PRI Industry Managed Accreditation Program Procedure IMAPP 05

INTERNAL AUDIT Page 1 of 6

Document Owner: Bob Lizewski Issue Date: 19-Apr-2015
Revision Date: 17-Sep-2018

1.0 PURPOSE

The purpose of this procedure is to define internal audit activities of PRI’s

administration of the Industry Managed Accreditation Programs.

2.0 SCOPE

This procedure is applicable to oversight of the Nadcap Aerospace Industry

Managed Accreditation Program.

3.0 DEFINITIONS

Finding: a general term referring collectively to Nonconformances and

Observations.

Internal Audit Review Team: Nadcap Program Director and Program Managers.

Nonconformance (NCR): a violation of an Industry Managed Accreditation Program

requirement.

Observation: an opportunity for improvement.

4.0 PROCEDURE

4.1 The Nadcap Leadership Team, as defined in IMAPP 06 Continuous Improvement,

shall determine the procedures to be audited during the year by utilizing a risk
analysis tool.

4.1.1 Each procedure, with exception of OP 1103 Definitions, shall be audited every
three (3) years at a minimum.

4.1.2 OP 1114 Task Group Operation and OP 1116 Auditor Staffing shall be included
with each annual audit and reviewed with the scheduled Task Group Appendices
audits.

4.2 The Quality Manager shall record the annual Internal Audit schedule on i-frm-50
Internal Audit Schedule.

4.2.1 The Quality Manager or designee shall verify that the Risk Analysis tool used to
create the internal audit schedule included all procedures as required in 4.1.1.

4.2.2 The schedule and any changes to audited procedures or timing shall be approved
by the Director, Nadcap.

4.2.3 The schedule shall be posted and maintained on SharePoint.

PRI Industry Managed Accreditation Program Procedure IMAPP 05
INTERNAL AUDIT Page 2 of 6
Document Owner: Bob Lizewski Issue Date: 19-Apr-2015
Revision Date: 17-Sep-2018

4.3 The Quality Manager shall ensure that the audit is conducted per the approved
schedule.

4.4 The audit shall be conducted by auditors, qualified per 4.13, using the appropriate
checklists.

4.5 Checklist responses, nonconformances, and observations shall be recorded in

eAuditNet.

4.6 Findings shall be classified as Major nonconformance, Minor nonconformance, or

Observation.

4.6.1 A nonconformance shall be classified as Major for any of the following

circumstances:

• Evaluate impact- identified issue calls into question the reliability of the Nadcap
work product (Advisories, Audit Reports, Accreditation Process, QML, etc.)
• A systemic breakdown
• Nonsustaining corrective action – a situation where agreed corrective action
was not implemented or failed to prevent recurrence of an NCR.

4.6.2 A nonconformance shall be classified as Minor when there is any single system
failure or lapse in conformance that did not call into question the reliability of the
Nadcap work product.

4.6.3 An Observation identifies an item that is compliant with the requirement but may be
an opportunity for improvement.

4.7 The condition found shall include the following at a minimum:

• Auditor who identified the finding

• Responsible Party - the person responsible for developing the response to the
finding
• Immediate Supervisor of the responsible party
• Document Owner of the procedure that the finding is written against
• Other Associated Individuals – other persons affiliated with a finding as
applicable. These persons contribute to developing the response to the finding.
• Written description of the finding

4.8 The Quality Manager shall review the audit report for completeness and ensure the
condition found contains all required elements.

4.9 The Quality Manager shall submit the audit to Responsible Parties by selecting
“Send for Auditee Review”.

4.10 Responding to Findings

PRI Industry Managed Accreditation Program Procedure IMAPP 05
INTERNAL AUDIT Page 3 of 6
Document Owner: Bob Lizewski Issue Date: 19-Apr-2015
Revision Date: 17-Sep-2018

4.10.1 Responses to findings shall be posted in eAuditNet within twenty-one (21) days of
the audit results being submitted for “Auditee Review”.

4.10.2 The Responsible Party shall develop the response, and coordinate the response
with other associated individuals when applicable. Evidence of coordination shall
be included in the response.

4.10.3 Before posting, responses shall be approved by the immediate supervisor of the
Responsible Party. Evidence of approval shall be included in the response. Note,
only the first cycle response needs to be approved.

4.10.4 The response to nonconformances shall include the following elements:

• Immediate Corrective Action

• Root Cause of the Nonconformance
• Impact of All Identified Causes and the Root Cause
• Potential Systemic Nature
• Action Taken to Prevent Recurrence
• Effective Date
• Objective Evidence

4.10.5 Observations require a response by the Responsible Party. The response may
indicate that no action was taken provided that investigation deemed that any
further action was unnecessary.

4.10.5.1 Actions proposed to resolve an Observation shall not be implemented prior to the
Observation being dispositioned by the Internal Audit Review Team.

4.10.6 Once all responses are posted, the Quality Manager shall submit the audit for
Quality Manager Review by selecting “Send for SE Review”.

4.10.7 The Quality Manager shall review responses and disposition all findings within
seven (7) days.

4.10.7.1 Any finding assigned to the Quality Department shall be reviewed and
dispositioned by a minimum of two (2) members of the Internal Audit Review Team.

4.10.7.2 Findings are dispositioned by requiring additional information from the Responsible
Party, voiding the finding, or accepting the response.

4.10.8 If subsequent response cycles are required, the applicable Responsible Parties will
have seven (7) days to respond.

4.10.9 The Quality Manager shall have 7 days to review subsequent responses and
disposition the findings.
PRI Industry Managed Accreditation Program Procedure IMAPP 05
INTERNAL AUDIT Page 4 of 6
Document Owner: Bob Lizewski Issue Date: 19-Apr-2015
Revision Date: 17-Sep-2018

4.10.10 Once all findings have been designated “Void” or “Accept”, the Quality Manager
shall submit the audit for Internal Audit Team Review by selecting “Send for TG
Review”.

4.10.11 The Internal Audit Review Team shall review responses and disposition all
findings.

4.10.11.1 Findings are dispositioned by one of the following: requiring additional information
from the Responsible Party, voiding the finding, or closing the response.

4.10.11.2 Changes to corrective actions occurring after the response is closed shall be
approved by the Internal Audit Review Team with the change and approval
documented in the response.

4.10.12 Once all findings have been designated “Void” or “Close” by the Internal Audit
Review Team, the Quality Manager shall move the audit to Withheld.

4.10.13 Extensions for response submittal shall not be granted.

4.10.13.1 Responses not submitted by the due date shall accrue delinquency days.

4.10.14 Delinquency days shall result in actions being taken as deemed appropriate by the
supervisor and/or the Nadcap Leadership Team.

4.11 Appeals of NCRs

4.11.1 The validity of an NCR may be challenged. Appeals shall be submitted in lieu of a
response in eAuditNet. Justification, and any supporting evidence, shall be
provided.

4.11.1.1 When appealing an NCR, it is not required to include all elements of the
nonconformance response.

4.11.2 The appeal shall be resolved by the Quality Manager or the Internal Audit Review
Team.

4.11.3 If an NCR is determined to be invalid, the status of the NCR in eAuditNet shall be
revised to “Void”. A note shall be included explaining why the nonconformance is
no longer valid.

4.12 Verification of Corrective Action

4.12.1 The status of the audit shall be changed to “Completed” after the Quality Manager
has verified that all proposed corrective actions have been implemented.

4.12.2 The effectiveness of corrective actions implemented because of an internal audit

NCR shall be evaluated during the subsequent internal audit.
PRI Industry Managed Accreditation Program Procedure IMAPP 05
INTERNAL AUDIT Page 5 of 6
Document Owner: Bob Lizewski Issue Date: 19-Apr-2015
Revision Date: 17-Sep-2018

4.13 Selection and Training of Auditors

4.13.1 Internal Auditors are selected from PRI Staff and Nadcap Auditors.

4.13.2 PRI staff who are not qualified Nadcap auditors must complete one of the auditor
training courses listed below:

• ANAB recognized Lead Assessor Course (e.g. Stat-a-Matrix),

• ASQ sponsored Auditor Training (e.g. CQA), or
• Internal training administered by the Quality Department.

4.13.3 Internal Auditor trainees shall participate in one (1) internal audit as a trainee and
shall be assigned to at least one procedure audit.

4.13.3.1 Trainees shall not conduct a procedure audit without an approved Auditor.
PRI Industry Managed Accreditation Program Procedure IMAPP 05
INTERNAL AUDIT Page 6 of 6
Document Owner: Bob Lizewski Issue Date: 19-Apr-2015
Revision Date: 17-Sep-2018

5.0 DOCUMENT REVISION HISTORY

Effective Summary
Date
19-Apr-2015 New Document transitioned from NIP 8-01 02-Dec-14

1-Feb-2016 Significant re-write. Removed the following- quarterly

audits, audit all procedures every year, internal audit
manager, internal audit manager qualifications, response
extensions. Added –risk analysis tool used to determine
procedures to be audited, each procedure audited at a
minimum every 3 years, internal audit review team,
schedule is a controlled form, 7-day review time for Quality
Manager, response delinquency, training requirements for
non-Nadcap auditors
1-Apr-2016 4.6.1 clarified the definition of impact; 4.6.2 revised to align
with clarified impact language in 4.6.1; 4.7 changed finding
description to condition found, and added written
description of finding; added new 4.9 “Send to Supplier
Review”
05-Oct-2016 3.0 – revised Finding definition, added NCR and
Observation definitions; 4.4 - added reference to 4.13; 4.6.3
– changed ‘conformance’ to ‘compliant’ and ‘procedure’ to
‘requirement’; 4.10.11.1 and 4.11 - changed ‘finding’ to
‘NCR’;
15-Sep-2017 Removed Referenced Documents section 5.0 and added
document titles to documents referenced in the body of the
procedure; 4.10.5.1 – new; 4.10.11 replaced
nonconformance with finding; 4.10.11.1 replaced
Nonconformances with Findings, and NCR with finding;
4.10.12 replace nonconformances with findings
17-Sep-2018 Even year review. New 4.10.11.2 to add process for
changing approved CA’s prior to implementation; CA IA
187702 NCR 2 - Revised 4.1.1 to add OP 1103 as an
exception and added 4.2.1 to verify risk analysis tool
includes all procedures.