TS16949 requirements 28-10-12 2 Subjects – Audit planning – Recertification audit requirements – Auditing Remote supporting functions 3 Reason for the presentation – This presentation is provided as a reminder to all auditors of some of the requirements of the TS16949 program where the IAOB have identified non conformances in the past 12 months. – Read the presentation and as required ensure that we comply with the requirements. – Veto Powers and witness auditors please ensure that during the course of your reviews that you verify that the requirements of the program are being met. 4 Audit Planning • Planning is critical to the success of a TS16949 Audit • Processes noted in the plan must reflect the processes identified by the client using the clients terms. 5 Audit plan • The Audit Plan is developed from information supplied by the client. • Where the information isn’t supplied prior to an audit, the on site audit shall commence with the planning of the audit through the review of all the required information with the management team. • In these situations additional audit time shall be added to the audit to enable the planning of the audit on site. This additional time must be shown as the first line item on the plan submitted for veto review. 6 Planning information required for Stage one audit (Readiness Review) (refer rules 6.5 Stage 1 planning) – a) description of processes showing the sequence and interactions, including identification of outsourced processes, – b) key indicators and performance trends for the previous 12 months, minimum, – c) evidence that all the requirements of ISO/TS16949 are addressed by the client's processes, – d) quality manual, including the interactions with support functions on site or remote, – e) evidence of one full cycle of internal audits to ISO/TS 16949 followed by a management review, – f) list of qualified Internal auditors and the criteria for qualification, – g) list of automotive customers and their customer-specific requirements if applicable, – h) customer complaint summary and responses, scorecards and special status. 7 AUDIT PLANNING – ALL AUDITS – The audit planning activity shall be undertaken prior to arrival on site and shall include as inputs to the plan a review of the following information supplied by the client: – all requirements of the client's quality management system implemented to meet the automotive requirements of those customers requiring ISO/TS 16949 certification of their supplier, even when these requirements go beyond ISO/TS 16949 (i.e. customer specific requirements), – the client processes taking into account their sequence and interactions, including remote support functions, – current customer and internal performance data, internal audit and management review results, and the same information pertinent to any new customers since the previous audit, 8 AUDIT PLANNING – ALL AUDITS (cont) – customer satisfaction and complaint summary, including verification of customer reports, scorecards and special status, – follow up on issues from previous audits 9 Audit planning The Audit Plan is a three-page form consisting of a client notification letter (page1), an Audit Plan (page 2) and a check list identifying the information received and reviewed (page 3). Auditors are encouraged to write comments on page 3 about the information reviewed. The Audit Plan establishes pre-planning expectations for an upcoming audit and is sent to the client and to the audit team. The document also contains some specific miscellaneous information not available on other documents. 10 Audit Planning (cont) Notification Letter – The Letter tells clients about conditions specific to the upcoming audit. – Sections should be deleted where they are not applicable. – An example of a Notification Letter and Audit Plan appear on following slides. – Also remember that based on the rules, audit scheduling has to start from Management Review and Customer Claim analysis. Output from Customer Claim analysis has to be consider an input for the auditing on the following processes. 11 Audit Plan Letter (page 1) Amend these parts of the letter to suit the audit you will be conducting 12 Audit Plan Letter (cont) The section in blue is to be left if the information required to plan the audit is not received. This section only left in when the audit is a recertification Audit Plan Table (page2) 13 Where the information required to plan the audit is not received from the client insert a line before the entry meeting for planning. The Audit Plan can be expanded to accommodate multiple auditors and/or days. Audit planning is intended to be performed prior to any activity Audit planning uses information provided by the client. Audit table (cont) 14 This paragraph is to be left in the plan if the required information is not received to allow the audit to be planned 15 Audit Plan Page 3 record of information received Identify in this section the information received from the client and reviewed to develop the audit plan. As applicable include comment on the information received in these sections. Auditors are encouraged to add comments on what they review. Identify in this section if the required information was received or not. Include your name and the date the information was reviewed and the plan developed. 16 Recertification audit requirements from rules third edition and areas we have been found to not comply During recertification audits the audit shall include the following: – A review of the effectiveness of the management system in its entirety in the light of internal and external changes and it continued relevance and applicability to the scope of certification – During witness audits the IAOB have identified that in some cases auditors have not been covering the clients system and the technical specification in it entirety. Ensure that all applicable clauses of the technical specification are clearly address during the recertification audit. 17 Recertification audit requirements (cont) – Demonstrated commitment to maintain the effectiveness and improvement of the management system in order to enhance overall performance – Review the previous performance of the management system over the previous certification audit cycle and look for any adverse trends. Comment on your findings in our audit report template next to the applicable headings. – Whether the operation of the certified management system contributes to the achievement of the clients policy and objectives – During the course of the audit ensure that the system continues to support the clients business. Comment on your findings in our audit report template next to the applicable headings 18 Recertification audit requirements (cont) – The effective interaction between all the processes defined in the quality management system and the overall effectiveness of the management system. – During the course of the audit ensure that the interactions are still defined in the QMS and that the system continues to be effective. Comment on your findings in our audit report template next to the applicable headings 19 Auditing Remote supporting functions – TS Rules section 5.5 defines the requirements for supporting activities. Supporting functions shall be audited as required to support a site; they will be included in the initial Stage 2 audit and at least once more during the surveillance audit cycle and – the recertification audit (annually for product design). Supporting activities can be on-site or remote, and can include functions such as product design, contract review, purchasing, and warehouses. 20 Auditing Remote supporting functions – the audit report needs to include information on what was audited related to the interface of the supporting functions. – During audit reporting, the auditor should consider the following: The audit report must detail the linkages audited by the audit team. It is not enough just to indicate that the audit included an audit of the linkage to the support provided by the support location. Where the audit of the support location was completed by another CB there needs to be comment in the report about your review of that CB’s report and that their report includes comment on the interfaces between that site and the site we are auditing (see rules 5.5 option 2)