FREQUENTLY ASKED QUESTIONS
Internationally recognised good practice in management system auditing, as set in ISO 17011, require an audit team to include skills and expertise that cover the scope of the audit.
The breadth of topics covered by the CHS makes it unlikely to find this expertise in one individual only. An adequate combination of skills (thematic expertise, languages, geographical coverage, experience of particular organisational set ups, etc) allows for a more efficient coverage of the different functions, contexts and ways of working of an organisation. The combination of skills of several persons helps minimise the information uncertainty and therefore improves the reliability of audit outcomes.
With the exception of maintenance audits, HQAI audit teams are composed of at least two auditors chosen for the complementarity of their skills and experience, trying to find compositions that minimise costs.
Besides the fact a team of two provides more reliable audits (see 2. What is the composition of an audit team?), it also allows a repartition of the different tasks between the team members on a shorter time span.
HQAI’s teams are in principle composed of a Lead auditor (who takes the lead of the process) and another registered auditor, who has less experience and whose fees are significantly lower than those of the Lead auditor. This combination allows to save about 60% of Lead auditor’s time and leads to less expensive, but more robust audits.
All our registered auditors are experienced professionals with solid backgrounds. Besides their own professional experience, HQAI’s specific requirements are:
- Demonstrated skills in management system auditing according to ISO standards (ISO 19011). This needs to be corroborated by either a qualification in management system auditing in another sector or the successful completion of a dedicated training.
- Demonstrated knowledge of the CHS, normally requiring the successful completion of the CHS Alliance online course.
- The successful completion of HQAI’s specific training,
To maintain their registered status, auditors have to participate in at least two audits annually.
Lead auditors are auditors who have a significant practical experience of HQAI’s audit. At a minimum they must have taken part in two audits as registered auditors and be positively upraised by both the Lead auditors with who they have worked and the client organisation.
Please also refer to our FAQ section for more information on the registered auditors: http://hqai.org/faq/
“Non-fulfilment of a requirement” (ISO 9001:2005)
In terms of the CHS, this is the non-fulfilment of an organisational responsibility or key action, as expressed in indicators
Non-conformities can have different consequences. Some may be life threatening, but others can lead to inefficiencies in the organisation’s management system. Typically a non-conformity that has serious consequences and threatens the ability of the organisation to deliver a commitment of the CHS will be considered a Major non-conformity (Score 0).
Less dramatic non-conformities will usually be considered Minors (score 1). Nevertheless, an array of minor non-conformities that, individually, would not be serious, can indicate the existence of a Major non-conformity.
Non-conformities are resolved through short and long term corrective actions that ensure the issue is corrected and will not happen again. As far as relevant, the correction should address the non- conformity across the breadth of the organisation’s system, and not only the particular details described as evidence.
Corrective actions may be straightforward corrections of a mistake in the system, or require significant changes in the organisation’s management systems.
At the end of the period attributed to correct a non-conformity, the organisation has to demonstrate it has taken the necessary steps to correct the situation and minimise the risk of its recurrence.
In some cases, action has demonstrably been taken, but its effects may take longer to show. In such a case it is a judgement call of the auditor to determine whether the CAR can be closed or not i.e the risk of the non-conformity recurring is cancelled or significantly reduced.
The best practice to take appropriate corrective actions is to look for the root cause of the non-con- formity and to make sure that its primary cause has been addressed.
To resolve its non-conformities an organisation will need to work out a documented process for how it will deal with them and establish the steps that will be taken to:
- Review the problem and determine the cause(s) of the non-conformity (a cause analysis exer- cise can be very useful)– Ask: Who? What? When? How? Where? WHY? until arriving at the root cause of the problem;
- Propose an appropriate solution that will prevent the problem happening again, addressing the root cause(s) of the non-conformity;
- Decide on how the organisation will keep track and assess whether the actions taken were successful in preventing recurrence.
The organisation will need to keep track of the decision making and actions that were actually taken; records of the corrective actions provide evidence that the problem was recognised, corrected, and proper controls installed to make sure that it does not happen again. The organisation should also record any changes in the documented procedures resulting from corrective actions.
Corrective actions should be completed within the timeframe given by the auditor. Implementation / completion of the corrective actions will be reviewed, at the latest, at the next on-site audit and can be closed by an auditor if s/he is satisfied the problem is not recurring.
A Major non-conformity is automatically raised in the event of non-completion of the corrective actions in the given timeframes.
Quality assurance is a systematic process to determine the extent to which an organisation applies an agreed set of requirements (also called a standard). There are three types of quality assurance processes:
First-party – when the organisation undertakes a self-assessment, either through its own staff or consultants.
Second-party – when an organisation that is somehow related to the one that is assessed (e.g. a donor assessing one of its partners) undertakes the assessment.
Third-party – when an independent party carries out the assessment.
Third-party quality assurance, for its independence, is generally considered the most robust means to generate a reliable, objective assessments of the extent to which a standard is applied. This is why it is used by thousands of organisations across sectors, not only to credibly demonstrate compliance with standards, but also as a tool for learning and continuous improvement.
Benchmarking is a way for organisations to obtain an objective diagnosis of where they stand in the application of the reference standard. It is a first step towards aligning and integrating working approaches with those outlined in the standard. Benchmarking is conducted by HQAI specially trained and qualified auditors.
Independent verification attests that an organisation is engaged in a process of on-going improvement in the application of the the reference standard. This option assesses continuous improvement, according to an agreed upon action plan and is not a pass/fail test of compliance with the standard. Independent verification is conducted by HQAI’s specially trained and qualified auditors.
Certification provides independent and credible demonstration that the organisation:
a) conforms to the specified requirements of the reference standard;
b) is capable of consistently achieving its stated policy and objectives;
c) the system is effectively implemented.
Certification is conducted by HQAI’s specially trained and qualified auditors.
Currently, HQAI focuses on providing services against the CHS. Over time, we hope to offer the same services against other standards, commitments and good practices for organisations that work with vulnerable and at-risk communities.
In all three schemes, benchmarking, independent verification and certification, the process starts with the same initial audit. The follow up varies depending on the scheme. The initial audit involves an initial desk based self-assessment, and visits by a team of auditors to the head office and a sample of programme sites. Programme site visits also include visits to various project sites.
Verification and Certification services include mid-term audits that have to happen within two years after the initial audit. Mid-term audits consist of visits to programme sites, and review the identified non-conformities and the measures that have been taken to solve them.
The certification process includes also maintenance audits one year after the initial audit and one year after the mid-term audit. Maintenance audits normally consist of a visit to the head office only to check measures taken to resolve non-conformities.
The independent verification process requires the development of a work plan for continuous improvement of the application of the standard and self assessments instead of maintenance audits one year after the initial audit and one year after the mid-term audit.
An audit is a systematic, independent and documented process used to obtain information on the application of a standard by an organisation, and evaluating it objectively to determine the extent to which the requirements of the standard are met. (Adapted from ISO 19011:2011, guidelines for auditing management systems).
The auditing of social and value-based standards requires the understanding of the context in which an organisation works. An audit identifies punctual strengths and weaknesses in the application of the standard. The emphasis is, however, not on this punctual compliance or non-compliance, that are indications whether the system of the organisation delivers the required performance systematically, but on the system itself. This allows repeating good practices and avoid perpetuating bad ones across the organisation.
The aim is to generate a comprehensive and objective analysis of the extent to which an organisation applies a standard.
The CHS - Core Humanitarian Standard on Quality and Accountability- is a set of 9 Commitments, built upon the humanitarian principles of humanity, impartiality, independence, and neutrality, that organisations can use to improve the quality and effectiveness of the humanitarian assistance they provide. The CHS is jointly owned by the CHS Alliance, The Sphere Project, and Groupe URD, and was created on behalf of the sector. HQAI is an independent body that provides third-party quality assurance services against the CHS.
A self-assessment enables an organisation to collect data on the way it applies a specific standard It is a good first step to understand how the standard is integrated into the organisation. In a HQAI quality assurance process, it forms an integral part of the third-party audit.
The self-assessment allows the collection of relevant information against each requirement of a standard prior to an audit and constitutes a basis for a preliminary risk assessment. It also very importantly promotes internal responsibility and buy-in of the organisation in the quality assurance process.
HQAI requires a self-assessment at the beginning of the audit process and, for independent verification twice in the four year cycle. This self-assessment uses tools that are modelled after the CHS Alliance’s. In particular the indicators are identical. However, the self-assessment required by HQAI uses only a sub-set of the CHS Alliance’s tools and only necessitates a desktop assessment at the head office.
The reason why HQAI's self-assessment is lighter than the CHS Alliance is that the third-party process includes auditors who go to the field to collect data and there is thus no need to duplicate efforts. In a first-party process this data needs to be collected by the organisation itself.
The benefit of using direct parts of the Alliance’s tool is that it ensures compatibility between the outputs of the two process. In practice, this means that the results of a self-assessment based on the Alliance’s tool is valid as the initial step of a third-party audit from HQAI without any additional work.
When filling in the application form for HQAI’s services, how do I know how many country programmes I should mention?
HQAI defines country programmes as the countries where an organisation has a programme to operate. When filling in the application form, the organisation declares the number of countries where it has programmes.
Based on this information, and additional conversations with the organisation’s focal point, HQAI auditors identify the number of samples that need to be visited, which, in turn, is an important determinant in the cost of the audit.
The auditors choose programmes and projects to be visited, taking into consideration their representativeness of the organisations’ contexts of application of the standard. The programme and project sites visits must allow auditors to gather relevant information that reflects the entire organisation’s ways of working, with the least error margin.
The selection of sampled sites to be visited is done in conversation with the organisation to make sure that the selected sample is accessible, has the security conditions necessary for a visit and will not disrupt excessively the aid operations.
The organisation can choose to verify all of its mandates, or just part of it. For example, it has the autonomy to determine if it wants to verify its humanitarian mandate only, or extend the scope to development and advocacy. The choice of the mandates that need to be verified influences the selection of sampled programmes and projects.
Costs largely depend on the necessary sampling rate, which is determined based on the information provided by the application forms and can be adapted as a result of the pre-audit self-assessment. For a detailed cost breakdown, please consult our Cost Simulator. Please note, however, that this is indicative only, non-contractual and that the final cost must be determined by a tailored quote.
The subsidy fund is an independent fund, established by HQAI and supplied by donors. It was specially created for small organisations that want to undertake HQAI’s third-party quality assurance services but, for which, costs would be a barrier. Organisations can apply for a subsidy and submit their candidacy file to the Subsidy Fund Management Committee, which takes case-by-case decisions. For more information, see our Subsidy Fund page.
To apply for a subsidy, an organisation must submit its candidacy file to the Subsidy Fund Management Committee, respecting deadlines given by HQAI . For more information on the candidacy file, please click here.
If you would like to apply for a subsidy, please complete an application form and send a signed version to the Quality Assurance Officer.
For more information, please consult the Subsidy Fund page, or directly contact email@example.com
The audit team analyses and reports on the evidence, both strengths and weaknesses, found during the audit. The report constitutes the provision of evidence demonstrating how the standard is applied within an organisation’s management system.
Please see our registered organisation’s summary reports here.
The full audit report is confidential, but a summary is made public. The summary informs stakeholders generally about the strengths and weaknesses of the organisations in the application of the standard. It is also an important element of transparency and give stakeholders the possibility to complain against a decision made by HQAI if they feel the conclusions are not justified (see PRO049). A complete list of the published summaries can be found here.
Adhering to its strict confidentiality policy, information collected by HQAI is confidential. The data can be used to provide consolidated information on one aspect or another of the reference standard, thus providing a useful source for learning for the sector, but under no circumstance is the individual data regarding an organisation shared without its express consent. However, ensuring a robust process also requires transparency. This is why a public summary indicating the organisation’s strengths and weaknesses at the level of standard commitments is published on our web site after the audit has been completed, with client organisations being encouraged to do the same on theirs.
Employed as independent consultants, auditors are rigorously trained, pass a competence test prior to being registered. After a minimum of two audits in the field under the supervision of a Lead Auditor, they can become themselves Lead auditors (i.e. they can manage an audit under their own responsibility).
Excluding exceptional circumstances, auditors need to conduct a minimum of two audits per year to maintain their registration. In addition, they are submitted to a complete performance review after each audit, are required to comply with HQAI Code of Conduct and must demonstrate active understanding of the relevant standards and the third party quality assurance processes.
Registered HQAI auditors participate in the audit preparation, carry out the actual audits, prepare audit reports and make recommendations on certification to HQAI, as relevant.
There is a multistep process to become an auditor for HQAI. Auditors must demonstrate their qualification and experience in the sector (in auditing/certification) in order to apply for training. If accepted, candidates participate in a training specific to HQAI that focuses on system auditing practices, the reference standard, etc.
The training provided by HQAI reviews a variety of different information and skills that are tailored specifically to conducting an audit for HQAI. Training focuses on how to generate objective conclusions, reporting requirements, and holds specific sessions conducted by HQAI registered auditors on their main challenges.
After the HQAI training concludes, candidates are required to take a final test that consists of a mock audit, which is evaluated against specific criteria. Only those who pass at a sufficient level are accepted to become a registered Auditor for HQAI. Being registered as an auditor allows you to be enrolled in at least two consecutive audits under the supervision of a Lead Auditor, before becoming yourself a Lead Auditor.
We ask the lead auditors to evaluate the auditors they supervise to assess their performance, which is the ultimate step to become an HQAI registered Lead Auditor.
The number of organisations that have used our services is constantly evolving. As of 1 July 2017, 14 organisations had completed the auditing process. For a full list and summary of the audits, click here. Many other organisations are currently engaged in an audit process, however because of our confidentiality policy, the process is confidential until the final report is approved and a summary published on our website.
HQAI requests that each organisation be legally established. Additionally, organisations cannot be listed on the UN list of suspected terrorist organisations.