| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| articles:types_of_audits [2022/02/09 12:45] – [Quality Management System Audits] rrandall | articles:types_of_audits [2023/02/09 11:10] (current) – [Quality Management System Audits] rrandall |
|---|
| * a Configuration Audit (i.e., for a specific product configuration) | * a Configuration Audit (i.e., for a specific product configuration) |
| |
| <note>For purposes of this article, all audits are assumed to be "quality-related" in nature (e.g., NOT Environmental or Safety). </note> | <WRAP center round info 80%> |
| | For purposes of this article, all audits are assumed to be "quality-related" in nature (e.g., NOT Environmental or Safety). |
| | </WRAP> |
| ===== What are the types of audits? ===== | ===== What are the types of audits? ===== |
| While there are many types of audits, and audit strategies, the most common types are: | While there are many types of audits, and audit strategies, the most common types are: |
| ALL of the above audits can be performed either internally (on the company itself) or externally (on suppliers/subcontractors). | ALL of the above audits can be performed either internally (on the company itself) or externally (on suppliers/subcontractors). |
| |
| While all of the above-listed audit types have an objective of verifying “compliance”. a “Value-Added Audit” (VAA) focuses on improvement through the elimination or reduction of non-value-added (NVA) activities/steps in a sequence. So a description of a VAA is described after the others. | While ISO 19011:2018 Annex A mentions several different "types" of audits (as "scopes"), neither ISO 19011:2018 nor ISO 9000:2015 defines nor describes the difference between these audit types. |
| | <blockquote>ISO 19011:2018 A.12 Audit of supply chain \\ |
| | //The audit of the supply chain to specific requirements can be required. The supplier audit programme should be developed with applicable audit criteria for the type of suppliers and external providers. The scope of the supply chain audit can differ, e.g. complete __management system audit__, single __process audit__, __product audit__, __configuration audit__.//</blockquote> |
| | |
| | __Value-Added Audits (VAA)__ \\ |
| | While all of the above-listed audit types have an objective of verifying “compliance”. a “Value-Added Audit” (VAA) focuses on __improvement__ through the elimination or reduction of non-value-added (NVA) activities/steps in a sequence. A common approach is to utilize a detailed flow chart of the process - identifying those "activities/steps" that either "add no value" or "add no value but are necessary" (e.g., an inspection activity to mitigate the possibility of nonconforming product(s) being delivered). |
| |
| | A VAA is often used to identify opportunities for improvement. more information on VAAs is at the bottom of this article. |
| ==== Quality Management System Audits ==== | ==== Quality Management System Audits ==== |
| |
| |
| __Process Audits__ \\ | __Process Audits__ \\ |
| ASQ has an article titled "[[https://asq.org/quality-resources/auditing|What is Auditing]]", which includes a section titled: "//The Three Different Types of Audits//". While not "official" definitions of the terms, the article a "Process Audit" (actually, an audit strategy) in a way that is very understandable. | ASQ has an article titled "[[https://asq.org/quality-resources/auditing|What is Auditing]]", which includes a section titled: "//The Three Different Types of Audits//". While not "official" definitions of the terms, the article describes a "Process Audit" (actually, an audit sub-type) in a way that is very understandable. |
| |
| <blockquote>**Process audit** \\ | <blockquote>**Process audit** \\ |
| * Check the adequacy and effectiveness of the process controls established by procedures, work instructions, flowcharts, and training and process specifications. | * Check the adequacy and effectiveness of the process controls established by procedures, work instructions, flowcharts, and training and process specifications. |
| (Source: [[https://asq.org/quality-resources/auditing|https://asq.org/quality-resources/auditing]])</blockquote> | (Source: [[https://asq.org/quality-resources/auditing|https://asq.org/quality-resources/auditing]])</blockquote> |
| | |
| | Despite the fact that there are many different types of audits, ISO 9001 & AS9100 registrars and consultants have been promoting "Process-based” audits for years. And, largely due to "indoctrination" (from the registrars) in how to think about ISO 9001 & AS9100, many auditors consider a "process-based" audit to be the ONLY way possible to determine "//whether the quality management system is effectively implemented and maintained//”. This is further supported by a "non-binding" opinion provided in the [[https://asq.org/quality-resources/iso-9001/us-tc176|US TC 176 - TG22 - Interpretations]] (Read: [[articles:re-writing_iso_9001_through_interpretation|Re-writing ISO 9001:2015... through Interpretation]]). |
| | |
| | In fact, they've been promoted to the point that //some// ISO 9001 & AS9100 auditors have actually issued (unjustified) nonconformities to companies for having performed “clause/element-based" internal audits rather than the //preferred// "process-based" audits! These nonconformities are based upon a highly subjective interpretation of ISO 9001 & AS9100. |
| |
| Despite the subjective interpretations/opinions of some auditors, companies should decide the type of internal audit that best provides "//information on whether the quality management system is effectively implemented and maintained//". | Despite the subjective interpretations/opinions of some auditors, companies should decide the type of internal audit that best provides "//information on whether the quality management system is effectively implemented and maintained//". |
| Using "Document Control" as another example, the auditor would verify control of documents in every area where documents are distributed (or otherwise required to be controlled - e.g., documents of external origin). | Using "Document Control" as another example, the auditor would verify control of documents in every area where documents are distributed (or otherwise required to be controlled - e.g., documents of external origin). |
| |
| <note>AS9100 auditors use the "Horizontal Auditing" approach for all of the AS9100 requirements outside of section 8. This is recorded in AS9101 Form 2: "QMS PROCESS MATRIX REPORT".</note> | <WRAP center round info 80%> |
| | AS9100 auditors use the "Horizontal Auditing" approach for all of the AS9100 requirements outside of section 8. This is recorded in AS9101 Form 2: "QMS PROCESS MATRIX REPORT". |
| | </WRAP> |
| |
| __Vertical Audits__ \\ | __Vertical Audits__ \\ |
| * Production (ISO 9001/AS9100, sec. 8.5, 8.6 & 8.7) | * Production (ISO 9001/AS9100, sec. 8.5, 8.6 & 8.7) |
| |
| Using "Sales" as an example, the auditor would interview personnel concerning the process inputs, activities, and outputs. And examine a sampling of records (required by sec. 8.2.3.2) used to provide evidence of a contract/order review having been performed (with its results) and any records created to describe any new requirements for the products and services (e.g., Change Orders, Amended/Revised Orders). | Using "Sales" as an example, the auditor would: |
| | - interview personnel concerning the process inputs, activities, and outputs; |
| | - examine a sampling of records (required by sec. 8.2.3.2) used to provide evidence of a contract/order review having been performed (with its results) and any records created to describe any new requirements for the products and services (e.g., Change Orders, Amended/Revised Orders). |
| |
| Using "Procurement" as another example, the auditor would interview personnel concerning the process inputs, activities, and outputs. And examine a sampling of the records required by ISO 9001/AS9100, sec. 8.4 to be retained. | Using "Procurement" as another example, the auditor would interview personnel concerning the process inputs, activities, and outputs. And examine a sampling of the records required by ISO 9001/AS9100, sec. 8.4 to be retained. |
| During a full system audit, the auditors "should" verify that the linkages between processes provide effective communication of requirements. | During a full system audit, the auditors "should" verify that the linkages between processes provide effective communication of requirements. |
| |
| <note>AS9100 auditors use the "Vertical Auditing" approach for all of the AS9100 requirements contained in section 8. This is recorded in a separate 9101 Form 3: "PROCESS EFFECTIVENESS ASSESSMENT REPORT" (aka PEAR) for each department.</note> | <WRAP center round info 80%> |
| | AS9100 auditors use the "Vertical Auditing" approach for all of the AS9100 requirements contained in section 8. This is recorded in a separate 9101 Form 3: "PROCESS EFFECTIVENESS ASSESSMENT REPORT" (aka PEAR) for each department. |
| | </WRAP> |
| ==== Product Audits ==== | ==== Product Audits ==== |
| |
| A “Product Audit” is performed with the objective of verifying whether a particular product (e.g., parts or assemblies, processed material, software) conforms to requirements (i.e., drawings, BOMs, technical specifications, product/material standards). | A “Product Audit” is performed with the objective of verifying whether a particular product (e.g., parts or assemblies, processed material, software) conforms to requirements (i.e., drawings, BOMs, technical specifications, product/material standards). |
| |
| <note>A similar approach could be taken when performing a service-related audit (e.g., laboratory analysis, destructive or non-destructive testing, calibration services, repair services). However, the focus would generally be on the specification(s) defining the required service.</note> | <WRAP center round info 80%> |
| | A similar approach could be taken when performing a service-related audit (e.g., laboratory analysis, destructive or non-destructive testing, calibration services, repair services). However, the focus would generally be on the specification(s) defining the required service. |
| | </WRAP> |
| |
| In fact, the ASQ definition of a “Product Audit” includes "services". | In fact, the ASQ definition of a “Product Audit” includes "services". |
| Product audits can be either performed internally or at supplier sites. | Product audits can be either performed internally or at supplier sites. |
| |
| <note important>A “[[articles:source_inspections|Source Inspection]]" is NOT a "Product Audit" (or a “Supplier Audit”) because it is an “__inspection__” (not an audit). Unlike a Supplier/Product Audit (which follows a product through its entire production process – verifying that requirements have been met), a Source Inspection takes place at the end of the production line. A Source Inspection "can" replace the Receiving Inspection performed by the customer.</note> | <WRAP center round important 80%> |
| | A “[[articles:source_inspections|Source Inspection]]" is NOT a "Product Audit" (or a “Supplier Audit”) because it is an “__inspection__” (not an audit). Unlike a Supplier/Product Audit (which follows a product through its entire production process – verifying that requirements have been met), a Source Inspection takes place at the end of the production line. A Source Inspection "can" replace the Receiving Inspection performed by the customer. |
| | </WRAP> |
| |
| These audits should begin by identifying the particular product(s) that the customer is purchasing from the supplier. If the company has any specific product/service-related concerns, then these should be considered when planning the audit. | These audits should begin by identifying the particular product(s) that the customer is purchasing from the supplier. If the company has any specific product/service-related concerns, then these should be considered when planning the audit. |
| |
| The auditor should then follow an example of the product model (e.g., Part Number) being purchased by the customer through the entire production process… verifying that all requirements were met, including confirming that: | The auditor should then follow an example of the product model (e.g., Part Number) being purchased by the customer through the entire production process… verifying that all requirements were met, including confirming that: |
| • the product was manufactured to the correct product configuration – through verifying that the revision levels of all component/detailed parts match the revision levels required by the customer (typically through confirming that the detailed parts & subassemblies used match the product BOM (Bill of Material) | * the product was manufactured to the correct product configuration – through verifying that the revision levels of all component/detailed parts match the revision levels required by the customer (typically through confirming that the detailed parts & subassemblies used match the product BOM (Bill of Material) |
| • the correct raw material was used (e.g., supported by a Material Test Report, Certificate of Analysis, Chemical Analysis Report). | * the correct raw material was used (e.g., supported by a Material Test Report, Certificate of Analysis, Chemical Analysis Report). |
| • the work was performed in the proper environment (e.g., a Cleanroom environment) | * the work was performed in the proper environment (e.g., a Cleanroom environment) |
| • proper equipment is provided (e.g., to prevent ESD damage), | * proper equipment is provided (e.g., to prevent ESD damage), |
| • any special processing was performed by a qualified process (e.g., a Nadcap certified process), | * any special processing was performed by a qualified process (e.g., a Nadcap certified process), |
| • measuring instruments had the appropriate accuracy (“Accuracy Ratio” between the instrument and the tolerance measured), range & resolution. | * measuring instruments had the appropriate accuracy (“Accuracy Ratio” between the instrument and the tolerance measured), range & resolution. |
| |
| The product audit would also examine completed records (from previous product runs) providing evidence that the practices observed are consistent (e.g., completed Job Travelers, nonconformity reports of this specific product model (part number), and, if available, a Pareto chart identifying key issues with this product. If there are issues identified (either externally, through customer complaints or internally, through employees identifying nonconformities), the auditor should evaluate the effectiveness of any analysis (e.g., Fishbone, charts, 5-Whys) and actions are being taken to mitigate (through risk management) or eliminate (through corrective action) these issues. This is an area where both ISO 9001 & AS 9100 are weak. | The product audit would also examine completed records (from previous product runs) providing evidence that the practices observed are consistent (e.g., completed Job Travelers, nonconformity reports of this specific product model (part number), and, if available, a Pareto chart identifying key issues with this product. If there are issues identified (either externally, through customer complaints or internally, through employees identifying nonconformities), the auditor should evaluate the effectiveness of any analysis (e.g., Fishbone, charts, 5-Whys) and actions are being taken to mitigate (through risk management) or eliminate (through corrective action) these issues. This is an area where both ISO 9001 & AS 9100 are weak. |
| If not, then this may be a new area of opportunity… perhaps through “branding” these as “Product Audits” through: | If not, then this may be a new area of opportunity… perhaps through “branding” these as “Product Audits” through: |
| |
| • A series of articles educating customers as to how product audits can benefit them… even of suppliers who have a registered QMS. | * A series of articles educating customers as to how product audits can benefit them… even of suppliers who have a registered QMS. |
| • Creation of a generic “Product Audit” checklist to be used by “Quality Auditing” to provide consistency in both performance and reporting. | * Creation of a generic “Product Audit” checklist to be used by “Quality Auditing” to provide consistency in both performance and reporting. |
| |
| Supplier/Product Audits are typically of suppliers identified by customers, as having significant quality issues. And a major part of supplier audits is the follow-up. Either verifying that the actions taken by the supplier are effective, or working with the supplier to determine and implement an effective plan to improve product quality. These two activities should be performed jointly in order to justify the cost of Supplier/Product Audits. | Supplier/Product Audits are typically of suppliers identified by customers, as having significant quality issues. And a major part of supplier audits is the follow-up. Either verifying that the actions taken by the supplier are effective, or working with the supplier to determine and implement an effective plan to improve product quality. These two activities should be performed jointly in order to justify the cost of Supplier/Product Audits. |
| === Audit Strategies === | === Audit Strategies === |
| |
| == Downstream Audits == | __Downstream Audits__ \\ |
| A "Downstream Audit" starts at the beginning of the value stream and follows an order from receipt (e.g., "Sales") through each functional area and process, in sequence until the end (e.g., the Shipping area). The auditor should verify that all of the requirements are communicated through each stage of the value stream such that the final product/service satisfies all of its requirements. | A "Downstream Audit" starts at the beginning of the value stream and follows an order from receipt (e.g., "Sales") through each functional area and process, in sequence until the end (e.g., the Shipping area). The auditor should verify that all of the requirements are communicated through each stage of the value stream such that the final product/service satisfies all of its requirements. |
| |
| == Upstream Audits == | __Upstream Audits__ \\ |
| An "Upstream" audit begins with a final product/service (e.g., awaiting delivery in the Shipping area) and follows the value stream in reverse order upstream" to where the order was received (e.g., the Sales area). The auditor should verify that all of the requirements were accurately communicated from each preceding stage of the value stream, ensuring that the final product/service satisfies all of its requirements. | An "Upstream" audit begins with a final product/service (e.g., awaiting delivery in the Shipping area) and follows the value stream in reverse order (i.e., "upstream") to where the contract/order was received (e.g., the Sales area). The auditor should verify that all of the requirements were accurately communicated from each preceding stage of the value stream, ensuring that the final product/service satisfies all of its requirements. |
| | |
| | |
| | |
| | |
| | |
| | |
| Despite the fact that there are many different types of audits, ISO 9001 & AS9100 registrars and consultants have been singing praises of "Process-based” audits for years. In fact, they've been promoted to the point that //some// ISO 9001 & AS9100 auditors have actually issued (unjustified) nonconformities to companies for having performed “clause/element-based" internal audits rather than the //preferred// "process-based" audits! | |
| | |
| These nonconformities are based upon a highly subjective interpretation of ISO 9001 & AS9100. | |
| | |
| Largely due to "indoctrination" (from the registrars) in how to think about ISO 9001 & AS9100, many auditors consider a "process-based" audit to be the ONLY way possible to determine "//whether the quality management system is effectively implemented and maintained//”. This was further supported by a "non-binding" opinion provided in the [[https://asq.org/quality-resources/iso-9001/us-tc176|US TC 176 - TG22 - Interpretations]] (Read: [[articles:re-writing_iso_9001_through_interpretation|Re-writing ISO 9001:2015... through Interpretation]]). | |
| | |
| | |
| | |
| | |
| | |
| ISO 19011:2018 Annex A states: | |
| | |
| <blockquote>A.12 Audit of supply chain \\ | |
| //The audit of the supply chain to specific requirements can be required. The supplier audit programme should be developed with applicable audit criteria for the type of suppliers and external providers. The scope of the supply chain audit can differ, e.g. complete __management system audit__, single __process audit__, __product audit__, configuration audit.//</blockquote> | |
| | |
| While this is NOT a complete list of audit types, neither ISO 19011:2018 nor ISO 9000:2015 defines nor describes the difference between these audit types. | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| |
| ==== Configuration Audits ==== | ==== Configuration Audits ==== |
| While all of the above-listed audit types have an objective of verifying "compliance". a "Value-Added Audit" (VAA) focuses on improvement through the elimination or reduction of non-value-added (NVA) activities/steps in a sequence. | While all of the above-listed audit types have an objective of verifying "compliance". a "Value-Added Audit" (VAA) focuses on improvement through the elimination or reduction of non-value-added (NVA) activities/steps in a sequence. |
| |
| <note>An excellent book describing these audits is "[[https://www.amazon.com/Understanding-Applying-Value-Added-Assessment-Eliminating/dp/0873893697|Understanding and Applying Value-Added Assessment - Eliminating Business Process Waste]]" by William E. Trischiler.</note> | <WRAP center round info 80%> |
| | An excellent book describing these audits is "[[https://www.amazon.com/Understanding-Applying-Value-Added-Assessment-Eliminating/dp/0873893697|Understanding and Applying Value-Added Assessment - Eliminating Business Process Waste]]" by William E. Trischiler. |
| | </WRAP> |
| |
| "Value-Added Audits" are performed "internally" and tend to be used by companies who have adopted the use of Lean 6 Sigma tools. | "Value-Added Audits" are performed "internally" and tend to be used by companies who have adopted the use of Lean 6 Sigma tools. |
