ASQ Certified Quality Engineer

Ch.4 Quality Audit.

Edited by Seung Hyun Lee (Ph.D., CRE/CQE)
E-mail : lkangsan@iems.co.kr, Homepage : www.IEMS.co.kr

- 1 -
Audit Purpose.
[Other resource]

1. Contract award and agreements to purchase.

․ There is a need to investigate and report on the management systems of a
new supplier.
․ The objective would be to determine their capabilities to effectively control their
processes and implement adequate and timely corrective actions.

2. Investment in supplier based tooling.

․ There has been a general or product specific decline in supplier quality.
․ The objective would be to discover the cause.

- 1 -
Audit Purpose.
[Other resource]

3. Continued involvement with a supplier.

․ Periodic, routine surveillance or maintenance audits are performed as part of
the client company's quality assurance systems.
․ The objective would be to verify that suppliers are implementing high quality
standards and supporting their established systems.

- 2 -
Audit Organization.
[CQE Primer pp5 - pp6]

1. Client.
․ The client is responsible for defining the goals and objectives of the audit.
․ Client is a reference to either the company or organization requesting the
performance of the audit.
․ Client has the authority to require that an audit be performed and the recipient
of the audit report.

2. The quality assurance manager.

․ Audit Authority.
․ The quality assurance manager is usually assigned the responsibility for the
administration of the audit program.
․ An unscheduled or scheduled audit should be documented and approved by the
audit authority.

- 3 -
Audit Organization.
[CQE Primer pp5 - pp6]

3. Audit Authority.
․ The internal or external entity that has the authority to initiate an audit.
․ During the planning stage of each separate audit, one of the first things the
lead auditor must do is to establish who has authorized the audit.
․ The responsibility of Audit Authority.
: Direct the audit program.
: Provide leadership and support to the audit group.
: Provide for adequate auditor skills training.
: Provide escorts when the company is the subject of an audit.

4. The audit team leader.

․ Lead auditor.
․ The audit team leader is responsible for carrying out the goals and objectives
of the audit program as directed.

- 4 -
Audit Types.
[CQE Primer pp10 - pp13]

System Audit.
․ A system audit is the largest and most extensive of audits.
․ System audit are conducted to verify, through objective evidence, whether or
not the quality system management systems and organizational plans are
indeed carried out to the requirements set forth.
․ A system audit may be conducted as a condition of accepting a new supplier
prior to contract award. This is called a pre-award survey.

- 5 -
Audit Types.
[CQE Primer pp10 - pp13]

System Audit.
Type Subject Location

Extrinsic A company is audited by a customer. External

Vendor Survey A supplier is audited. External

Pre-award Survey A potential supplier is audited. Internal or External

An in-depth quality management review of systems
System Audit Internal or External
and compliance.

Assess Audit More limited in-depth than systems audits. Internal or External

Appraisal Total quality program effectiveness. Internal or External

Verification of the effectiveness of a quality
Compliance Review Internal or External
management system.
An entire company or product from design
Full Audit Internal or External
development to end of product life is reviewed.

- 6 -
Audit Types.
[CQE Primer pp10 - pp13]

Process Audit.
․ A large and significant portion of the system audit is the process audit. One or
more process may be audited during the system audit.
․ Characteristics of process audit are
- Are less extensive than system audits.
- Usually concentrate on one or more specific product or service processes.
- May be performed internally or externally.
- Require less planning than the system audit.
- Can be very helpful in improving the process of concern.

- 7 -
Audit Types.
[CQE Primer pp10 - pp13]

Product Audit.
․ The product audit is an assessment of the final product or service and it's
"fitness for use" evaluated against the intent of the purpose of the product or
service.
․ Product audit are customer oriented.
․ Product audit may be performed :
- Internally : An example is a dock, where product is examined and tested prior to
shipment.
- Externally : The audit may be conducted at the customer site, or with the final
customer.

- 8 -
Audit Types.
[CQE Primer pp10 - pp13]

Internal, External and Third Party Audit.

Internal Audit.
․ An internal audit is performed within an organization to measure performance, strengths,
and weaknesses against established procedures and systems.
․ An internal audit is considered to be a first party audit.

External Audit.
․ An external audit is an audit performed by company directive on an outside source, such
as a supplier.
․ Product knowledge, contracts, purchase agreements, and secrecy agreements make it most
common that the company conducing the audit sends personnel from it's own auditing staff
to perform an external audit.
․ An external audit is considered to be a second party audit.

- 9 -
Audit Types.
[CQE Primer pp10 - pp13]

Internal, External and Third Party Audit.

Third Party Audit.
․ A third party audit is when an outside source, or a third party, is used to conduct the
audit. The third party audit is used to obtain a more independent and objective
assessment, or to achieve certification to a recognized standard.

- 10 -
Audit Types.
[CQE Primer pp10 - pp13]

Specific Objective Audit.

Assessment.
․ Assessment are quality audits, sometimes indicating a less formal means of measuring and
reporting than with normal audits.
․ An assessment is usually limited in scope and may be performed during contracting phase
and executing phase.

Pre-Award Surveys.
․ These are system audits which may be conducted as a condition of accepting a new
supplier prior to contract award.
․ The purpose of the pre-award survey is to evaluate the ability of the potential supplier to
provide a product or service which meets requirements and determine what, if any,
assistance might be needed.

- 11 -
Audit Types.
[CQE Primer pp10 - pp13]

Specific Objective Audit.

Quality System Reviews.
․ These are system audits resulting from significant changes which may affect product
quality. This type of audit may be necessary if product quality deteriorates of if there are
critical changes in management.

Compliance Audit.
․ Compliance audit are designed to provide assurance that defined or specified activities
have been performed properly. These audits verify whether or not the systems, processes
or products satisfy the requirements as set forth in the contracted agreements, procedures,
or standard.

- 12 -
Audit Components.
[CQE Primer pp14 - pp19]

Audit Preparation.
․ The preparation phase starts when the decision is made to conduct an audit.
․ It includes activities such as team selection, on-site information gathering and
review, and communication of the audit plan and audit agenda to the auditee
participants.
․ The outputs of the audit preparation phases.
- An audit notification letter.
- An audit plan.
- An audit agenda.
- An audit checklist.
- Completion of logistical arrangements.
- An initial evaluation of the control methods.
- A plan for the collecting of facts.
- 13 -
Audit Components.
[CQE Primer pp14 - pp19]

Audit Preparation.
․ The working documents are accumulated during the preparation phase and may
include
- Checklists.
- Reporting forms.
- Quality manual.
- Quality system procedures.
- Quality system work instructions.

- 14 -
Audit Components.
[CQE Primer pp14 - pp19]

Audit Performance (Execution).

․ The performance phase begins with the on-site opening meeting and includes
the gathering of information and analysis of that information.
․ Normally this is accomplished by conducting interviews, monitoring activities, and
examining items and records.
․ General audit performance procedure.
- Opening meeting with the auditee.
- Communicating with audit team members.
- Interviewing and briefing auditees.
- Conducting the intended audit.
- Identifying observations and findings.
- Exit meeting with the auditee - presentation of the draft report.

- 15 -
Audit Components.
[CQE Primer pp14 - pp19]

Audit Performance (Execution).

․ Evidence should be collected through.
- Interviews.
- Examination of documents and records.
- Observation of activities and conditions.

- 16 -
Audit Components.
[CQE Primer pp14 - pp19]

Audit Reporting.
․ The audit reporting covers the translation of the audit team's findings and
conclusions into a formal audit report. It is generally accepted that the audit
report should be accurate, concise, clear, and timely (mailed within one week)
․ The audit report should :
- Be dated and signed by the lead auditor.
- Contain the scope and objectives of the audit.
- Contain details of the audit plan.
- Identify the audit team and the auditee's representative.
- List audit dates.
- Identify the specific organization audited.
- Describe observations of nonconformities.
- Express a judgement of the extent of the auditee's compliance.

- 17 -
Audit Components.
[CQE Primer pp14 - pp19]

Audit Reporting.
․ The reporting phase covers the following activities.
- Prioritize the audit results.
- Preparing the audit report.
- Listing findings and observations.
- Including corrective action requests and responses dates (if applicable)
- Expressing a judgement of the extent of auditee's compliance.
- Approving the report.
- Distributing the report to the auditee, client, and official files.
- Retaining audit records.

- 18 -
Audit Components.
[CQE Primer pp14 - pp19]

Corrective Action/Follow up Phase.

․ The auditee is responsible for providing the lead auditor with a corrective action
plan within a specified time frame.
․ The plan will outline the actions to be taken to rectify the non-conformance, the
individuals assigned and estimated date of completion.
․ Some form of formal closure criteria should be stipulated by the auditee through
which the auditor can verify successful implementation during the follow up
audit.
․ Corrective action and subsequent follow-up audit should be completed within a
time period agreed to by the client and the auditee in consultation with the
auditing organization.

- 19 -
Audit Scope.
[Other Resource]

￭ To define the scope of the audit is to define the boundaries.

￭ The client or audit authority is responsible for defining the scope

of the audit, and makes the final decisions on the scope and depth
of the audit.

￭ Decisions for audit scope and depths.

․ Product audit, process audit, or system audit.
․ Quality system elements, physical locations, and organizational activities are to
be audited within a specified time frame.

￭ Establishing the scope is necessary for the audit planning.

- 20 -
Audit Team
[Other Resource]

￭ The lead auditor is responsible for organizing audit teams and

planning the audit schedule and their functions.

￭ The lead auditor must coordinate the audit dates to coincide with
the schedules of the auditors needed, or find suitable substitute
auditors.

￭ The lead auditor must also plan the audit such that dates are
agreeable to the auditee.

- 21 -
Audit Team
[Other Resource]

￭ It is common for personnel outside of the quality function to be

used in audits for technical skills or expertise, or to present a
fresh viewpoint to an old problem, since no one individual is an
expert in every area.

￭ These auditors should be trained briefly and accomplished by

experienced auditors.

￭ The number and qualifications of auditors needed for an audit, is

dependent upon the purpose, scope and depth of the audit.

- 22 -
Some References for Initiating an Audit.
[Other Resource]

1. Quality Manual.
․ The auditee's quality manual is often utilized during the course of an audit to determine if
procedures are effective and are carried out as specified.
․ The contents of the quality manual
(Company quality policies and mandate for a formal audit program may all be formal policy
authorities.)

2. Contracts or purchase order (PO).

․ The contract or purchase agreement usually includes specific requirements which must be met.
: Packaging and shipping agreements.
: A requirement for on time shipment.
: Product quality and specification requirements.
․ A review of the contract or PO is a must in the planning and preparation of the audit.

- 23 -
Some References for Initiating an Audit.
[Other Resource]
3. Regulatory.
․ Regulation and laws are imposed by governmental agencies to protect public health and safety.
․ Some of these auditing agencies include the FDA(Food and Drug Administration), the Nuclear
Regulatory Commission, the Environmental Protection Agency, and Department of Health.

4. Specifications and Document Reference.

․ Does the product or service demonstrate improvement, decline, or stability ?
․ Related documentations.
: Design agreements.
: Incoming material inspection reports.
: Technical drawings and standards.
: Previous audits.
: Procurement documents.
: Test methods and other quality supplier requirements.
․ It may be utilized in developing checklist questions.

- 24 -
General Audit Strategies
[CQE Primer pp22 - pp24]

1. Trace Forward.
․ The trace forward technique is the examination from the beginning of a process, product,
service, or order to the end.
․ This is beneficial to get the whole picture from start to finish, to determine the practicality of
the flow, and to quickly locate week area or gaps.

2. Trace Backward.
․ This is the reverse of the trace forward method, beginning at the end of a process, product,
service, or order and working back through the process, either to the beginning or to a
designated point.
․ The benefit of the trace back method is that an understanding of the end process objective is
attained right away.
․ All other process steps can be evaluated for effectiveness in terms of contribution to the
desired result.

- 25 -
General Audit Strategies
[CQE Primer pp22 - pp24]

3. Random Selection.
․ Random checking is not a form of tracing, but an alternative auditing method which can be
used instead of tracing.
․ Random checks are used when audit time and personnel are limited.
․ The use of flowcharts is very useful to the auditor if they already exist. The flowchart help the
auditor determine where important steps in the flow exist and consequently, where to investigate
or take samples.

- 26 -
Design Review : Documentation
[Other Resource]

1. Quality Manual.
․ A quality manual is a formal and authorized document setting out the quality
policies, systems, procedures and practice of a organization.
․ It identifies the responsibilities, authorities and inter-relationships of personnel who
manage, perform, verify or review work affecting quality.

2. Procedures.
․ Procedures are written documents that specify the purpose and scope of an activity.
․ What is to be done, where, and by whom.

3. Work instructions.
․ Work instructions expand on procedures by adding how and when an activity must be done,
controlled and recorded.
․ They indicate what materials, equipment and documents are to be used.
- 27 -
Design Review : Documentation
[Other Resource]
￭ The lead auditor and the audit team develop the audit checklist
questions keeping the audit purpose, scope and objective in focus.

￭ Usually, these questions should be open-ended, allowing adequate

response. "Yes" or "No" response questions should be kept to a
minimum.

￭ Function of checklists.
․ Keep the audit on scheduled and flowing smoothly.
․ Use the performance time efficiently.
․ Help to keep the audit objective.
․ Allow thorough coverage of the scope of the audit.

- 28 -
Design Review : Documentation
[Other Resource]
￭ Documents which may be used for checklist review.
․ Supplier quality manual.
․ Supplier test methods.
․ Applicable standards.
․ Supplier procedures and work instructions.
․ Supplier requirements, purchase agreement terms and conditions.

￭ After the performance of the audit, completed checklists are

retained as a part of the formal documentation and should be
maintained for :
․ Reference of responses and documents presented by the auditee.
․ Reference of questions already satisfied from previous audits.
․ Reference of noted problem areas discovered during the previous audit which were
outside the scope the can be addressed during the next audit conduced.
․ Litigation purpose.
- 29 -
Design Review : Documentation
[Other Resource]
￭ Audit papers must be kept at least until the next audit. When there
are no guideline a period of five years is recommended.

￭ Several major checklists applications.

․ Pre-award surveys. : A checklist is used to enumerate all areas of required information, such
as facilities, employee training, quality systems, documentation control, standards used, etc.

․ Product conformance. A checklist is developed using the product specification. This checklist
is then used to audit all pertinent product requirements.

․ Adequacy review. A checklist is created using a standard (such as ISO 9000) or a set of
established requirements. This checklist is then used during the preparation phase of the audit
to determine if the auditee's submitted documentation adequately covers the requirements.

- 30 -
Scoring Checklist
[Other Resource]

￭ The principles of quality auditing do not favor the use of scoring

checklists. The primary reason for this is because the score may
become the goal.
․ This is not conductive to the concept of never-ending quality improvement.
․ The attainment of a desirable score is a flag to wave in the face of future improvement
requests.

￭ The use of scoring checklists is generally more appropriate in a

compliance audit than in a system survey which allows the
opportunity for improvement.

- 31 -
Scoring Checklist
[Other Resource]

￭ The act of scoring has an inherent bias associated with it, which
becomes another area of caution for the auditor.

￭ If scoring checklists must be used in an audit, they should be

used with caution and the guidelines for awarding points should be
clarified during auditor training.

- 32 -
Nonscoring Checklist
[Other Resource]
￭ The biggest advantage in the use of nonscoring checklists is their
flexibility.

￭ This flexibility allows the standard requirements to be audited when

applied to many different companies.

￭ Functionally, nonscoring checklists have a broader use than

scoring checklists. Nonscoring checklists are the formants widely
used for ISO related audits.

￭ Nonscoring checklists offer a greater probability of continuous

process improvement.
- 33 -