Aviation SOP - Internal Audit - June 2011 Edition.pdf
Document Details
Uploaded by CelebratoryPoincare
Jordan University of Science and Technology
2011
Tags
Related
- I-Audits-Organisation Auditwesen Präsentation.pdf
- ISO 9001_2015 Clause 9.2 Internal Audit.pdf
- UE4 - Audit - #4 - Distinction audit externe et audit interne - Fiche de cours - 11_10_2023.pdf
- Part 1 QF Sisäisten auditoijien syventävät opinnot.pdf
- Contoh Audit PT Medikaloka Hermina Tbk PDF
- Work Instructions - SOP Internal Audit.docx
Full Transcript
United Nations MONUSCO Ref: AV/QASU/SOP/009 Standard Operating Procedure June 2011 Internal Audit Approved by: Azzam Ayyat, Chief Aviation Section Approval date: June 2011...
United Nations MONUSCO Ref: AV/QASU/SOP/009 Standard Operating Procedure June 2011 Internal Audit Approved by: Azzam Ayyat, Chief Aviation Section Approval date: June 2011 Contact: MONUSCO Aviation Section Review date: June 2012 FOREWORD 1 ORIGINATED BY: MONUSCO Aviation Section 2 PREPARED BY: Mr. Kuldeep Malik (DCAVO), Mr. Timothy Akpatsa (CQASU), Mr. Maksym Bukharin (QASU Officer), Mr. Waisea Bauleka (QASU Officer) 3 IMPLEMENTATION DATE: June 2011 4 REVIEW DATE: June 2012 In accordance with the UN DPKO Aviation Manual 2005, Section II, Chapter 5, internal quality audits are an effective management tool for identifying problems, risks and nonconformities which are addressed through root cause analysis and the development and implementation of corrective and preventive action plans. Internal auditing is also focused on the identification of good practices as well as on improvement opportunities. Internal audits, sometimes called first-party audits, are conducted by, or on behalf of the MONUSCO Aviation Section itself for management review and other internal purposes, and this form the basis for the Aviation Section's self-declaration of conformity. The independence is demonstrated by the freedom from responsibility for the activity being audited. Therefore, the Aviation Section Internal Audit SOP is a comprehensive set of procedures developed by MONUSCO Aviation QASU and approved by the Chief Aviation Section that specify the unique processes adopted in the MONUSCO Aviation Section in order to plan, coordinate, manage and control aviation internal audits. This Standard Operating Procedure is routinely revised once a year (in June) by the Chief Aviation Section or as deemed necessary in adherence to the UN DPKO Aviation Manual and UN AVSTADS. ______________________ Mr. Azzam Ayyat, Chief Aviation Section All rights reserved. No part of this SOP may be changed without coordination with and permission from the Chief Aviation Section. Revision Date: June 2011 Internal Audit ii Table of Contents 1 SCOPE............................................................................................................................................ iv 2 NORMATIVE REFERENCES.................................................................................................... iv 3 LIST OF ACRONYMS................................................................................................................. iv 4 TERMS AND DEFINITIONS....................................................................................................... v 5 PRINCIPLES OF AUDITING...................................................................................................... 1 6 MANAGING AN AUDIT PROGRAMME.................................................................................. 1 6.1 General information.................................................................................................................. 1 6.2 Audit programme objectives and extent.................................................................................... 2 6.2.1 Objectives of an audit programme..................................................................................... 2 6.2.2 Extent of an audit programme............................................................................................ 2 6.3 Audit programme responsibilities, resources and procedures................................................... 3 6.3.1 Audit programme responsibilities...................................................................................... 3 6.3.2 Audit programme resources............................................................................................... 3 6.3.3 Audit programme procedures............................................................................................. 3 6.4 Audit programme implementation............................................................................................ 3 6.5 Audit programme records.......................................................................................................... 4 6.6 Audit programme monitoring and reviewing............................................................................ 4 7 INITIATING THE AUDIT (Step 1)............................................................................................. 5 7.1 Appointing the audit team leader.............................................................................................. 5 7.2 Defining audit objectives, scope and criteria............................................................................ 5 7.3 Determining the feasibility of the audit..................................................................................... 6 7.4 Selecting the audit team............................................................................................................ 6 7.4.1 Functional responsibilities of an Audit Team Leader........................................................ 6 7.4.2 Functional responsibilities of an Auditor........................................................................... 7 7.5 Establishing initial contact with the auditee.............................................................................. 7 7.6 Conducting document review.................................................................................................... 7 8 PREPARING FOR THE ON-SITE AUDIT ACTIVITIES (Step 2)......................................... 8 8.1 Preparing the audit plan............................................................................................................. 8 8.2 Assigning work to the audit team.............................................................................................. 9 8.3 Preparing work documents........................................................................................................ 9 9 CONDUCTING ON-SITE AUDIT ACTIVITIES (Step 3)...................................................... 10 9.1 Conducting the opening meeting............................................................................................. 10 9.2 Communication during the audit............................................................................................. 10 9.3 Roles and responsibilities of guides and observers................................................................. 11 9.4 Collecting and verifying information...................................................................................... 11 9.5 Generating audit findings........................................................................................................ 11 9.6 Preparing audit conclusions.................................................................................................... 13 9.7 Conducting the closing meeting.............................................................................................. 13 10 PREPARING, APPROVING AND DISTRIBUTING THE AUDIT REPORT (Step 4)...... 13 10.1 Preparing the audit report........................................................................................................ 13 10.2 Approving and distributing the audit report............................................................................ 14 10.3 Completing the audit............................................................................................................... 15 10.4 Conducting audit follow-up.................................................................................................... 15 ANNEX A: PROCESS FLOWCHART FOR THE MANAGEMENT OF AN AUDIT PROGRAMME.................................................................................................................................... 16 ANNEX B: PROCESS FLOWCHART FOR TYPICAL AUDIT ACTIVITIES........................... 17 ANNEX C: TEMPLATE FOR CORRECTIVE ACTION REQUEST (CAR) FORM................. 18 Revision Date: June 2011 Internal Audit iii 1 SCOPE This Standard Operating Procedure describes the processes applicable to internal audits conducted in order to determine whether the MONUSCO Aviation Section management system conforms to the statutory, regulatory and contractual requirements. 2 NORMATIVE REFERENCES DPKO Aviation Manual (2005) UN Aviation Standards for Peacekeeping and Humanitarian Air Transport Operations (2007) ISO 9000:2005, Quality management systems – Fundamentals and vocabulary ISO 9001:2008, Quality management systems – Requirements ISO 9004:2009, Managing for the sustained success of an organization – A quality management approach ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing 3 LIST OF ACRONYMS ATS – Air Transport Section, UNHQ ATCU – Aviation Technical Compliance Unit ATU – Air Terminal Unit AV – Aviation AVSTADS – UN DPKO and WFP Aviation Standards CAR – Corrective Action Request CATO – Chief Air Terminal Officer CAVO – Chief Aviation Officer CQASU – Chief of Quality Assurance and Standards Unit DCAVO – Deputy Chief Aviation Officer / Chief Air Operations DOC – Document DPKO – Department of Peacekeeping Operations DRC – Democratic Republic of the Congo HQ – Headquarters ISS – Integrated Support Services MAOC – Mission Air Operations Center MASO – Mission Aviation Safety Officer MONUSCO – United Nations Stabilization Mission in the Democratic Republic of the Congo OIC – Officer-in-Charge QASU – Quality Assurance and Standards Unit RAOC – Regional Air Operations Center SOP – Standard Operating Procedure UN – United Nations Organization Revision Date: June 2011 Internal Audit iv UNHQ – United Nations Headquarters UNHAS – United Nations Humanitarian Air Service 4 TERMS AND DEFINITIONS Audit Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. Audit criteria Set of policies, procedures or requirements NOTE: Audit criteria are used as a reference against which audit evidence is compared. Audit evidence Records, statements of fact or other information, which are relevant to the audit criteria and verifiable NOTE: Audit evidence may be qualitative or quantitative. Audit findings Results of the evaluation of the collected audit evidence against audit criteria NOTE Audit findings can indicate either conformity or nonconformity with audit criteria or opportunities for improvement. Audit conclusion Outcome of an audit, provided by the audit team after consideration of the audit objectives and all audit findings Audit client Organization or person requesting an audit NOTE: The audit client may be the auditee or any other organization which has the regulatory or contractual right to request an audit. Audit programme Set of one or more audits planned for a specific time frame and directed towards a specific purpose NOTE: An audit programme includes all activities necessary for planning, organizing and conducting the audits. Audit plan Description of the activities and arrangements for an audit Revision Date: June 2011 Internal Audit v Audit scope Extent and boundaries of an audit NOTE: The audit scope generally includes a description of the physical locations, organizational units, activities and processes, as well as the time period covered. Auditee Organization being audited Auditor Person with the competence to conduct an audit Audit team One or more auditors conducting an audit, supported if needed by technical experts NOTE 1 One auditor of the audit team is appointed as the audit team leader. NOTE 2: The audit team may include auditors-in-training. Competence Demonstrated personal attributes and demonstrated ability to apply knowledge and skills Technical expert Person who provides specific knowledge or expertise to the audit team NOTE 1: Specific knowledge or expertise is that which relates to the organization, the process or activity to be audited, or language or culture. NOTE 2: A technical expert does not act as an auditor in the audit team. Revision Date: June 2011 Internal Audit vi 5 PRINCIPLES OF AUDITING Auditing is characterized by reliance on a number of principles. These make the audit an effective and reliable tool in support of management policies and controls, providing information on which the MONUSCO Aviation Section can act to improve its performance. Adherence to these principles is a prerequisite for providing audit conclusions that are relevant and sufficient and for enabling auditors working independently from one another to reach similar conclusions in similar circumstances. The following principles relate to auditors: a) Ethical conduct: the foundation of professionalism Trust, integrity, confidentiality and discretion are essential to auditing. b) Fair presentation: the obligation to report truthfully and accurately Audit findings, audit conclusions and audit reports reflect truthfully and accurately the audit activities. Significant obstacles encountered during the audit and unresolved diverging opinions between the audit team and the auditee are reported. c) Due professional care: the application of diligence and judgement in auditing Auditors exercise care in accordance with the importance of the task they perform and the confidence placed in them by audit clients and other interested parties. Having the necessary competence is an important factor. d) Independence: the basis for the impartiality of the audit and objectivity of the audit conclusions Auditors are independent of the activity being audited and are free from bias and conflict of interest. Auditors maintain an objective state of mind throughout the audit process to ensure that the audit findings and conclusions will be based only on the audit evidence. e) Evidence-based approach: the rational method for reaching reliable and reproducible audit conclusions in a systematic audit process Audit evidence is verifiable. It is based on samples of the information available, since an audit is conducted during a finite period of time and with finite resources. The appropriate use of sampling is closely related to the confidence that can be placed in the audit conclusions. 6 MANAGING AN AUDIT PROGRAMME 6.1 General information MONUSCO Aviation Section has the established Aviation Section Audit Programme that describes all audits to be conducted within the period of time of 1 fiscal year (starts on July, 1 and ends on June, 30 of each year). The Audit Programme also includes all activities necessary for planning and organizing the types and number of audits, and for providing resources to conduct them effectively and efficiently within the specified time frames. Revision Date: June 2011 Internal Audit 1 Unscheduled audits may also be conducted upon request from the Chief Aviation Officer who has to justify the necessity for such audits. The Chief Quality Assurance and Standards Unit communicates the Aviation Section Audit Programme to all structural elements of the MONUSCO Aviation Section. The Annex A illustrates the process flow for the management of an audit programme. 6.2 Audit programme objectives and extent 6.2.1 Objectives of an audit programme Objectives should be established for an audit programme, to direct the planning and conduct of audits. These objectives can be based on consideration of: a) Management priorities; b) Management system requirements; c) Statutory, regulatory and contractual requirements; d) Need for supplier evaluation; e) Customer requirements; f) Needs of other interested parties, and g) Risks to the organization. Examples of audit programme objectives include the following: a) To meet requirements for certification to a management system standard; b) To verify conformance with contractual requirements; c) To obtain and maintain confidence in the capability of a supplier; d) To contribute to the improvement of the management system. 6.2.2 Extent of an audit programme The extent of an audit programme can vary and will be influenced by the following: a) The scope, objective and duration of each audit to be conducted; b) The frequency of audits to be conducted; c) The number, importance, complexity, similarity and locations of the activities to be audited; d) Standards, statutory, regulatory and contractual requirements and other audit criteria; e) Conclusions of previous audits or results of a previous audit programme review; f) The concerns of interested parties; g) Significant changes to an organization or its operations. Revision Date: June 2011 Internal Audit 2 6.3 Audit programme responsibilities, resources and procedures 6.3.1 Audit programme responsibilities The Chief Aviation Officer is responsible for managing the Aviation Section Audit Programme and shall; a) Establish the objectives and extent of the audit programme, b) Establish the responsibilities and procedures, and ensure resources are provided, c) Ensure the implementation of the audit programme, d) Ensure that appropriate audit programme records are maintained, and e) Monitor, review and improve the audit programme. 6.3.2 Audit programme resources When identifying resources for the audit programme, consideration should be given to a) Financial resources necessary to develop, implement, manage and improve audit activities, b) Audit techniques, c) Processes to achieve and maintain the competence of auditors, and to improve auditor performance, d) The availability of auditors and technical experts having competence appropriate to the particular audit programme objectives, e) The extent of the audit programme, and f) Travelling time, accommodation and other auditing needs. 6.3.3 Audit programme procedures Audit programme procedures should address the following: a) Planning and scheduling audits; b) Assuring the competence of auditors and audit team leaders; c) Selecting appropriate audit teams and assigning their roles and responsibilities; d) Conducting audits; e) Conducting audit follow-up, if applicable; f) Maintaining audit programme records; g) Monitoring the performance and effectiveness of the audit programme; h) Reporting to the Chief Aviation Officer on the overall achievements of the audit programme. 6.4 Audit programme implementation The implementation of an audit programme should address the following: a) Communicating the audit programme to relevant parties; b) Coordinating and scheduling audits and other activities relevant to the audit programme; Revision Date: June 2011 Internal Audit 3 c) Ensuring the selection of audit teams; d) Providing necessary resources to the audit teams; e) Ensuring the conduct of audits according to the audit programme; f) Ensuring the control of records of the audit activities; g) Ensuring review and approval of audit reports, and ensuring their distribution to the audit client and other specified parties; h) Ensuring audit follow-up, if applicable. 6.5 Audit programme records Records should be maintained to demonstrate the implementation of the audit programme and should include the following: a) Records related to individual audits, such as Audit plans; Audit reports; Nonconformity reports; Corrective and preventive action reports, and Audit follow-up reports, if applicable. b) Results of audit programme review; Records should be retained and suitably safeguarded. 6.6 Audit programme monitoring and reviewing The Chief Quality Assurance and Standards Unit shall monitor implementation of the audit programme and, at appropriate intervals, review it to assess whether its objectives have been met and to identify opportunities for improvement. The results shall be reported to the Chief Aviation Officer. Performance indicators should be used to monitor characteristics such as The ability of the audit teams to implement the audit plan; Conformity with audit programme and schedules, and Feedback from audit clients, auditees and auditors. The audit programme review should consider, for example, a) Results and trends from monitoring; b) Conformity with procedures; c) Evolving needs and expectations of interested parties; d) Audit programme records; Revision Date: June 2011 Internal Audit 4 e) Alternative or new auditing practices. Results of audit programme reviews can lead to corrective and preventive actions and the improvement of the audit programme. 7 INITIATING THE AUDIT (Step 1) 7.1 Appointing the audit team leader The Chief Aviation Officer appoints the audit team leader for the specific audit. 7.2 Defining audit objectives, scope and criteria Within the overall objectives of the Aviation Section Audit Programme, an individual audit should be based on documented objectives, scope and criteria. The audit objectives define what is to be accomplished by the audit and may include the following: a) Determination of the extent of conformity of the auditee's management system, or parts of it, with audit criteria; b) Evaluation of the capability of the management system to ensure compliance with statutory, regulatory and contractual requirements; c) Evaluation of the effectiveness of the management system in meeting its specified objectives; d) Identification of areas for potential improvement of the management system. The audit scope describes the extent and boundaries of the audit, such as physical locations, organizational units, activities and processes to be audited, as well as the time period covered by the audit. The audit criteria are used as a reference against which conformity is determined and include applicable policies, procedures, standards, laws and regulations, management system requirements, contractual requirements or UN core values and competencies. The audit objectives are defined by the Chief Aviation Officer. The audit scope and criteria are defined between the Chief Aviation Officer and the Chief Quality Assurance and Standards Unit in accordance with the audit programme procedures. Any changes to the audit objectives, scope or criteria should be agreed to by the same parties. Revision Date: June 2011 Internal Audit 5 7.3 Determining the feasibility of the audit The feasibility of the audit should be determined by the audit team leader, taking into consideration such factors as the availability of Sufficient and appropriate information for planning the audit, Adequate cooperation from the auditee, and Adequate time and resources. Where the audit is not feasible, an alternative should be proposed to the Chief Aviation Officer, in consultation with the auditee. 7.4 Selecting the audit team When the audit has been declared feasible, an audit team should be selected, taking into account the competence needed to achieve the objectives of the audit. If there is only one auditor, the auditor should perform all applicable duties of an audit team leader. In deciding the size and composition of the audit team, consideration should be given to the following: a) Audit objectives, scope, criteria and estimated duration of the audit; b) The overall competence of the audit team needed to achieve the objectives of the audit; c) Statutory, regulatory, contractual and accreditation/certification requirements, as applicable; d) The need to ensure the independence of the audit team from the activities to be audited and to avoid conflict of interest; e) The ability of the audit team members to interact effectively with the auditee and to work together. The process of assuring the overall competence of the audit team should include the following steps: Identification of the knowledge and skills needed to achieve the objectives of the audit; Selection of the audit team members such that all of the necessary knowledge and skills are present in the audit team. If not fully covered by the auditors in the audit team, the necessary knowledge and skills may be satisfied by including technical experts. Technical experts should operate under the direction of an auditor. Auditors-in-training may be included in the audit team, but should not audit without direction or guidance. 7.4.1 Functional responsibilities of an Audit Team Leader An Audit Team Leader shall: a) Plan the audit and make effective use of resources during the audit; Revision Date: June 2011 Internal Audit 6 b) Represent the audit team in communications with the audit client and auditee; c) Organize and direct audit team members; d) Provide direction and guidance to auditors-in-training; e) Lead the audit team to reach the audit conclusions; f) Prevent and resolve conflicts, and g) Prepare and complete the audit report. 7.4.2 Functional responsibilities of an Auditor An Auditor shall: a) Conduct the audit within the agreed time schedule; b) Prioritize and focus on matters of significance; c) Collect information through effective interviewing, listening, observing and reviewing documents, records and data; d) Understand the appropriateness and consequences of using sampling techniques for auditing; e) Verify the accuracy of collected information; f) Confirm the sufficiency and appropriateness of audit evidence to support audit findings and conclusions; g) Assess those factors that can affect the reliability of the audit findings and conclusions; h) Use work documents to record audit activities; i) Prepare audit reports; j) Maintain the confidentiality and security of information, and k) Communicate effectively, either through personal linguistic skills or through an interpreter. 7.5 Establishing initial contact with the auditee The initial contact for the audit with the auditee may be informal or formal, but should be made by the Chief Aviation Officer or the audit team leader. The purpose of the initial contact is: a) To establish communication channels with the auditee’s representative, b) To confirm the authority to conduct the audit, c) To provide information on the proposed timing and audit team composition, d) To request access to relevant documents, including records, e) To determine applicable site safety rules, f) To make arrangements for the audit, and g) To agree on the attendance of observers and the need for guides for the audit team. 7.6 Conducting document review Prior to the on-site audit activities, the auditee’s documentation should be reviewed to determine the conformity of the system, as documented, with audit criteria. The documentation may include relevant Revision Date: June 2011 Internal Audit 7 management system documents and records, and previous audit reports. The review should take into account the size, nature and complexity of the structural element of MONUSCO Aviation Section, and the objectives and scope of the audit. In some situations, this review may be deferred until the on-site activities commence, if this is not detrimental to the effectiveness of the conduct of the audit. In other situations, a preliminary site visit may be conducted to obtain a suitable overview of available information. If the documentation is found to be inadequate, the audit team leader should inform the Chief Aviation Officer and the auditee. A decision should be made as to whether the audit should be continued or suspended until documentation concerns are resolved. 8 PREPARING FOR THE ON-SITE AUDIT ACTIVITIES (Step 2) 8.1 Preparing the audit plan The audit team leader should prepare an audit plan to provide the basis for the agreement among the Chief Aviation Officer, audit team and the auditee regarding the conduct of the audit. The plan should facilitate scheduling and coordination of the audit activities. The amount of detail provided in the audit plan should reflect the scope and complexity of the audit. The details may differ, for example, between initial and subsequent audits. The audit plan should be sufficiently flexible to permit changes, such as changes in the audit scope, which can become necessary as the on-site audit activities progress. The audit plan should cover the following: a) The audit objectives; b) The audit criteria and any reference documents; c) The audit scope, including identification of the organizational and functional units and processes to be audited; d) The dates and places where the on-site audit activities are to be conducted; e) The expected time and duration of on-site audit activities, including meetings with the auditee’s management and audit team meetings; f) The roles and responsibilities of the audit team members and accompanying persons; g) The allocation of appropriate resources to critical areas of the audit. The audit plan should also cover the following, as appropriate: a) Identification of the auditee’s representative for the audit; Revision Date: June 2011 Internal Audit 8 b) The working and reporting language of the audit where this is different from the language of the auditor and/or the auditee; c) The audit report topics; d) Logistic arrangements (travel, on-site facilities, etc.); e) Matters related to confidentiality; f) Any audit follow-up actions. The plan should be reviewed and accepted by the Chief Aviation Officer, and presented to the auditee, before the on-site audit activities begin. Any objections by the auditee should be resolved between the audit team leader, the auditee and the Chief Aviation Officer. Any revised audit plan should be agreed among the parties concerned before continuing the audit. 8.2 Assigning work to the audit team The audit team leader, in consultation with the audit team, should assign to each team member responsibility for auditing specific processes, functions, sites, areas or activities. Such assignments should take into account the need for the independence and competence of auditors and the effective use of resources, as well as different roles and responsibilities of auditors, auditors-in-training and technical experts. Changes to the work assignments may be made as the audit progresses to ensure the achievement of the audit objectives. 8.3 Preparing work documents The audit team members should review the information relevant to their audit assignments and prepare work documents as necessary for reference and for recording audit proceedings. Such work documents may include Checklists and audit sampling plans, and Forms for recording information, such as supporting evidence, audit findings and records of meetings. The use of checklists and forms should not restrict the extent of audit activities, which can change as a result of information collected during the audit. Work documents, including records resulting from their use, should be retained at least until audit completion. Revision Date: June 2011 Internal Audit 9 Retention of documents after audit completion is described in the Clause 10.3. Those documents involving confidential or proprietary information should be suitably safeguarded at all times by the audit team members. 9 CONDUCTING ON-SITE AUDIT ACTIVITIES (Step 3) 9.1 Conducting the opening meeting An opening meeting should be held with the auditee’s management or, where appropriate, those responsible for the functions or processes to be audited. The purpose of an opening meeting is to: a) Confirm the audit plan; b) Provide a short summary of how the audit activities will be undertaken; c) Confirm communication channels, and d) Provide an opportunity for the auditee to ask questions. 9.2 Communication during the audit Depending upon the scope and complexity of the audit, it can be necessary to make formal arrangements for communication within the audit team and with the auditee during the audit. The audit team should confer periodically to exchange information, assess audit progress, and to reassign work between the audit team members as needed. During the audit, the audit team leader should periodically communicate the progress of the audit and any concerns to the auditee and audit client, as appropriate. Evidence collected during the audit that suggests an immediate and significant risk (e.g. safety, environmental or quality) shall be reported without delay to the auditee and, as appropriate, to the Chief Aviation Officer. Any concern about an issue outside the audit scope should be noted and reported to the audit team leader, for possible communication to the audit client and auditee. Where the available audit evidence indicates that the audit objectives are unattainable, the audit team leader should report the reasons to the Chief Aviation Officer and the auditee to determine appropriate action. Such action may include reconfirmation or modification of the audit plan, changes to the audit objectives or audit scope, or termination of the audit. Any need for changes to the audit scope which can become apparent as on-site auditing activities progress should be reviewed with and approved by the audit client and, as appropriate, the auditee. Revision Date: June 2011 Internal Audit 10 9.3 Roles and responsibilities of guides and observers Guides and observers may accompany the audit team but are not a part of it. They should not influence or interfere with the conduct of the audit. When guides are appointed by the auditee, they should assist the audit team and act on the request of the audit team leader. Their responsibilities may include the following: a) Establishing contacts and timing for interviews; b) Arranging visits to specific parts of the site or organization; c) Ensuring that rules concerning site safety and security procedures are known and respected by the audit team members; d) Witnessing the audit on behalf of the auditee; e) Providing clarification or assisting in collecting information. 9.4 Collecting and verifying information During the audit, information relevant to the audit objectives, scope and criteria, including information relating to interfaces between functions, activities and processes, shall be collected by appropriate sampling and shall be verified. Only information that is verifiable may be audit evidence. Audit evidence should be recorded. The audit evidence is based on samples of the available information. Therefore there is an element of uncertainty in auditing, and those acting upon the audit conclusions should be aware of this uncertainty. The Annex B provides an overview of the processes, from collecting information to reaching audit conclusions. 9.5 Generating audit findings Audit evidence shall be evaluated against the audit criteria to generate the audit findings. Audit findings can indicate either conformity or nonconformity with audit criteria. When specified by the audit objectives, audit findings can identify an opportunity for improvement. The audit team should meet as needed to review the audit findings at appropriate stages during the audit. Conformity with audit criteria should be summarized to indicate locations, functions or processes that were audited. Revision Date: June 2011 Internal Audit 11 If included in the audit plan, individual audit findings of conformity and their supporting evidence should also be recorded. Nonconformities and their supporting audit evidence should be recorded. Nonconformities may be graded. They should be reviewed with the auditee to obtain acknowledgement that the audit evidence is accurate, and that the nonconformities are understood. Every attempt should be made to resolve any diverging opinions concerning the audit evidence and/or findings, and unresolved points should be recorded. MONUSCO Aviation Section has established three (3) distinctive categories of nonconformities. The first category is “major” or “serious” nonconformities. The nonconformity category score is “1”. These are nonconformities that if not addressed will lead or will possibly lead to catastrophe such as air accident, workplace injury or citation by regulatory authority. This is the first priority for the Aviation Section to address. The second category is “somewhat major or somewhat serious”. The nonconformity category score is “2”. These types of nonconformities can be serious if something out of the ordinary or of a non- routine nature happens. Frequently these types of nonconformities are based on “what if” scenarios. The Section shall address these nonconformities after all the priority “major” findings have been addressed. The third category is “minor” nonconformities. The nonconformity category score is “3”. These are frequently small items that are easily overlooked. Examples include items where the documentation does not exactly match the processes that are currently practiced. On the basis of the detected nonconformities, the auditor(s) shall raise the Corrective Action Requests (CARs). The template for a Corrective Action Request is given in the Annex C. The Corrective Action Requests shall then be submitted by the audit team to the auditee for his/her action. The auditee action shall include the analysis of the detected nonconformity in terms of providing a root cause and corrective / preventive measures plan. The auditee shall return the completed Corrective Action Requests to the audit team. Revision Date: June 2011 Internal Audit 12 9.6 Preparing audit conclusions The audit team should confer prior to the closing meeting to: a) Review the audit findings, and any other appropriate information collected during the audit, against the audit objectives; b) Agree on the audit conclusions, taking into account the uncertainty inherent in the audit process; c) Prepare recommendations, if specified by the audit objectives, and d) Discuss audit follow-up, if included in the audit plan. 9.7 Conducting the closing meeting A closing meeting, chaired by the audit team leader, shall be held to present the audit findings and conclusions in such a manner that they are understood and acknowledged by the auditee, and to agree, if appropriate, on the timeframe for the auditee to present a corrective and preventive action plan. Participants in the closing meeting should include the auditee, and may also include the Chief Aviation Officer and other parties. If necessary, the audit team leader should advise the auditee of situations encountered during the audit that may decrease the reliance that can be placed on the audit conclusions. In many instances, the closing meeting may consist of just communicating the audit findings and conclusions. For other audit situations, the meeting should be formal and minutes, including records of attendance, should be kept. Any diverging opinions regarding the audit findings and/or conclusions between the audit team and the auditee shall be discussed and if possible resolved. If not resolved, all opinions shall be recorded. If specified by the audit objectives, recommendations for improvements should be presented. It should be emphasized that recommendations are not binding. 10 PREPARING, APPROVING AND DISTRIBUTING THE AUDIT REPORT (Step 4) 10.1 Preparing the audit report The audit team leader is responsible for the preparation and contents of the audit report. The audit report shall provide a complete, accurate, concise and clear record of the audit, and shall include or refer to the following: a) The audit objectives; Revision Date: June 2011 Internal Audit 13 b) The audit scope, particularly identification of the organizational and functional units or processes audited and the time period covered; c) Identification of the audit client; d) Identification of audit team leader and members; e) The dates and places where the on-site audit activities were conducted; f) The audit criteria; g) The audit findings; h) The audit conclusions. The audit report may also include or refer to the following, as appropriate: a) The audit plan; b) A list of auditee representatives; c) A summary of the audit process, including the uncertainty and/or any obstacles encountered that could decrease the reliability of the audit conclusions; d) Confirmation that the audit objectives have been accomplished within the audit scope in accordance with the audit plan; e) Any areas not covered, although within the audit scope; f) Any unresolved diverging opinions between the audit team and the auditee; g) Recommendations for improvement, if specified in the audit objectives; h) Agreed follow-up action plans, if any; i) A statement of the confidential nature of the contents; j) The distribution list for the audit report. 10.2 Approving and distributing the audit report The audit report shall be issued within the agreed time period. If this is not possible, the reasons for the delay shall be communicated to the Chief Aviation Officer and a new issue date shall be agreed. The audit report shall be dated, reviewed and approved in accordance with audit programme procedures. The approved audit report shall then be distributed to recipients designated by the Chief Aviation Officer. The audit report is the property of the Chief Aviation Officer. The audit team members and all report recipients shall respect and maintain the confidentiality of the report. Revision Date: June 2011 Internal Audit 14 10.3 Completing the audit The audit is completed when all activities described in the audit plan have been carried out and the approved audit report has been distributed. Documents pertaining to the audit shall be retained or destroyed by agreement between the participating parties and in accordance with audit programme procedures and applicable statutory, regulatory and contractual requirements. Unless required by law, the audit team and those responsible for managing the audit programme shall not disclose the contents of documents, any other information obtained during the audit, or the audit report, to any other party without the explicit approval of the Chief Aviation Officer and, where appropriate, the approval of the auditee. If disclosure of the contents of an audit document is required, the Chief Aviation Officer and auditee shall be informed as soon as possible. 10.4 Conducting audit follow-up The conclusions of the audit may indicate the need for corrective, preventive or improvement actions, as applicable. Such actions are usually decided and undertaken by the auditee within an agreed timeframe and are not considered to be part of the audit. The auditee shall keep the Chief Aviation Officer informed of the status of these actions. The completion and effectiveness of corrective action should be verified. This verification may be part of a subsequent audit. The audit programme may specify follow-up by members of the audit team, which adds value by using their expertise. In such cases, care should be taken to maintain independence in subsequent audit activities. Revision Date: June 2011 Internal Audit 15 ANNEX A: PROCESS FLOWCHART FOR THE MANAGEMENT OF AN AUDIT PROGRAMME Audit Programme Management Establish the audit programme - objectives and extent Plan - responsibilities - resources - procedures Implement the audit programme - scheduling audits Do - selecting audit team - directing audit activities - maintaining records Monitor and review the audit programme - monitoring and reviewing Check - identifying needs for corrective and preventive measures - identifying opportunities for improvement Act Improve the audit programme ANNEX B: PROCESS FLOWCHART FOR TYPICAL AUDIT ACTIVITIES Audit Activities Initiate the audit Conduct document review Step 1 - appoint the audit team leader - review relevant management system documents, - define audit objectives, scope and criteria including records and determine their adequacy with - determine the feasibility of the audit respect to audit criteria - select the audit team - establish initial contact with the auditee Prepare for the on-site audit activities Step 2 - prepare the audit plan - assign work to the audit team - prepare work documents Conduct on-site audit activities - conduct opening meeting Step 3 - communication during the audit - roles and responsibilities of guides and observers - collect and verifying information - generate audit findings - prepare audit conclusions - conduct closing meeting Prepare, approve and distribute the audit report Step 4 Complete the audit Conduct audit follow-up - prepare the audit report - approve and distribute the audit report ANNEX C: TEMPLATE FOR CORRECTIVE ACTION REQUEST (CAR) FORM Nations Unies United Nations Mission de l’Organisation des Nations Unies pour la United Nations Organization Stabilization Mission in Stabilisation de République Démocratique du Congo the Democratic Republic of the Congo MONUSCO CORRECTIVE ACTION REQUEST (CAR) FORM Section / Unit: AUDIT TYPE: AUDIT DATE: CAR REF NO. DATE RAISED: RAISED BY: ISSUED TO: NONCONFORMITY DESCRIPTION: NONCONFORMITY CATEGORY: FINDING ACCEPTED BY: DATE: ROOT CAUSE: CORRECTIVE ACTION PLAN: ACTION TAKEN BY: DATE: PREVENTIVE ACTION PLAN: ACTION TAKEN BY: DATE: CORRECTIVE ACTION VERIFICATION BY: CAR CLOSED BY: DATE: Revision Date: June 2011 Internal Audit 18
