ISO 9001:2015 INTERNAL AUDIT

TRAINING
3rd & 4th July 2024

PRESENTED TO
ISO INTERNAL AUDITORS
KYP EDUCATION SDN BHD

by Nor Hasifah Abdul

 Time
8.30 am : Registration
8.45 am : Ice breaking session
Course Itinerary
9.00 am : About the standards
12.30 pm : Lunch break
DAY 1 2.15 pm : Continue about standards
3rd July 2024 3.30 pm : Quizzes
5.00 pm : Session ends
 Time

8.30 am : Registration

Course Itinerary 8.45 am : About Internal Audit

9.00 am : Group exercise : Audit Plan and Audit

Checklist
DAY 2
12.30 pm : Lunch break
4th July 2024
2.15 pm : Mock Audit

3.30 pm : Presentation of Audit Findings and

Report
5.00 pm : Session ends
Course Objectives

To understand the requirements and role as an Internal

Auditor

To understand the requirements of Standard ISO 9001:2015

which involve risk management in the organization.

To understand the process of conducting QMS audits

To develop audit guidelines (audit planning, audit checklist

and audit report)

To learn the steps for making improvement actions and audit

follow-up
ABOUT ME
Introduction to ISO
9001:2015
ISO 9001:2015 is the latest version of the world's most widely recognized quality
management system (QMS) standard. It provides a framework to help
organizations consistently deliver products and services that meet customer and
regulatory requirements.
What is ISO 9001:2015?
Quality Management International Standard Voluntary Certification
System

ISO 9001:2015 is a quality It is an international standard Organizations can choose to be

management system (QMS) developed by the International certified to ISO 9001:2015 by an
standard that helps Organization for Standardization accredited third-party
organizations improve their (ISO), ensuring it is applicable certification body,
processes and deliver worldwide. demonstrating their
consistent, quality products and commitment to quality.
services.
Key Changes from Previous Version (ISO
9001:2008)
1 Context of the Organization
The new standard requires organizations to consider their internal and external
factors that can impact their quality management system.

2 Risk-based Thinking
ISO 9001:2015 places a greater emphasis on risk-based thinking to address potential
issues before they occur.

3 Leadership Involvement
Top management is now required to be more actively involved in the quality
management system.
Benefits of ISO 9001:2015 Certification

Improved Customer Satisfaction Reduced Operational Costs

ISO 9001:2015 helps organizations better By improving processes and reducing errors, ISO
understand and meet customer requirements, 9001:2015 can help organizations save money
leading to increased customer satisfaction. and improve efficiency.

Enhanced Reputation Increased Efficiency

ISO 9001:2015 certification demonstrates an The standard's focus on continuous improvement
organization's commitment to quality, which can can help organizations streamline their
improve its reputation and competitiveness. operations and become more efficient.
Requirements of ISO 9001:2015 (amongst the Clauses)
4 Context of the Organization 5 Leadership Commitment
Understand the organization's internal and Top management must demonstrate their
external factors that can affect its quality commitment to the quality management
management system. system.

6.1 Risk-based Thinking 7.5 Documented Information

Identify and address risks and opportunities Maintain appropriate documented
that can impact the organization's ability to information to support the effective operation
achieve its objectives. of the quality management system.
Implementing ISO 9001:2015

Gap Analysis Documentation Training Implementation

Assess the Develop or update Provide training to all
organization's current the necessary relevant personnel to Implement the new
processes and documented ensure they or updated processes
identify areas that information, such as understand the new and procedures, and
need to be improved policies, procedures, requirements and monitor their
to meet the ISO and work their roles in the effectiveness through
9001:2015 instructions. quality management internal audits and
requirements. system. management
reviews.
Maintaining ISO 9001:2015 Compliance

Continual Internal Audits External Audits Ongoing Training

Improvement Conduct periodic Undergo regular
Regularly review and internal audits to external audits by an Provide continuous
improve the quality ensure the accredited certification training to all relevant
management system to organization's body to maintain the personnel to keep them
enhance its processes and organization's ISO up-to-date with the
effectiveness and procedures continue to 9001:2015 certification. latest requirements and
address changing meet the ISO best practices.
needs. 9001:2015
requirements.
Risk management
ISO 31000:2018 – Guidelines for Risk management
ISO 31000:2018 is an international standard that provides guidelines and
principles for effective risk management. It outlines a framework for organizations
to identify, assess, treat, and monitor risks in a systematic and structured manner.
The standard emphasizes the importance of integrating risk management into the
overall governance and decision-making processes of an organization. By
following the guidelines outlined in ISO 31000:2018, organizations can better
anticipate and mitigate risks, thereby improving their resilience and ability to
achieve their objectives.
Managing risk from ISO 31000 perspective
O
B
J
E
C
Internal &
Risk Risk Monitor & T
External
Assessment Treatment Review I
Factors
V
E
Strategic risk is the risk that failed business decisions, or lack thereof, may pose
to a company. Strategic risk is often a major factor in determining a company's
worth, particularly observable if the company experiences a sharp decline in a
short period of time.

Operational risk is the prospect of loss resulting from

inadequate or failed procedures, systems or policies.
Employee errors. Systems failures. Fraud or other criminal
activity. Any event that disrupts business processes
 Failure of
Business
Strategy

Failure of
Economic
Strategic Downturn
Pricing
Strategy
risk Strategic
Risk

Failure of
Marketing &
Competition
Positioning
Strategy
Financial risk
Tax

Investment Credit

Insurance
Financial Liquidity
Risk

Transaction Asset
Fraud Backed

Cash Flow/
Profitability
 The failure to
adhere to
legislative or
regulatory
Regulatory
requirements

The contracts
inadequately
Legal protecting the
company’s

Risk interest

Inadequately
managing
disputes Dispute Contractual
 Process
Failure
Commu Reputation
Cost
nication
Overrun

Operational Intangible Loss of

Human Project Image
Capital Risk Delay Risk Goodwill

Health & IT
System Criticisms
Safety Damage Failure
to Asset/
Property
RISK MANAGEMENT PROCESS ISO 31000: 2018 and ISO 9001: 2015 integration

4.1 & 4.2

Establishing the context (5.4)

Communication & Consultation (6,2)

Monitoring and review (5.6)

Risk Assessment (6.4) 6.1.1

9.3.2 & 10.2.1

Risk Identification (6.4.2)

Risk Analysis (6.4.3)

Risk Evaluation (6.4.4)

Risk Treatment (6.5)

6.1.2 &
8.1
Legend ISO 31000 clause ISO 9001 clause
:
 Context of organization
( objective of incorporation, Interested parties and their
strategic plan, resources, expectation towards UCYP
achievement, experiences University
etc)

Internal and external issues

identified ( could be based on
PESTLE and SWOT analysis)

Identification of
risks and
opportunities at
organizational
level
Quizzes

• https://docs.google.com/forms/d/e/1FAIpQLScA
W9wWCL9Yord92XfhYB-
tUDWYQZSbt547eK1ibzCl4U0NAg/viewform?usp=
sf_link
Releasing grades

Discussion
See you tomorrow!

Nor Hasifah Abdul

[email protected]
Mobile : 019-9844192