ISO & ISO TRAINING DAY 4 : Certifying ISO 37001

Transcription

1 ISO & ISO TRAINING DAY 4 : Certifying ISO SLIDE 1

2 DAY 4 Program Part 1 : Audit rules 1. Audit principles 2. Types of findings Part 2 : Audit process 3. The steps of an audit 4. Audit preparation Part 3 : How to audit ISO Part 4 : How to conduct an audit (exercise) SLIDE 2

3 RIGHTS OF AUTHORSHIP This document has been provided to you as a participant of the : Accreditation Training Session entitled ISO & ISO Training Mastering the Standards, audit and certification held in Paris, January, Monday 16 to Friday 20, Pursuant to ETHIC Intelligence s rights of authorship, the presentation and content of this document are protected worldwide. All unauthorized distribution, reproduction or duplication is forbidden. However, ETHIC Intelligence authorizes consultation of this document by employees or colleagues of the persons having received this training, provided that it is solely for internal use. All communication, distribution, reproduction or duplication intended to third parties without the author s prior authorization, particularly for training purposes, will infringe upon intellectual property regulations in force. SLIDE 3

4 Day 4: Certifying ISO Audit Rules Version 2017 SLIDE 4

5 Audit rules Audit principles Types of findings SLIDE 5

6 Definitions Audit Scope Perimeter of the audit Audit Criteria Set of policies, procedures, or requirements used as references on the basis of which evidence is compared Evidence Records, facts or statements that can be verified Audit findings Results of the assessment of the evidence compared with the audit criteria SLIDE 6

7 Definitions Audit Cycle From initial audit until renewal of the certification (including the periodic audits) Audit Program Organization of a set of audits planned for a specific period ( internal audit program ) Audit Plan Description of the activities necessary to realize an audit SLIDE 7

8 Audit principles SLIDE 8

9 Why conduct an audit? Assess the efficiency of records SLIDE 9

10 Audit rules Audit principles Types of findings SLIDE 10

11 Audit Findings: the three types Nonconformity Observation Noteworthy efforts SLIDE 11

12 1. The nonconformity A requirement A failure to meet the requirement An evidence of that failure The nonconformity is the non-compliance with a requirement or a set of requirements which renders the ABMS inefficient. SLIDE 12

13 1. The nonconformity : major nonconformity What is to be considered as a major nonconformity? 1. The organization completely failed to fulfill a certain requirement ex : No review from the Top Management ( 9.3.1) 2. An organization does not execute a process as required ex : The organization has defined a training process the executives and only 2% have been trained for 100% of 3. An organization has several minor nonconformities related to the same process ex : minor nonconformities related to the documented information : some of the documentation is missing, the format of some of them is alterated, not all employees have access to basic documentation 4. An organization misuses the certification mark ex : saying the full group is certified only when an entity has been certified 5. An organization has not resolved a minor nonconformity raised during a previous audit within the deadline ex : an organization had 1 year to translate its anti-bribery policy into chinese for its chinese subsidiary, it has not been done SLIDE 13

14 1. The nonconformity : minor nonconformity What is to be considered as a minor nonconformity? A minor nonconformity is any nonconformity that is not major and is not preventing the Management System to work. SLIDE 14

15 1. The nonconformity How should the auditor report the nonconformity? 1. Describe the non-conformity, general description of what is wrong 2. Provide the audit evidence-refer to a concrete document or record that is missing or is used improperly, to the activity that is not performed or is performed in a wrong fashion 3. Refer to the exact requirement : concrete number of the clause in the standard SLIDE 15

16 1. The nonconformity - Brainstorming What can be the sources of a requirement? SLIDE 16

17 What can be sourced to access conformity? Codes of conduct Management system Work instructions SLIDE 17

18 2. The observation A risk An inability to apply best practices An inefficiency An observation is a potential problem that needs to be addressed to improve the management system or to prevent an incident SLIDE 18

19 2. The observation - Brainstorming For instance, for the requirement 8.6 : what could be considered as an observation? SLIDE 19

20 2. Example of observations Requirement 8.6 Business associates provided the organisation with a commitment that is not precise enough to identify the transaction/project or activity Some old contracts do not have Anti-corruption provisions and the organization has not received any replies yet from the business associates with regards to anti-bribery commitment. SLIDE 20

21 2. The noteworthy effort A high level of commitment A motivation A verified improvement A noteworthy effort is the best practice an organization has set up that strengthens the ABMS SLIDE 21

22 3. The noteworthy effort - quiz For instance, for the requirement what could a noteworthy effort be? SLIDE 22

23 3. Examples of noteworthy effort Requirement The compliance team goes to international conferences on anti-bribery The Chief Compliance Officer holds a degree in compliance or business law The compliance team receives annual training from an exterior company or law firm SLIDE 23

24 Day 4: Certifying ISO Audit process Version 2017 SLIDE 24

25 Audit process The steps of an audit Audit preparation SLIDE 25

26 The audit steps Starting the audit process Preparing the audit activity Realizing the audit Report Follow-up (if necessary) Appoint a lead auditor Define the audit scope, criteria, program Appoint an audit team (if necessary) Review relevant documents of the ABMS Draft audit plan Prepare working documents (checklist) Opening meeting Collect information Document findings Closing meeting Prepare and circulate the report (technical review) Check the efficiency of corrective actions SLIDE 26

27 The audit steps Starting the audit process 1. Launching the process 2. Appoint auditors Top Management Compliance/internal audit Top management Starting the audit process 3. Planning 4. Circulating the audit plan Compliance All interviewees Audit execution 5. Opening meeting 6. Interviews 7. Closing meeting Compliance All Interviewees Top Management SLIDE 27

28 Audit: general information Name, location, size Defined during the proposal Type of audit Initial/periodic/follow up/internal Scope of the audit Audit criteria All operations worldwide in relation to the Business objectives of the organization ISO / ABMS Dates Defined during the proposal Audit duration According to the IAF-MD5 Audit team Defined during the proposal SLIDE 28

29 Audit process The steps of an audit Audit preparation SLIDE 29

30 Audit plan example Time Audit Activities & Focus Areas Tuesday February 1st Day One Department and/or Services People Interviewed AM Opening Meeting All All persons taking part in the audit Top management leadership Context, strategy, business model, stakeholders Top management Top management, compliance team PM Presentation & Review of System, review of requirements, corrective actions, audit Compliance Compliance Team, Internal audit PM Lunch Risk assessment & Commercial activities third parties New projects, training, risk assessment communication Gifts policy Operations & General Management Managers, Sales team, Human Resources, Communications, R&D, M&A Planning Process to address risks & opportunities Review of needs & assessments Compliance Compliance team Close of day one & review of day s activities Compliance Compliance team End of Day one SLIDE 30

31 Audit preparation: checklist Makes sure nothing is left aside Do not let the checklist conduct an audit in your place SLIDE 31

32 The checklist is based on the requirements and processes What is the objective & which requirements apply? What are the interactions? What are the main activities? The main risks associated to the process How is the process measured??? What are the inputs & outputs? What are the associated objectives?

33 The checklist is based on the requirements and processes? SLIDE 33

34 Example of a checklist PROCESS: REFERENCES : DATE: QUESTIONS Ref. FINDINGS / SLIDE 34

35 Day 4: Certifying ISO Audit ISO Version 2017 SLIDE 35

36 4.1 Understanding the context of the organization The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the objectives of its ABMS. The information regarding the context must be reviewed and kept updated SLIDE 36

37 4.2 Understanding the needs of the stakeholders The organization shall determine the stakeholders that are relevant to the anti-bribery management system; and the relevant requirements of these stakeholders. The information regarding the stakeholders must be reviewed and kept updated. SLIDE 37

38 Exercise 1: Auditing the 4.1 and 4.2 Step 1: How can an organization demonstrate its compliance with this requirement? How to manage the audit of external processes present your analysis + collective discussion Step 2: Which evidence would you be looking at as an auditor to assess compliance with the requirements 4.1 and 4.2? Who would you interview to obtain answers? SLIDE 38

39 4 Context of the organization: checklist example How clear is the organization s description of its activities & business model? Including organizations over which it exercises control (management) What criteria are taken into account to determine the scope of the anti-bribery management system (geography, turnover, number of employees, )? Are they relevant? (management) How exhaustive is the bribery risk assessment? How often is it reviewed? (compliance; internal audit; operations) Is there a clear stakeholder mapping? Are the stakes identified accordingly? (management) SLIDE 39

40 5.1 Leadership and commitment When the organization has a governing body, that body shall demonstrate leadership and commitment with respect to the anti-bribery management system Top management shall demonstrate leadership and commitment with respect to the anti-bribery management system SLIDE 40

41 5.2 Anti-Bribery policy The anti-bribery policy shall: be available as documented information; be communicated in appropriate languages within the organization and to business associates who pose more than a low risk of bribery; be available to relevant stakeholders, as appropriate SLIDE 41

42 5.3 Organizational roles, responsibilities and authorities Top management shall have overall responsibility for the implementation of, and compliance with, the anti-bribery management system, as described in Top management shall ensure that the responsibilities and authorities for relevant roles are assigned and communicated within and throughout every level of the organization. Managers at every level shall be responsible for requiring that the anti-bribery management system requirements are applied and complied with in their department or function. The governing body (if any), top management and all other personnel shall be responsible for understanding, complying with and applying the anti-bribery management system requirements, as they relate to their role in the organization. SLIDE 42

43 Exercise 2: Auditing the requirement 5 Step 1: How can an auditor be assured that an organization has strong leadership on anti-bribery? present your analysis + collective discussion Step 2: Which evidence would you be looking at as an auditor to assess compliance with the requirement 5? What could be a nonconformity for this requirement? SLIDE 43

44 5. Leadership Checklist example Review the anti-bribery policy (compare with the requirement) Presence of the management at the opening meeting Description of business strategy versus bribery risks Timings of the management & governing body reviews (do they actually happen as planned; check records) Resources allocated to the compliance function & the maintenance of the anti-bribery management system (time allocated for the audit; feedback from contact person, ) Adequacy of the ABMS and the context of the organization (as identified previously) Description of delegated decision-making SLIDE 44

45 5. Leadership Nonconformity examples The code of conduct is signed by the legal director and not by the CEO The top management does not consider bribery risks before engaging new strategy There is no identified compliance function SLIDE 45

46 6.1 Actions to address risks and opportunities & 6.2 Anti-bribery objectives and planning to achieve them The organization shall plan: actions to address these bribery risks and opportunities for improvement; how to: integrate and implement these actions into its anti-bribery management system processes; evaluate the effectiveness of these actions When planning how to achieve its anti-bribery management system objectives, the organization shall determine: what will be done; what resources will be required; who will be responsible; when the objectives will be achieved; how the results will be evaluated and reported; who will impose sanctions or penalties. SLIDE 46

47 Exercise 3: Auditing the requirement 6 Step 1: How can an objective be audited? How can the auditor be sure this objective is achievable? present your analysis + collective discussion Step 2: Which evidence would you be looking at as an auditor to assess compliance with the requirement 6? How would you assess those objectives and plans to extract concrete data? SLIDE 47

48 6. Planning Is there a system to review bribery risks before any new project? Are strategic objectives balanced with bribery risks? Does anti-bribery feature within the processes? Is it systematic (purchases, recruitment, sales, )? Is there a dashboard to review objectives & targets of the ABMS? Is there a program & action plan to address bribery risks? SLIDE 48

49 7. Support The organization shall determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the anti-bribery management system (7.1) The organization shall provide adequate and appropriate anti-bribery awareness and training to Personnel (7.3) The organization shall determine the internal and external communications relevant to the antibribery management system (7.4.1) SLIDE 49

50 7.5 Documented information Documented information required by the anti-bribery management system and by this document shall be controlled refer to the list we discussed yesterday SLIDE 50

51 Exercise 4: Auditing the requirement 7 Step 1: How can the auditor assess a training session? What are the functions involved in the requirement 7? Is it necessary to audit them? present your analysis + collective discussion Step 2: Which evidence would you be looking at as an auditor to assess compliance with the requirement 7? What questions would you ask for the interviews? SLIDE 51

52 7. - Support Examples of questions Is there a budget identified to support the ABMS (check financial data with finance)? Is there job/function descriptions at all levels of the organization which take antibribery into account (check job descriptions with HR or the function in charge of managing the ABMS)? Are anti-bribery training plans and records of the training available? How often is the training renewed? How long does it last? Does it depend upon the function of the individual? (check with HR: compare with financial resources available) Are there specific questions during the recruitment process (for certain functions?) SLIDE 52

53 7 - Support How are bonuses determined & attributed? (check with HR) Review internal rules on potential disciplinary actions in cases of corruption (check with HR) Is there a communications process that addresses the requirements of 7.4 with regard to anti-bribery? (check with communications department or crisis management) SLIDE 53

54 8.1 Operational planning and control The organization shall plan, implement, review and control the processes needed to meet the requirements of the anti-bribery management system, and to implement the actions determined in 6.1. Which evidence would you be looking at as an auditor to assess compliance with the requirement 8.1? SLIDE 54

55 8.1 Operational planning and control What controls over the anti-bribery management system are in place? (periodic reporting? Process reviews?...) Which processes are identified at risk? Is the assessment documented? Is there a representative of the compliance function ( anti-bribery champion ) in the processes identified as at risk? SLIDE 55

56 8.2 Due Diligence The organization shall assess the nature and extent of the bribery risk in relation to specific transactions, projects, activities, business associates and personnel falling within those categories. This assessment shall include any due diligence necessary to obtain sufficient information to assess the bribery risk. The due diligence shall be updated at a defined frequency, so that changes and new information can be properly taken into account. Which evidence would you be looking at as an auditor to assess compliance with the requirement 8.2? SLIDE 56

57 8.2 Due Diligence Due diligence process: questionnaire, data base, external service providers Review previous due diligence documents related to the scope of the audit and/or the projects, business partners. Investigate the results and how they were used,. SLIDE 57

58 8.3 ; 8.4 Financial and non-financial controls The organization shall implement financial controls that manage bribery risk. The organization shall implement non-financial controls that manage bribery risk with respect to such areas as procurement, operational, sales, commercial, human resources, legal and regulatory activities. Which evidence would you be looking at as an auditor to assess compliance with the requirements 8.3 and 8.4? SLIDE 58

59 8.3, 8.4 Financial and non-financial controls Obtain results of the controls conducted over: sales, procurement, HR, legal & regulatory (interview with the finance department) They can take the form of reports, audits, instructions, procedures,. SLIDE 59

60 8.5 Implementation of anti-bribery controls by controlled organizations and by business associates The organization shall implement procedures which require that all other organizations over which it has control either: a) implement the organization s anti-bribery management system, or b) implement their own anti-bribery control Which evidence would you be looking at as an auditor to assess compliance with the requirements 8.5? SLIDE 60

61 8.5 Implementation of anti-bribery controls by controlled organizations and by business associates Check the status of anti-bribery MS or controls within the business associates; Review the whole risk analysis of a sample of business associates & relevant documents; Check whether specific risk analysis are done for projects/tansaction where there is a more than low risk of bribery & anti bribery controls are in place; SLIDE 61

62 8.6 Anti-Bribery commitments For business associates which pose more than a low bribery risk, the organization shall implement procedures which require that, as far as practicable: a) business associates commit to preventing bribery by, on behalf of, or for the benefit of the business associate in connection with the relevant transaction, project, activity, or relationship; b) the organization is able to terminate the relationship with the business associate in the event of bribery by, on behalf of, or for the benefit of the business associate in connection with the relevant transaction, project, activity, or relationship. Which evidence would you be looking at as an auditor to assess compliance with the requirement 8.6? SLIDE 62

63 8.6 Anti-bribery commitments Has the organization requested business associates to make a commitment to preventing bribery? Is this available as documented information? Is there supporting evidence that the organization does its best to endeavor to prevent bribery within its scope? SLIDE 63

64 8.7 Gifts, hospitality, donations and similar benefits The organization shall implement procedures that are designed to prevent the offering, provision or acceptance of gifts, hospitality, donations and similar benefits where the offering, provision or acceptance is, or could reasonably be perceived as, bribery. Which evidence would you be looking at as an auditor to assess compliance with the requirement 8.7? SLIDE 64

65 8.7 Gifts, hospitality, donations and similar benefits Gifts and Entertainment policy? Is there a platform or software to declare the G&E? SLIDE 65

66 8.8 Managing inadequacy of anti-bribery controls the organization shall: in the case of an existing transaction, project, activity or relationship, take steps appropriate to the bribery risks and the nature of the transaction, project, activity or relationship to terminate, discontinue, suspend or withdraw from it as soon as practicable; in the case of a proposed new transaction, project, activity or relationship, postpone or decline to continue with it. Which evidence would you be looking at as an auditor to assess compliance with the requirement 8.8? SLIDE 66

67 8.8 Managing inadequacy of anti-bribery controls Review the outcome of prior due-diligence reports Challenge the risk analysis vs the decision of maintaining the project/relationship/transaction Review prior examples where the organization decided to withdraw from the project/relationship/transaction Review existing documentation with regard to the top management s decision to maintain the project/relationship/transaction despite the risks identified SLIDE 67

68 8.9 Raising concerns The organization shall ensure that all personnel are aware of the reporting procedures and are able to use them, and are aware of their rights and protections under the procedures. Which evidence would you be looking at as an auditor to assess compliance with the requirement 8.9? SLIDE 68

69 8.9 Raising concerns Review legal context with regard to anonymous reporting Check whistleblowing procedures If there is a hotline, make a call Review existing cases (if any) and check reporting of other types of wrongdoing Question the non-retaliation culture of the organization in interviews with compliance officers or middle managers in the course of the audit SLIDE 69

70 8.10 Investigating and dealing with bribery The organization shall implement procedures that: Require assessment and, where appropriate, investigation of any bribery ; Require appropriate action in the event that the investigation reveals any bribery ; Empower and enable investigators; Require co-operation in the investigation by relevant personnel; Require that the status and results of the investigation are reported ; Require that the investigation is carried out confidentially. Which evidence would you be looking at as an auditor to assess compliance with the requirement 8.10? SLIDE 70

71 8.10 Investigating and dealing with bribery Check records of prior reports of violations of the anti-bribery policy Check the policy on violations of internal procedures? Check investigations on other incidents (ie. safety, environment ) SLIDE 71

72 9.1 Monitoring, measurement, analysis and evaluation The organization shall evaluate the anti-bribery performance and the effectiveness and efficiency of the anti-bribery management system. SLIDE 72

73 Exercise 5: Auditing the requirement 9.1 Step 1: How can an auditor assess a monitoring process? What would be the appropriate documented information? present your analysis + collective discussion Step 2: Which evidence would you be looking at as an auditor to assess compliance with the requirement 9.1? To what other requirement does 9.1 refer? SLIDE 73

74 9.1 Monitoring, measurement, analysis and evaluation Verify the monitoring and review plans of the ABMS Check the results of the previous reviews Double check with clause 6: how are objectives measured? Double check with clause 5 (leadership) SLIDE 74

75 9.2 Internal audit The organization shall conduct internal audits at planned intervals to provide information on whether the anti-bribery management system conforms to : the organization s own requirements for its ABMS; the requirements of this document Is effectively implemented and maintained SLIDE 75

76 Exercise 6: Auditing the requirement 9.2 Step 1: What would the control of an external audit on an internal audit occur? How can an auditor assess another audit? Present your analysis + collective discussion Step 2: Which evidence would you be looking at as an auditor to assess compliance with the requirement 9.2? What would be a noteworthy effort on requirement 9.2? SLIDE 76

77 9.2 Internal audit Check internal audit program & criteria used to managed anti-bribery audit program (risks; incidents & internal reports; changes in the context;.) Review competence of internal auditors (training, independence, seniority, ) Sample check internal anti-bribery audit reports Example of noteworthy effort : those audits are accompanied by occasional data mining to detect potentially corrupt personnel SLIDE 77

78 9.3 Management review Top management shall review the organization s anti-bribery management system, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. The outputs of the top management review shall include decisions related to continual improvement opportunities and any need for changes to the antibribery management system. SLIDE 78

79 Exercise 7 : Auditing the requirement 9.3 Step 1: Can we consider this external audit as part as top management review? What are the functions involved in the requirement 9.3? Is it necessary to audit them? presents your analysis + collective discussion Step 2: Which evidence would you be looking at as an auditor to assess compliance with the requirement 9.3? Who would you interview to obtain answers? SLIDE 79

80 9.3 Management review If in existence, dashboard to monitor performance Check minutes of management reviews; compare with requirements & documented information Sample check internal anti-bribery audit reports Persons to interview: CEO, executive committee members, chief compliance officer SLIDE 80

81 9.4 Review by anti-bribery compliance function The anti-bribery compliance function shall report at planned intervals, and on an ad hoc basis, as appropriate, to the governing body (if any) and top management, or to a suitable committee of the governing body or top management, on the adequacy and implementation of the anti-bribery management system, including the results of investigations and audits. SLIDE 81

82 Exercise 8 : Auditing the requirement 9.4 Step 1: How can an auditor understand the word effectively? What would the audit criteria for this requirement be? presents your analysis + collective discussion Step 2: Which evidence would you be looking at as an auditor to assess compliance with the requirement 9.4? What would be an observation on requirement 9.4? SLIDE 82

83 9.4 Review by the anti-bribery compliance function Check reports of anti-bribery compliance functions Check risk assessment Observation example: the organization evolves in a high risk sector but the Chief Compliance Officer does not report directly to the CEO SLIDE 83

84 10.1 Nonconformity and corrective action When a nonconformity occurs, the organization shall: a) react promptly to the nonconformity, and as applicable: 1) take action to control and correct it; 2) deal with the consequences; SLIDE 84

85 Exercise 9: Auditing the requirement 10.1 Step 1: How do I assess the efficiency of a corrective action? How do I review the root causes? How long does an organization have to take a corrective action when a nonconformity arises? presents your analysis + collective discussion Step 2: Which evidence would you be looking at as an auditor to assess compliance with the requirement 10.1? What questions would you ask in the interviews? SLIDE 85

86 10.1 Nonconformity and corrective actions Is there a record of corrective actions? How are they managed? How is the effectiveness reviewed? Are there instructions to describe the treatment of a corrective action? Are they discussed in the management review? SLIDE 86

87 10.2 Continual improvement The organization shall continually improve the suitability, adequacy and effectiveness of the anti-bribery management system. SLIDE 87

88 Exercise 10 : Auditing the requirement 10.2 Step 1: Which evidence would you be looking at as an auditor to assess compliance with the requirement 10.2? Who would you interview to obtain answers? SLIDE 88

89 10.2 Continual improvement Is there a commitment to continual improvement in the anti-bribery policy? ( from the top management or governing body) Check the different versions of the ABMS over time, if in existence, to observe improvements SLIDE 89

90 Day 4: Certifying ISO Conducting an audit Version 2017 SLIDE 90

91 Conducting an audit : the 4 steps Opening meeting Collecting information Interviews Closing meeting SLIDE 91

92 1. The opening meeting Introduce the audit team Review the audit plan Confirm the audit scope and the criteria Confirm timings SLIDE 92

93 1. The opening meeting Explain the main definitions and findings Make sure the audited persons are available List the required documents Confirm confidentiality SLIDE 93

94 2. Collecting information Interviews Understanding the organization of the company Get the formalized processes EVIDENCE Reading documents,financial data and hearing records Determine information flows SLIDE 94

95 3. Interviews technics (1) Ask the auditee to describe what he/she does in such or such situation Active listening Use open questions Re-confirm for validation SLIDE 95

96 3. Interviews technics (2) Follow the audit plan & check-list to start Confirm your understanding Thank the persons for their time SLIDE 96

97 3. Interviews technics (3) Do not get dragged into lengthy discussions Do not let the auditee conduct the interview Always be precise and refer to the facts Remain always positive SLIDE 97

98 3. Interviews technics : think thank You are auditing an anti-bribery management system according to ISO 37001of an old family owned company. The will to get the company certified comes from the top management who wishes to be «compliant» to the best practices. However, the interviewees react badly. They refuse to answer your questions, act agressive and do not see the point of an anti-corruption certification. 1. How would you react? 2. Could you stop the audit? 3. When presenting the findings they disagree and challenge your conclusions SLIDE 98

99 3. Interviews technics : think thank - You have the right to stop the audit and request a meeting with the top management for explaining the situation; - Try and explain that you are auditing a management system and not the employees competencies and that they should not feel the are being «judged»; - If findings are significant (several major NC s for instance) meet with you contact or the management prior to the closing meeting to discuss and get acceptance of the findings SLIDE 99

100 3. Interview techniques: practical exercise You are going to audit the Anti Bribery Management System of TechnoBugKillers. You will train yourself to interview techniques. Each of you will audit one function and then collect answers. SLIDE 100

101 4. The closing meeting Who does conduct it? Managed by the lead auditor What is the objective? The objective is to present the findings to the team. Link the findings to the stated objectives of the organization; list the findings in order. How to react if the team refuses the findings? Findings are clear as they are the produce of an external verification. They should not be openned for discussion SLIDE 101

102 4. The closing meeting : case study 1. Step 1 : each one presents its finding to the audience 2. Step 2 : Which findings are nonconformity, observations or noteworthy efforts? SLIDE 102

103 4. The closing meeting : list of findings Audit report & list of findings Organisation; Department (process) Clause Date: Référence: Category: Nonconformity / Observation / Efforts worth mentioning (cross out irrelevant points) Detailed finding: Auditor: SLIDE 103