Detailed Implementation of Internal Company System Audit

1. First Internal Audit Meeting
The first meeting marks the beginning of the audit implementation. It is a meeting attended by all members of the audit team along with the leadership and relevant personnel of the auditee. The meeting is chaired by the audit team leader, who introduces the specific content and methods to the auditee, and coordinates and clarifies related issues. Attendance must be recorded by sign-in.

● Purpose of the First Meeting
(1) Communicate and implement the audit plan.
(2) Briefly introduce the methods and procedures used in the audit.
(3) Establish formal contact between the audit team and the auditee.
(4) Raise and implement audit-related requirements.
(5) Clarify and coordinate audit-related issues.

● Requirements for the First Meeting
(1) Establish the style of audit activities.
(2) Be punctual, brief, and clear; the meeting should ideally not exceed half an hour.
(3) Obtain understanding and support from the auditee.
(4) The meeting should be chaired by the audit team leader.
(5) Participants in the first meeting should include all audit team members, senior management (if necessary), representatives of the audited department, and key staff.

● Content of the First Meeting
(1) Meeting start. Participants sign in, and the audit team leader announces the start of the meeting.
(2) Introductions. The audit team leader introduces the audit team members and their roles; the audited department introduces personnel who will accompany the audit. If key personnel from the audited department are absent, the reason should be inquired.
(3) State the audit purpose and scope. Clarify the audit objectives, criteria, and the departments, teams, or positions involved.
(4) Communicate the audit plan. The audit plan should be finally confirmed by the audited department; generally, major adjustments to the plan are not advisable.
(5) Emphasize audit principles. Stress an impartial and objective stance, explain that the audit is a sampling process with certain limitations, but the audit will try to select representative samples to ensure fair conclusions; explain that cooperation is essential for smooth audit progress and fair conclusions; specify the form of nonconformity reports, etc.
(6) Clarify and explain related issues. Clarify any questions, exchange specific concerns from both sides, and confirm the time, place, and attendees of the closing meeting.
(7) Implement logistical arrangements. If necessary, arrange for office space, transportation, and meals.
(8) Meeting end. The meeting concludes with a thank-you speech from the audit team leader.

● Notes for the First Meeting
(1) The first meeting should start and end on time, usually not exceeding half an hour.
(2) The meeting should always focus on the topic and be concise.
(3) For smaller scale, shorter, or routine internal audits, the first meeting may be omitted; related issues can be communicated by notification instead. Even if held, the content and steps can be adjusted according to the situation.
(4) The first meeting should aim to establish a good audit "style" and "atmosphere."
(5) Participants sign in; if the audit team leader notices that key personnel from the audited department are absent, the reason should be asked.
(6) The audit purpose, scope, and plan are generally not changed at the first meeting; minor plan changes are allowed.
(7) Role of accompanying personnel
① Provide support to the audit team;
② Can represent the auditee to witness audit activities;
③ Other duties, such as ensuring on-site auditors are aware of safety and security requirements. Auditors should ensure that accompanying personnel do not exert excessive influence or intervene.
(8) Emphasize that the head of the audited department should be present during the scheduled audit time slots.
 
2. On-site Audit
After the first meeting, the on-site audit phase begins. The on-site audit should be conducted according to the planned schedule, and the specific audit content should follow the prepared checklist.
The on-site audit is a process of using sampling inspection methods to find objective evidence. During this process, the auditor's personal qualities, strategies, and skills can be fully utilized. A competent auditor will complete the audit task smoothly and convincingly to the auditee.
The on-site audit holds a very important position in the entire audit work. Most of the audit time is spent on on-site auditing, and the final audit conclusions are based on the results of the on-site audit. Therefore, controlling the on-site audit and applying certain audit strategies and skills during it are key to achieving a successful audit.

● Principles of On-site Audit
(1) Adhere to the principle of "objective evidence" as the basis.
This is the most fundamental and primary principle. Any information obtained without objective evidence cannot be used as a basis for judging nonconformities; insufficient or unverified objective evidence cannot be used as evidence for nonconformities; objective evidence must be fact-based, verifiable, and free from personal guesses or reasoning; objective evidence must be valid, such as documents and records that have legal approval or signatures, reflect actual use and execution, and represent the true status and results of the current quality management system operation.

(2) Adhere to the principle of comparing standards with actual conditions.
Audits cannot be separated from audit criteria. Since audits are sampling processes limited to certain times and scopes, it is necessary to closely focus on the audit theme, strictly compare with standards, determine audit items, key points, and sampling plans, and seek objective evidence. Auditors should only conclude conformity or nonconformity after comparing audit criteria with audit evidence. Items not compared between standards and actual conditions cannot be judged as conforming or nonconforming.
The so-called actual conditions include three progressive aspects: whether something exists, whether it is done, and how well it is done.

(3) Adhere to the principles of independence and fairness.
When making audit judgments, other interfering factors must be firmly excluded, including emotional influences from the auditee or the auditor. Independent and impartial factors should be maintained throughout to uphold the independence and fairness of audit judgments. Nonconformities must not be privately dismissed due to personal relationships or fear.

(4) Adhere to the "Three Dos and Three Don'ts" principle
That is: rely on objective evidence, not on emotions, feelings, or impressions; trace back to how things are actually done, not just stay on documents or verbal answers; conduct the audit as scheduled according to the audit plan, not adopting the attitude of "no problem found means success." When no nonconformities are found after auditing according to the sampling plan, the principle of "presumption of innocence" should be applied, moving on to the next audit item.

● Collection of objective evidence
(1) Methods of collecting objective evidence may include
① Interviews with personnel of the auditee;
② Reviewing documents and records;
③ On-site observation and verification (observing activities and surrounding work and conditions);
④ Verification of actual activities and results;
⑤ Summarizing and analyzing data charts and performance indicators of construction;
⑥ Reports from other sources, such as customer feedback, external reports, and social evaluations;
⑦ The level of relevant sampling plans and procedures ensuring quality control over sampling and measurement processes.
Information related to interfaces between functions should be emphasized for collection.
(2) Forms of collected objective evidence include
① Existing objective facts;
② Statements from interviewed personnel regarding work within their scope;
③ Existing documents, records, etc.
(3) Attention should be paid to the following issues regarding collected objective evidence
① More objective evidence is not necessarily better; rather, more applicable objective evidence (i.e., audit evidence) is better. Excessive or redundant objective evidence may obscure the truly needed key information;
② Objective evidence must be valid, such as provided documents and records should be legally approved or signed, actually used and implemented, valid during the operation of the quality management system, and reflect the current actual situation. Objective evidence should be as close to the audit date as possible;
③ Attention should be paid to verifying the relevance and consistency among objective evidence, discovering problems or clues from two or more related pieces of objective evidence;
④ Attention should be paid to verifying the authenticity of evidence, as evidence provided by the auditee may contain untrue information. Therefore, verification such as questioning relevant personnel and observing actual results is necessary;
⑤ Objective evidence that can determine whether the audit objectives can be achieved should be collected. Only verified objective evidence can be used as audit evidence.

● On-site audit records
During questioning, verification, and observation, auditors should make records, noting useful and truthful information heard and seen during the audit. These records are the solid basis for auditors to prepare reports. Auditor notes can also include content related to audit issues, such as the atmosphere of training classes and the attitude of trainees. Recording such content is beneficial for the overall evaluation of the system.
(1) Role of records
① Serve as the basis for preparing nonconformity reports and audit reports;
② Serve as a basis for memoranda and verification;
③ Serve as a reference for review and traceability.
(2) Requirements for records
① Records should be clear, comprehensive, and easy to understand, facilitating review and traceability;
② Records should be accurate and specific, such as document names, operating equipment, interviewee's position and job role;
③ Records should be timely and made on-site, avoiding recollection or backfilling later as much as possible.
The format of records can be "note style" or "record sheet style," and it is advisable to uniformly specify a "On-site Audit Record Sheet." If "note style" is used, it is best to transcribe notes to the record sheet later for standardization and preservation.

● Audit evidence and audit findings
Collected objective evidence should be organized, analyzed, and filtered to derive audit evidence and audit findings. During the audit, a unified audit record sheet format should be used, with specified filling and preservation requirements.
The audit team should evaluate the collected audit evidence according to audit criteria to form audit findings.
Audit findings can be conformities or nonconformities. The audit team should review audit findings at appropriate audit stages, especially before the closing meeting with the auditee.
When no nonconformities are found, the summary of conformities should at least specify the audited locations, functions, or requirements. Within the agreed scope, each audit finding of conformities should also be documented separately. Nonconformities that do not meet specified requirements should be clearly and concisely identified and recorded, understood by the auditee, and supported by audit evidence. Nonconformities should be reviewed with appropriate representatives of the auditee to confirm factual basis. The auditee's confirmation indicates the facts in the nonconformity are accurate and understood. Both parties should strive to resolve disagreements on facts; unresolved opinions should be recorded.
The main purpose of audits, especially on-site audits, is to form audit findings. During the audit, timely communication and feedback of audit findings, especially nonconformities, to the auditee and obtaining their understanding and confirmation can improve audit effectiveness and efficiency.

● On-site audit strategies and application
(1) Operational process audit strategies and selection
The operational process audit strategy is a method of auditing according to the sequence of product quality formation processes or quality activity operation steps. This strategy is divided into two types based on the audit direction: forward audit strategy and reverse audit strategy. The forward audit strategy audits according to the order from occurrence to realization of product quality or quality activities; the reverse audit strategy audits in the reverse order from realization to occurrence. The operational process audit strategy is suitable for audit objects with strong and definite operational processes. This strategy has a clear audit idea, simple method, and easily identifies "interface" issues or "system failures." It can be used when auditing control of design and development, production and service provision, internal audits, etc.
(2) Organizational Structure Audit Strategy and Selection
The organizational structure audit strategy is a method of auditing according to organizational levels, responsibilities, and relationships. This method is divided into top-down audit strategy and bottom-up audit strategy based on different audit starting points. It can be used when auditing quality policies, allocation and implementation of quality functions, internal communication, document control, etc.
(3) Department Selection Audit Strategy and Selection
The department selection audit strategy is a method of auditing all activities within a specific department during each audit. This strategy is often used when auditing quality management systems for procurement, customer satisfaction, data analysis, etc. The key when using this strategy is to identify processes for a specific department, distinguish primary and secondary, and complete the audit tasks under the premise of unified cooperation among auditors.
(4) Process Selection Audit Strategy and Selection
The process selection audit strategy is a method of auditing every activity related to a specific process in the quality management system standard. Its applicability is the same as the department selection audit strategy. However, when using this strategy, the key is to select departments based on the process, distinguish primary and secondary, and prevent duplication and overlap issues. Usually, it is combined with the department selection audit strategy.
(5) Key Divergence Audit Strategy and Selection
The key divergence audit strategy is a method of expanding the audit scope around a key focus. A competent auditor must confirm the audit focus as a basic skill. When entering the audit area, the audit focus must be confirmed first and grasped at any time during the audit process. This strategy can be used when auditing resource management, management review, quality objectives, monitoring and measurement of special processes, etc.
(6) Problem Traceability Audit Strategy and Selection
The problem traceability audit strategy is a method of investigating the causes of a specific problem. When various problems are found during the audit, to make correct and profound judgments, the essential causes of the problems should be analyzed and traced. This strategy can be used when auditing data analysis, customer complaints, control of design and development changes, nonconforming products, corrective and preventive actions, etc. The key when using this strategy is to see the essence through the phenomenon and maintain a sharp eye for prevention and improvement.
(7) Summary Entry Audit Strategy and Selection
The summary entry audit strategy is a method of auditing that starts from understanding the basic situation, facts, and data of the audit project, purposefully and focusedly narrowing the scope step by step and going deeper into specifics. Some audit objects, such as control of records, management commitment, responsibilities and authorities, 5.5.3 internal communication, 6.2 human resources, 6.3 infrastructure, 7.2 customer-related processes, 7.6 control of monitoring and measuring devices, etc., are suitable to start from grasping the overview.
To ensure the representativeness of audit sampling, auditors also need to grasp the overall audit object.
(8) Follow the Clue Audit Strategy and Selection
The follow the clue audit strategy is a method of in-depth investigation or verification led by problem clues. Auditors should have professional sensitivity and be good at discovering and capturing problem clues during the audit. Sometimes problem clues may go beyond the checklist scope, but if they are major issues related to the standard, it is advisable to change the plan and pursue them persistently. This strategy is often needed when auditing control of nonconforming products, customer complaints, returns, customer satisfaction, etc.
(9) On-site Scanning Audit Strategy and Selection
The on-site scanning audit strategy is a method of auditing mainly based on comprehensive observation of on-site phenomena. Some clauses and requirements in the standard must be concluded by on-site observation, such as product identification and inspection status, working environment, technical status of measuring equipment in use, equipment operation and maintenance, work discipline, storage, handling, packaging, protection, etc.

● Basic Skills for On-site Auditing
The audit process is actually a communication process, and it is a formal two-way communication process. Mastering communication skills is a basic requirement for auditors. Sufficient and smooth communication is one of the keys to audit success.
(1) Interview Skills
A successful interview helps establish a harmonious relationship, eliminate psychological barriers; helps gain cooperation from the auditee personnel; helps clarify the situation and obtain the needed objective evidence.
① Skills auditors should master during interviews include:
a. Appropriate questioning;
b. Speak less, listen more;
c. Maintain a harmonious relationship;
d. Choose appropriate interviewees.
During interviews, auditors should maintain a polite and friendly attitude throughout, such as showing interest in the interviewee and content, being patient with misunderstandings; avoiding interrupting, interfering, or contradicting the other party's talk; using "please" and "thank you" appropriately; maintaining an objective and fair attitude, etc.
② Aspects auditors should consider during interviews
Interviews are an important means of collecting information. The interview method should adapt to the interview situation and the personnel being interviewed. In addition, auditors should consider the following aspects:
a. To obtain representative information, personnel at different levels and functions within the audited organization should be interviewed during the audit, especially those executing activities or tasks relevant to the audit;
b. Interviews should preferably be conducted at the formal workplace of the interviewees;
c. Various methods should be adopted to avoid interviewees feeling nervous at the start of the interview;
d. The reason for the interview and the records made should be explained;
e. Interviewees can be first asked to introduce their work content;
f. The results of the interview should be summarized, and any conclusions drawn should be verified with the interviewees whenever possible;
g. Questions asked can be open or closed, but leading questions should be avoided;
h. Appreciation should be expressed for the participation and cooperation of the interviewees.
(2) Questioning Techniques
Questioning is the most frequently used and fundamental method in audits. Using the correct questioning approach is a basic communication skill for auditors.
① The main purposes of questioning are:
a. To obtain the information needed for the audit. Through questioning, information is collected purposefully and with focus. More information is not necessarily better; rather, more applicable information is better, meaning the information obtained should help quickly and accurately achieve the audit objectives;
b. To take control of the audit and ensure the audit plan is fulfilled on schedule. Based on the audit objectives and plan, questions are asked selectively and with focus, so that the auditee consciously or unconsciously provides the information and evidence needed for the audit, guiding the auditee's actions onto the track of the audit plan and ensuring smooth implementation of the audit plan.
② Questions can be divided into three types based on the answers:
a. Open-ended questions. These aim to obtain broad answers. Questions like "How?" or "What?" are open-ended questions;
b. Closed-ended questions. These can be answered with "yes," "no," or one or two words. Auditors should minimize the use of closed-ended questions unless necessary. Closed-ended questions often make interviewees nervous and some questions are difficult to answer this way. Many real situations cannot be concluded with "yes" or "no";
c. Reflective questions. These encourage discussion around the issue to obtain more information. Common forms include: "Why? Please tell me..."
Auditors can flexibly use the above three types of questions based on the information they intend to understand, the interviewee's situation, and the development of the interview.
③ Questions can be divided into two types based on the inspection content:
a. Questions based on the audit checklist;
b. Questions based on the progress of the audit.
In summary, there are many ways to ask questions. Regardless of the method, it is important that the auditor's questions have clear viewpoints and objectives, are timely; must be expressed accurately, clearly, and in a well-structured manner, progressing step by step like peeling bamboo shoots until reaching the needed point. Questions should use the shortest time and the best angle to obtain information and evidence that best achieve the audit objectives. For example, if the checklist lists four sequentially related questions A, B, C, D, asking them in order seems mechanical and rigid, and does not combine with the current situation, often resulting in poor questioning effect. Selecting questions flexibly and purposefully can improve questioning effectiveness.
An experienced auditor's questioning often appears random on the surface, but they always find the most appropriate questioning method in the current situation and get ideal answers. Suppose you are auditing contract review requirements in the purchasing department, how would you ask?
Question 1: Is contract review your responsibility? (Purpose: to confirm responsibility)
Question 2: How many contracts have you signed this year in total? (Purpose: to investigate the number of contracts that should be reviewed)
Question 3: Please show me all the contracts signed this year? (Purpose: to confirm the number of contract reviews and verify the effectiveness of the reviews)
④ When questioning, also pay attention to:
a. Consider the background of the person being questioned;
b. Observe facial expressions;
c. Express gratitude appropriately;
d. Make efforts to understand the answers;
e. Do not suggest or imply any particular answer;
f. Avoid emotional remarks;
g. Do not ask rapid-fire questions.
(3) Listening Skills
Learning to listen is very important for auditors.
During the audit process, auditors may spend up to 80% of the total time listening. A humble and serious listening attitude helps create a harmonious atmosphere and obtain valuable information, which helps draw objective audit findings.
① Listening skills include:
a. Speak less, listen more;
b. Do not fear silence;
c. Eliminate distractions;
d. Ask more open-ended questions;
e. Encourage the speaker more;
f. Maintain a kind attitude.
② Points to note when listening:
a. Maintain an equal and sincere attitude;
b. Listen attentively and seriously;
c. Be patient and provide timely feedback;
d. Avoid inappropriate reactions as much as possible.
(4) Verification Skills
After receiving answers, auditors need to distinguish truth from falsehood and correctly understand the meaning, so analysis and verification are essential.
① Analysis and Verification
Mainly includes the following four aspects:
a. Consider the respondent's answers together with environmental (background) factors as a whole for analysis;
b. Verify through one or more channels; verification is the most direct and effective method;
c. Analyze and understand the respondent's answers from a suitable perspective;
d. Have professional sensitivity to the meaning expressed by the respondent, be good at catching clues and following the trail.
Generally, after receiving an answer, auditors often use phrases like "Please show me..." If objective evidence cannot be provided immediately, and the auditee delays or promises to provide it later, the auditor should note this detail to avoid forgetting. Auditors should not assume someone's statement is fact without verifying objective evidence, otherwise it may lead to incorrect audit conclusions. Statements by interviewees are not always objective evidence. Usually, statements made by the parties involved or responsible persons can be considered objective evidence.
②During verification, the following approach can be taken:
a. Whether it exists or not, the audit should not stop just because the answer is very satisfactory. It is also necessary to verify whether the required procedural documents, plans, records, etc., meet the standards;
b. Whether it was done or not, it should not be assumed that the requirements are met just because the documents, plans, and records are well prepared and numerous. Observation, interviews, and checks should be conducted according to the documents and plans to determine if it was actually done;
c. How well it was done, it should not be assumed that the audit is adequate just because it was done according to the documents and plans. The actual results should be checked to see if they are effective, if the process has truly entered a controlled state, and if the quality activity goals have been achieved;
d. Notes: Objective evidence found during questioning, verification, and observation should be recorded promptly and confirmed by the auditee.

● Techniques for judging nonconformities
During on-site audits, auditors should frequently and promptly judge the conformity of the collected objective evidence and audit findings. To judge correctly, besides deeply understanding the standard requirements, some techniques must be mastered.
Taking ISO9001:2015 as an example, some techniques for clause judgment are introduced as follows:
(1) Top Management
Clauses directly related to top management requirements include: 5.1 Leadership and Commitment, 5.1.2 Customer Focus, 5.2 Quality Policy, 6.0 Planning, 5.3 Organizational Roles, Responsibilities and Authorities, 9.3 Management Review, etc. If nonconformities are found in these clauses, it often means system failure, and the main responsible party is top management. The subsequent measures caused by these nonconformities may involve the entire quality management system, so judgment should be cautious.
(2) Changes
For changes to design, development requirements, and related documents, judge under 8.5.6 Control of Changes; for changes to customer product requirement-related documents, judge under 8.2.3 Review of Requirements for Products and Services; for changes to objectives and related documents, judge under 6.3 Planning of Changes; for changes to quality management system documents other than the above, judge under 7.5.3 Control of Documented Information.
(3) Identification
Clauses directly related to identification include: 4.2.3 Control of Documents, 4.2.4 Control of Records, 7.5.3 Identification and Traceability, 7.5.4 Customer Property, 7.5.5 Preservation of Product, etc. When judging identification issues, the relevant clauses should be found based on the object and nature of the identification.
(4) Records
When the standard requires records but none exist, judge under the corresponding clause; for records used as evidence, judge under 4.2.4 Control of Records; for planning issues related to product realization quality records, judge under 7.1 Planning of Product Realization.
(5) Personnel
When personnel issues are involved in various clauses, the principle of moving from surface to depth can be applied. For example, if something should be known but is not, or should be able to do but cannot, judge under 6.2 Human Resources.
(6) Measurement and Monitoring
Measurement and monitoring of process parameters such as personnel, equipment, tooling, materials, environment, methods, information, time, etc., should be judged under 8.2.3 Monitoring and Measurement of Processes; measurement and monitoring of characteristics of incoming materials, semi-finished (in-process) products, and finished products should be judged under 8.2.4 Monitoring and Measurement of Product; monitoring activities during production and service provision should be judged under 7.5.1 Control of Production and Service Provision; monitoring customer satisfaction should be judged under 8.2.1 Customer Satisfaction.
(7) Practices
If the actual practice is effective but does not meet the specified requirements, i.e., reasonable but not compliant, it should be judged as a nonconformity; if the actual practice meets the specified requirements but the specified practice is not entirely reasonable or scientific, i.e., compliant but unreasonable, it should not be judged as a nonconformity.
(8) Reviews
Clauses directly related to "review" requirements include: 5.1 Management Commitment, 5.3 Quality Policy, 4.2.3 Document Control, 5.6 Management Review, 7.2.2 Review of Requirements Related to Products, 7.3.1 Design and Development Planning, 7.3.2 Design and Development Inputs, 7.3.4 Design and Development Review, 7.3.7 Control of Design and Development Changes, 7.5.2 Validation of Production and Service Provision Processes, 8.5.1 Continual Improvement, 8.5.2 Corrective Actions, 8.5.3 Preventive Actions, etc. When judging review issues, the relevant clauses should be found based on the review object, nature, and purpose.
(9) Identification
Clauses directly related to "identification" requirements include: 4.1 General Requirements, 4.2.3 Document Control, 4.2.4 Control of Records, 7.3.4 Design and Development Review, 7.3.7 Control of Design and Development Changes, 7.5.3 Identification and Traceability, 7.5.4 Customer Property, 7.6 Control of Monitoring and Measuring Devices, 8.3 Control of Nonconforming Outputs, 8.4 Analysis of Data, etc. When judging identification issues, the relevant clauses should be found based on the identification occasion, timing, object, purpose, and scope.
(10) Legal
Issues related to communicating legal compliance to the organization can be judged under 5.1 Management Commitment; issues related to the organization's legal knowledge can be judged under 5.2 Customer Focus, 7.2.1 Determination of Requirements Related to Products, 6.2.2 Competence, Awareness and Training, etc., depending on the involved objects and scope; issues related to the organization's legal compliance can be judged under 7.3.2 Design and Development Inputs, 7.3.4 Design and Development Outputs, depending on the process and location; evaluation of whether the organization's behavior complies with laws and regulations can be judged under 5.6 Management Review, 7.2.2 Review of Requirements Related to Products, 7.3.4 Design and Development Review, 8.2.2 Internal Audit, etc., depending on the evaluation purpose, nature, and object.
(11) Resources
Clauses directly related to "resources" requirements include: 4.1 General Requirements, 5.1 Management Commitment, 5.6.3 Review Outputs, 6 Resource Management, 7.1 Planning of Product Realization, etc. When judging resource issues, the relevant clauses should be found based on the occasion, purpose, category, and object of resource identification, provision, use, and management. If no relevant clause can be judged, it can be judged under 6.1 Provision of Resources.

The clauses in the standard that directly involve "communication" requirements include: 5.1 Management Commitment, 5.3 Quality Policy, 5.5.1 Responsibilities and Authorities, 5.5.2 Management Representative, 5.5.3 Internal Communication, 7.2.3 Customer Communication, 7.3.1 Design and Development Planning, 7.4.2 Purchasing Information, etc. When judging "communication" issues, corresponding clauses should be sought based on the communication object, process, and purpose.
(13) Improvement
There are opportunities for improvement in the quality management system and any of its processes. Therefore, when judging "improvement" issues, corresponding clauses should be sought based on the object, process, and timing of the improvement. Generally, measures taken for nonconforming products themselves should be judged under 8.3 Control of Nonconforming Product; measures taken for audit findings should be judged under 8.2.2 Internal Audit; measures taken for quality management system issues should be judged under 5.6 Management Review; measures taken to prevent recurrence of actual nonconformities in processes should be judged under 8.5.2 Corrective Action; measures taken to prevent potential nonconformities in processes should be judged under 8.5.3 Preventive Action.
(14) Confirmation
The clauses in the standard that directly involve "confirmation" requirements include: 7.1 Planning of Product Realization, 7.2.2 Review of Product-Related Requirements, 7.3.1 Design and Development Planning, 7.3.6 Design and Development Confirmation, 7.3.7 Control of Design and Development Changes, 7.5.2 Validation of Production and Service Provision Processes, 7.6 Control of Monitoring and Measuring Devices. When judging "confirmation" issues, corresponding clauses should be sought based on the need, object, process, and purpose of confirmation.
(15) Planning
The clauses in the standard that directly involve "planning" requirements include: 4.1 General Requirements, 4.2.1 General, 5.4.2 Quality Management System Planning, 7.1 Planning of Product Realization, 7.3.1 Design and Development Planning, 8.1 General, 8.2.2 Internal Audit, 8.2.3 Monitoring and Measurement of Processes, 8.2.4 Monitoring and Measurement of Product, etc. When judging "planning" issues, corresponding clauses should be sought based on the planning object, purpose, process, timing, and needs.
(16) Facilities, Equipment, Devices
For issues related to determining, providing, and maintaining infrastructure, judgment should be made under 6.3 Infrastructure; for issues related to the use, maintenance, and tooling management of production and service equipment, judgment should be made under 7.5.1 Control of Production and Service Provision; for configuration issues of production and service equipment, judgment should be made under 6.3 Infrastructure; for devices used in production and service processes for monitoring and measurement, any acquisition and usage issues should be judged under 7.5.1 Control of Production and Service Provision; issues related to measurement capability, calibration, protection, confirmation, etc., should be judged under 7.6 Control of Monitoring and Measuring Devices.
(17) Protection
In the production and service operation process (including handling, storage, packaging, delivery, etc.), product protection issues should be judged under 7.5.5 Product Protection; infrastructure protection issues should be judged under 6.3 Infrastructure; protection of production and service equipment (tooling) should be judged under 7.5.1 Control of Production and Service Provision; protection of measuring and monitoring devices should be judged under 7.6 Control of Monitoring and Measuring Devices; protection related to personal safety should be judged under 6.4 Work Environment.
(18) Customer
The clauses in the standard that directly involve "customer" requirements include: 5.1 Management Commitment, 5.2 Customer Focus, 5.3 Quality Policy, 5.5.2 Management Representative, 5.6 Management Review, 6.1 Provision of Resources, 7.2 Customer-Related Processes, 7.5.4 Customer Property, 7.4.3 Verification of Purchased Product, 8.2.4 Monitoring and Measurement of Product, 8.3 Control of Nonconforming Product, 8.2.1 Customer Satisfaction, 8.4 Data Analysis, 8.5.2 Corrective Action, etc. When judging customer-related issues, corresponding clauses should be sought based on customer-related processes, objects, and purposes.
(19) Determination
The clauses in the standard that directly involve "determination" requirements include: 4.1 General Requirements, 5.2 Customer Focus, 6.1 Provision of Resources, 6.2.2 Competence, Awareness and Training, 6.3 Infrastructure, 6.4.2 Work Environment, 7.1 Planning of Product Realization, 7.2 Determination of Product-Related Requirements, 7.3.1 Design and Development Planning, 7.6 Control of Monitoring and Measuring Devices, 8.1 General, 8.2.1 Customer Satisfaction, 8.2.2 Internal Audit, 8.4 Data Analysis, 8.5.2 Corrective Action, 8.5.3 Preventive Action, etc. When judging determination-related issues, corresponding clauses should be sought based on the purpose, object, and process of determination.
(20) Clause 7.5.1 Control of Production and Service Provision should include specific processes of equipment use, tooling, processes, production, handling, storage, packaging, delivery, and services in product realization. When issues involve the above aspects and no other corresponding clauses exist, judgment can be made under 7.5.1 Control of Production and Service Provision.
(21) Statistical Techniques
If knowledge of statistical techniques is not mastered or applied incorrectly, judgment can be made under 6.2.2 Competence, Awareness and Training; other issues related to the application of statistical techniques can be judged under 8.1 General.
(22) Approval
The clauses in the standard that directly involve "approval" requirements include: 4.2.3 Document Control, 7.3.3 Design and Development Outputs, 7.3.7 Control of Design and Development Changes, 7.5.2 Validation of Production and Service Provision Processes, 7.4.2 Purchasing Information, 8.2.4 Monitoring and Measurement of Product, 8.3 Control of Nonconforming Product, etc. When judging "approval" issues, corresponding clauses should be sought based on the approval object, authority, and process. If there is no approval requirement in the standard clauses but there is an approval requirement in the organization's quality management system documents, judgment should be made according to the clauses corresponding to the organizational document requirements.
(23) Detailed when possible, broad when not; detailed for higher-level, broad for non-corresponding principle.
For example, 4.2.3 Document Control.
(24) Closest Principle
When no clause in the standard can be exactly "matched," judge by the closest clause.
(25) Most Effective Principle
When multiple judgments exist, judge according to the clause that is most beneficial for improvement or where improvement is most easily effective.
(26) Most Critical Principle
When multiple issues exist simultaneously, keywords, key objective evidence, or key issues should be sought for judgment.
(27) Principle of Closest Connection
Some issues should be understood by looking beyond the surface and judged from the causes most closely related to the problem's origin.
(28) Principle of Combining Like Items
Minor nonconformities of the same kind can be combined, such as some identifications in document control.
(29) Analyze the audit object specifically, avoid misinterpretation.

● Response Techniques for Some Typical Situations
(1) "No Problem" Type
This type of person tries to make the auditor think everything is "excellent," only showing the good side and brushing off the bad parts.
The response technique is: insist on a comprehensive audit, listen to the good as well as the bad, look at the good as well as the bad.
(2) "Resistant" Type
Unwelcoming any criticism, disregarding the auditor's opinions, and not cooperating with the auditor.
The response technique is: stay calm, persist with the audit, and clearly and patiently explain the issues found.
(3) "Concealing" Type
Speak as little as possible and answer few questions; even when answering, evade directly, trying to limit the auditor's understanding of the real situation.
The response technique is: be patient, tolerant, and flexibly change questioning methods until the goal is achieved.
(4) "Know Nothing" Type
Avoid answering questions by claiming unfamiliarity with the situation.
The response technique is: request the auditee's leadership to assign someone familiar with the situation to accompany or explain.
(5) "Grandiloquent" Type
Citing many references and engaging in theoretical discussions with the auditor to intimidate them using professional advantages and slow down the audit progress.
The response technique is: promptly insert the most practical questions and avoid debating theoretical or technical issues.
(6) "Can't Do" Type
When the auditor raises issues, explain with reasons such as impracticality, impossibility, unnecessary, or too complicated, refusing to acknowledge the problem.
The response technique is: clearly and patiently explain that these are standard requirements and the audit is a process of comparing standards with reality.
(7) "Excuse" Type
Try every means to excuse the nonconformities found, looking for reasons to evade responsibility.
The response technique is: recheck if necessary, insist on facts as the basis, and cover comprehensively.
(8) "Voluntary Disclosure" Type
Proactively inform the auditor of existing problems while shifting responsibility.
The response technique is: first verify the issues introduced, but be cautious not to get involved in interpersonal conflicts of the auditee.
(9) "Pleading" Type
Admit the problems found by the auditor but ask for leniency, not to classify as nonconformities, and promise immediate correction.
The response technique is: uphold principles but show sympathy and understanding to the auditee; minor nonconformities that can be immediately corrected may be downgraded to observations or not classified after confirmation.
(10) "Deliberate Delay" Type
Try every means to divert the auditor's focus, energy, and time; delay providing requested materials; give long-winded introductions; the accompanying personnel are eloquent, often proactively introducing situations or frequently explaining issues using ISO9001 standards or zoning out, requiring searching.
The response technique is: avoid irrelevant matters as much as possible, plan carefully, keep audit objectives clear, politely but firmly interrupt irrelevant introductions, urge the auditee to submit materials, and avoid discussing issues with others.
(11) "Overly Enthusiastic" Type
The auditor is very polite and enthusiastic, offering tea, cigarettes, fruit, etc., to soften the audit atmosphere.
The response technique is: minimize socializing during the audit, usually avoid eating fruits or similar foods, be polite but serious.

● On-site Audit Control
(1) Be Faithful to the Audit Purpose
Quality audits start from planning and end with submitting the audit report; throughout the process, the audit purpose must be adhered to. Especially during on-site audits, various interferences may occur, and slight negligence can cause deviation from the original track. The audit team leader should always grasp the dynamics, control direction, confirm the target, and coordinate and adjust promptly when deviations occur; auditors should keep a clear mind, know what they are doing, what should be done, and how to do it, firmly following the plan and checklist without easily shifting focus or deviating from the audit purpose due to distractions.
(2) Maintain Audit Rhythm
The audit team leader is like a conductor, focusing on harmony and overall function; auditors should conduct the audit orderly and coordinately, obeying the team leader's command, fully communicating, coordinating, and complementing each other. This is key to maintaining audit rhythm. Auditors must not stay in one department "until a problem is found." Audits deviating from the checklist should be cautious; unless there are key clues, deviation is generally not recommended. Auditors should investigate to the necessary depth based on the situation.
(3) Audit Team Meeting
At an appropriate stage or at the end of the day, an audit team meeting should be held. This is an important control method for the audit team leader. Through the meeting, the leader understands each auditor's progress, sets next steps, and coordinates related work. The meeting should also analyze and judge audit evidence and findings, decide whether to issue nonconformity reports and determine their types. Before the final meeting, a team meeting should summarize, analyze, and evaluate audit results and prepare the content for the final meeting's audit team speech.
(4) Control of the Audit Plan
Audits should generally be conducted according to the audit plan and checklist. Changes to the audit plan are only appropriate when it is believed that such changes can better achieve the audit objectives. Any changes to the audit plan must be approved by the client or agreed upon by the auditee. Only when serious nonconformities are suspected can the original checklist limits be exceeded, following new clues until a conclusion is reached.
(5) Control of Audit Progress
Audit work should be completed according to the scheduled time. If it becomes impossible to complete as planned, the audit team leader should make timely adjustments, such as reallocating resources or appropriately reducing audit content, to keep the audit on schedule. The team leader may decide to extend the audit time to follow up on important clues until reliable inspection results are obtained.
(6) Control of Audit Atmosphere
The audit team leader should always pay attention to the progress of the audit work and take appropriate measures to correct any tense or overly careless atmosphere that should not occur during the audit. A harmonious atmosphere is conducive to the audit process.
(7) Control of Audit Scope
Starting from the purpose of the internal audit, it is common for the audit scope to be expanded during the audit. When changing the audit scope, the consent of the audit team leader should be obtained. If necessary, auditors have the right to expand the sampling scope and sample size.
(8) Control of Nonconformities
All nonconformities should be reported to the audit team leader, who should review them daily. For those that are not sufficiently certain or clear, or not confirmed by the auditee, re-inspection and verification can be conducted. Based on a comprehensive analysis of the nonconformities, the audit team should issue nonconformity reports aimed at improvement. The audit team leader is responsible for the audit conclusions.
(9) Communication with the Auditee
During the audit, the audit team leader should regularly communicate appropriately with the auditee regarding the audit status and any concerns. Any concerns about issues beyond the audit scope should be recorded and reported to the audit team leader to facilitate communication with the client and auditee as much as possible. Any changes in audit scope requirements that may arise during the on-site audit should be reviewed and approved by the client. When available evidence indicates that the audit objectives cannot be achieved, the audit team leader should report the reasons to the client and auditee to determine appropriate measures, which may include terminating the audit or changing the audit objectives.
(10) Other Controls
Attention should be paid to confirming objective evidence and conducting irregular rechecks; any violations of audit discipline or behaviors detrimental to the normal audit process should be corrected promptly; unexpected situations should be handled timely and properly.
Nonconformity Report

● Meaning of Nonconformities
Nonconformities described in the audit refer to "failure to meet specified requirements." These specified requirements mainly include:
(1) Standard requirements (such as ISO9001 standard requirements).
(2) Document requirements (including quality manuals, procedure documents, quality records, quality plans, technical documents, and management documents).
(3) Contract requirements (such as sales contracts signed with customers, purchase contracts signed with suppliers, etc.).
(4) Social requirements (including laws, regulations, decrees, rules, and obligations related to environmental protection, health and safety, energy, and natural resource conservation).
(5) Other requirements, such as top management requirements and common-sense requirements (not necessarily documented).
(6) Customer complaints.
The determination of nonconformities is based on the explicit requirements of the ISO9001:2015 standard and customer complaints. Nonconformities related to implicit requirements can be expressed in observable forms or appropriately described in the audit report.

● Types of Nonconformities
The main types of nonconformities encountered in internal quality management system audits include:
(1) Document nonconformities. Including cases where documents do not meet requirements, regulations are not implemented, or implementation is ineffective.
(2) Equipment nonconformities. Production or measurement and monitoring equipment does not meet the technical status or management requirements to ensure quality.
(3) Product nonconformities. Products (including purchased products, semi-finished products, finished products, etc.) do not meet technical specifications or social requirements.
(4) Personnel nonconformities. Personnel in specific positions involved in the audit do not meet the standards, documents, or the required qualifications and training for actual operations.
(5) Environmental nonconformities. The audit area environment does not meet the requirements imposed by equipment, personnel, materials, processes, production, or management on the environment.
(6) Other nonconformities. Factors affecting resources such as time, information, and resources involved in the audit, which although not specified in documents, do not comply with common-sense requirements.
Such classification helps to focus on key points for corrective actions.

● Principles for Determining Nonconformities
(1) Principle of verifying regulations against actual conditions
During the audit, the principle of verifying actual conditions against regulations should be adhered to. Nonconformities must be audit findings verified within the specified scope and based on objective evidence. Findings not verified cannot be judged as nonconformities; insufficient objective evidence cannot be judged as nonconformities; findings beyond the specified scope should not be raised as nonconformities.
(2) Principle based on objective evidence
Findings lacking sufficient basis cannot be judged as nonconformities. For nonconformities disputed by the auditee, decisions can be made through negotiation or re-audit.

● Classification and Evaluation of Nonconformities
Internal audits can be classified according to their own needs and standards. The purpose of classification is to obtain audit conclusions correctly and objectively. Different audit objects have different classification methods. For example, product quality audits classify defects by severity into critical defects (Class A), major defects (Class B), general defects (Class C), and minor defects (Class D). Quality management system audits classify nonconformities by severity, such as third-party system audits which distinguish between major nonconformities and minor nonconformities. Classification brings two benefits: first, it highlights key points, focusing efforts on correcting and preventing critical and systemic nonconformities or defects; second, it assigns different weights to different levels, converting qualitative analysis into quantitative analysis. Through data processing, a comprehensive evaluation is made using data. For example, Class A defects in product quality audits are assigned 100 points, Class B defects 50 points, Class C defects 10 points, and Class D defects 1 point. By weighting defects and mathematical processing, a quality index I is derived to reach a comprehensive evaluation conclusion.
Internal quality management system internal audits can be divided into four levels according to severity: major nonconformity, minor nonconformity, slight nonconformity, and observation item.
(1) Major Nonconformity
Major nonconformity usually refers to systemic failures or defects. The main criteria are:
① The quality management system seriously does not comply with the agreed quality management system standards or document requirements. For example, key control procedures are not implemented, or required standards are missing.
② Nonconformities causing systemic failures (may require multiple minor nonconformities to explain). For example, most measuring and monitoring equipment in use is not calibrated (verified) according to the cycle; most nonconforming products are not reviewed and recorded as required.
③ Nonconformities causing regional failures (may require multiple minor nonconformities to explain). For example, a certain organizational unit is not covered by the quality management system or the unit does not implement the system according to standards; among all products covered by the quality management system, a certain product is not controlled according to standards.
④ Nonconformities that can cause serious consequences. For example, welding of pressure vessels does not meet specified requirements, household appliances have not undergone insulation or pressure tests, processing is done according to incorrect drawings, etc. These directly endanger product or personal safety or may cause significant economic losses and seriously damage the organization's reputation.
⑤ Nonconformities that violate laws and regulations.
(2) Minor Nonconformity
Criteria for minor nonconformities:
① Not occasional, obvious nonconformities that do not meet document requirements. For example, some purchase contracts are not reviewed, and inspectors' responsibilities are unclear.
② Nonconformities that directly affect product quality. For example, several testing devices have exceeded calibration periods and initial or self-inspections are not performed as required.
③ Nonconformities that cause failure of quality activities. For example, quality control points do not control key quality characteristics or process influencing factors.
(3) Slight Nonconformity
Slight nonconformities refer to isolated, occasional issues that do not directly affect product quality. For example, a drawing or a document version in the file is not the latest, a document lacks a date, wording is inaccurate, or signatures do not meet requirements.
(4) Observation Item
Classifying nonconformities can sometimes be difficult because boundaries are hard to define accurately. This distinction often depends on the experience and skills of the audit team leader and auditors. Sometimes a report similar to a nonconformity is called an "observation item." Situations where "observation items" appear mainly include:
① Evidence is slightly insufficient, but there is a problem that needs to be reminded.
② A problem has been found but does not yet constitute a nonconformity; if it develops, it may become a nonconformity.
③ Other matters that need attention.
Observation item reports are not nonconformity reports and are not included in the final audit report. The setting of "observation items" undoubtedly provides a step for both the auditor and the auditee, which helps ease the audit atmosphere. When used properly, it has a positive significance for internal audits.

● Nonconformity Evaluation Method
In audits, a matrix diagram is usually used, where each auditor's nonconformities are filled into the table. After statistical analysis, the overall situation of nonconformities becomes clear.
The purpose of statistical analysis of nonconformities is to evaluate the conformity level of the quality management system. There are three evaluation methods:
(1) Proportion Method
The proportion of nonconforming clauses to total clauses is calculated based on audit clauses determined by standards or checklists.
(2) Scoring Method
Weighted scores are assigned to each level of nonconformity. After the audit, the total loss score is obtained by multiplying the number of nonconformities by the corresponding weighted score and summing.
(3) Layered Classification Method
Nonconformities are usually statistically analyzed by six types: documents, equipment, personnel, environment, and others. For example, document nonconformities can be divided into those that do not comply with requirements, those where regulations are not implemented, and those where implementation is ineffective.
In summary, there can be many evaluation methods, but three key points must be grasped:
(1) It should correctly, objectively, and fairly derive a comprehensive evaluation conclusion of the system.
(2) It should convert qualitative analysis into scientific quantitative analysis.
(3) It should enable objective and reasonable comparisons over time, vertically, horizontally, and by category.
 
● Content of Nonconformity Reports
The content of nonconformity reports may include: name of the auditee, auditor, accompanying personnel, date, description of the nonconformity phenomenon (should point out objective facts of nonconformity or defects), conclusion of the nonconformity phenomenon (violations of standards or document clauses), nature of the nonconformity (by severity), confirmation by the auditee, corrective actions and completion time, verification records after corrective actions, etc. The three essential elements of a nonconformity report are: description of the nonconformity phenomenon, conclusion of the nonconformity phenomenon, and nature of the nonconformity. These are indispensable for any nonconformity report.
The description of nonconformities should strictly reference objective evidence and be traceable. For example, observed facts, locations, parties involved, related document numbers, product batch numbers, relevant document content, statements from relevant personnel, etc. The description should be as simple and clear as possible, factual, straightforward, and unembellished.
The conclusion of the nonconformity mainly refers to which clause of the agreed documents (quality management system standards, quality management system documents, contracts, etc.) the described phenomenon violates.

● Notes on Nonconformity Reports
(1) Nonconformity reports must state the objective facts of nonconformity under the standard requirements. The description should be clear, correct, complete, and confirmed by the auditee's representative.
(2) The statement of nonconformities should be:
① Factual, traceable, and not likely to cause dispute or denial by the auditee.
② State where, when, why, who, etc. When involving specific personnel, it is advisable to mention their position or title.
③ To be helpful, the statement should indicate what needs to be done to correct it.
④ Appropriately state the reasons.
(3) Before the end of the audit, all nonconformities should be confirmed by the auditee.
(4) Situations and countermeasures when the auditee refuses to confirm the nonconformity report:
① The auditee believes this is not an objective fact.
Countermeasure: Provide sufficient evidence to prove this is an objective fact. If there is no sufficient evidence, the nonconformity report should be canceled.
② The auditee presents opposing objective facts.
Countermeasure: Verify whether the opposing objective facts provided are true and valid, and whether they occurred later. If the opposing facts are valid, cancel; if not, uphold the original judgment.
③ The auditee believes this is not a standard requirement.
Countermeasure: Compare with the standard and document provisions. If it is, uphold the original judgment; if not, cancel it.
④ The auditee believes this is a method issue.
Countermeasure: The auditor should insist on the diversity of methods. As long as the method is effective and meets the specified requirements, it should be accepted. If it is ineffective, there should be sufficient reasons and evidence.
Persuade the auditee. Auditors must avoid using their own ideas or methods as standards for judgment or imposing them on others, as this will cause strong resentment from the auditee.
In summary, when the auditee does not confirm the nonconformity report, the auditor should remain calm and patient, and maintain an open mind under the premise of adhering to audit principles; the auditor should explain the reasons, point out whether it is an objective fact and whether it is a standard requirement, so that the auditee is convinced sincerely, rather than acting condescendingly or using pressure. The auditee is the auditor's "customer," and the auditor should wholeheartedly provide quality service.
(5) The nonconformity report should be distributed at least to the responsible department for the nonconformity and the department responsible for implementing corrective actions, to facilitate the implementation of corrective actions and verification of their effectiveness.
(6) When issuing a nonconformity report, do not act emotionally, do not use descriptive or exaggerated language, do not arbitrarily expand the scope of objective facts of nonconformity, do not base the nonconformity judgment on personal ideas or methods, and do not arbitrarily raise standards or document requirements.
(7) When issuing a nonconformity report, the effect of subsequent corrective actions must be considered, whether positive or negative, and whether the impact on product quality is direct and major or indirect and minor.
Internal Audit Closing Meeting

● Tasks of the Closing Meeting
(1) Introduce the audit situation to the auditee so that they can clearly understand and confirm the audit results.
(2) Report audit findings (focus on nonconformities) and audit conclusions.
(3) Propose follow-up work requirements (corrective actions, follow-up audits, etc.).
(4) End the on-site audit.

● Contents of the Closing Meeting
The audit team expresses gratitude to the auditee for their cooperation throughout the audit period. The thanks should be sincere and specific but not overly grand or enthusiastic. Attendees should sign in.
(1) Reiterate the audit purpose and scope. Considering that participants in the closing meeting may not have attended the opening meeting, the audit team leader should reiterate.
(2) Emphasize the limitations of the audit. The audit is conducted by sampling and carries certain risks. However, the audit team has tried to make the sampling representative and the audit opinions fair.
(3) Read out the nonconformity reports (main parts can be selected).
(4) Propose corrective action requirements. The audit team requests the auditee to take corrective actions, including determining the timing of corrective actions, deadlines for completion, and methods for verifying corrective actions.
(5) Read out the audit opinions. The audit team leader announces the audit opinions and explains the release time, method of the audit report, and other follow-up work requirements.
(6) The auditee's leadership makes a statement and commits to corrective actions.
(7) Meeting ends, and the audit team expresses thanks.

● Notes for the Closing Meeting
(1) The closing meeting is an important meeting not only at the end of third-party audits but also at the end of internal audits and should not be omitted.
(2) The focus of the closing meeting should be on proposing corrective actions and requirements for nonconformities.
(3) Important departments and personnel involved in the audit results and opinions should attend to facilitate corrective actions. All attendees should sign in.
(4) The closing meeting time is determined in the audit plan and should maintain the audit style and a good atmosphere. "Start on time, end on time." The meeting usually lasts one hour. If the auditee wants to extend the meeting, their reasonable request can be met. The closing meeting should avoid dragging on or disputes. Once the audit team leader sees that the meeting objectives have been achieved, they should decisively and strategically "close" the meeting.
(5) The closing meeting should have meeting minutes that are kept. The minutes should include the sign-in of attendees.
(6) Some nonconformities have been corrected by the auditee before the final meeting, and the auditor's verification is also satisfactory, so they may not be raised or can be acknowledged with satisfaction during the meeting.
(7) The final meeting should appropriately acknowledge the successful experiences and good practices achieved by the auditee, rather than only focusing on problems.
(8) When reading the nonconformity report or conclusions unfavorable to the auditee, full preparation and appropriate wording should be chosen to avoid falling into a "deadlock."
(9) All audits have a certain degree of uncertainty. Since audits are conducted using limited resources within a limited time, the information collected during the audit is inevitably based on sampling of available information. This leads to all audits having some uncertainty, and users of audit conclusions should pay attention to this uncertainty.
(10) Before the final meeting, the audit team should hold internal discussions to:
① Review all audit findings;
② Reach a consensus on the audit conclusions;
③ Discuss the follow-up measures for the audit.