Objectives of audit planning are to:
- Plan and schedule the internal quality audit activities at the project and organizational levels
- Define the scope and criteria for internal audits
- Select the Audit team and assign responsibilities
Process Entry/Exit Criteria
|Entry Criteria||Exit Criteria|
|For Project Level Audits:
For Organization Level Audits:
Project Level Audits:
- Project Manager sends the Pre-development schedule to Quality Assurance Manager to start Internal Quality Audits planning
- Quality Assurance Manager with the consent of Project Manager decides the frequency of audits in project life cycle and also chooses the project phases during which these audits will be conducted.
- Quality Assurance Manager assigns the audit team (minimum a lead auditor) for the audits.
- Quality Assurance Manager defines the scope and criteria for audits with the consent of lead auditor.
- Quality Assurance Manager defines the audit activities to be performed and their participants with the consent of lead auditor.
- Quality Assurance Manager documents the Audit plan in Internal Quality Audit Plan using the Internal Quality Audit Plan Template.
- Quality Assurance Manager shares the Internal Quality Audit Plan with auditors, Project Manager and Process Engineering Lead for review; and gets their feedback and commitment.
- Quality Assurance Manager adjusts the plan as a result of above stakeholder’s feedback (if any).
- Quality Assurance Manager marks his approval for Internal Quality Audit Plan and sends the approved plan to Development Manager, Process Engineering Lead, Project Manager, Development Team Lead, Quality Assurance Team Lead, and Auditors.
- Quality Assurance Manager places the Internal Quality Audit plan in the project repository in the Configuration Management System.
- Project Manager schedules the Audits in Project Schedule as per Internal Quality Audit Plan with the consent of Quality Assurance Manager.
- Project Manager communicates the Project Schedule for audit activities to the Development Manager, Quality Assurance Manager, Development Team Lead, Quality Assurance Team Lead and Auditors and gets their commitment.
- If any concern is raised, Project Manager adjusts the project schedule and resends to above relevant stakeholders.
- If an audit schedule/date is changed due to the revision of the project schedule, Project Manager distributes the updated Project Schedule to Quality Assurance Manager and auditors for commitment on new audit date.
Organization Level Audits:
- Process Engineering Lead (Process Engineering Lead) identifies the departments/organization functions to be audited according to the Quality Management System scope.
- Process Engineering Lead selects the Audit team for each audit, assigns the responsibilities and ensures the commitment of selected audit team members.
- Process Engineering Lead defines the scope and criteria for each audit with the consent of lead auditor as required Process Engineering defines the audit activities to be performed and their participants with the consent of lead auditor as required
- Process Engineering Lead documents each audit plan using Organizational Internal Quality Audit Plan Template.
- Process Engineering Lead sends each plan to their assigned auditors, concerned departmental/organization function head; and gets their feedback and commitment.
- Process Engineering Lead adjusts the plan according to stake holder’s feedback and commitment.
- Process Engineering Lead communicates the updated plan to assigned auditors and concerned departmental/organization function head.
Guidelines for Audit Planning
- Audit frequency for normal projects should be more than one to facilitate early process compliance as well as early detection and resolution of non-compliance issues.
- Organization level audits must be planned and conducted at least twice a year but due to the special circumstances and specific needs of certain department/organization function, this frequency might be increased or decreased on the discretion of Process Engineering Lead or Software Engineering Process Group.
- Audits can be planned during or after completion of major phases/milestones like at design completion or during development, during system testing at the completion of the 1st testing cycle and the last audit may be planed after 1st release to the customer.
- Audit team members should have been trained for the complete audit activity.
- In case of more than one auditor, there should be a lead auditor to represents the audit team and who’ll be leading the activity and responsible for the whole audit activity.
- To ensure independence, any team member of the project/department being audited cannot become the auditor for his project/department audit.
- There is a difference between the audit scope and audit criteria and both are separately defined in the audit plan:Audit Scope defines the boundaries and set the limits within which the audit will be performed. Audit scope for project level audit may include certain project phases or milestones like “from project kick-off to completion of Design phase or completion of the 1st cycle of system testing”, etc. For organizational level audits, audit scope may be limited to certain functions/operations of a department/business function within a specific time period like “all operations of purchase & admin department from 1st July 2006 to 1 January 2008”.Audit Criteria can be some applicable processes/standards against which the audit will be conducted like for project level audits, standard Project Management Process, Verification and Validation Process, etc. may be the audit criteria; and Purchase Process and a specific section of Quality Manual may be defined as criteria for an organization level audit of Purchase & Admin Department.
- Typical audit activities which may be specified in the audit plan are:
- Audit Checklist Preparation
- Document Review
- Audit Execution Opening meeting
- Audit Execution – Interviews, Objective Evidence Verification
- Auditors Meeting – Consolidation of Audit Findings
- Audit Closing Meeting – Presenting Audit finding before Auditees and obtaining consensus on corrective action taken and follow-up date.
- Report Audit Results
- Corrective and Preventive Actions Planning and Execution
- Audit Follow-up – Corrective Action Verification and NCR closure