ISO 9001:2015

Update News

By : Jesaya Jaduman S.DELIVERING

ST SUSTAINED SUCCESS | nevilleclarke.com
Jesaya Jaduman S
Client Manager (Trainer/Tutor, Auditor & Consultant)
Six Sigma Black Belt & Lean Six Sigma Black Belt (Operation Excellence Expert)
ISO 9001/IATF 16949, ISO 45001/OHSAS, EMS 14001, FSMS ISO 22000, EnMS Lead Auditor
Safety Expert, People Development

Experience:
Yasonta Samsung (3 Years); Sanyo Compressor (5 Years); Nitto Materials Indonesia (8 Years); Adyawinsa
Stamping Industries (4 Years); LG International (5 Years); NevilleClarke/BSI Group (3 Years)

IMS Client:
- Siemens, Jkt - Sinar Medow, Jkt - Indokarlo, Bogor - American Standard, Jkt
- Schneider, Ckrg - JST, Cibitung - Morrirokku, Krwg - Cilegon Fabricator, Banten
- BASF, Jkt - Varta, Batam - Broco, Tangerang - Adent Automotive, Krwg
- KAO, Ckrg - Kayaba, Cibitung - Voith Paper Roller, Cibitung - Marugo Rubber, Krwg
- YIMM, Jkt - Huntsman, Jkt - Goodyear, Bogor - Crown Beverage, Krwg
- Semen Padang, Pdg - Marubun Arrow, Jkt - Sucofindo, Jkt - Beakert, Krwg
- Statomer, Merak - Grandtex, Bandung - Sakura, Ckrg - Darva Varia, Bogor
- Caterpillar, Batam - Asmo Indonesia, Cibitung - Buma, Jkt - Djabesmen, Ckrg
- Mortar Utama, Jkt - RS Premier, Jkt - Metro TV, Jkt - PAKO group, Jkt
- Kota Minyak, Jkt - G. Tech, Krwg - Elnusa, Jkt - Gunung Sewu, Jkt
- Eblem Asia, Ckrg - Mahakam Beta, Jkt - Federal Nintan, Cibitung - Cardig, Jkt
- Advics, Krwg - Panasonic, Ckrg - Kyowa, Cibitung - Oil Tanking, Karimun
- EPSON, Ckrg - Berca, Jkt - Panarub, Serang - Pusjatan, Bandung
- Henkel, Jkt - Mitsuba, Krwg - AT Indonesia, Krwg - Kansai, Jkt
Session aim
To identify and discuss the requirements and concept
embraced of ISO 9001:2015
1 ISO 9001:2015
Basic Thinking
& Concept
Perubahan utama dari versi sebelumnya

 Penerapan Struktur Level Tinggi dari Annex SL

 Persyaratan eksplisit untuk berpikir berbasis risiko untuk mendukung
dan meningkatkan pemahaman dan penerapan pendekatan proses
 Lebih sedikit persyaratan yang ditentukan (lebih banyak kebebasan)
 Kurang penekanan pada dokumen
 Peningkatan penerapan untuk industri jasa
 Persyaratan untuk menentukan batas-batas SMM
 Peningkatan penekanan pada konteks organisasi
 Peningkatan persyaratan mengenai kepemimpinan
 Penekanan lebih besar pada pencapaian hasil yang diinginkan untuk
meningkatkan kepuasan pelanggan.
ISO 9001:2015 Perubahan Utama (1)

Use of the High Level Structure (HLS)

More compatible with services, fewer

prescriptive requirements

Relevant interested parties now added

Organizational context and risk must be

understood

Documented information now referenced

ISO 9001:2015 Perubahan Utama (2)
No specified requirement for a
management representative

Risk replaces preventive action

Processes require objectives where relevant

Objectives require a plan

Planning for change now a requirement

ISO 9001:2015 Perubahan Utama (3)

Enhanced leadership requirements

- Policy and objectives are in line with the

strategic direction of the organization

- Management system to be within the

organization’s existing processes

- Customer Focus requires risks and

opportunities affecting products and
services are addressed
ISO 9001:2008
1. Bersifat Konvensional
2. Prosedural (Theoiritis &
Formalitas  Write what you
do, Do what you write)
3. Pendekatan Process
(Implisit/Conform Should)
4. Belum ada jaminan untuk
mencapai Target
5. Belum ada Concept/Tools
untuk mencapai Target
VS ISO 9001:2015
1. High Level Structure
2. Process Based (Result
Oriented)
3. Pendekatan Process
(Explisit/Perform
Shall/Mandatory)
4. Adanya jaminan untuk
mencapai Target
5. Adanya Concept / Tools
untuk mencapai Target yaitu
: PBR (Pemikiran Berbasis
Resiko) yang kita sebut RBT
(Risk Base Thinking)
ISO 9001:2008 VS ISO 9001:2015

1. Should 1. Shall

2. Consider 2. Take into account

3. Applicable 3. Appropriate

4. MOC (Management Of Change) 4. POC (Plan Of Change Clausal

/ COC (Change Of Change 6.3)
Clausal 8.5.6)

5. Conform 5. Perform (8.3.4) Result

Oriented for Business Process
Dasar QMS

Prinsip
Manajemen
Kualitas

Pendekatan
Proses

Pemikiran
PDCA berbasis
resiko

Annex SL
Struktur
tingkat tinggi
Concepts embraced in ISO 9001:2015

High Level Structure Quality Management Process Approach

Principles

Annex SL 7 Principles PDCA + Risk-based thinking

Intended outcomes:
ISO 9001 Purpose  Conforming products & services
Standard 12
 Customer satisfaction
High Level Structure at Annex SL

Lampiran 2
Annex SL • Struktur tingkat tinggi
• Teks inti identik
Proposal untuk • Istilah dan definisi inti
standar sistem umum
ISO / IEC manajemen
Arahan,
Bagian 1

ISO konsolidasi
Tambahan -
Prosedur
khusus untuk
ISO
Maksud dari Annex SL

• Konsistensi dan keselarasan dari semua Standar Sistem

Manajemen (MSS – Management System Standard)
• Kontribusi untuk sistem manajemen terintegrasi

Masa depan
Persyaratan-
ISO Standar
Annex SL disiplin
tertentu Sistem
Manajemen

Sama secara keseluruhan

"tampilan" & "merasa"

Konsisten dan kompatibel
Alasan untuk Revisi
• Review periodik

• Adaptasi terhadap
kebutuhan
perubahan

• Standarisasi
struktur sistem
manajemen –
struktur level tinggi
dari ANNEX SL
* Results of survey – concepts to be included
Quality Management Principles
CLEPIER
Principle Examples of Application in ISO 9001
Customer Focus 4.2, 4.3, 5.1.2, 5.2.1(c), 5.3(d), 6.2.1(d), 8.2, 8.5.3,
8.5.5(d)&(e), 9.1.2, 9.3.2(c)(1), 10.1(a)
Leadership 5.1, 5.2, 5.3, 9.3
Engagement of 4.4.1(e), 5.1.1(h), 5.1.1(j), 5.2.2(b), 5.3, 6.2.2(c),
People 6.3(d), 7.1.2, 7.2, 7.3, 7.4, 7.5.3.1(a), 8.3.2(d), 8.5.1(e),
8.6(b), 8.7.2(d), 9.2.2(c)
Process Approach 4.4, 5.1.1(d), 6.1.2(b)(1), 6.2.1, 7.1.2, 7.1.4, 7.1.6, 8.1,
9.3.2(c)(3)
Improvement 4.4.1(h), 5.1.1(i), 5.2.1(d), 5.3(c), 6.1.1(d), 7.1.1,
7.3(c), 9.1.3(g), 9.2.2(e), 9.3.2(f), 9.3.3(a), 10.1, 10.2,
10.3
Evidence-based 4.4.1(g), 6.2.1(b), 6.2.2(e), 8.1(e), 8.5.1(c), 9.1, 9.2,
Decision Making 9.3, 10.2.1(b)(1), 10.3
Relationship 4.2, 5.2.2(c), 7.1.1(b), 8.3.2(e), 8.4, 8.5.3, 9.1.3(f),
Management 9.3.2(c)(7)
16
What is a Process?

• Set of interrelated or interacting activities that use inputs to

deliver an intended result, i.e.
• outputs,
• product or service
depends on the context of the reference
• Address risks and opportunities and have objective(s) to drive
the process

INPUT OUTPUT
PROCESS
Interface between processes i.e. input of process from
previous process  output to next process
Note: The key processes, with their lines of flow, make up what we called
the Business Process Map

17
Audit by Process Approach

A process in sequence:

When auditing, look at the process from various angles.

An output of previous process becomes the input to the

next process. Processes are inter-linked!
18
19
20
22
2 Establishing
Project
(CONFORM)
Pendekatan PDCA
Phase Deskripsi

Plan (P) Rencana apa yang dilakukan untuk memulai tindakan yang diusulkan - siapa,
apa dan kapan

Do (D) Apakah prosesnya dilakukan sesuai dengan rencana ? Apakah metodenya

dikomunikasikan dan dimengerti ooleh seluruh proses terkait ?

Check (C) Dimulai dengan pertanyaan mengenai kinerja, apa yang diharapkan, dan apa
indikatornya dan kinerja aktualnya

Act (A) Bagaimana meningkatkan kinerja dan tindakan atau inisiatif apa yang telah
dimulai.

24
SIPOC & Turtle Diagram

• They are many other process analysis techniques.

• SIPOC and Turtle Diagram are just two of the common
examples commonly used by the organizations.
• Other methods include but not limited to:
a) Failure Mode & Effect Analysis (FMEA)
b) Cause & Effect Analysis (CEA)
c) Root Cause Analysis (RCA)
d) SWOT Analysis
e) Others

25
What is SIPOC?

A schematic representation of any process and shows the interaction of its

elements. The monitoring and measuring check points, which are necessary for
control, are specific to each process and will vary depending on the related risks.

26
 ISO 9001:2015
Interpretasi dan Implementasi ISO 9001:2015

Pendahuluan  Kesamaan teks inti

1. Ruang lingkup  Disiplin yang spesifik
2. Acuan normatif & pengembangan
3. Istilah dan definisi (ISO 9000:2015)
4. Konteks organisasi
4.1 Pemahaman organisasi dan konteksnya
4.2 Pemahaman kebutuhan dan harapan dari pihak terkait
4.3 Menetapkan ruang lingkup dari Sistem Manajemen Mutu
4.4 Sistem Manajemen Mutu dan proses-prosesnya
5. Kepemimpinan
5.1 Kepemimpinan dan komitmen
5.1.1. Umum
5.1.2. Fokus pelanggan
5.2 Kebijakan
5.2.1. Membuat kebijakan mutu
5.2.2. Komunikasi kebijakan mutu
5.3 Peran, tanggung jawab dan otorias organisasi
6. Perencanaan
6.1 Tindakan untuk mengatasi risiko dan peluang
6.2 Sasaran Mutu dan rencana untuk pencapaiannya
6.3 Perencanaan terhadap perubahan
 ISO 9001:2015
Interpretasi dan Implementasi ISO 9001:2015

7. Pendukung  Kesamaan teks inti

 Disiplin yang spesifik
7.1 Sumber daya & pengembangan
7.1.1 Umum
7.1.2 Orang
7.1.3 Infrastruktur
7.1.4 Lingkungan untuk operasional proses
7.1.5 Pengawasan dan pengukuiran sumber daya
7.1.6 Pengetahuan organisasi
7.2 Kompetensi
7.3 Kepedulian
7.4 Komunikasi
7.5 Informasi terdokumentasi
7.5.1 Umum
7.5.2 Pembuatan dan pembaharuan
7.5.3 Pengendalian informasi terdokumentasi
 ISO 9001:2015
Interpretasi dan Implementasi ISO 9001:2015

 Kesamaan teks inti

 Disiplin yang spesifik
& pengembangan
8. Operasional
8.1 Perencanaan dan Pengendalian Operasional
8.2 Persyaratan untuk produk dan jasa
8.2.1 Komunikasi pelanggan
8.2.2 Penetapan persyaratan untuk produk dan jasa
8.2.3 Review terhadap persyaratan produk dan jasa
8.2.4 Perubahan terhadap persyaratan produk dan jasa
8.3 Desiain dan pengembangan dari produk dan jasa
8.3.1 Umum
8.3.2 Perencanaan desain dan pengembangan
8.3.3 Masukan desain dan pengembangan
8.3.4 Pengendalian desain dan pengembangan
8.3.5 Keluaran desain dan pengembangan
8.3.6 Perubahan desain dan pengembangan
 ISO 9001:2015
Interpretasi dan Implementasi ISO 9001:2015

 Kesamaan teks inti

8. Operasional  Disiplin yang spesifik
& pengembangan
8.4 Pengendalian terhadap proses, produk dan jasa terhadap
penyedia dari luar
8.4.1 Umum
8.4.2 Tipe pengembangan pengendalian
8.4.3 Informasi bagi penyedia dari luar
8.5 Penyediaan produk dan jasa
8.5.1 Pengendalian penyediaan produk dan jasa
8.5.2 Identifikasi dan ketertelusuran
8.5.3 Properti milik pelanggan atau penyedia dari luar
8.5.4 Perawatan
8.5.5 Kegiatan setelah pengiriman
8.5.6 Pengendalian terhadap perubahan
8.6 Pelepasan produk dan jasa
8.7 Pengendalian terhadap keluaran tidak sesuai
 ISO 9001:2015
Interpretasi dan Implementasi ISO 9001:2015

 Kesamaan teks inti

9. Evaluasi Kinerja  Disiplin yang spesifik
& pengembangan
9.1 Pengawasan, pengukuran, analisa dan evaluasi
9.1.1 Umum
9.1.2 Kepuasan pelanggan
9.1.3 Analisa dan evaluasi
9.2 Audit Internal
9.3 Tinjauan manajemen
9.3.1 Umum
9.3.2 Masukan tinjauan manajemen
9.3.3 Keluaran tinjauan manajemen

10. Perbaikan
10.1 Umum
10.2 Ketidaksesuaian dan tindakan perbaikan
10.3 Perbaikan berkelanjutan
 Continual
3 Improvement
Project
(PERFORM)
Pendekatan CAPD
Phase Deskripsi

Check (C) Dimulai dengan pertanyaan mengenai kinerja, apa yang diharapkan, dan apa
indikatornya dan kinerja aktualnya

Act (A) Bagaimana meningkatkan kinerja dan tindakan atau inisiatif apa yang telah
dimulai.

Plan (P) Rencana apa yang dilakukan untuk memulai tindakan yang diusulkan - siapa,
apa dan kapan

Do (D) Apakah prosesnya dilakukan sesuai dengan rencana ? Apakah metodenya

dikomunikasikan dan dimengerti ooleh seluruh proses terkait ?

33
 AUDIT ORIENTED & CALIBRATION
1. Apa essensi audit? Fact (Evidence/Information) Finding
2. Fakta apa yg hrs ada? a. Apakah Target Bisnis organisasi tercapai
b.Apakah Persayaratan ISO 9001 di penuhi
c.Apakah terjadi Continual Improvement
3. Apa tipe fakta yg hrs ada? a. Conformity
b. Non-Conformity
4. Bgm cara mendapatkan fakta? Dengan cara verifikasi (perlu persiapan diri,
Kata Kunci “Persiapan audit itu sama
pentingnya dgn audit itu sendiri)
5. Bgm cara melakukan Dengan Segitiga Audit
verifikasi?
Question/ Opening Q
Probing Q
interview Close Q

Observation
Examination
6. Bgm cara membuat fakta? Conformity  LOR
Non-Conformity  PLOR

7. Apa fungsi audit secara bisnis? Check & Balances

8. Apa tujuan akhir audit? Melahirkan Continual (Pemutahiran System 

CCSR/Change Combine Simplyfy Re-arrange)
SIPOC & Turtle Diagram

• They are many other process analysis techniques.

• SIPOC and Turtle Diagram are just two of the common
examples commonly used by the organizations.
• Other methods include but not limited to:
a) Failure Mode & Effect Analysis (FMEA)
b) Cause & Effect Analysis (CEA)
c) Root Cause Analysis (RCA)
d) SWOT Analysis
e) Others

35
What is Process Analysis Chart?

• It is a process analysis tool as well as audit tool.

• Graphically showing what are needed (4M+1E) to make
the process works.
• Include process performance indicators to measure the
effectiveness of the process.
• Includes Standard’s clause number to highlight the
requirements.
• As an input to the checklist creation.
 It is a audit tool commonly used by the ISO/TS 16949
Automotive auditors

36
Inputs untuk Checklist Audit

Documented Checklists
ISO 9001 Procedures sebelumnya

Persyaratan
pelanggan
Analisis Proses

Org Context

Risks &
opportunity
Lainnya
Pengetahuan
Quality Policy
Industri
Quality objectives

Plan…..

37
Turtle Diagram – Simplified Example
With what? Risk? Control With who? Risk? Control
Machine & Key machine Ref to Competence Mass staff Ref to Action
Equipment failure Action Plan 7.2 resignation Plan 20
7.1.3 AP21 & KPI

Inputs
Outputs
Requirements Manufacturing Finished Goods
8.2.2 8.5 8.5.4

How? Risk? Control Support What Result?

Spec, Wi, Nil NA Processes KPI or objectives
Procedure QC 9.1.3
8.5.1 a IT
Training

38
Turtle Model
 IMS 24 CR1

Process-based Auditing Model (ISO 9001 QMS)

IMS Internal Auditing (Quality, Environmental & OHS)
Slide: 40

Quality Policy  Quality Objectives  Customer Satisfaction & Conforming Products & Services

People Other Resources

• Roles, Responsibilities, • Infrastructure
Authorities • Environment for the operation of processes
• Competence • Monitoring & measuring resources
• Awareness • Organizational knowledge
• Communication
• Product/service
Process

Input Risks & Opportunities Output • Interface with

• Actions to address Risks & next process
Opportunities integrated into the • Records
• Material/WIP • Nonconforming
• Interface with process
product/waste
previous • Documented • Performance indicators
process information of how • Performance evaluation
• Order/req’t/ process works • Improvement Risk & Opportunity
instruction Source
Criteria & Method Performance Results
Risk & Opportunity
Effect
• Determine what the process is to achieve (Input  Output  Objectives)
• How the process is being controlled (Results from How the People carry out the process
with What resources and addressing the Risks & Opportunities)
• Look at relevant ISO
Global clausefor
Partner requirements
Business Success
 IMS 24 CR1
Process-based Auditing Model (ISO 14001 EMS)
IMS Internal Auditing (Quality, Environmental & OHS)
Slide: 41

Environmental Compliance with obligations

Objectives
Policy environmental performance
Why - Objective?
How?
(target, measurement & improvement)
(procedures & methods)
Objectives & programme
Environmental Aspect
Monitoring and measurement
Legal and other requirement
Evaluation of compliance
Documentation
nonconformity, corrective
Control of documents
and preventive action
Operational control
Internal audit
Emergency preparedness & response
Management review

OUTPUT
INPUT
Process
Risks & Opportunities Conforming product
- Customer schedule Actions to address Risks & delivered according to
- Raw materials Opportunities integrated customer schedule
into the process & pollution prevention

With What? With Who?

(infrastructure, equipment, material) (competence, skill, training)
Operational control Policy
Monitoring and measurement Resources, roles, responsibility,
and authority
Competence, training and awareness
Global Partner for Business Success Communication
Process-based Auditing Model (OHSAS 18001)
IMS 24 CR1
IMS Internal Auditing (Quality, Environmental & OHS)
Slide: 42

Compliance with obligations

OH&S Policy Objectives
OH&S performance

WITH WHO WITH WHAT

• Roles, responsibilities, • Resources: finance,

authorities technology, infrastructure
• Competence, specialized skills • Monitoring & measuring
• Awareness resources
• Communication • Product/service
• Interface with
next process
Input OH&S hazards & risks Output (Needs fulfilled)
• Records
• Materials • Actions to address OH&S hazards & risks • Nonconforming
• Energy integrated into the process product/waste
• Interface with • Emission/
previous • Actions to control OH&S • OH&S Performance
discharge
process hazards & risks evaluation (+ evaluation
(Needs) • Actions for compliance to of compliance)
obligations • Improvement
• Documentation of how
process works
• Operational control
• Emergency preparedness and
response
HOW Global Partner for Business Success WHAT RESULTS
Where to Start?

With what? With whom?

Inputs
Process Outputs

Customer
Needs OR The products or
previous services expected
Start With by the customer
process How?
Performance OR outputs
expected by next
Support
process
Processes

43
Overview on Process Approach and How It
Applies to Auditing
Auditors need to:
•Look at Management System as a whole [overall process]
• Inputs [interested parties requirements & resources]
• Outputs [performance measurements of both intended
( i.e. product/service required) and unintended (i.e.
emission/discharge/incident)]
• Linkages between processes
•Look at business needs, policy and objectives
•Look at actions to address risks and opportunities and
performance
•Look at how it meeting the IMS and organization requirements
•Look at continual improvement.
How the process is being controlled! It is the Results from How the People carry out the process with
What resources and addressing the Risks & Opportunities)
44
Application of Process Approach & Risk-based
Thinking in Audit Planning
• Priority and frequency of the
processes to be audited should
be taken into consideration of
a) the importance of the
processes
b) the risks in meeting the
intended objectives &
outcomes.
c) results of risk assessments of
the organization’s activities,
and
d) the results of previous audits
45
ISO 19011:2018
Membatalkan dan menggantikan edisi kedua ISO 19011:2011.

Perubahan utama, diantaranya:

• Prinsip audit audit berbasis risiko,
• Risiko pada pengelolaan program audit,
• Perluasan panduan pelaksanaan audit, terutama perencanaan audit.
• Perluasan persyaratan umum kompetensi auditor,
• Proses, bukan obyek (“sesuatu”),
• Penghilangan Annex persyaratan kompetensi,
• Annex A menyajikan panduan konsep audit baru (termasuk audit virtual,
kepatuhan dan rantai pasok).

46
ISO 19011:2018
1. Ruang lingkup
2. Referensi normative
3. Istilah dan definisi
4. Prinsip-prinsip mengaudit
5. Pengelolaan program audit
5.1 Umum
5.2 Penerbitan sasaran program
audit
5.3 Penetapan dan pengevaluasian
risiko dan peluang program audit
5.4 Penerbitan program audit
5.5 Pelaksanaan program audit
5.6 Pemantauan program audit
5.7 Peninjauan dan peningkatan
program audit
6. Pelaksanaan audit
6.1 Umum
6.2 Inisiasi audit
6.3 Persiapan aktifitas audit
6.4 Pelaksanaan aktifitas audit
6.5 Persiapan dan pendistribusian
laporan audit
6.6 Penyelesaian audit
6.7 Pelaksanaan tindak-lanjut audit
7. Kompetensi dan evaluasi auditor
7.1 Umum
7.2 Penetapan kompetensi auditor
7.3 Penerbitan kriteria evaluasi auditor
7.4 Pemilihan metode evaluasi auditor
yang sesuai
7.5 Pelaksanaan evaluasi auditor
7.6 Pemeliharaan dan peningkatan
kompetensi auditor
47
ISO 19011:2018

Risiko dan peluang program audit

Item Risiko (contoh)

Perencanaan - Gagal menetapkan sasaran audit yang relevan
- Gagal menetapkan jangkauan, jumlah, durasi, lokasi dan jadwal
audit.
Sumber daya Kecukupan waktu, perlengkapan dan/atau pelatihan untuk
mengembangkan program audit atau pelaksanaan audit.
Pemilihan tim audit Ketidakcukupan kompetensi keseluruhan untuk melakukan audit
secara efektif.
Komunikasi Proses/jalur komunikasi internal/eksternal yang tidak efektif.
Implementasi - Kordinasi yang tidak efektif audit dalam program audit, atau
- Tidak mempertimbangkan kerahasiaan dan keamanan informasi
Pengendalian dokumen - Penetapan yang tidak efektif dokumentasi yang dibutuhkan
auditor dan pihak terkait lainnya
- Gagal melindungi rekaman audit secara layak
Pemantauan, peninjauan Pemantauan hasil program audit yang tidak efektif
dan peningkatan program
audit
Kerja sama - Ketiadaan kerja sama dari auditee
- Ketiadaan sampel untuk bukti audit

48
Definisi Audit menurut ISO 19011:2018
• Audit: Proses yang sistematis, independen, dan tedokumentasi untuk
mendapatkan bukti obyektif dan mengevaluasinya secara obyektif
untuk menentukan sejauh mana kriteria audit terpenuhi.

INPUT Proses OUTPUT

 Sasaran audit Audit
 Temuan audit
 Ruang lingkup  Kesimpulan audit
 Kriteria audit  Rekomendasi
 Rencana audit Tinjau  Langkah selanjutnya
 Audit check list  Laporan audit
 Hasil audit sebelumnya  Aktual vs rencana  Dll
 Sumber daya  Efektifitas audit
 Dll...  Pelaksanaan
 Kompetensi auditor
 Output vs inputnya
 Dll

• Bukti obyektif: data yang mendukung keberadaan atau kebenaran sesuatu

• Kriteria audit: rangkaian persyaratan yang digunakan sebagai satu referensi terhadap bukti
audit yang dibandingkan.
• Bukti audit: rekaman, pernyataan atas fakta atau informasi lain, yang relevan dengan kriteria
audit dan dapat diverifikasi. 49
Definisi audit:

• Audit: Proses yang sistematis, independen, dan tedokumentasi untuk

mendapatkan bukti obyektif dan mengevaluasinya secara obyektif untuk
menentukan sejauh mana kriteria audit terpenuhi.

Planning Tidak mendadak

Verifikasi
tindakan
perbaikan Close- Sesuai
Executing
out
terhadap perencanaan
ketidaksesuaian

Reporting
Kepada manajemen yang relevan

50
Definisi audit:

• Audit: Proses yang sistematis, independen, dan tedokumentasi untuk

mendapatkan bukti obyektif dan mengevaluasinya secara obyektif untuk
menentukan sejauh mana kriteria audit terpenuhi.

Pilihlah auditor yang:

 Imparsial, tidak berpihak, tidak
ada konflik kepentingan. Tidak
hanya: tidak mengaudit
pekerjaannya sendiri!!
 Obyektif, melakukan audit
kepada sistem, bukan ke
individu.
 Bernilai tambah.

51
Definisi audit:

• Menurut ISO 19011:2018 (3.1):

• Audit: Proses yang sistematis, independen, dan tedokumentasi untuk
mendapatkan bukti audit dan mengevaluasinya secara obyektif untuk
menentukan sejauh mana kriteria audit terpenuhi.

Kriteria
Bukti audit
VS audit

Problem
Temuan audit
Location
Kesesuaian Ketidaksesuaian Objective
Misal dengan Misal dengan evidence
pendekatan LOR pendekatan PLOR
Requirement
Laporan
Audit

52
Nonconformity MUST

Problem
• Be factual/objective Statement
• Be clear and concise
• Give clause number of Standard
• Be locatable by other Auditors
• Define the exact instance – NC
Objective Evidence
• Not include individual names Evidence Requirement
• Be given a unique identifier
• Be categorised (e.g. minor/major) if third party audit
• Be acknowledged / signed by Company

53
Nonconformity Statement (Example #1)
Problem 1. Failure in the system (e.g., Failed to revise and
Statement update environmental aspect register in three years
despite changes in activity, products and service.)

2. Evidence (e.g., The environmental aspect and impact

Evidence register completed by the Manufacturing Department
over three years ago has not been reviewed and
revised since there is changes occurred in product
and operations such as addition of manufacturing
processes for model XYZ.)

3. Reference to the audit criteria (e.g., This is against

Requirement ISO 14001, Clause 6.1.2, which require the
organization to take into account of change, including
planned or new developments, and new or modified
activities, products and services when determining
environmental aspects)
54
Auditor Code of Conduct

• Professional capabilities and judgement

• Honesty and business-like
• Continual learning
• Uphold integrity
• Ethical conduct, avoid conflict of interest
• Maintain confidentiality
• Abuse of information
Auditor Should

• Avoid ‘nit-picking’
• Take good points into account
• Be punctual
• Perform all tasks
• Avoid argument
• Audit against specification
• Audit system not individual
• Be sensitive to local customs
• Respect confidentiality at all stages
• Obey any rules / regulations of Auditee
• Be facilitating the audit e.g. put people at ease
• Be assertive – express your needs, stand up for your right, honest
& work towards satisfying all parties.
56
How To Get The Most Out Of Internal Audit

• Must be a ‘no-blame’ culture

• Auditor and Auditee should work in partnership
• Encourage staff to reveal problem areas
• Both Auditor and Auditee should look for improvements
• Audits must be seen as essential part of business
• Positive terms can be used (e.g. ‘finding’ not ‘nonconformity’)
• ‘Findings’ or ‘nonconformities’ should be seen as ‘opportunity
to improve’
• Must be adequate time and resources for Auditee/Auditor to
perform audit

57
Preparing Audit Report

• Prepared under direction of lead auditor.

• Lead auditor is responsible for report:
• Accuracy
• Completeness
• Report topics should be those agreed in
the audit plan.
• Any changes required should be agreed
by the parties concerned.

58
The Audit Report (1/2)

Audit findings:
List of
Observation/
Audit findings: Opportunity for
List of Improvement
IMS Nonconformity (OFI)
Audit Report

(incl. Conclusion)

59
The Audit Report (2/2)

ISO 19011 says may include: • Audit conclusions

• Identification of client and • A statement on the degree
audited organization to which the audit
• Audit objectives, scope and criteria have been fulfilled.
plan • Statement confidentiality,
• Audit criteria • and, others as appropriate
• Date & place of audit e.g. agreed follow-up plans,
• Identification of auditees / report distribution.
guides
• Identification of audit team
• Audit findings and related
evidence
60
Summary & Conclusion

• Audit - is a “check & balance” activity.

• Follow PDCA approach.
• More time should be spent in “Planning” – especially the
application of process approach and risk-based thinking.
• Audit Plan & Audit Checklist prepared.
• All NCs need to be addressed: correction & corrective
action.

Any further clarification or

information needed?

61