagreement regarding audit evidence and/or observations, and pending issues should be recorded.
The conclusion of the audit team based on the results of the audit may contain a final assessment of 41:
degree of conformity the process, activities of the unit or the management system as a whole, the audit criteria;
performance and the effectiveness of the process, the activities of the unit going through the management system as a whole;
leadership abilities ensure the ongoing adequacy and effectiveness of the process, activities of the unit or the management system as a whole;
recommendations for the correctness of establishing process performance and efficiency indicators;
improvement opportunities process, activities of a unit or the management system as a whole.
Is it possible to state that the personnel of the audited unit (several units) knows, has at its disposal, understands and uses the documents of the quality management system that are mandatory for them?
Is compliance with the requirements of the quality management system documents confirmed by the necessary registration data, facts and other evidence?
Do all the requirements of the documents used in the unit (s) ensure the achievement of the goals of the unit (s) in the field of quality?
Are the intended results achieved in the audited process, unit activity or management system as a whole?
Are the allocated resources being used effectively enough to implement the process, the activities of the unit or the management system as a whole?
Is it confirmed that the process, the activities of the unit or the management system as a whole operates under controlled conditions?
can it be argued that the management allocates resources sufficient for the effective functioning of the process, the activities of the unit or the management system as a whole?
whether there is a need and a real opportunity to improve the process (reducing time, costs, improving quality, reducing the negative impact on environment), the activities of the unit or the management system as a whole?
what recommendations can be given by the audit team to improve the audited object?
During the closing meeting, chaired by the audit team leader, audit findings and audit conclusions should be presented in a manner that is understandable and accepted by the auditee, and, if necessary, agreed on a timeframe for the auditee to submit a corrective and preventive action plan. Participants in the closing meeting should be representatives of the auditee, and may also include the audit client and other parties. In the event that situations arise during the audit process that may affect the reliability of the audit conclusions, the head of the audit team should inform the audited organization about this.
In many cases, for example, when conducting internal audits in small organization, the closing meeting may only consist of communicating the audit findings and the conclusion of the audit. In other cases, the meeting must be formal with minutes and a list of those present.
Any disagreement regarding audit observations and/or audit conclusions between the audit team and the auditee should be discussed and, if possible, resolved. Otherwise, all opinions must be registered. If required by the objectives of the audit, recommendations for improvement should be provided. It should be emphasized, however, that the recommendations are not binding.
The area of need for control depends on the structure and type of activity of a particular organization. For correct check the work of the company must be carried out regularly. This procedure is simply impossible without a correctly compiled checklist.
The concept of a checklist for internal audit
An audit checklist may be required to review the entire activity of an organization or a single industry, process or department. This document was previously filled out in paper form, later they began to appear electronic versions in Word and Excel. Now there are specialized applications for, but the previous methods are still relevant.
The standard form of the audit checklist contains 6 columns:
- Number line.
- Verifiable ISO requirement.
- Detailed questions.
- A method for evaluating the requirement being tested.
- Check result mark.
- Comments of the auditor or commission.
The very concept of a checklist literally translates as a "checklist" and can even be used to audit the activities of 1 employee of the company.
Legal Framework
According to the Federal Law of December 30, 2008 No. 307 "On Audit", the preparation of checklists is regulated various kinds, but this applies to external audit. It is legally allowed to conduct internal audit by involved companies. Management can invite an employee to conduct an audit, rather than create a commission from their own employees.
Art.19 federal law"On Accounting" dated December 6, 2011 obliges to conduct an internal audit. This concerns the verification of the accounting area, other areas of activity are controlled according to the personal preferences of the organization.
Document Functions
The main tasks of the checklist are to control and structure information about the current processes of any type of activity. This is a kind of checklist of questions that allows you to conduct a systematic analysis and identify shortcomings in the work of a particular link in the organization.
In addition to the controlling function, based on the checklist data, it is possible to draw up a further development plan or change the structure of the company. Also, based on the results of an internal audit, it is permissible to assess the competence of employees of the audited department of the company or the whole.
The steps for filling out the checklist for the internal audit of the QMS with examples are described below.
Filling steps
In the control process, the structure of the checklist is important. When developing it, it is necessary to take into account a logical sequential procedure that excludes a constant return to aspects already considered. This will allow you to build the correct structure not only of the checklist itself, but also help in filling it out correctly.
In fact, filling out a well-written checklist is very simple.
- At the first stage, it is necessary to delve into the content of the check item, read the question or familiarize yourself with the controlled criterion.
- Further, the evaluation method should be specified and carried out in accordance with this paragraph. This may be an inspection, interview, survey, review of documentation, or other form of assessment.
- At the third stage, it is necessary to enter or enter the results of the control in the appropriate column of the checklist.
- Also in a number of documents there is a paragraph with the auditor's comments. If it is on the checklist, then it must be completed before moving on to the next question.
You can download a sample checklist for internal audit.
Sample checklist for internal audit
Sample checklist for internal audit - 1
Sample checklist for internal audit - 2
Sample checklist for internal audit - 3
Sample checklist for internal audit - 4
Sample checklist for internal audit - 5
How to disable ads on Android: remove pop-up ads
The Russian received a term and a million fine for "piracy Negative consequences of the law
Identification of key factors
The criteria for classifying organizations and individual entrepreneurs as small and medium-sized businesses have changed
See what "Royalty" is in other dictionaries Pitfalls of legislation