1. ASPEC Quality Representative Internal Auditor Training Version 1.0 2013

2. Training Outline Training Purpose The purpose of this training is to provide the Quality Representatives in each ASPEC office location with the competencies required to preform the Quality Management functions required to maintain ASPEC’s ISO9001:2008 Certification. Training Logistics The course is envisaged to take approximately 40 minutes There will be quiz questions used throughout to ensure that you understand the material You can contact Hannah Morgan hmorgan@aspec.com.au if you have any questions about thehmorgan@aspec.com.au material presented. The window can be closed at any time and progress saved. A certificate will be emailed to you upon completion. Training Contents –What is an audit? –Types of audits –Audit Schedule

3. ISO2001: 2008 Background ISO9001:2008 involves an international set of standards which ensures that organizations ensure that they meet the needs of customers and other stakeholders. It defines what an organisation does to ensure that its products or services satisfy the customer’s quality requirements and comply with any regulations applicable to those products or services. Third party certification bodies provide independent confirmation that organizations meet the requirements of ISO 9001. A number of major purchasers require their suppliers to hold ISO9001 certification. ISO9001: 2008 standard specifies that the organisation shall issue and maintain the following six documented procedures: –Control of Documents (4.2.3) –Control of Records (4.2.4) –Internal Audits (8.2.2) –Control of Nonconforming Product / Service (8.3) –Corrective Action (8.5.2) –Preventive Action (8.5.3)

4. ISO2001: 2008 Facts The quality policy is a formal statement from management, closely linked to the business and marketing plan and to customer needs. The quality policy is understood and followed at all levels and by all employees. Each employee works towards measurable objectives. The business makes decisions about the quality system based on recorded data. The quality system is regularly audited and evaluated for conformance and effectiveness. Records show how and where raw materials and products were processed to allow products and problems to be traced to the source. The business determines customer requirements. The business has created systems for communicating with customers about product information, inquiries, contracts, orders, feedback, and complaints. The business regularly reviews performance through internal audits and meetings. The business determines whether the quality system is working and what improvements can be made. It has a documented procedure for internal audits. The business deals with past problems and potential problems. It keeps records of these activities and the resulting decisions, and monitors their effectiveness. The business has documented procedures for dealing with actual and potential nonconformances (problems involving suppliers, customers, or internal problems). The business: –makes sure no one uses a bad product, –determines what to do with a bad product, –deals with the root cause of problems, and –keeps records to use as a tool to improve the system.

5. ASPEC Quality Manual Elements –Management responsibility & Commitment –Customer focus –Responsibility, authority and communication –Management review –Resource management –Provision of resources –Human resources –Infrastructure –Work environment –Product realization –Planning of product realization –Customer-related processes –Design and development –Purchasing –Production and service provision –Control of monitoring and measuring equipment –Measurement, analysis and improvement –Monitoring and measurement –Control of nonconforming product –Analysis of data –Improvement

6. Quality Management System A Quality Management System is comprised of the below documents. These are the documents used to explain and demonstrate how ASPEC meets the requirements of ISO on the previous slide. Thus the ASPEC Quality Manual mirrors these headings. These documents are located on the restricted Q drive and are controlled by the Quality Manager and endorsed by the Directors. The current versions of these documents are placed on the ASPEC website under the Quality Management system page; accessed by the password protected member’s areas.

7. ASPEC Quality Background ASPEC’s resource structure to support its quality Management System is as follows: Directors CACS Quality Manager Quality BNE Representative Quality Perth Representative Quality NSW Representative Quality MKY Representative ASPEC Workforce

8. ASPEC Quality Responsibilities Quality RepQuality ManagerDirectors To conduct internal audits each month for the office location To ensure each office does a PCA each month To disseminate quality information in Project meetings To disseminate any quality related information to the Quality Manager Ensuring the processes needed for the quality management system are established, implemented and maintained Reporting to top management on the performance of quality management system and need for improvement Ensuring the promotion of awareness of customer requirements throughout the organisation Liaising with the Quality certification body to ensure that the quality certification is maintained Develop and circulate Quality management review meeting reports Maintain the website with current version controlled documents Update processes and manuals as required Develop and Maintain training modules Conduct Internal Auditing Endorse Quality Manual Oversee Quality Management Review meetings Communicating to the organisation the importance of meeting customer/ statutory/ regulatory requirements Establishing the quality policy and displaying it in each ASPEC office Engaging in quality management system planning Ensuring that quality objectives are established for each site Ensuring availability of resources

9. Audit Schedule The internal audit schedule is based on the Strategic Planning document. This document is created after a meeting with the Group Leaders where they determining, and evaluating the quality priorities based on the current risk of the business. Risk Management is performed with aid of documents such as the PCA register, past management meeting reports, Non-conformances recorded Director Meeting discussions and observations of quality performance in each office location, etc. The internal audit schedule live document can be obtained on the Quality Management System page of the website with controlled access through the password protected Members Area. The current audit schedule contains two types of audits: 1. External Audits –This is done by CACS on a six monthly basis at a varied ASPEC office location –This is required to maintain our ISO9001:2008 Certification –The auditors review our actions from previous audits to make sure we close them off by the required date –The auditors also audit our QMS against the ISO9001:2008 audit criteria to ensure our system meets the requirements –This will be facilitated by the Quality Manager 2. Internal Audits –Quality Manager: Annual ISO9001:2008 audit, 6 monthly full system audit –Quality Representative: Monthly online audit

10. Auditing The international business management system auditing standard ISO 19011 defines an audit as: The above criteria is explained as follows: –Systematic – audits are usually a planned and scheduled activity. –Independent – Auditors must be independent of the area being audited. This means not related to, performing, supervising or having direct responsibility for the process and activities being audited thus avoiding any conflicts of interest and remaining free of influences which could effect objectivity –Documented – the audit process is a published written procedure –Evidence – evaluating it objectively means comparing the evidence with the audit criteria using facts without ‘subjective judgements or opinion –Audit criteria – the requirements of the audit according to the audit type. For example mandatory compliance if the criteria is government legislation –Fulfilled – conformation that the system conforms to the audit criteria “Systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled”.

11. Types of audits There are two classes of audits: Internal audits An internal audit is a review of an organisations policies, procedure and practices by an employee of the organisation. Internal audits are sometimes known as 1 st party audits. This includes multi-site and international companies where audits by employees from different sites are conducted The internal audit schedule is based on the Strategic Risk Management document. This document is created after a meeting with the Group Leaders where they determining, and evaluating the quality priorities based on the current risk of the business. Risk Management is performed with aid of documents such as the PCA register, past management meeting reports, Non-conformances recorded Director Meeting discussions and observations of quality performance in each office location, etc. The internal audit schedule live document can be obtained on the Quality Management System page of the website with controlled access through the password protected Members Area. ASPEC internal audits –Quality Manager: Annual ISO9001:2008 audit, 6 monthly full system audit –Quality Representative: Monthly online audit External audits An external audit is a review of an organisations management system by a person external to the organisation, such as a customer, supplier or independent party. External audits are sometimes known as 2 nd party audits when performed by the customer e.g. auditing a contractor and 3 rd party audits when performed by an auditor outside the customer-supplier relationship. For example, a certification audit by an accredited body. ASPEC external audits –This is done by CACS on a six monthly basis at a varied ASPEC office location –This is required to maintain our ISO9001:2008 Certification

12. Audit Objectives & Criteria & Scope Audit Objectives The audit objective is the specific purpose for conducting audits and is usually based on management priorities (as indicated in the strategic management schedule). For example to: –Maintain accreditation of certification to a Standard (external audit by CACS) –Satisfy a customer or contract requirement –Determine whether the business management system meets the overall objectives of the organisation –Verify whether a process is being performed in accordance with a written procedure and determine its effectiveness –Identify best practice regarding implementation and effectiveness of the quality management system so this can be benchmarked across the organisation Audit Criteria A set of policies, procedures, standards or elements. For example: –Management Systems Standards including ISO9001:2008 Quality Management –ASPEC Quality Management System Documents Audit Scope The scope of the quality audit related to the locations, area or process or elements in the management system being audited. For example, auditing the entire organisation or limited to one department or one part of a complex process. The depth of the audit refers to the amount of detail that is to be reviewed. Both scope and depth must be defined prior to the audit.

13. The Audit Process The audit process has four main stages –Planning –Performing –Reporting –Follow-up Planning Before an audit is conducted preliminary through need to be had and the follow decided upon: –The audit criteria and scope –Agree audit reporting categories –Duration of the audit and resources required –The objectives and scope –Identification of key personnel to be interviewed –Location to be audited –Identification of documentation required for the audit criteria The ASPEC audit timetable containing this information is contained in the Strategic Planning Schedule Performing Once the audit criteria have been agreed, use the relevant audit template on formstack (to suit the audit scope) and record the document evidence that ASPEC meets each criteria.

14. The Audit Process Reporting The audit templates can be found on the members section, Quality Management System of the website The formstack form is in the format of an audit report, thus one is not required to be completed It is important to fill out the summary section for management Upload the completed audit to this page upon completion Follow-Up The scope of the next audit should contain a section to ensure that non-conformances raised at the previous audit are checked to see if they have been fixed. The result from the audit should be recorded in the Management Review Meeting Minutes