Document Name

Doc. ID

PRM/IQA

Process Manual for

Internal Audit

Version No

1.4

Date

10-12-2022

Reviewed and Approved By:

Selvakumar

Page 1 of 9

Process Manual for Internal Audit

- 1.4

Document Name

Doc. ID

PRM/IQA

Process Manual for

Internal Audit

Version No

1.4

Date

10-12-2022

Reviewed and Approved By:

Selvakumar

Page 2 of 9

Document Control

Document

Description:

This document describes the Process of Internal Audit at

Information Dynamics

Document

Identification:

PM/IQA/1.2

Security

Classification:

Internal

Location:

IDI server

Authorization

Name of the person

Date (dd-mmm-yyyy)

Prepared by:

QAG Team

08-12-19

Reviewed by:

Sankar

08-12-19

Approved by:

Selvakumar

10-12-19

Change Log

Document

Version

Date of

Change

Sectio

A/M/D

Brief description of change

Reviewed by

1.0

10-08-19

All

In alignment of new standard

QAG Team

1.1

10-12-19

All

Mapped ISO 27001 controls

and ISO 20000 controls

Linda

1.2

10-12-20

Annual review

Linda

1.3

10-12-21

Annual review

Linda

1.4

10-12-22

Annual review

Linda

Confidentiality Agreement

This document is copyrighted and all rights are reserved. This document may not, in whole or in

part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or

Document Name

Doc. ID

PRM/IQA

Process Manual for

Internal Audit

Version No

1.4

Date

10-12-2022

Reviewed and Approved By:

Selvakumar

Page 3 of 9

machine-readable form without prior consent, in writing, from an authorized representative of

Information Dynamics. This document is for internal use only and may, in whole or in part, be

provided to anyone outside of Company, including customer, clients, or prospects after taking an

approval from an authorized representative of Information Dynamics.

TABLE OF CONTENTS

Purpose 4

Scope 4

Definitions and Acronyms 4

Process Inputs 5

Entry Criteria 5

Responsibility 5

Activities 5

Verification 8

Work Products 8

Measurements 8

Exit Criteria 9

Document Name

Doc. ID

PRM/IQA

Process Manual for

Internal Audit

Version No

1.4

Date

10-12-2022

Reviewed and Approved By:

Selvakumar

Page 4 of 9

Purpose

To establish and maintain a uniform and controlled methodology for planning, scheduling,

conducting, reporting on and following up with Internal Quality Audits. To ensure that timely

and accurate information is available to the right people/function at all times.

ISO 27001:2013 domain reference: 9.2 – Internal Audit

ISO 20000:2011 domain reference: 4.5.4.2 – Internal Audit

Scope

Applicable to all the projects executed in Information Dynamics and all the procedures detailed in

Information Dynamics.

Definitions and Acronyms

ISO : International Organization for Standardization

QAG : Quality Management Group

MR : Management Representative

PL : Project Lead

TL : Team Lead

PM : Program Manager

IQA : Internal Quality Audit

LA : Lead Auditor

NC : Non Conformance

Document Name

Doc. ID

PRM/IQA

Process Manual for

Internal Audit

Version No

1.4

Date

10-12-2022

Reviewed and Approved By:

Selvakumar

Page 5 of 9

CPA : Corrective Preventive Actions

Process Inputs

Approved list of auditors

Entry Criteria

Initiation from MR/Senior Management to conduct the internal audit

Responsibility

Activity

Responsibility

Developing IQA objectives

QAG

Preparing the Audit Calendar

QAG

Approving the Audit Calendar

Preparation of audit plan

QAG

Approval of audit plan

Intimating the functions/projects about the audit

QAG

Facilitate in performing IQA

Conducting the IQA

Internal Qualified Auditors

Preparing the NC report

Internal Qualified Auditors

Preparing Audit Findings report

Closing IQA NCs

PL/TL/OM

To conduct follow up audit to verify the

implementation of CPA

Internal Qualified Auditors

Updating the consolidated NC report

Updating the consolidated NC analysis report

Updating the consolidated NC CPA report

Activities

Plan for Audit:

Document Name

Doc. ID

PRM/IQA

Process Manual for

Internal Audit

Version No

1.4

Date

10-12-2022

Reviewed and Approved By:

Selvakumar

Page 6 of 9

▪ QM and QA will discuss and develop the IQA objectives and initiate the preparation of

audit calendar.

▪ The internal audit frequency is once in 6 months.

▪ Preparation of an audit calendar specifying the month and tentative dates, audit area and the

auditors etc done by QAG.

▪ The IQA calendar is approved by MR.

▪ QAG prepares the audit plan based on the audit calendar.

▪ MR approves the audit plan prepared.

▪ QAG identifies the audit team and the Lead Auditor for conducting the audit. The Audit

team is selected from the Approved List of Auditors.

▪ MR facilitates in conducting IQA.

▪ QA informs the auditee and the management about the scheduled date for audit. The IQA

plan which comprises of auditor, auditee, function names, objectives etc are sent via mail to

them.

▪ QA updates the NC and Observation details in consolidated NC report

Conduct Audit:

▪ Internal Auditor conducts an opening meeting with ISO Steering Committee and the

auditors to formally start the audit.

▪ Internal Auditor discuss with ISO Steering Committee, auditee management to understand

the status of various activities in the organization.

▪ Auditor conducts interviews with the auditees as per the objectives defined in the IQA plan.

▪ Auditors verify the project-related documents and quality records to evaluate their

effectiveness in following the quality system and note the comments made by the auditee

during the Audit using Audit Observations sheet.

▪ Internal Auditor conducts a closure meeting in which the status and the observations

identified during the audit are explained to the MR and ISO Steering Committee.

Prepare Non-Conformance Audit Findings Report:

▪ Internal Auditor lists down the Non Conformities and Observations, if any, with respect to

the Quality System.

▪ Internal Auditors classifies Non Conformities and Observations based on the severity of the

issue.

Document Name

Doc. ID

PRM/IQA

Process Manual for

Internal Audit

Version No

1.4

Date

10-12-2022

Reviewed and Approved By:

Selvakumar

Page 7 of 9

▪ Internal Auditor prepares the Non Conformance report and initiates the preparation of

Audit Findings Report.

▪ Internal Auditors gets the Non Conformance report reviewed by Head of quality. Review

happens via mail.

▪ Internal Auditor prepares the Audit Findings Report

▪ QAG escalates any serious issues to the MR

▪ QAG delivers the Non-conformances report to the concerned PM.

▪ Audit findings report is published.

Non Conformance – Deviation from the standard requirements and need to be fixed on an

immediate basis.

Observation – Weakness in the process/ system and might potentially lead to a Non conformity

SFI – Scope for Improvements – Improvement areas in the process which can be implemented

Track & Close NC’s:

▪ Root cause analysis is done and correction, corrective, preventive actions are planned for the

NCs by PL/TL using NC report. Date of closure is also mentioned by PL/TL in the report.

NCs needs to be closed within a week from the date of audit been conducted.

▪ QAG reviews the NC report and gets it signed by PL/TL. Review happens via mail.

▪ NCs are closed before the closure date mentioned in the NC report.

▪ If any of the NC is not closed before the committed closure date, prior approval is obtained

from PM and QAG. Once NCs are closed, the actual closure date is updated in the NC

report.

▪ Internal qualified auditors verify the closure of the NC’s through conducting follow up

audits.

▪ QA updates the consolidated NC report, consolidated NC analysis report and consolidated

NC Corrective, Preventive action report.

Document Name

Doc. ID

PRM/IQA

Process Manual for

Internal Audit

Version No

1.4

Date

10-12-2022

Reviewed and Approved By:

Selvakumar

Page 8 of 9

Process for Internal Quality Audit

PL/TL

Lead Auditors

Internal Auditors QMG MR

prepare the audit

findings report and

send it to QMG

along with NC report

QMG plans the

audit objectives

and prepares the

Audit Calendar

Intimating the

functions about

the audit

MR approves the

Audit Calendar

MR approves the

audit plan

prepared

Approve the NC

and obervatios

classified by

Internal auditors

Conduct the

IQA, as per the

plan

QMG prepares

the audit plan

based on the

audit calendar

Prepare the NC

report

Classify the NCs and

observations based

on severity using

audit observations

Report

Update the five

whys, root cause,

CPA details,

committed closure

in NC report

Review the NC

report

Sign the NC report

as a symbol of

taking the ownership

and close the NC

Conduct the follow

up audit and verify

the closure of NCs

Share the NC report

to the concerned

functioon

Verification

▪ The QAG shall audit the internal audit records during IQA.

▪ Management review

Work Products

▪ IQA calendar

▪ IQA plan

▪ Audit Observations Report

▪ NC Report

▪ Audit Findings Report

▪ Consolidated NC report

▪ Consolidated analysis report for NCs

▪ Consolidated CPA report for NCs

Measurements

Document Name

Doc. ID

PRM/IQA

Process Manual for

Internal Audit

Version No

1.4

Date

10-12-2022

Reviewed and Approved By:

Selvakumar

Page 9 of 9

▪ Number of head counts involved in IQA

▪ Number of NCs raised Vs Number of NCs closed

Exit Criteria

NCs are analyzed and CPA implemented to close the NCs.

Associated Documentation

• Internal Audit Plan

• Internal Audit Schedule

• KPI

KPI

Frequency

Objective

Data Source

Threshold

Internal Audit

Yearly

To measure

compliance of

implemented

controls against the

international

standards

Internal Audit

reports

Atleast to be

conducted once

a year covering

Security and

Service

standards