Using ANSI/ASQ QE 19011Sfor QMS and EMS Auditing � a

Practitioner�s Perspective

Gary L. JohnsonU.S. EPA

Research Triangle Park, NC 27711

May 2004

Today We Will Cover

� What is QE 19011S and its benefits?� How will QE 19011S be used?� Why supplemental guidance is needed?� What is the structure of QE 19011S?� What is the status of QE 19011S?

What is QE 19011S?

� An consensus-based American National Standard for use with ISO 19011 in auditing management systems.

� Provides specific guidelines for auditing:� Quality Management Systems� Environmental Management Systems

� Applicable to ISO 9001:2000 QMS and ISO 14001:1996 EMS.

QE 19011S

� Supplements ISO standard by addressing full range of auditing activities, including:- Internal audits � first party- Supplier audits � second party- Certification and other third party

audits- Use by small organizations

International Standard

� ISO published the final approved ISO 19011 standard in October 2002.

� U.S. adopted ISO 19011 as American National Standard (QE 19011:2004) in spring 2004.

� American National Standard is identical to ISO version.

Benefits of ISO 19011

� Replaced six existing standards with one:� Quality Auditing Standards - ISO 10011

Parts 1, 2, and 3� Environmental Auditing Standards - ISO

14010, ISO 14011, ISO 14012

� Accepted for registration/certification audits in U.S. (ANSI-RAB NAP).

U.S. Concerns about ISO 19011 Limitations

� ISO 19011 guidance on auditor competence was insufficient:� Implied minimum levels� Not based on sound science

� ISO standard did not adequately address:- Internal Audits- Supplier Audits- Use by Small Organizations

U.S. Concerns contd.

� ISO 19011 text largely reflected 3rd Party and Certification Audits.� ISO 19011 JWG experience was strongest for

3rd Party Audits.� U.S. efforts to broaden guidance were

rejected.

� ISO 19011 text was often too burdensome for 1st and 2nd Party audits and small organization users.

U.S. Solution

� Developed Supplement to ISO 19011:2002

� Added to ISO text to supply needed guidance.

� Supplement format is modeled after ISO 9004:2000.

� Supplement contains complete ISO text with added guidance.

U.S. Supplement

� ANSI/ASQ QE 19011S:2004 was developed by ANSI ASC Z1 Committee Joint Task Group.

� Ballot for approval as American National Standard is in progress.

� Approval is expected � Summer 2004.

QE 19011S Format

� ISO 19011:2002 text presented in boxes.� Unchanged from ISO� Cannot be changed unless standard is

revised. JTG had no authority to do so.

� When ISO text is inadequate, Supplement text follows to add guidance as needed for:� Internal (1st Party) audits� Supplier (2nd Party) audits� Use by small organizations

QE 19011S Format

� When ISO 19011:2002 text needs no change:� Supplement notes that no additional

text is needed.

� Supplement text generally builds on the ISO text to augment the guidance.

Structure of QE 19011S

� 0 Introduction� 1 Scope� 2 Normative References� 3 Terms and Definitions� 4 Principles of Auditing� 5 Managing an Audit Program� 6 Audit Activities� 7 Competence and Evaluation of

Auditors

0 Introduction

� Provides background on why the ISO Standard and U.S. Supplement are needed.

� Provides a general outline of how the Supplement is structured and how its contents should be used.

� Briefly outlines the use of the Supplement for different audit programs.

1 Scope

� Brief statement of the intent and application of the standard, including internal and external audits, and use by small organizations.

� Emphasizes flexibility and broad range of users.

� Notes that the standard may be applied to other types of audits as well (OHS?).

� Few additions made by the Supplement.

2 Normative References

� Identifies other documents whose provisions are included in ISO 19011:2002 by reference and which apply to the Supplement.

� There are two normative references:� ISO 9000:2000 QMS Vocabulary� ISO 14050:1998 EMS Vocabulary

3 Terms and Definitions

� Provides for additional definitions not specifically covered in normative references or elsewhere.

� Key terms in ISO 19011 include:� Audit criteria� Audit findings� Audit team leader� Audit program� Competence (of Auditors)

� No additional terms/definitions were included.

4 Principles of Auditing

� Provides basic auditing principles for auditors, including:� Ethical conduct� Fair Presentation� Due professional care

� For audits, including:� Independence� Evidence-based approach

5 Managing an Audit Program

� Provides guidance on establishing and maintaining an effective audit program

� For one, few, or many audits,� Includes consideration of internal and

external audits,� Introduces guidance on combined or

joint audits.

5 Managing an Audit Program

� Key elements include:� Implementing the audit program.� Monitoring and reviewing the audit program.� Establishing the authority for the audit

program.� Improving the audit program.� Establishing the audit program.

� Expands guidance on audit program performance beyond ISO text, particularly for internal audits.

5 Managing an Audit Program - Example

� Clause 5.2.1 � Objectives of an Audit Program� See Handout 1

6 Audit Activities

� Auditing process includes:� Initiating the audit� Conducting document reviews� Preparing for on-site audit activities� Conducting on-site audit activities� Preparing, approving, and distributing the

audit report� Completing the audit� Conducting audit follow-up (if in audit plan)

6 Audit Activities

� Uses �graded approach� in applying activities to particular audits, not �one size fits all.�

� Reflects major differences between internal and external audits for:� Opening/closing meetings� Auditor competence needed� Reporting audit results

6 Audit Activities

� Guidance is applicable to auditing the process approach in ISO 9001.� Also applies to ISO 14001 audits.

� Guidance applies to combined and joint audits.� Combined - auditing QMS and EMS in one

audit.� Joint � two parallel audits at the same time.

6 Audit Activities -Example

� Clause 6.5.1 � Conducting the Opening Meeting� See Handout 2

7 Competence and Evaluation of Auditors

� Auditor � person competent to conduct an audit.

� Competence of an auditor is based on:� Personal attributes.� Ability to apply sufficient knowledge and skills

gained through education, work experience, auditor training, and audit experience.

� Audit team leaders need additional knowledge and skills, work experience, auditor training, and audit experience specific to leadership.

7 Competence and Evaluation of Auditors

� Competence of auditors needed:� Should be left to audit program managers.� Should fit the needs of the audit program.� Should be maintained through appropriate

methods.

� Guidance is provided on:� Selecting auditors for a particular audit

program,� Evaluating auditors and audit team leaders.

Knowledge and Skills

� Generic knowledge and skills on:� Audit principles and techniques.� Relevant management systems reference

documents.� Organizational situations.� Applicable laws, regulations, and

requirements.

� Specific knowledge and skills on:� QMS or EMS methods and techniques.� Related processes, science, and technology.� Technical aspects of operations.

Demonstrated Credentials

� Demonstrated evidence of:� Education� Work experience� Auditor training� Audit experience

� Supplement does not set levels.� Levels should be based on Audit Program

needs.� Table 1 in ISO 19001:2002 is specific to

registration audits.

Other Considerations

� Audit team leader.

� Auditor for both QMS and EMS.� What is needed to audit in both

disciplines.

� 1st, 2nd, and/or 3rd party audit situations.� What differences exist.

Maintenance and Improvement of Competence

� Maintaining competence needs:� Continual professional development.� Regular participation in audits.

� Reflects �graded approach� in application.

Auditor Evaluation

� Evaluation process has four general steps:� Identify needed personal attributes and

knowledge and skills.� Set the evaluation criteria.� Select an appropriate evaluation method.� Conduct the evaluation.

� Guidance is provided on different evaluation methods and techniques.

Summary

� QE 19011S offer a complete, process approach to QMS and EMS auditing.

� ISO 19011 as written appears to be best suited for 3rd Party/Certification audits.

� QE 19011S provides more complete guidance on 1st and 2nd Party audits.

Summary

� ISO 19011 and QE 19011S will be useful to QMS and EMS auditors and audit programs in the U.S. and elsewhere.

� ISO 19011:2002 is available now.

� QE 19011S should be available this summer.