Login
  • +92-333-8611511
Menu

Audit & Certification Process

Home / Audit & Certification Process

Audit and Certification Process

The objective of Questionnaire is to gain an understanding of a client’s requirements. This includes the:

  • Name of Organization
  • Business activities/Scope of Organization
  • Standard(s) to be audited
  • Organization Location(s)
  • Accreditation Require
  • Effective Personal (FTEs)

Manager Business Development coordinates the questionnaire between prospect client and Manager Operation. If the Manager Operation determines more information is needed to properly respond to the client, the Manager Business Development visits the client to gain an understanding of a client’s facility and operations. The Manager Operation assesses a prospective client with respect to the risk of supplying services and may refuse to provide the certification service for any of the following reasons:

  • Client business is out of accreditation scope
  • Non-availability of competent staff
  • Commercial reasons
  • Questionable reputation of client

Whenever Questionnaire received, questionnaires passed to the authorized person of ISOQAR for preparing the application review to determine if the audit can be covered by ISOQAR Scope of Accreditation, audit time, code allocation, audit team selection, review of any risks.

The application review is than sent to application review approver for technical review and approval. The Application review will also include the man day estimation with suitable justifications for reduction/ increase in man days.

The Questionnaire and Application Review is then sent to marketing department for processing and preparation of a quotation (F082). All quotations shall be prepared on the basis of completed Questionnaires received from a prospect client and inputs received from Manager Operations.

An existing client may request for a quote for triennial (recertification for next cycle) before the end of the three-year cycle. Alternately, ISOQAR CERTIFICATION may contact the client to initiate the triennial quotation process. The Recertification Planning Review Form is sent to the client about three months before the expiry of current certificate, with a request to fill and return the same to Manager BD.

On receiving a completed Questionnaire and Application review, MBD will prepare a contract detailing audit cost, terms, conditions and requirements. On acceptance of this contract, the client will sign the contract and forward it with the advance cheque to ISOQAR. The project will then be allocated to the Manager Operations to carry out the audit in line with ISOQAR’s procedures.

The Agreement document set includes the following:

  • Client Agreement
  • Standard terms and conditions
  • Rules of Certification

Audit Methodology

The purposes of the audit visits are to provide reasonable assurance that the auditee organization’s management system conforms to the requirements of standard applied, as stated in the Certification Agreement, and to verify that the documented system has been implemented.

Audit Team leaders and auditors are responsible for ensuring the objectives of their assigned audits are fully met. The various activities needed to be carried out are:

  • Document review / Adequacy Audit – Stage 1 Audit
  • Registration Audit – Stage 2 Audit
  • Surveillance Audit
  • Triennial Audit
  • Follow- Up Audit
  • Special Visit

Stage 1 Audit is a part of the registration process. During the Stage 1, Requirements of the standard(s) are being audited by the auditee organization. A review of the client’s documentation with respect to the appropriate standard(s). The stage 1 audit is normally done on-site. However, an offsite audit may be considered if the auditor is familiar with the client’s activities (e.g. certified to other management system standards), provided the objectives of Stage 01 are met.

The objectives and scope of the audit are:

  • To audit the client’s management system
  • To evaluate the client’s location and site-specific conditions
  • Undertake discussions with the client’s personnel to determine the preparedness for the Stage 2 audit;
  • To review the client’s status and understanding regarding requirements of the standard, in particular with respect to the identification of key performance or significant aspects, impacts, risks, processes, objectives and operation of the management system;
  • To collect necessary information regarding the scope of the management system, processes and location(s) of the client, and related statutory and regulatory aspects and compliance (e.g. quality, environmental, H&S, legal aspects of the client’s operation, associated risks, etc.);
  • To review the allocation of resources (number and expertise of auditors and number of days) for Stage 2 audit and agree with the client on the details of the Stage 2 audit; (including any change to the number of days determined at Application Review)
  • To provide a focus for planning the Stage 2 audit by gaining a sufficient understanding of the client’s management system and site operations in the context of possible significant aspects;
  • To evaluate if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for the Stage 2 audit.
  • To identify and justify any non-applicable clauses under the scope of certification

 

Audit criteria are:

  • To undertake a Stage 1 audit against the normative requirements of the standard(s) and any other relevant related normative documents
  • To undertake a Stage 1 audit against the defined processes and documentation of the management system developed by the client

Once the adequacy of the management system is ascertained during the Stage-1 audit and all the identified non-conformances during Stage-1, Stage 2 audit date is agreed and an audit is carried out by the auditor(s). If further visits are required due to non-compliances found, these will be undertaken and extra charge will be incurred by the client. The on-site audit is carried out using client manuals and procedures and by interviewing relevant members of staff regarding their working practices.

The objective of the Registration Audit (Stage 2 Audit) is:

  • To confirm that the management system conforms with the requirements of the audit standard and also any statutory, regulatory and contractual requirements that are applicable
  • To confirm that the organization has effectively implemented the planned management system
  • To confirm that the management system is meeting its specified objectives
  • The auditing is based upon a sampling process of available information
  • As applicable identification of areas for potential improvement of the management system.
  • To identify any non-applicable clauses under the scope of certification

Audit criteria:

  • Documents, procedures, and policies relevant to the standard (ISO 9001:2015) being audited will be required.
  • Procedures, Policies developed by organization.
  • Applicable legal and regulatory requirements
  • The audit will be performed against the scope of activities agreed at the opening meeting or as agreed at stage 1 or as detailed on the Certificate.
  • The audit will be conducted at the locations identified on this audit plan

Audit Scope

The audit will evaluate the effectiveness of the processes identified within the visit plan and in line with the 3-year plan. The audit will be conducted at the location(s) specified within the visit plan.

Audit Report are reviewed with Technical Experts at three (03) stages to arrive at the appropriate certification decision.

  • Stage 1 includes administrative review. The submitted set of documents is reviewed by relevant authorized person (Notified in Certification committee). Audit report review checklist (F101) is used to record the review
  • Stage 2 includes technical review. The audit report along with audit report review checklist is submitted to Certification committee member for technical review which includes review of the information provided by the audit team is sufficient with respect to certification requirements, scope of accreditation and effectiveness of corrections and corrective actions. Stage 2 Review shall be carried out by the resource qualified for the specific IAF sector, provided he has not participated in the audit and has not declared any conflict with the client.
  • Stage 3 includes decision making (granting or refusing) by certification committee chairman/or of by 3rd person (In absence of CEO) by considering Administrative and technical review of audit report.

Upon successful certification decision, certificate is issued to client for a defined period of time.

Note: After certification, if the client changes anything which significantly affects the conformance to applicable management systems, applicable regulatory or statutory requirements or interested party requirements, then ISOQAR must be informed. ISOQAR reserves the right to re-audit if necessary.

Surveillance Audits performed to ensure the on-going compliance and continual improvement of the respective management system.

Audit Objective for Surveillance

 Each surveillance for the relevant management system standard shall include:

  • Internal audits and management review
  • A review of actions taken on nonconformities identified during the previous audit
  • Complaints handling
  • Effectiveness of the management system with regard to achieving the certified client’s objectives and the intended results of the respective management system (s)
  • Progress of planned activities aimed at continual improvement;
  • Continuing operational control
  • Review of any changes
  • Use of marks and/or any other reference to certification

First Surveillance Audit will be conducted within twelve months from date of certification decision and the subsequently at least once per calendar year.

Certificates will be maintained provided that the certified clients continue to satisfy the management system standard and based on positive recommendation from the audit team leader during routine surveillance audits provided that any non-conformity or any other situations which may lead to withdrawal / suspension of certification.

The recertification activity shall include the review of previous surveillance audit reports and consider the performance of the management system over the most recent certification cycle. The renewal audit planned and conducted for timely renewal before the certificate expiry date. ISOQAR normally initiates the renewal process three months prior to the certification expiry date.

A triennial audit review form will be prepared for each renewal audit. Decision on renewing the certificate will be made by ISOQAR based on results of recertification audit (review of report), review of the certified client’s system over the period of certification and any complaints received against the certified client over the certification period.

This may be applied for in the same way as the initial audit, indicating the increased scope of registration being required. Audit will be carried out in the areas not previously audited. If successful, a new certificate indicating the new full scope will be issued by ISOQAR. There will be a charge for extensions to scope and re-issue of the certificates. The future surveillance days will be accordingly amended.

ISOQAR shall wherever applicable reduce the scope of certification if during the time of routine surveillance audits / Re approval or Renewal audits it finds that the certified client has continually / seriously failed to meet the certification requirements for those parts of the scope of certification. The reduction in scope will be approved by the Chairman of Certification Committee.

These are for clients registered with ISOQAR These audits are necessary to investigate any complaints, changes in management systems, follow up on suspended clients. Requirements of short notice audits are informed to client at time of contract finalization through F 082 Client Agreement. Special care will be taking in assigning the audit team for short notice / unannounced audits.