as9104 1 changes auditing tim lee 3-12-12
DESCRIPTION
AuditingTRANSCRIPT
Company Confidential 1
AS9104/1:The Main Changes
Tim Lee12 March 2012
2
Why AS9104/1?
• Feedback from the IAQG leadership resulted in ICOP improvement projects
• Audit Process Improvements– Improved through changes in 9101:2009
– Now published as AS9101 Rev D
• Consistency of Auditor Training
– Addressed through common global Aerospace Auditor Transition Training (AATT) sanctioned by the IAQG
•All other areas are addressed through changes in the scheme requirements i.e. with the introduction of AS9104/1 published in January 2012
3
Original Requirements for AS9104/1• Complete the Trilogy of 9104-series
documents, by revising AS9104
•Remove sections made redundant by the
release of AS9104/2 (Oversight) and
AS9104/3 (Auditor Training and
Qualification)
•Address the areas of ICOP concern, by
enhancing/revising topics identified in the
OPMT FMEA (e.g. audit days, multi-site, etc.)
•Upgrade to the new ISO and IAF audit docs.
4
Significant Changes to AS9104/1
•AS9104/1 is a total rewrite of the original 9104 document
• From AS9104 to AS9104/1 the document increased from 30 to 49 pages
• This training focuses on major changes that deviate significantly from the AS9104 standard.
5
1. Scope Significant Changes
• Introduces ICOP scheme concept
• Sets applicability to SMS, OPMT, ABs, CBs, and CBMCs
• Expands applicability to IAQG Member Companies, AABs, TPABs, TPs and organizations seeking or obtaining AQMS standard certification.
• Defines AQMS standards as 9100, 9110 and 9120
• Introduces IAQG Member recognition of supplier certification to AQMS standards
AS9104/1 Significant Changes
6
2. References Significant Changes
• Updates revised ISO/IEC documents (e.g.
17011, 17021, 19011 etc.)
• Includes AS9104/2 and AS9104/3
• Updates to revised IAF (International
Accreditation Forum)documents - MD 1, MD 2,
MD 3, MD 4, MD 5, ML 4, GD 3, etc.
• Establishes equivalencies for AS, EN, JISQ,
SJAC, NBR, etc. (sector publications in USA, Europe, Japan, Japan and Brazil, etc.)
AS9104/1 Significant Changes
7
3. Definitions Significant Changes
• Increased number of definitions from 11 to 29
• 22 new, 1 deleted, most others small changes
• Added definitions include:
- AQMS, AQMS Auditor, AAB, CBMC, ICOP, OPMT, TPAB
- Assessment, Audit, Containment, Pre-Audit, Office Assessment, Witness Audit, Witness Assessment
- Site, Certification Structures, Lead Office, Central Office, Combined Audit, Integrated management System, Organization
- Cross Frontier Accreditation
AS9104/1 Significant Changes
8
4. General replaced with4. Requirements of the Sector Management Structure
• Defines authority for the SMS, CBMC for:
• Approving ABs for ICOP participation
• Review and recognition of accreditation of CBs
• Approval of AABs and TPABs
• Data reporting to OPMT and OASIS
• Approval, Suspension & Withdrawal of entities
• Defining Operating Procedures including a Resolutions process
• Recognition of entities approved or recognized in other sectors
AS9104/1 Significant Changes
9
5. Accreditation Bodies Significant Changes
• Conformance to ISO 17011 and IAF ML 4
• SMS recognition of AB accreditation decisions for accredited CBs in ICOP scheme
• Enhanced detail for the CB Application and Review Process
• 9104-1 Accreditation for CBs scoped by AQMS
• Detail on OASIS entry requirements
• Surveillance requirements (new table)‒ Includes number of CB Client Files and number of Witness Assessments to be assessed annually
AS9104/1 Significant Changes
10
5. Accreditation Bodies Significant Changes
• Closure time frames for AB Nonconformity Reports raised on CBs
• CB suspension and withdrawal process including specific conditions causing suspension
• Complaint and issue resolution process
• AAB notification for AQMS auditor competence issues
• AB personnel competence including decision-making personnel Aviation, Space & Defense (A, S & D) competence
AS9104/1 Significant Changes
11
6. Certification Bodies Significant Changes
• Conformance to ISO 17021 and IAF Mandatory Documents (MD)
• No AQMS certificates before accreditation
• CB to maintain accreditation for ISO 9001 to keep accreditation for AQMS certification
• CB certification decisions must utilise a person with A, S or D competence
• CB Auditors must be competent per ISO/IEC 17021 and authenticated to AS9104/1 and AS9104/3 requirements
• Allow periodic Surveillance and Oversight
AS9104/1 Significant Changes
12
6. Certification Bodies Significant Changes
• CB is responsible for ensuring data is accurately entered into OASIS
• CBs must ensure clients have an OASIS Administrator
• CBs must have a complaint / issue resolution process
• CBs Audit Program to conform to 9101, 9104 series, 17021 and applicable IAF MDs
• No CB Consultancy
• Responsibility for certificate integrity and validity
AS9104/1 Significant Changes
13
6. Certification Bodies Significant Changes
• Rules and consequences for Suspension and Withdrawal of a CB
• CB rules for application of Advanced Surveillance and Recertification Procedures (ASRP) and Computer Aided Auditing Techniques (CAAT)
• Ensure access for audits involving areas and materials which are classified and/or export controlled
• Restrictions on clients demanding audit team changes without good reason
AS9104/1 Significant Changes
14
7. AQMS Auditors Reference to AS9104/3
• Auditor competency detailed in AS9104/3 and is required to be demonstrated
• AAB responsibility for evaluation, authentication, and re-authentication of AQMS Auditors (both AA and AEA)
• Auditor Applicants to inform AAB of a previous rejection, suspension, or withdrawal in another SMS
• Withdrawn Auditors may NOT re-apply for 12 months in any IAQG Sector
• Consequences for not re-authenticating on time (i.e. apply more than 3 months before expiry, no application before expiry = withdrawal)
AS9104/1 Significant Changes
15
8. Audits and Reporting Significant Changes
• Certification structures defined in Appendix B
– New: campus, several sites and complex organizations
– As before: single site and multiple site
• Eligibility criteria for each structure documented (Appendix B)
• CB and client to agree structure type
• CB to retain records of structure determination
• For Complex organization structures the CB is to refer rationale and justification to the IAQG OPMT Certification Structure Oversight Committee (CSOC) for approval
AS9104/1 Significant Changes
16
8. Audits and Reporting Significant Changes
• Minimum audit days
– New Audit Day Table
– NO reductions from Audit Day Table are allowed except as specified for ASRP, CAAT and Several Sites
– Increases to Audit Day Table are both allowed and expected
– Audit Day Table is Compliant to IAF MD 5
– New table specifies Initial, Surveillance, & Recertification Days for 9100/9110, 9100/9110 less Design, and 9120.
AS9104/1 Significant Changes
17
8. Audits and Reporting Significant Changes
• Minimum audit days (continued …)
– Audit Day Table DOES NOT include Non-Audit Time (travel, meals, extended breaks, etc.)
– Audit Day Table DOES NOT include Auditor Time for Audit Planning, Writing of Reports, Filling Out 9101 Forms, etc.
– Justification for audit days required to be documented
– Extra time for correction and corrective action verification, use of translators, etc.
– Method for calculation of audit days set for each certification structure type
AS9104/1 Significant Changes
18
8. Audits and Reporting Significant Changes
• Minimum audit days (continued …)
– Audit Days - Audit Day is 8 Hours
– Working longer is still counted as 8 hours
– (cannot do 4 days of 10 hrs to equal 40 hours)
– Must audit ALL working shifts
– Shift auditing still meets 8 hour daily limitation
– If work less than 8 hours per day add extra days to compensate to maintain on-site duration
– If stage 1 required at recertification, audit time is to be added
AS9104/1 Significant Changes
19
8. Audits and Reporting Significant Changes
• Minimum audit days (continued …)
– Requirements for auditing management systems with multiple AQMS applicability
– Multiple AQMS additional minimum audit days based on level of integration of activities and processes
» >80% integrated = Fully Integrated = +15%
» >50% to 80% integrated = Partially Integrated = +30%
» <50% integrated = Not Integrated
� Audit duration is independent from each other i.e. add 100% table 2 for headcount for additional AQMS standard.
• Audit Team Leader to be on one site and an AEA to be on site at each site throughout the whole of the audit
AS9104/1 Significant Changes
20
8. Audits and Reporting Significant Changes
• Nonconformities
– Client suspension if conformance not established within 60 days from issue of NCR
– Customer notification included where applicable
• NCRs as a minimum to be provided at closing meeting
• Complete audit report within two weeks of closing meeting
• Certified organisations to provide a copy of audit report to customers upon request
AS9104/1 Significant Changes
21
8. Audits and Reporting Significant Changes
• Transfer of AQMS certificates
– IAF MD 2 applies in full
– If transfer < 12 months before expiry full stage 1 and stage 2 audits required
– On site audit always required
• Advanced Surveillance and Recertification Procedures (ASRP)
– In accordance with IAF MD 3 requirements i.e. CB must be accredited to apply ASRP
– Reduction in on-site audit duration not exceed 30%
– CB client internal auditors must be AA equivalent and one must be AEA equivalent to lead internal audit
AS9104/1 Significant Changes
22
8. Audits and Reporting Significant Changes
• Computer Aided Auditing Techniques (CAAT)
– IAF MD 4 applies in full
– Audit time transferred to off-site activity and is not reduced overall
– Combined CAAT and ASRP shall not reduce on-site audit time by more than 30%
AS9104/1 Significant Changes
23
9. Oversight Reference to AS9104/2
• Combines previous chapters 9, 10 and 11
• Refers to AS9104/2 for detailed requirements
• For those conducting oversight requires ICOP Declaration Form completed and filed
• Other ICOP committee members to sign a confidentiality agreement
• Allows sharing of results with applicable AAB for determined AQMS auditor competency issues
AS9104/1 Significant Changes
24
10. Auditor Authentication Bodies New Section
• AAB must comply with AS9104/3
• Introduces concept of auditor suspension
• AAB agrees to periodic oversight
• Must have a person with A, S or D knowledge to support AEA authentication
• Requires a management system for authentication
• Clarifies authentication only for AA and AEA
• Sets out requirements for independence of authentication decisions (i.e. no conflicts of interest)
• Auditor Complaint / Appeal Process required
• Disclosure of any previous applications, authentications or rejections
AS9104/1 Significant Changes
25
10. Auditor Authentication Bodies New Section
• Process required for dealing with alleged auditor competency issues within 60 days
• Establishes consequences post withdrawal of auditor authentication
• Use of marks and logos
• Record retention for two authentication cycles
AS9104/1 Significant Changes
26
11. Training Provider Approval Bodies New Section
• TPAB must comply with AS9104/3
• TPAB agrees to periodic oversight surveillance and rights of access including to TP classes
• Industry specific courses require SMS concurrence
• Oversight or approval of class = no credit for attending
• Requires TPAB to have a management system
• Sets out requirements for conflict of interest avoidance during approval decisions
• Complaint / Appeal Process required
• Consequences for withdrawal of approval
• A, S or D competence required for evaluation of industry specific training courses
AS9104/1 Significant Changes
27
12. OASIS New Section
• OPMT has Responsibility for OASIS
• OPMT may make changes to OASIS functionality
• CB OASIS Administrators Required
• When CB accreditation withdrawn, CBs client data only visible for 6 Months
• Created a Responsibility Matrix for data correctness
• Certification structures and associations with OINs established
• The central site shall be identified for all certificated organisations in OASIS
• All entities to establish an OASIS administrator for data control / entry
AS9104/1 Significant Changes
28
13. Requirements of the OPMT New Section
• Previously section 14 but re-titled with minor changes
• May publish resolutions to clarify 9104 requirements
• Establishes Certification Structure Oversight Sub-Committee requirements and process
AS9104/1 Significant Changes
29
14. OASIS Feedback Process New Section
• Establishes feedback process and mechanism
• Also describes feedback to Accreditation Bodes
AS9104/1 Significant Changes
Certification
BodySupplier Customer
FEEDBACK - A
FEEDBACK - B
FEEDBACK - C
Audit
Product / Process
Quality
Audit Findings
Certification
BodySupplier Customer
FEEDBACK - A
FEEDBACK - B
FEEDBACK - C
Audit
Product / Process
Quality
Audit Findings
30
15. Sector Management StructureMinor Changes
• Responsibility for conformance of sector
• Establishes voting rights of sector at IAQG OPMT
• Only IAQG or IAQG sector member company representatives have voting rights
• Further details suspension of a national scheme
• Adds IAQG OPMT and sector diagram
AS9104/1 Significant Changes
31
16. Cross Frontier Policy New Section
• Enables AB operations and Oversight in countries or sectors away from home country or sector
• ABs to follow IAF GD 3
• ABs can sub-contract work to other approved ABs in other countries or Sectors
• Accrediting AB retains responsibility for the work
• OP Assessors can also sub-contract work to OP Assessors in other countries or sectors
• Subcontracting sector or CBMC retains responsibility
• Fees can be levied on CBs for Oversight outside SMS/CBMC home region
AS9104/1 Significant Changes
32
17. Records Minor Changes
• All entities to keep records for a minimum of six years
• IAQG OPMT, EAQG OPMT and CBMCs are required to define and list records to be retained
• Rights of access to records including OASIS for oversight re-affirmed
AS9104/1 Significant Changes
33
18. Certified Organizations New Section• Requires certified organizations to comply with AS9104
• Requires CBs to flow down requirement to certified clients
• Certified Organizations must allow CB to post Tier 1 and Tier 2 Audit Data to OASIS Database.
- Agree Tier 1 is Public Information
- Agree to provide access to Tier 2 upon request of A, S and D customers (unless justification of competition confidentiality, conflict of interest, etc.)
- Agree to Notify their A, S and D customers in case of Loss of Certification
• Shall provide ‘Right of Access’ to their facilities, people, and processes for oversight or CB review
• Failure to abide by requirements is cause for withdrawal of AQMS certification
AS9104/1 Significant Changes
34
19. Confidentiality and Conflict of InterestNew Section
• Expanded from section 4.3 of 9104:2006
• Data collected is confidential
• Not to be shared unless agreed in writing by affected parties
• Participants to review and declare any potential or actual conflicts of interest
AS9104/1 Significant Changes
35
20. Fees and Financials New Section
• OPMT can recommend Fees for Registration of Audit Data in the OASIS Database –
‒ to be approved by IAQG Council
• OPMT must prepare an Annual Budget
‒ Estimate Contract Labour, Meeting/Workshop Costs, Sector ICOP Projects, and OASIS Sustainment and Improvements
‒ Submit to IAQG Treasurer for approval
• SMS or CBMC fees can also be recommended but must be approved by the sector
AS9104/1 Significant Changes
Questions
36