An internal audit, also known as a first-party audit, is conducted by or on behalf of the organization to verify that the organization's own management system is continuously meeting specified requirements and is functioning.

It provides information for effective management review and corrective and preventive measures, its purpose is to verify the effective operation of the organization's management system, and can be used as the basis for the organization's declaration of self-conformity.

It is the process of systematically and regularly auditing the conformity, suitability and effectiveness of the planned system, process and its operation to ensure the self-perfection and continuous improvement of the management system.

1.

In accordance with internal audit procedures, make annual audit plan and determine the implementation month of internal audit.

The internal audit shall cover all processes, departments and sites of the quality management system at least once a year.

The following special circumstances can increase the frequency of internal audit:

a) when the contract requires or the customer needs to evaluate the quality management system;

b) when there is a significant change in the organization and functions;

c) where serious non-conformity is found and requires review;

d) Before third-party audit certification or supervision audit;

e) When requested by top management.

2.

According to the purpose, scope, department, process and schedule of the internal audit activities, the top management authorized the establishment of the internal audit team.

Qualifications for internal auditors:

a) The internal auditor should be the head of the department or the main backbone;

b) The internal auditor shall pass the quality management system internal audit course training and pass the examination;

Qualified internal auditors shall have relevant explanatory documents that meet the qualifications of internal auditors.

Responsibilities of internal audit team leader:

a) Negotiate and formulate audit activity plans, prepare working documents, and assign audit team members to work;

b) Presided over the audit meeting, controlled the on-site audit implementation, and made the audit proceed as planned and required;

c) Confirm the nonconformity report found by internal auditor.

Duties of internal auditor:

a) Prepare the checklist according to the audit requirements (usually prepared by the system department);

b) Complete the audit task according to the audit plan;

c) Form written materials on audit findings and prepare nonconformity reports;

d) Assist the auditee in formulating corrective actions and implementing follow-up audits.

3.

Prepare the internal audit schedule plan according to the month of the annual internal audit plan. When preparing the internal audit implementation plan, the compilers should confirm with the internal auditors and the head of the audited department whether the time arrangement is reasonable. If there is any problem, adjust the plan in time.

The audit implementation plan shall include the following:

a) Purpose, scope, start and end date of internal audit;

b) the document on which it is based;

c) The main content and schedule of this audit;

d) Division of internal auditors.

4.

Before the audit, the internal auditor shall prepare the inspection list according to the division of labor, and the inspection list requirements:

a) The main functions of the audit area should be highlighted, and the selection of typical key quality issues should cover all functions of quality management, including some special requirements of the company's customers;

b) After a period of use, a relatively stable content will be formed as a standard checklist to provide reference for future internal audit

5.

The internal audit department shall be notified at least one week in advance before the internal audit, and the internal audit implementation plan shall be confirmed by the head of the audited department.

6.

Before the on-site audit, the first meeting should be held, attended by all the audit team and the head of the department on trial and relevant personnel, the meeting is chaired by the internal audit leader, the participants should sign in, and the meeting time should not exceed half an hour.

Main contents of the first meeting:

a) Introduce the division of labor of audit team members to the audited department;

b) Declare the scope, purpose and basis of the audit;

c) A brief introduction of the methods and procedures used to conduct the audit;

d) Establish a link between the audit team and the audited department;

e) Read out the audit plan and clarify the unclear content in the audit plan.

7.

Field audit is the process of looking for objective evidence by sampling inspection.

In this process, the auditor's personal quality and audit strategy, skills can be fully played.

A competent auditor will complete the audit task in a relaxed and convincing manner.

Principles of on-site audit

(1)

This is the most basic and primary principle.

Any information obtained without objective evidence shall not be used as the basis for the judgment of nonconformity. Insufficient or unverified objective evidence should not be used as evidence to determine nonconformity.

(2)

Audit judgment should resolutely exclude other interfering factors, including from the auditee, the auditor's feelings and so on affect the independence of judgment, impartial factors, from beginning to end to maintain, maintain the independence and impartiality of the audit judgment, can not be due to affection or fear and digest the unqualified items.

(3)

That is: to speak of objective evidence, do not rely on feelings, feelings, impressions; Go back to what is actually being done, don't stop at documents, mouth (answer); To proceed as scheduled according to the audit plan, do not "do not find out the problem is not a good man".

When there are no qualified items after auditing according to the sampling plan, the principle of "presumption of innocence" should be adopted and transferred to the next auditing item.

(1) The forms of objective evidence collected are

① Objective facts of existence;

② The interviewee's statement about his/her work within his/her own scope;

③ Existing documents, records, etc.

In the questioning, verification, observation, auditors should make records, write down the useful and true information heard and seen in the audit, these records are the true evidence of the auditor's report.

The collected objective evidence should be sorted out, analyzed and screened, on the basis of which the audit evidence and audit findings are obtained.

When a nonconformity is found, the nonconformity shall be confirmed with the representative of the auditee, the parties shall strive to resolve the differences of opinion on the facts, and the failure to reach an agreement shall be recorded.

(1)

Problem tracing audit strategy is an audit method to trace the cause of a certain problem. In the audit found a variety of problems, in order to make a correct and profound judgment, we should analyze and trace the essential cause of the problem.

This strategy can be used when reviewing data analysis, customer complaints, control of design and development changes, nonconforming products, corrective and preventive actions, etc. When using this strategy, the key is to see the essence through the phenomenon and keep a sharp eye for prevention and improvement.

(2)

Summary cut into the audit strategy is to understand the basic situation of the audit project, facts, data, purposeful, focused step by step to narrow the scope, in-depth specific audit methods.

(3)

The audit strategy is an audit method which is led by the problem clues and deeply traced or verified. Auditors should have professional sensitivity, good at finding and capturing problem clues in the audit. Sometimes problem leads will go beyond the scope of the checklist, but if there are major problem leads related to standards, you may want to change your plan and follow up. This strategy is often used in the audit of nonconforming product control, customer complaints, returns, customer satisfaction, etc.

The review process is actually a communication process, and it is a formal two-way communication process. Mastering communication skills is a basic requirement for auditors. Adequate and smooth communication is one of the keys to a successful audit.

(1)

A successful interview is conducive to establishing rapport and eliminating psychological barriers; It helps to enlist the cooperation of the auditee's personnel and helps to identify the situation and obtain the objective evidence needed.

The skills that the auditor should master during the interview are:

a. Good questions;

b. Speak less, listen more;

c. Maintain a harmonious relationship;

d. Select appropriate interview subjects.

(2)

Questioning is the most used and basic method in auditing. Use the right way to ask questions, this is the auditor's basic communication skills.

Questions are divided into three categories according to the answers:

a.

A form of questioning designed to elicit a wide range of answers. 'How was it? 'What? This type of questioning is open-ended;

b.

Questions that can be answered with "yes", "no", or just one or two words. Auditors should use closed questions as little as possible except when necessary. Closed questions often make the interviewees nervous, and some questions are difficult to answer. In practice, many situations can not be concluded by "yes" or "no";

c.

A way of asking questions that can be discussed around the question to get more information. The question is often, "Why? Please tell me..."

In short, there are many ways to ask questions, no matter which way, it is important that the auditor's questions must be clear in point of view and purpose, and the timing is appropriate; Must be accurate, clear, hierarchical, and progressive, a seasoned auditor's way of asking questions often appears random on the surface, but he can always find the most appropriate way to ask questions in the scene at the time, and get the ideal answer.

In the field audit, the auditor should often and timely judge the conformity of the collected objective evidence and the audit findings. How to judge correctly, in addition to a deep understanding of the standard requirements, but also need to master some skills.

(1)

(2)

In the standard can not find a complete "fit" clause, judge the closest clause.

(3)

When there are multiple judgments, the judgment shall be made according to the terms that are most favorable for improvement or most effective for improvement.

(4)

When there are multiple problems at the same time, keywords or key objective evidence or key issues should be looked for for judgment.

(5)

Some problems should be viewed through the lens of phenomena, and should be judged from the causes most closely related to their origin.

(6)

The same minor nonconformities can be combined with similar items, such as some marks in file control.

(7)

Some typical situation coping skills

(1)"

This kind of person tries to make the auditor have a "good" view, only give you a good side, and prevaricate on the poor place.

Coping skills are: adhere to a comprehensive review, listen to the good, but also to the bad, good, but also to see the bad.

(2)"

Does not welcome any criticism, belittles the opinion of the auditor, and does not cooperate with the auditor.

The coping skills are: stay calm, persevere in the audit, and make clear and patient explanations of the problems found.

(3)"

Speak as little as possible, answer questions as little as possible, and even answer questions in circles, trying to make the auditor less aware of the real situation.

The coping skills are: patience, tolerance, sensitivity to change the question until the goal is achieved.

(4)"

He refused to answer the questions on the grounds of unfamiliarity.

The coping technique is: ask the leader of the auditee to send another person familiar with the situation to accompany or introduce the situation.

(5)."

The questions raised by the auditors are quoted extensively, talked loudly, and theoretically discussed with you, and I want to use the advantages of professional aspects to deter auditors and slow down the audit progress.

The coping skill is to insert the most practical questions in a timely manner, without debating theoretical or technical issues.

(6)."

When the auditor asks a question, he explains it to you on the grounds that it is impractical, impossible, unnecessary, and too cumbersome, and refuses to admit the problem.

The coping skills are: clearly and patiently explain that this is the requirement of the standard, and the audit is the process of checking the standard with the actual.

(7)."

Do everything possible to justify the unqualified items found and find excuses.

The trick: Be able to double-check and stick to the facts. Full coverage.

(8)."

Take the initiative to introduce problems to auditors and pass the buck.

The coping skills are: first verify the problems it introduces, but should be careful not to intervene in the interpersonal conflicts of the auditee.

(9)."

Acknowledge the problems found by the auditor, but ask the auditor to be lenient, do not judge the nonconformity, and say that it is corrected immediately.

The coping skills are: adhere to the principle, but show sympathy for the audited, with an understanding attitude, and reduce the minor nonconformity items that can be corrected immediately to observation or can not be judged after the correction is confirmed.

(10)."

Try every means to transfer the auditor audit objectives, energy and time, you let him take information, he has not provided; If you let him introduce you, he will give you a blow; The accompanying staff is particularly good at eloquence, always love to take the initiative to introduce the situation or often use ISO9001 standards to solve relevant problems or often escape, to find only to come.

Coping skills are: try to avoid doing irrelevant things, plan carefully, keep the audit objectives clear, take the initiative to politely break off irrelevant introductions, urge the auditee to submit information, do not discuss the problem with people.

(11)."

The auditor is very polite and enthusiastic, making tea, passing cigarettes, providing fruit, etc., in order to dilute the audit atmosphere.

The coping tips are: minimize social interaction during the audit, usually do not eat food such as fruit, polite but serious.

Control of site audit

(1)

Quality audit from the beginning of the planning to the end of the submission of the audit report, should be loyal to the purpose of the audit, especially in the on-site audit, there will be a variety of interference, a little attention will make the audit deviate from the original track. In the process of organizing the audit, the audit team leader should always grasp the dynamics, grasp the direction, identify the goal, find the deviation in time coordination and adjustment.

(2)

The audit work should be completed in accordance with the scheduled time, if there is a situation that can not be completed according to the scheduled time, the head of the audit team should make timely adjustments by adjusting the strength or appropriately reducing the audit content so that the audit work can be carried out according to the scheduled plan. For important leads that need to be followed up, the team leader may decide to extend the review time until credible inspection results are obtained.

(3)

For the purpose of internal audit, the scope of audit is often expanded in the audit. When the scope of audit is changed, the approval of the head of the audit team should be obtained. If necessary, the auditor has the right to expand the sampling scope and sampling quantity.

The non-conformity described in the audit refers to "failure to meet the specified requirements". The requirements here mainly include:

(1) Standard requirements (such as ISO9001 standard requirements).

(2) Documentation provisions (including quality manuals, procedure documents, quality records and quality plans or technical documents and management documents).

(3) Contractual provisions (sales contracts signed with customers, procurement contracts signed with suppliers, etc.).

(4) Social requirements (including laws, regulations, decrees, regulations, rules and regulations, as well as environmental protection, health and safety, energy and natural resources protection obligations).

(5) Other provisions, such as top management requirements, common sense requirements (not necessarily documented).

(6) Customer complaints.

The determination of nonconformities is based on the express requirements of ISO9001:2015 standard and customer complaints, and the nonconformities of implicit requirements can be expressed in observational form or described appropriately in the audit report.

Principles based on objective evidence

Any item with insufficient basis shall not be judged as nonconforming. For those non-conformities where the auditees have different opinions, they can be decided through negotiation or re-audit.

The internal audit of the internal quality management system can be divided into four levels according to the severity: serious nonconformity, general nonconformity, slight nonconformity, observation items:

(1)

A critical nonconformity usually refers to a systemic failure or defect. The main judging criteria are:

① The quality management system is seriously inconsistent with the requirements of the agreed quality management system standards or documents. Such as key control procedures are not implemented, lack of standard requirements.

(2) Failures that cause systemic failure (may need to be explained by multiple general failures). For example, most of the measuring and monitoring equipment in use is not calibrated (verified) according to the cycle, and most of the disposal of unqualified products is not reviewed and recorded according to the requirements.

(3) The failure that causes regional failure (may need to be explained by multiple general failures). For example, the quality management system of an organization does not cover an organizational unit that should be implemented or the organizational unit does not organize the implementation according to the standard requirements, and a product in all the products covered by the quality management system does not carry out quality control according to the standard.

(4) Non-conformities that can cause serious consequences. For example, the welding of pressure vessels does not meet the specified requirements, household appliances are not insulated, withstand voltage tests, and are processed according to the wrong drawings, which directly endanger the product and personal safety, or will bring significant economic losses to the organization and seriously damage the reputation of the organization.

(5) Non-conforming items in violation of laws and regulations.

(2)

General criteria for nonconforming items:

① Non-conforming items that are not accidental and clearly do not meet the requirements of the document. If part of the procurement contract is not reviewed, the duties of the inspector are not clear.

② Nonconformities that directly affect product quality. For example, several testing equipment exceed the calibration cycle and do not perform the first self-test as required.

③ Nonconforming items that cause the failure of quality activities. For example, the quality control point does not control key quality characteristics or process controlling factors.

(3)

Minor nonconformities are isolated, episodic problems that have no direct impact on product quality. For example, there is a drawing or a document whose version is not up to date, a document is not dated, the wording is inaccurate, the signature is not in accordance with the requirements, etc.

(4)

Grading nonconformities can be difficult in some cases because the boundaries are difficult to draw. This distinction often depends on the experience and skill of the audit leader and auditor. Sometimes there is a type of report that looks like a nonconforming item called an "observation item." The main cases of "observation items" are:

① The evidence is slightly insufficient, but there are problems that need to be reminded.

② The problem has been found, but it cannot constitute a failure, and if it develops, it may constitute a failure.

③ Other matters that need to be reminded.

Observation reports are not unqualified reports and will not be included in the final audit report. The setting of "observation items" undoubtedly prepares a step for both the auditor and the auditee, which will bring benefits to ease the audit atmosphere. If the method is used correctly, it has positive significance to the internal audit.

The contents of the nonconformity report may include: Name of auditee, auditor, accompanying personnel, date, description of nonconformity (should point out the objective facts of nonconformity and defect), conclusion of nonconformity (violation of the provisions of standards and documents), nature of nonconformity (according to severity), confirmation of auditee, corrective action and completion time, verification record after taking corrective action, etc. The three elements of the nonconformity report are: the description of the nonconformity phenomenon, the conclusion of the nonconformity phenomenon and the nature of the nonconformity item, which is indispensable for any nonconformity report.

Description of nonconformity should be strictly based on objective evidence and traceable.

Such as the observed facts, locations, parties, document numbers involved, product batch numbers, the contents of relevant documents, statements of the persons concerned, etc. The description should be as simple and clear as possible, factual, straight writing, without embellishment.

The conclusion of nonconformity mainly refers to which provision of the agreed document (quality management system standard, quality management system document, contract, etc.) is violated by the described phenomenon.

8.

After the on-site audit, the final meeting shall be held, presided over by the internal audit team leader, and all audit team members and relevant personnel of the audited department shall attend and sign in.

Main elements of the final meeting:

a) Restate the scope, purpose and basis of the audit;

b) Audit instructions;

c) Reading the nonconformity report;

d) request for corrective action;

e) Read out the audit opinions, and explain the release time, method and other follow-up requirements of the audit report;

f) Audit summary.

The last meeting shall be recorded and kept.

9.

About one week after the end of the last meeting, the head of the internal audit team shall summarize and analyze the nonconformity report of this audit, formulate the Distribution Table of Nonconformity Items, and the top management shall submit the Internal Audit Report.

The nonconformity report shall be distributed to all relevant departments as an attachment.

10.

The audit team shall track and verify the corrective and preventive measures, and timely report the tracking and verification status to the top management.

In the next audit, the implementation status and effect of the implementation are reviewed and evaluated, and the report is written to achieve closed-loop audit management to promote continuous quality improvement. The real benefit from auditing in any organization ultimately comes from auditing itself.

Records generated during the internal audit shall be maintained.