correc recti tive ve action n requests uests cars s major
play

Correc recti tive ve Action n Requests uests (CARs) s) Major - PowerPoint PPT Presentation

Instr structi uction on for Writing ng and Analyzin zing Correc recti tive ve Action n Requests uests (CARs) s) Major r nonconform conformity: ity: A major jor nonc onconfo nform rmit ity is one ne or more ore of: f: a. a.


  1. Instr structi uction on for Writing ng and Analyzin zing Correc recti tive ve Action n Requests uests (CARs) s)

  2. Major r nonconform conformity: ity: A major jor nonc onconfo nform rmit ity is one ne or more ore of: f: a. a. the e absence ence of, or tota tal l breakdow kdown of, a system em to meet et a SAAS AS requir uirem emen ent. t. A number umber of mino inor non onconformi formiti ties es against ainst one ne requir quirem emen ent t can n represen esent a tota tal l breakdow kdown of f th the e system tem and d th thus us be con onsi sidered dered a major jor noncon onconfo formi rmity; y; b. b. a noncon onconfo formi rmity y that t judgm gmen ent t and d exper perien ience e indica dicate te is likely kely either ther to resul ult in the failu lure re of the e CB managem anagemen ent t system tem in meet etin ing g its ts goal als and d expec ectatio ations s or to to materia teriall lly reduce uce its abili lity ty to assure ure control ontrol of its poli lici cies es and nd directiv ectives es; c. c. a noncon onconfo formi rmity y that t poses es an immin mminen ent threat eat. .

  3. Minor or nonconformi conformity: ty: A mino inor nonco onconform rmity ity is a fa failu lure re to to comply omply with SAAS AS requirem uiremen ents s whic hich, , based ed on n judgme dgment and d exper erie ience, ce, is not ot likely kely to resul ult in the failu lure re of the e mana anagem gemen ent system em or reduce uce its abili lity ty to assur ure e the e ongo ngoing ng vi viabil bilit ity and d eff ffecti ectiven enes ess s of f poli licies ies and nd proc ocedu edures. es. It ma t may y be one ne of f the e follo lowin ing: g: a. a. a failu lure re or ove vers rsigh ight in some me part of the organi ganizati zation' n' managem anagement nt system em whic hich is not t systemic emic in nat ature; ure; b. b. a single ngle obser erved ved lapse se in fo foll llow owin ing g one ne item tem of f a company ompany's s managem anagemen ent t system em;

  4.  How to ca categori gorize ze:  Coll llect ct and d examin amine e adequ quat ate e objectiv jective e evi viden dence ce and d determi ermine e what hat type e of AR will ll be raised. ed. This his inc nclu ludes des revi view ewin ing; g; ◦ an adequa equate e sample mple size e of reco cord rds, s, ◦ num umber ber of occ ccurren rence ces within thin the e system em ◦ noncon onconfo forman rmance ce exis isten tence e in mult ltipl iple e function nctions s and d areas as, , and d ◦ othe her indicato dicators s of a prevale valent issue ue affec ectin ing g the managem anagement nt system. em.

  5.  When n are CARs Rs raised: d: ◦ Doc ocum umen ent t revi view ews: s: Cars s are not t raised ed – defic icien iencies ies are identifie entified in doc c review view repor port ◦ Off ffic ice e - CARs Rs may be raised sed and nd expla lain ined ed to to CB when hen found und before ore mov ovin ing g on n to next xt topic ic ◦ Witness tness – related ated to:  plann annin ing g process cess or related ted to audit dit proce cedures dures that at are identified during the audit of the CB’s audit planning and prepara arati tion n shall all be reviewe viewed with th the CB audit ditor or(s) (s) at the e time me that t they y are fou ound.  conduct of the audit, including validity of the CB auditor’s CARs ARs, , shall all be commu ommunica icated ed to the e CB audit ditor at the time me of the e aud udit it at the discret cretio ion of the e SAAS AS aud udit itor. . What hat does es this is mean ean?

  6.  CARs ARs shoul ould d be written tten so that t they y are addressed ressed by the e con ontr trollin olling g offic ice e of the e Certif ifica icatio ion Body dy.  Each ch CAR AR issued ued shall ll cont ontain ain suffi ficien ient but concise oncise informa ormatio tion to to ve verify y and nd subs bstan antia tiate e th the e nonco onconformi ormity ty identifie entified durin ing g the aud udit it.  Each ch CAR AR must st be under nderst standa andable le by the CB and d SAAS AS staff. f.

  7. Summa mmary: ry: An audit t nonconform conformity ity (Corre rectiv ctive Act ction on Re Request st – CAR) R) finding ing shall have e three ee distinct inct parts ts: a. a stateme tement nt of noncon onconfo formi rmity, y, b. the requirem uiremen ent, , or specific cific referen ence e to the e requirem uiremen ent or norma ormativ ive e elem emen ent, c. the e objec jecti tive e evi viden dence ce obser served ed that t suppo ports s the e statem emen ent t of noncon onconformi formity. ty.

  8. mple : Exampl io : :  Sce cenar ario An HQ off ffic ice e audit dit is being ing con ondu ducted cted and d 7 audit dit packa kages ges have e been en selec ected ted for revi view ew. . Th Three ee were re initia itial l audits, dits, two o were re surveilla veillance ce witn tness ess audit dits and d two o were re surveilla veillance ce offic ice e audits. dits. Two wo of the e stage e 1 audit dits did not t have e an audit dit agenda enda in th the e packa kages ges and nd one ne surveil eilla lance e off ffic ice e audit dit did not ot have e an audit dit agenda. enda.

  9. Using ng Form m 41 415A 5A:  Detail ils s Of Of Nonconformi conformity ty for CAR: R: Th There is no ev eviden dence ce that at al all SA80 8000 00 au audits ts hav ave e au audit it plan ans s

  10.  Guide deline lines s for writing ing the Nonc nconfo onformit rmity y for the CAR: R: ◦ Use the e wordi rding ng from om the requirem uiremen ent when hen possibl sible ◦ Do not ot inc nclude lude evi viden dence e in the e wor ordin ding g of the e noncon onconfo formi rmity y – state e as a noncon onconfo formi rmity y to an identifie entified requirem uiremen ent.

  11.  Guide deline lines s for writing ing the Nonc nconfo onformit rmity y for the CAR: R: ◦ Use the e wordi rding ng from om the requirem uiremen ent when hen possibl sible ◦ Do not ot inc nclude lude evi viden dence e in the e wor ordin ding g of the e noncon onconfo formi rmity y – state e as a noncon onconfo formi rmity y to a stated ed requirem uiremen ent. ◦ Use wor ordin ding g that t suppo ports s the e class assifica ificati tion of the CAR AR – Majo jor r or Minor, nor, for exam ample: ple:  Major – The management t review ew process ess is not effecti ectivel vely implemen ented ted  Major – There re is no e eviden dence e that lead auditors rs are adequatel tely qualified ed prior to conducti cting ng certifi ficatio tion n audits. s.

  12. Using ng Form m 41 415A 5A:  Detail ils s Of Of Nonconformi conformity ty for CAR: R: Th There is no ev eviden dence ce that at al all SA80 8000 00 au audits ts hav ave e au audit it plan ans s  Detail ils s Of Of Support porting ng Evide denc nce e for CAR: R: S Seven en audit t pack ckages ges were revie iewe wed d for (list t seven n audits ts revie iewe wed d incl cluding uding the name of the audite itee e and the date and type of audit t co conducted) ducted). . Tw Two of the three e stage ge 1 1 audits ts did not have ve audit t plans s (identi ntify fy cl client t names es) ) and one of two survei rveilla llanc nce e office ice au audits ts (identif entify y cl client ent nam ame) e) did not hav ave e an an audit t plan.

  13.  Guide deline lines s for reco cording rding the Support porting ng Evide denc nce e for a CA CAR: R: ◦ Each ch CAR AR issued ued shall ll cont ontain ain suffi ficien ient but concise oncise informa formatio ion to ve verify fy and nd subs bsta tantia iate te the e noncon onconformi formity y identifie entified durin ing g the aud udit it, , such ch as:  procedur ure numbers bers and references ferences to re records rds review iewed should ld be includ uded, if a applicabl ble.  Sample e si size ass ssess essed, ed,  number ber of persons ons interview viewed,  observa rvati tions ons made,

  14. Using ng Form 415A 5A:  Detail ils s Of Nonconformi onformity ty for CAR: There ere is n no eviden ence ce that all SA800 000 0 audit its have ve audit it plans s  Deta tail ils s Of Suppor orting ting Eviden ence ce for or CAR: Seven en audit it packages ages were reviewe iewed d for (list st seven n audit its review iewed ed inclu cluding ing the name me of the audit itee ee and the date and type of a audit it conduc ducte ted). d). Two of the three ee stage 1 audits ts did not have ve audit it plans ns (ident entif ify y client ent names) mes) and one of t two surveill veillanc ance e office e audits ts (ident entif ify y client ent name) me) did not have ve an audit it plan. n.  Text of R Requir uired ed Normative ative Element ment for CAR: The certificat ification ion body shall ll ensure ure that an audit it plan n is establis lished hed for each h audit it

Recommend


More recommend