| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| articles:types_of_audits [2022/02/09 17:26] – [Quality Management System Audits] rrandall | articles:types_of_audits [2023/02/09 11:10] (current) – [Quality Management System Audits] rrandall |
|---|
| * a Configuration Audit (i.e., for a specific product configuration) | * a Configuration Audit (i.e., for a specific product configuration) |
| |
| <note>For purposes of this article, all audits are assumed to be "quality-related" in nature (e.g., NOT Environmental or Safety). </note> | <WRAP center round info 80%> |
| | For purposes of this article, all audits are assumed to be "quality-related" in nature (e.g., NOT Environmental or Safety). |
| | </WRAP> |
| ===== What are the types of audits? ===== | ===== What are the types of audits? ===== |
| While there are many types of audits, and audit strategies, the most common types are: | While there are many types of audits, and audit strategies, the most common types are: |
| ALL of the above audits can be performed either internally (on the company itself) or externally (on suppliers/subcontractors). | ALL of the above audits can be performed either internally (on the company itself) or externally (on suppliers/subcontractors). |
| |
| While all of the above-listed audit types have an objective of verifying “compliance”. a “Value-Added Audit” (VAA) focuses on improvement through the elimination or reduction of non-value-added (NVA) activities/steps in a sequence. So a description of a VAA is described after the others. | While ISO 19011:2018 Annex A mentions several different "types" of audits (as "scopes"), neither ISO 19011:2018 nor ISO 9000:2015 defines nor describes the difference between these audit types. |
| | <blockquote>ISO 19011:2018 A.12 Audit of supply chain \\ |
| | //The audit of the supply chain to specific requirements can be required. The supplier audit programme should be developed with applicable audit criteria for the type of suppliers and external providers. The scope of the supply chain audit can differ, e.g. complete __management system audit__, single __process audit__, __product audit__, __configuration audit__.//</blockquote> |
| |
| | __Value-Added Audits (VAA)__ \\ |
| | While all of the above-listed audit types have an objective of verifying “compliance”. a “Value-Added Audit” (VAA) focuses on __improvement__ through the elimination or reduction of non-value-added (NVA) activities/steps in a sequence. A common approach is to utilize a detailed flow chart of the process - identifying those "activities/steps" that either "add no value" or "add no value but are necessary" (e.g., an inspection activity to mitigate the possibility of nonconforming product(s) being delivered). |
| | |
| | A VAA is often used to identify opportunities for improvement. more information on VAAs is at the bottom of this article. |
| ==== Quality Management System Audits ==== | ==== Quality Management System Audits ==== |
| |
| (Source: [[https://asq.org/quality-resources/auditing|https://asq.org/quality-resources/auditing]])</blockquote> | (Source: [[https://asq.org/quality-resources/auditing|https://asq.org/quality-resources/auditing]])</blockquote> |
| |
| Despite the fact that there are many different types of audits, ISO 9001 & AS9100 registrars and consultants have been singing praises of "Process-based” audits for years. In fact, they've been promoted to the point that //some// ISO 9001 & AS9100 auditors have actually issued (unjustified) nonconformities to companies for having performed “clause/element-based" internal audits rather than the //preferred// "process-based" audits! | Despite the fact that there are many different types of audits, ISO 9001 & AS9100 registrars and consultants have been promoting "Process-based” audits for years. And, largely due to "indoctrination" (from the registrars) in how to think about ISO 9001 & AS9100, many auditors consider a "process-based" audit to be the ONLY way possible to determine "//whether the quality management system is effectively implemented and maintained//”. This is further supported by a "non-binding" opinion provided in the [[https://asq.org/quality-resources/iso-9001/us-tc176|US TC 176 - TG22 - Interpretations]] (Read: [[articles:re-writing_iso_9001_through_interpretation|Re-writing ISO 9001:2015... through Interpretation]]). |
| | |
| These nonconformities are based upon a highly subjective interpretation of ISO 9001 & AS9100. | |
| | |
| Largely due to "indoctrination" (from the registrars) in how to think about ISO 9001 & AS9100, many auditors consider a "process-based" audit to be the ONLY way possible to determine "//whether the quality management system is effectively implemented and maintained//”. This was further supported by a "non-binding" opinion provided in the [[https://asq.org/quality-resources/iso-9001/us-tc176|US TC 176 - TG22 - Interpretations]] (Read: [[articles:re-writing_iso_9001_through_interpretation|Re-writing ISO 9001:2015... through Interpretation]]). | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| |
| | In fact, they've been promoted to the point that //some// ISO 9001 & AS9100 auditors have actually issued (unjustified) nonconformities to companies for having performed “clause/element-based" internal audits rather than the //preferred// "process-based" audits! These nonconformities are based upon a highly subjective interpretation of ISO 9001 & AS9100. |
| |
| Despite the subjective interpretations/opinions of some auditors, companies should decide the type of internal audit that best provides "//information on whether the quality management system is effectively implemented and maintained//". | Despite the subjective interpretations/opinions of some auditors, companies should decide the type of internal audit that best provides "//information on whether the quality management system is effectively implemented and maintained//". |
| Using "Document Control" as another example, the auditor would verify control of documents in every area where documents are distributed (or otherwise required to be controlled - e.g., documents of external origin). | Using "Document Control" as another example, the auditor would verify control of documents in every area where documents are distributed (or otherwise required to be controlled - e.g., documents of external origin). |
| |
| <note>AS9100 auditors use the "Horizontal Auditing" approach for all of the AS9100 requirements outside of section 8. This is recorded in AS9101 Form 2: "QMS PROCESS MATRIX REPORT".</note> | <WRAP center round info 80%> |
| | AS9100 auditors use the "Horizontal Auditing" approach for all of the AS9100 requirements outside of section 8. This is recorded in AS9101 Form 2: "QMS PROCESS MATRIX REPORT". |
| | </WRAP> |
| |
| __Vertical Audits__ \\ | __Vertical Audits__ \\ |
| * Production (ISO 9001/AS9100, sec. 8.5, 8.6 & 8.7) | * Production (ISO 9001/AS9100, sec. 8.5, 8.6 & 8.7) |
| |
| Using "Sales" as an example, the auditor would interview personnel concerning the process inputs, activities, and outputs. And examine a sampling of records (required by sec. 8.2.3.2) used to provide evidence of a contract/order review having been performed (with its results) and any records created to describe any new requirements for the products and services (e.g., Change Orders, Amended/Revised Orders). | Using "Sales" as an example, the auditor would: |
| | - interview personnel concerning the process inputs, activities, and outputs; |
| | - examine a sampling of records (required by sec. 8.2.3.2) used to provide evidence of a contract/order review having been performed (with its results) and any records created to describe any new requirements for the products and services (e.g., Change Orders, Amended/Revised Orders). |
| |
| Using "Procurement" as another example, the auditor would interview personnel concerning the process inputs, activities, and outputs. And examine a sampling of the records required by ISO 9001/AS9100, sec. 8.4 to be retained. | Using "Procurement" as another example, the auditor would interview personnel concerning the process inputs, activities, and outputs. And examine a sampling of the records required by ISO 9001/AS9100, sec. 8.4 to be retained. |
| During a full system audit, the auditors "should" verify that the linkages between processes provide effective communication of requirements. | During a full system audit, the auditors "should" verify that the linkages between processes provide effective communication of requirements. |
| |
| <note>AS9100 auditors use the "Vertical Auditing" approach for all of the AS9100 requirements contained in section 8. This is recorded in a separate 9101 Form 3: "PROCESS EFFECTIVENESS ASSESSMENT REPORT" (aka PEAR) for each department.</note> | <WRAP center round info 80%> |
| | AS9100 auditors use the "Vertical Auditing" approach for all of the AS9100 requirements contained in section 8. This is recorded in a separate 9101 Form 3: "PROCESS EFFECTIVENESS ASSESSMENT REPORT" (aka PEAR) for each department. |
| | </WRAP> |
| ==== Product Audits ==== | ==== Product Audits ==== |
| |
| A “Product Audit” is performed with the objective of verifying whether a particular product (e.g., parts or assemblies, processed material, software) conforms to requirements (i.e., drawings, BOMs, technical specifications, product/material standards). | A “Product Audit” is performed with the objective of verifying whether a particular product (e.g., parts or assemblies, processed material, software) conforms to requirements (i.e., drawings, BOMs, technical specifications, product/material standards). |
| |
| <note>A similar approach could be taken when performing a service-related audit (e.g., laboratory analysis, destructive or non-destructive testing, calibration services, repair services). However, the focus would generally be on the specification(s) defining the required service.</note> | <WRAP center round info 80%> |
| | A similar approach could be taken when performing a service-related audit (e.g., laboratory analysis, destructive or non-destructive testing, calibration services, repair services). However, the focus would generally be on the specification(s) defining the required service. |
| | </WRAP> |
| |
| In fact, the ASQ definition of a “Product Audit” includes "services". | In fact, the ASQ definition of a “Product Audit” includes "services". |
| Product audits can be either performed internally or at supplier sites. | Product audits can be either performed internally or at supplier sites. |
| |
| <note important>A “[[articles:source_inspections|Source Inspection]]" is NOT a "Product Audit" (or a “Supplier Audit”) because it is an “__inspection__” (not an audit). Unlike a Supplier/Product Audit (which follows a product through its entire production process – verifying that requirements have been met), a Source Inspection takes place at the end of the production line. A Source Inspection "can" replace the Receiving Inspection performed by the customer.</note> | <WRAP center round important 80%> |
| | A “[[articles:source_inspections|Source Inspection]]" is NOT a "Product Audit" (or a “Supplier Audit”) because it is an “__inspection__” (not an audit). Unlike a Supplier/Product Audit (which follows a product through its entire production process – verifying that requirements have been met), a Source Inspection takes place at the end of the production line. A Source Inspection "can" replace the Receiving Inspection performed by the customer. |
| | </WRAP> |
| |
| These audits should begin by identifying the particular product(s) that the customer is purchasing from the supplier. If the company has any specific product/service-related concerns, then these should be considered when planning the audit. | These audits should begin by identifying the particular product(s) that the customer is purchasing from the supplier. If the company has any specific product/service-related concerns, then these should be considered when planning the audit. |
| While all of the above-listed audit types have an objective of verifying "compliance". a "Value-Added Audit" (VAA) focuses on improvement through the elimination or reduction of non-value-added (NVA) activities/steps in a sequence. | While all of the above-listed audit types have an objective of verifying "compliance". a "Value-Added Audit" (VAA) focuses on improvement through the elimination or reduction of non-value-added (NVA) activities/steps in a sequence. |
| |
| <note>An excellent book describing these audits is "[[https://www.amazon.com/Understanding-Applying-Value-Added-Assessment-Eliminating/dp/0873893697|Understanding and Applying Value-Added Assessment - Eliminating Business Process Waste]]" by William E. Trischiler.</note> | <WRAP center round info 80%> |
| | An excellent book describing these audits is "[[https://www.amazon.com/Understanding-Applying-Value-Added-Assessment-Eliminating/dp/0873893697|Understanding and Applying Value-Added Assessment - Eliminating Business Process Waste]]" by William E. Trischiler. |
| | </WRAP> |
| |
| "Value-Added Audits" are performed "internally" and tend to be used by companies who have adopted the use of Lean 6 Sigma tools. | "Value-Added Audits" are performed "internally" and tend to be used by companies who have adopted the use of Lean 6 Sigma tools. |
