Session 7 :

Audit Reporting
&
iQMS
 What Is Report Writing?

• Audit report is the final product

• The evidence that the audit was conducted

• Must be completely factual

• Tone must be courteous and professional

• Should be verifiable (evidence can be tracked

down)

3
 Audit Findings

Audit evidence should be evaluated against audit

criteria to generate audit findings. Audit findings
can indicate either :

⮚ Conformances
⮚ Non Conformances
⮚ Observations
⮚ Opportunity for improvement (OFI)

4
 Nonconformance Exists
Because:
• The system does not comply with the standard,
procedure or other requirements

• Performance does not comply with the system

• Performance is not effective

5
 Minor Nonconformity

• Single incident observed that a requirement or

procedure or system or standard not being
conformed to, it may be one of the followings:

• A failure in some part of the organization’s QMS

document related to ISO 9001 : 2015

• A single observed lapse in fulfilling one of the

company’s QMS.

6
 Examples of Minor
Nonconformance

• Isolated examples of deficient record keeping on

Contract Reviews of design review

• Isolated examples of instruments or test equipment

not calibrated or out of calibration

• Isolated examples of obsolete documents retained

in quality manual, procedures, manual or work
instruction

• Isolated examples of drawings unchecked

7
 Major Nonconformity

• The absence of or total breakdown of a system to

meet a requirement.

• Any noncompliance that would result in the

probable shipment of nonconforming product.

• A noncompliance that judgement and experience

indicate is likely either to result in the failure of the
QMS or to materially reduce its ability to assure
controlled processes and products.

• A number of minor nonconformities against one

requirement can represent a total breakdown of the
system.

8
 Major Nonconformity
Examples of Major Nonconformance
• Management review was not conducted at all for
the last one year
• No internal audit carried out within one year cycle
• No evidence of corrective action taken to all
complaints received from customer for the last one
year
• Nonconforming were mix with conforming product
which is ready for shipment to customer
• No action taken when risk justified as high risk
happened

9
 Status of Nonconformity
Depends on:

A. The number of evidence (x)

• X less than or equal to 3 = OFI
• 3 less than or equal to x but less than 5 = Minor NCR
• X equal or more than 5 = Major NCR

B. Impact
• Serious impact on the QMS, the process, product and the
customer – Major NCR.
• Significant impact on the quality of the product, process,
customer and QMS – Minor NCR
• No impact/Small impact - OFI

10
 Status of NCR

❑ Major : In absence caused total breakdown of a

system.

❑ Minor : System does not meet certain standard

requirements & procedures.

❑ Opportunity for Improvement (OFI) : Not enough

evidence to be a nonconformance.

11
 Area for Improvement
• An observed situation where there was not enough
objective evidence to classify the situation as
nonconformance
• An observed situation which is NOT a major or minor
nonconformity but where results achieved, based
upon the auditor’s judgement and experience in
that commodity, are not optimal
• These opportunities shall be recorded in the final
audit report for the benefit of the organization
• In support of continuous improvement, the auditor
should identify quality system strengths, weaknesses
and shall record opportunities for improvement.

12
 NCR Writing
Audit Requirement (Audit Criteria)
• ISO 9001:2015
• Company’s documented information (DI)
• Statutory & Regulatory Requirements
• Customer Requirements

Audit Findings
• A general statement to describe issue of
nonconformity without the need for audit evidence.

Audit Evidence
• Evidence that exists
• Proven evidence
• Documented
• Qualitative & Quantitative
• Related to Quality
* NCR must be correct, clear, complete, concise and courteous

13
 Non Conformance Report

Audit Information

Name of Auditor :

Date of Audit :

Audited Dept. :

NCR No. : UiTM/NCR/RAW - 01/2017

Status of NCR : Major/Minor

14
 Non Conformance Report

Step 1: Write the audit requirement

Example : Against what standard; ISO 9001:2015
State the requirements of ISO 9001:2015 (Clause Number) based on issue and
keyword.

Example: “ ISO 9001:2015, Clause 8.4 describes………

“ Procedure no. ……….of the company states that…

Step 2: Write the audit finding

Example: There is no evidence to show that supplier evaluation has been
conducted.
Step 3: Write the audit evidence
Example: 1. Supplier RSD S/B which supplies carton board on 25/10/2015
2. Supplier RXZ S/B which supplies transportation on 22/7/2015

Step 4: Acknowledgement by both parties

Auditor: …………….. Auditee: ………………..

Date: Date:

15
 Non Conformance Report

Step 5: State the Root Cause(s) (Auditee):

Step 6: Describe/State the action taken and acceptance of action taken: (Auditee)

Correction:

Corrective Action:

Auditee: ……………….. Accepted by : …………Auditor)

Completion Date: ………….. Date :……………..

Step 7: Verification by Auditor

Verification: Action taken found satisfactory or not to address the nonconformity

raised. Also effectiveness of action taken. Auditor to comment.

Verified by: ……………. NCR Close Out: Yes / No

16
 NCR Statement

❑ Evidence
• Something you found and confirmed by authorized
personnel
• Be specific, where, what name, what number
• Make it retrievable
• Correct – check your fact

❑ Nonconformance – Why a nonconformance

• Deviation against requirements
• Deviation against system

❑ Requirement – cite the specific requirements

• Reference standard, Auditee QMS, Management
requirement, customer contract, Gov. regulations,
codes of practice.

17
 NCR Statement

“Should” Requirement

Statement (links the two)

Evidence
“Actual”

18
 How To Start Writing
❑ It was found that……….

❑ It was noted that………

❑ It was observed that…..

❑ There is no evidence that……..

❑ During the audit …….

19
 Draft NCR example…1

It was found that the control of outsourced

processes is not identified within the management
system. (CDE Sdn Bhd – cleaning of office building
toilets)

ISO 9001 : 2015 Clause 8.4.1 (General)

20
 Draft NCR example…2

Although several customer complaint letters were

seen in both the Sales and Marketing
departments (example letter from ‘Pn Nad’ dated
12/10/2015), there was no evidence that the
complaints had been analyzed and investigated.

ISO 9001 : 2015 Clause 10.2.1 (Corrective Action)

21
 Draft NCR example…3

No evidence of organization knowledge were maintained and

made available for staff’s reference.

Example :
1) No internal seminar has been conducted since last 2 years
2) New staff has limited knowledge compared with senior
staff because no collaboration among them. (List of staff)

ISO 9001 : 2015 Clause 7.1.6 (Organizational Knowledge)

22
 Klausa ISO

Klausa 7.5.1 (e)

The organization shall plan and carry out production or services provision
under controlled conditions. Controlled conditions shall include, as
applicable,
e) The implementation of monitoring and measuring equipment.

Ketidakpatuhan :
Panel mendapati rubrics perlu dan ada disediakan oleh pensyarah bagi
membuat penilaian pelajar, namun begitu berdasarkan sampel didapati
terdapat kursus-kursus yang tidak menggunakan rubrics secara konsisten. Ini
melanggar kepada keperluan piawaian yang menyatakan bahawa
organisasi perlu merancang dan melaksanakan penghasilan berdasarkan
kepada beberapa syarat kawalan. Syarat disini adalah pelaksanaan
instrumen kawalan dan pengukuran.
Gred Penemuan : Minor

23
 Klausa ISO
Klausa 8.2.2 Audit Dalam
The organization shall conduct internal audits at planned intervals to
determine whether the quality management system
1) Conforms to the planned arrangement (see 7.1), to the
requirements of this International Standard and to the quality system
requirements established by the organization, and
2) Is effectively implemented and maintained.

Ketidakpatuhan :
Panel mendapati PTJ tidak melaksanakan audit dalam bagi dua
tahun yang lepas sehingga audit ini dijalankan. Terdapat juga
kekangan bilangan auditor yang semakin mengecil dari 7 orang ke 4
orang kerana ada auditor yang menyambung pelajaran. Ini
merupakan ketidakpatuhan yang serius dan perlu diambil tindakan
segera oleh pihak pengurusan. Audit Dalam merupakan proses utama
yang perlu dilaksanakan oleh PTJ untuk memastikan sistem pengurusan
kualiti akan dapat dilaksanakan dengan berkesan dan terpelihara.
Gred Penemuan : Major

24
 Opportunities For Improvement

o ISO 9001 : 2015 requires an organization to

continually improve its QMS and product/service
quality.

o Internal auditors can contribute their ‘knowledge

and experience’ by suggesting areas for the
auditee to improve.

25
 Writing an OFI/Observation

ISO Observation
Clause
7.5.3 Audit has found that it is difficult to find
records of implementation (problem
statement).

Perhaps the company may use these

solutions e.g. by having e-records,
cabinets, large area.

26
 Contoh Penemuan InQKA

Pengauditan terhadap Piagam Pelanggan mendapati hanya Piagam

no. 1,2 dan 3 sahaja yang boleh diukur.

Bagi Piagam No.1 iaitu 'Untuk menerbitkan manuskrip asli yang lengkap
dan bersih dalam masa 12 - 14 bulan dari tarikh penerimaan' semakan
terhadap sample mendapati ianya mengikut piagam yang telah
ditetapkan.

Bagi Piagam Pelanggan No.3 , auditee memaklumkan bahawa

keperluan untuk menerbitkan manuskrip penterjemahan telah
berkurang.

Bagi Piagam Pelanggan No. 2 iaitu 'Pembayaran royalty dibuat

berdasarkan peraturan yang ditetapkan oleh Pusat Penerbitan Universiti',
semakan terhadap sampel mendapati bayaran dibuat dengan betul
dan mematuhi peraturan JKP yang telah ditetapkan.

Adalah dicadangkan supaya Penerbit UiTM menyemak semula Piagam

Pelanggan yang sedia ada bagi memastikan ianya boleh diukur dan
sama ada ianya masih lagi relevan untuk digunapakai.

27
Contoh Senario
Keperluan daripada pihak berkepentingan telah
dikenalpasti dan direkodkan untuk tindakan lanjut
oleh pihak PTJ. Berdasarkan senarai di dalam fail
maklumbalas pelanggan , di dapati keperluan dan
ekspektasi pihak berkepentingan yang direkodkan
pada tahun 2018 tidak diambil tindakan oleh PTJ
sepanjang tempoh tersebut. Panel Auditor membuat
susulan dengan temubual bersama coordinator
Pengurusan Pelanggan dan mendapati bahawa
maklumbalas tidak diambil dan tidak disalurkan
kepada pihak berkepentingan.
Berdasarkan semakan dokumen, ianya berlaku
terhadap keseluruhan senarai pihak berkepentingan
yang direkodkan oleh PTJ.
28
 Contoh Laporan ketidakpatuhan

Kriteria
5.1.2 (a) dan (c) menerangkan bahawa pengurusan
perlu menentukan, memahami dan memenuhi
keperluan pelanggan.
5.1.2 (c) menerangkan bahawa pengurusan perlu
melakukan peningkatkan kepuasan hati pelanggan.
Area 1.1.1 Review and Revisit Vission, Mission....
Area 2.1.1. Social Demand

Penemuan Audit
Pihak pengurusan tidak mengambil tindakan terhadapan keperluan
yang ditentukan oleh pihak.

29
 Contoh Laporan ketidakpatuhan

Bukti
1. Fail Maklumbalas Pelanggan Bil 1 Tahun 2020
2. Temubual bersama staff yang terlibat di bilik
mesyuarat
3. Aduan daripada pihak berkepentingan bertarikh 2
Jan 2020

Ketidakpatuhan
Major
Minor

30
 Contoh Laporan Memuaskan

5.1.2 (a) dan (c) menerangkan bahawa

pengurusan perlu menentukan, memahami
dan memenuhi keperluan pelanggan. Audit
menunjukan bahawa PTJ telah mengambil
tindakan terhadap keperluan pelanggan
berdasarkan dokumen, temubual dan
maklumbalas pelanggan. Tindakan ini selari
dengan keperluan COPIA 1.1.1 review and
revisit vision, mission dan COPIA 2.1.1 social
demand.

31
 Contoh Laporan OFI

5.1.2 (a) dan (c) menerangkan bahawa

pengurusan perlu menentukan, memahami
dan memenuhi keperluan pelanggan. Audit
menunjukan bahawa PTJ telah mengambil
tindakan terhadap keperluan pelanggan
berdasarkan dokumen, temubual dan
maklumbalas pelanggan . Penambahbaikan
boleh dilakukan dengan memaparkan
maklumbalas pelanggan yang berkaitan di
papan kenyataan dan laman sesawang.
Tindakan ini selari dengan keperluan COPIA
1.1.1 review and revisit vision, mission dan
COPIA 2.1.1 social demand.

32
 Rumusan

Secara umumnya, laporan yang dihasilkan

bergantung kepada bahan bukti yang didapati
semasa proses pengauditan. Ianya boleh jadi
major,minor, memuaskan mahupun OFI
berdasarkan apa yang diperolihi semasa audit.

Yang utama, semuanya laporan perlu

dinyatakan kriteria mana yang menjadi sumber
rujukan utama dalam proses untuk memastikan
ianya major, minor, memuaskan mahupun OFI.

33
 Discussion Among Auditors Prior
To Closing Meeting
▪ To synchronize audit findings among auditors
▪ Not in the presence of auditees
▪ Review all audit findings & identify nonconformity &
observation or OFI (which has been recorded in audit
checklist & audit notes).
▪ Marked them to avoid a miss in reporting
▪ Draft the statement of nonconformities & observation
▪ Write NCR & OFI in NCR form & OFI form
▪ Determine the status of NCR (e.g. major, minor, OFI)
▪ To select the relevant clause no. of issues of NCR & OFI
▪ Give reference no. to NCR
▪ Signature on NCR & OFI
▪ Submit NCR to Audit Team Leader for preparation of Audit
Summary Report.

34
 Closing Meeting - Purpose

• To present audit findings to the auditee in such a manner

as to obtain their clear understanding and
acknowledgement of the factual basis of the audit findings

• The Closing Meeting shall be chaired by the audit Team

Leader

35
 Closing Meeting - Purpose

✔ Opening Remarks & thanks

✔ Attendee list – Pass around for signature
✔ Review audit objective and scope
✔ Restrictions/limitation
✔ Tell of GOOD things you saw
✔ Review of findings
✔ Clarification
✔ Agreement and Q & A
✔ Closing and Thank You
✔ Save audit findings as Records

36
CORRECTIVE ACTION AND FOLLOW UP

37
 Fundamental Components of
Corrective Action

IDENTIFY
NONCONFORMANCE

IF EFFECTIVE
ROOT CAUSE
CLOSE OUT
PROCESS ANALYSIS

FOLLOW-UP APPLY
CORRECTIVE
ACTION

38
Corrective Action Follow Up
• Issue Corrective Action – Auditor
• Correction – Auditee
• Identify Root Cause – Auditee
• Corrective Action – Auditee
• Verify Corrective Action - Auditor

39
 How To Identify Root Cause

1. Investigate the relationship between causes and

problems

2. To differentiate between the root cause and symptom

3. Eliminating root cause can prevent from recurrence of

problem (corrective action)

4. Should consider 4M – Material, Man, Method, Machine

40
 How To Identify Root Cause

• Fishbone diagram
• 5 Why
• Why – why
• Relation diagram
• Tree diagram

41
 Response To The Audit Report

▪ An action plan of things to come

▪ Response time shall be timely without undue delay
o Third party : 30-90 days

o Second party: typically 30 days

o First Party: typically 14-30 days

▪ Team leader to keep track of the response

▪ To remind the auditee where necessary

42
 Corrective Action

Action taken to eliminate the causes of an

existing non–conformity, defect or other
undesirable situation in order to prevent
recurrence.

43
 Correction vs. Corrective Action

“Correction” refers to the action to eliminate a

detected nonconformity such as repair, rework,
scrap or adjustment – a quick fix

“Corrective action” relates to the elimination of the

causes of nonconformity

44
 Close Out
✔Accept the response if there is a reasonable chance of success

✔Request the changed or revised documents where promised

document change is involved.

✔Perform brief follow–up visit to personally verify the

implementation of the promised corrective action

45
 Integrated Quality
Management System
(iQMS)

46
 AGENDA
• Dasar Jaminan & Pengukuhan Kualiti (QAEP)
• Sistem Pengurusan Kualiti PTJ (iQMS)
• Pelaksanaan Audit Pendekatan Proses
• Audit Dalam iQMS

47
 DASAR JAMINAN & PENGUKUHAN
KUALITI: QAEP

Dasar ini merupakan satu usaha RINGKASAN EKSEKUTIF

untuk mengumpul dan
menyusun semua pekeliling, Penilaian dan Penilaian Kendiri
keputusan dan amalan
universiti berkaitan pengurusan 8. Jaminan Kualiti memerlukan penilaian
kualiti. tahunan yang tetap serta teguh.
8. KUK perlu menjalankan penilaian kendiri
Disebabkan perubahan terkini ke atas semua program di PTJ.
dalam pendidikan tinggi, 9. InQKA melaksanakan penilaian institusi
universiti dikehendaki secara tetap (audit COPIA).
mengkaji semula, 10. InQKA juga melaksanakan penilaian
memperbaiki dan mengukuhkan program secara berkala (COPPA dan
dasar dan amalan kualiti Piawaian Program) – Ini adalah satu dasar
baru.
11. KUK mengurus, memantau dan
membuat susulan ke atas semua bentuk
penilaian luaran, pemeriksa luar, lawatan
akreditasi dan lain-lain.

48
 QAEP: 9. Audit Kualiti Dalaman
Audit Kualiti Dalaman 9.3 Keberkesanan AKD. AKD 9.7 Komitmen
(AKD) adalah satu bertujuan memastikan SPK Pengurusan terhadap
mekanisme utama bagi diselenggarakan dan ditambahbaik AKD. AKD sebagai
memastikan semua dengan asas-asas berikut; alat/mekanisma penting
keperluan sistem dalam memastikan SPK
pengurusan kualiti sentiasa 9.3.1 Pertama, walaupun AKD dikekalkan dan
dipatuhi. bertujuan untuk memeriksa ditambahbaik;
pematuhan, ia MESTI sentiasa
AKD adalah satu berlandaskan keberkesanan proses 9.7.1 Pihak pengurusan
amalan/pelaksanaan dan prosedur. Pematuhan adalah PTJ MESTILAH memberi
penilaian yang terancang perlu tetapi keberkesanan MESTILAH sokongan sepenuhnya
dan sistematik bertujuan menjadi raison de tre audit kualiti. pelaksanaan
untuk menentukan sejauh [Link] ini mesti
mana dasar dan prosedur 9.3.2 Kedua, peranan AKD dalam dipamerkan melalui
yang mengawal semua membantu pihak pengurusan untuk minat yang ditunjukkan
proses dalam SPK, dipatuhi memperbaiki/menambahbaik sistem semasa mengkaji semula
dan tindakan pembetulan perlu dinilai secara berkala bagi laporan AKD dan dalam
diambil bilamana wujud memastikan nilai tambah kepada mengambil atau
ketidakpatuhan. organisasi. Ini perlu dilakukan dengan memerlukan tindakan
menilai persepsi auditee (yang susulan ke atas
diaudit) pada jarak waktu yang penemuan audit.
sesuai dan menganalisis data
dengan teliti untuk peluang
penambahbaikan.

49
Integrated Quality Management
System (iQMS)

50
 Integrated Quality Management
System (iQMS)
The Integrated Quality Management System For UiTM Is An
Amalgamation Of The Following:

• Quality Assurance and Enhancement Policy (QAEP)

• ISO 9001- Based Quality Management System
• COPIA or Code Of Practice For Institutional
Audit Requirements
• All levels of study programmes at UiTM - from undergraduate
to post graduate
• With the integration of the ISO 9001:2015 and COPIA, UiTM is
leveraging on the ISO 9001 as an accepted quality
management system standard worldwide and COPIA as the
series of guidelines.
• Integrated Audits shall be carried out to ensure the iQMS is
being monitored and run as planned.

51
 Understanding Quality Standards
in Code of Practice for Institutional
Audit (COPIA)

52
 External Review iQMS Findings
ER iQMS findings:

• Commendation (Attainment level 4 & 5)

• Affirmation (Attainment Level 3)
• Area of Concern (Attainment level 1 & 2)

53
 External Review iQMS Findings

• Fulfilment of attainment level 3 indicates conformity to

the stated standards.
• The scoring of the attainment level is based on a
cumulative or incremental approach. For example,
attainment level 5 will only be considered after
fulfilment of attainment level 4.

54
 External Review iQMS Findings
Commendation example:
1.1.3
• New vision, mission and educational goals being replace at all
platform as agreed by the management of UiTM CA. The update
involving UiTM CA website and brochure. Due to that, UiTM CA
based on UiTM CA Communication Plan Standard Operating
Procedure take proper action as stated in the SOP.
• The changes being announce to all stakeholders through email and
website. The email was sent on 15th April 2020 with subject:
Announcement on new Vision, Mission and Educational Objectives.
• Details explanation to the staff being made through Taklimat Khas
Rektor Kampus on 17th April 2020.
• On top of that UiTM CA did survey of the effectiveness on the
communication of the new statements and response for future
planning. Based on the analysis identified that 90% of the
stakeholders have fully understanding and target mission to bring
UiTM CA towards better development.

55
 External Review iQMS Findings
Affirmation example:

1.1.1
• Vision, mission and educational goals prepared by UiTM Shah
Alam. UiTM CA revise all platform to replace with the new
statements. The process to revise stated in UiTM CA Publishing
Standard Operating Procedure.
1.1.2
• The revise and replacing vision, mission and educational
goals with new statements being agreed in MPD meeting on
1st April 2020. The decision stated in minutes of meeting ‘Minit
Mesyuarat MPD Bil 5/2020’ by referring to page 3. (1.1.2)

56
 External Review iQMS Findings
Area of Concern example:

1.2.1
• Reflected from the new vision, mission and institutional goals
UiTM CA through formal workshop establish proper strategic
plans which consulted with only internal stakeholders
1.2.2
• The strategic plans being disseminated but not involving all
levels of staff in UiTM CA and not properly implemented and
understood.
1.2.3
• The implementation of the strategic plans are not monitored
with proper tools. Reviewing team also not being identified for
looking into the progress of the strategic plan achievement.

57