From Audit Requirements to Checklists to Evidence Gathering Plans. Linda Westfall 12 October 2017

Similar documents
Conducting Software Configuration Management Audits. Linda Westfall 12 October 2017

Software Auditor Skills Training Course Offered by The Westfall Team

Blatant Commercialism

Environmental Management System Audit

AUDITING CONCEPTS. July 2008 Page 1 of 7

8 Steps to Effective Use Cases

Internal Auditing and Control of Nonconforming Work

Software Quality Engineering Courses Offered by The Westfall Team

Software Quality Engineering Courses Offered by The Westfall Team

Presented by: Linda Westfall Sponsored by:

ROEVER ENGINEERING COLLEGE Elambalur,Perambalur DEPARTMENT OF CSE SOFTWARE QUALITY MANAGEMENT

INTEGRATING ISO 9000 METHODOLOGIES WITH PROJECT QUALITY MANAGEMENT

VALUE ADDED INTERNAL AUDITING

INTEGRATED MANAGEMENT SYSTEM INTERNAL AUDITS

IMPORTANT NOTE: My remarks are my personal remarks and not that of any organization that I belong.

MAXIMISING THE OUTCOME OF SURVEYS. Natalija Bryžachina, Principal Auditor National Audit Office of Lithuania 8 October 2014

How to be an Effective GMP Auditor

Quality Management with CMMI for Development v.1.3 (2013)

WATCH WORDS FROM THE PEER REVIEW PROCESS

Food Safety System Certification Technical Webinar Audit planning. Jules Rojer Technical Advisor FSSC 22000

INSERT COMPANY NAME/LOGO HERE

Project Procedure 1.0 PURPOSE 2.0 SCOPE 3.0 REFERENCES 4.0 DEFINITIONS. No.: P /21/2012 PAGE 1 OF 8 INTERNAL QUALITY AUDITS

ISO 9001:2015 Expectations

Health & Safety Management System (HSMS) Audit Program Standard

Regional Internal Audit Workshop Recap & Lessons Learned

Syllabus - Aviation Auditor Training (AAT)

INTERNAL AUDIT POLICIES AND PROCEDURES OPERATING MANUAL

Control of Internal Auditing

Quality Procedure Internal Audit

Information Technology Independent Verification and Validation

PROJECT INTEGRATION MANAGEMENT. 1 Powered by POeT Solvers LImited

Software Project & Risk Management Courses Offered by The Westfall Team

Expert Team on Centre Audit and Certification. Wellington. 1 4 October 2018

Performance Auditing: What It Is, and Why It Is Important Presented by: Harriet Richardson, CPA, CIA, CGAP Audit Manager, City of Berkeley

Skill Category 7. Quality Control Practices

INSERT COMPANY NAME/LOGO HERE

ISO & ISO TRAINING DAY 4 : Certifying ISO 37001

2017 Archaeology Audit Program Procedure Manual. April 2017

Template AMS Professional Sample Set01 V1, group A. Questionnaire

Internal Auditing. compliments of Eagle Force Inc.

3/01/2013 4:24 PM s_quintp\bureau Veritas\41 Truth Analyst Presentation.ppt

IQN QIA. Qualified Internal Auditor. Download Full Version :

American Society for Quality (ASQ) CERTIFIED HACCP AUDITOR (CHA) BODY OF KNOWLEDGE

KENYA ACCREDITATION SERVICE

IT Audit Process. Michael Romeu-Lugo MBA, CISA March 27, IT Audit Process. Prof. Mike Romeu

ADVISORY CIRCULAR AC

FAQ 9101:2014 / 9101E

WATCH WORDS FROM THE PEER REVIEW PROCESS

Internal Audits Procedure

AS9003A QUALITY MANUAL

Vendor Qualification Survey

Works under direct supervision. The supervisor provides specific assignments that are accompanied by detailed and specific instructions.

Quality Commitment. Quality Management System Manual

ISO 9001:2015 Gap Analysis Check Sheet

The role of communication in the audit process

Project Management Knowledge Areas SECTION III

Advanced Software Testing Using Reviews for Better Specs, Stories, and Code

Auditing Policy and Procedures

Internal Quality Auditing Procedure

Enhancing Audit Program Using Dr. Deming s 14 points. Naren Patel ASQ Fellow October 12-13, 2017

SAMPLING AND ERROR EVALUATION RSM US LLP. All Rights Reserved.

General Guidance for Developing, Documenting, Implementing, Maintaining, and Auditing an SQF Quality System. Quality Code. SQF Quality Code, Edition 8

HSE Auditing Procedures

Laboratory Quality Assurance Manager & Laboratory Assessor RULES & HANDBOOK

SUPPLIER QUALITY SYSTEM SURVEY Please complete and return, within 10 days of receipt, to: GENERAL INFORMATION Attn: Manager of Quality

AESOP 15604; ISSUE 2; STATUS PENDING APPROVAL; AUTHORITY CARL BLAZIK This document is the property of NSF ISR. Page 1 of 9

GUIDELINES FOR CONDUCTING VERIFICATIONS. 1. Verifications may be carried out on the basis of audits and/or on-the-spot checks.

Developing a Checklist

QUALITY SYSTEM PROCEDURES

Internal Quality Assurance Report. Internal Audit/Inspector General Department

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Guidelines for information security management systems auditing

Getting Started with ISO in Your Lab: Introduction to Resources, Training, Implementation, and Timelines for Earning Accreditation

Procedure 14 Internal Audits

Process Mapping and Process- Based Internal Audits

For further information, please call (306) , or write to: MOTOR SAFETY ASSOCIATION 673 Henderson Dr. Regina, Saskatchewan S4N 6A8

ASIS Standards: Auditing for. Improvement. Security, Risk and Resilience. Auditing. Value Added. Auditing

QS 9000 Awareness Information. Cayman Systems USA Elsmar.com Introduction to QS9000

Environmental Management System Guidance

This document describes the overall software development process of microcontroller software during all phases of the Company Name product life cycle.

Desk Audit of. Based on Federal Transit Administration (FTA) Quality Assurance and Quality Control Guidelines FTA-IT

QUESTIONS & EXPECTATIONS

Definitions contained in the above mentioned document and industry regulations are applicable herein.

What is SQA? Software Quality Assurance. Quality Concepts. Quality Concept (cont.)

BELDEN QUALITY SYSTEM OVERVIEW

Connecticut Valve & Fitting Co.

January 10, 2017 Frank Pokrop BD Becton Dickinson and Co.

Statistics for Managers Using Microsoft Excel 7 th Edition

Document Owner: Approval: Revision: 4. EMS Technical Support Environmental Division Chief Original Date: 11 July 2003

In this Lecture you will Learn: Requirements Capture. User Requirements. Current System Investigating

Traditionally, conformity standards

Recognition of Prior Learning (RPL) & Credit Transfers

Tools & Techniques II: Lead Auditor

Joint Base Lewis-McChord (JBLM) Procedure: Internal Audit Document ID: EMS-260 Document Owner: Approval: Revision: 4

IFTA - IRP AUDITS FACILITATORS. Webinar Logistics 1/12/2011. EVALUATION OF INTERNAL CONTROLS Webinar. Presentation will run for approximately one hour

ICM CERTIFICATION (P) LIMITED

Implementation Guide 1311

Practical Audit Tools

SPECIFICATION FOR THE DEVELOPMENT OF EXAMINATIONS AS PART OF A CERTIFICATION SCHEME FOR MS AUDITORS

Audit of Weighing Services. Audit and Evaluation Services Final Report Canadian Grain Commission

TABLE OF CONTENTS 1.0 INTRODUCTION...

Transcription:

From Audit Requirements to Checklists to Evidence Gathering Plans Linda Westfall 12 October 2017

Turning Requirements into Audit Results Audit Requirements Audit Inputs Audit Initiation Audit Checklists Objective Evidence Gathering Plan Audit Preparation Objective Evidence Nonconformances & Observations Audit Executions Audit Results Audit Reporting

Audit Requirements Evaluation Criteria Audit requirements provide the objective evaluation criteria against which conformance/compliance is evaluated. Examples of audit requirements include: Written organizational quality policies Documented objectives (e.g., budgets, programs, contracts) Customer or organizational quality specifications, standards, or procedures Product requirements and/or specifications Governmental or regulatory requirements Industry standards

Process Documentation Hierarchy Industry Level Process Documentation Industry Standards Quality Manual Organization Level Process Documentation Standard Processes Standard Work Instructions, (Guidelines, Templates, Checklists) Program/Project Level Process Documentation Quality Plans Project/Program Specific or Tailored Processes Project/Program Specific or Tailored Work Instructions

Checklists Checklists are: Lists of yes/no questions Tools to help add organization & structure Tools to ensure complete coverage of audit criteria Precise, measurable, factual Checklists correspond to the audit requirements & help ensure complete coverage within the scope of the audit.

Turning Requirements into Checklist Items Requirement: The organization shall ensure that the person(s) doing the work are competent on the basis of appropriate education, training, or experience. Checklist Item: Do the person(s) doing the work have the appropriate education, training, and/or experience? Verification activities are conducted to ensure that the design and development outputs meet the input requirements Are the design and development outputs appropriately verified against the requirements?

Generic Checklist Items Examples

Generic Checklist Items Examples (cont.)

Generic Checklist Items Examples (cont.)

Gathering Objective Evidence An auditor measures compliance/conformance by gathering & analyzing objective evidence. Objective evidence is: Information which can be proved true based on facts Observed or documented evidence uninfluenced by prejudice, emotion or bias For each checklist item plan the technique(s) that will be used to gather objective evidence for that item.

Objective Evidence Gathering Techniques

Observing an Event or Process An auditor can observe work in progress to see if it meets requirements. The auditor observes if: The product was made or activity performed according to documented procedures or work instructions It was done by the designated responsible person The proper equipment and/or tools were used Employees were familiar with policies & procedures & that they know their roles & responsibilities The auditor should watch or be present without participating actively.

Interviews Interview questions should: Be open-ended & context-free Have know, expected answers Focus on the product/process/ problem -- not the individual Be organized in a logic order The auditor should seek corroboration: More than one interviewee says the same thing Another audit team member hears the same thing A record, document or other objective evidence verifies response

Open-Ended Questions Examples of open-ended vs. close-ended questions: Open-Ended Question What procedures do you follow when performing your work? What reviews & approvals are involved in releasing your work products? How do you communicate the problems you encounter? Close-Ended Question Do you follow the XYZ procedure when you do your work? Do you perform a peer review on your work products? Does the software lead approve your work products? Do you record the problems you find in the defect tracking tool?

Context Free Questions Examples of context free questions: Ask This What documentation do you use when performing this task? How do you verify the quality, completeness & consistency of your work products? How do you track your project s progress? Not This How do you use the SOW Template when performing this task? What steps do you use when conducting unit testing of your work product? How do you use Microsoft Project to track your project s progress?

Examining Records Quality records are examined to ensure that evidence exists to: Demonstrate product conformance to requirements Appropriate implementation of the processes If it s not written down, it never happened Examples of quality records: Meeting minutes Reports Completed forms or checklists Metrics or data Documented approvals

Examining Documents If documents were supplied as audit inputs, examination was accomplished during document review. Based upon information obtained during execution: Additional examination of documents supplied as input Examination of additional documents requested during the audit

Measurement Measurement can be accomplished through: Collecting & analyzing new data Analyzing existing data Examining existing metrics Looking for: Patterns & trends Escapes Out of control values Conformance to entry/exit criteria

Sampling Rarely is there enough time or resources to: Interview every auditee about every checklist item Examine every work product Examine every quality record Auditing is based on the concept of sampling.

Sampling Techniques Non-statistical sampling methods: Haphazard sampling Block selection Judgmental selection Statistical sampling methods: Random sampling Systematic sampling Stratified sampling

Sampling Plan Objective evidence may be gathered by sampling. Determine sample size & selection based on: Complexity Size/volume Risk Past problems Time available Use sampling methods to select a sample Don t let auditee select the sample If no nonconformances are found move on Consider minimal sample size guidelines (4/10, 10/100, 20/1000)

Evidence Gathering Plans Yes No Checklist Item Evidence Gathering Plan Does the person performing the task have access to applicable processes and/or work instructions? Are the processes or work instructions up-to-date (latest revision)? Observation Interviews Examine records & documents Measurement Test

Evidence Gathering Plans (cont.) Yes No Checklist Item Evidence Gathering Plan Are the entry criteria to the process met before the process is started? Are the exit criteria to the process met before the process is completed? Observation Interviews Examine records & documents Measurement Test

Evidence Gathering Plans (cont.) Yes No Checklist Item Evidence Gathering Plan Are the correct person(s) performing each task correctly per the required processes and/or work instructions? Observation Interviews Examine records & documents Measurement Test

Evidence Gathering Plans (cont.) Yes No Checklist Item Evidence Gathering Plan Do the person(s) doing the work have the appropriate education, training, and/or experience? Observation Interviews Examine records & documents Measurement Test

Evidence Gathering Plans (cont.) Yes No Checklist Item Evidence Gathering Plan Are the required activities being performed in an effective & efficient manner? Observation Interviews Examine records & documents Measurement Test

Turning Requirements into Audit Results Audit Requirements Audit Inputs Audit Initiation Audit Checklists Objective Evidence Gathering Plan Audit Preparation Objective Evidence Nonconformances & Observations Audit Executions Audit Results Audit Reporting

Questions?

Contact Information Linda Westfall 3000 Custer Road Suite 270, PMB 101 Plano, TX 75075-4499 phone: (972) 867-1172 email: lwestfall@westfallteam.com www.westfallteam.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback