Internal Quality Auditing Services

In most cases, internal quality audits are primarily performed to satisfy the requirements of a QMS standard (e.g., ISO 9001, AS 9100, ISO 17025). And, as per the generic definition provided in ISO 9000:2015, "Fundamentals and vocabulary", these can be limited to simply identifying areas that are conforming along with any areas that are nonconforming.

ISO 9000:2015, sec. 3.13.1
audit
systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.

How an "Internal Quality Audit” Can Add Value

Greater benefits from internal quality audits can be realized through utilizing a “contracted” internal auditor who also performs third-party audits for CBs (Certification Bodies). This approach provides valuable insight as to:

  • “how” the CBs are interpreting the standard
  • “how” their auditors expect to see the requirements implemented, and
  • what types of questions the CB auditors will be asking.

In addition to being more familiar with the QMS standards, “contracted” internal auditors who also perform third-party audits for CBs are often “up-to-date” with knowing and understanding the “official” interpretations for that standard. For example:

Further, a “good” contracted auditor, who is familiar with ISO 17021-1 (defining the requirements for “how” CBs operate) can show your company ways in which to justify the interpretations it has adopted, in order to prevent the receipt of invalid nonconformities from the CB's auditor.

Identifying "risks" during internal audits

The “true” purpose of any robust QMS is to identify and implement controls to identify and eliminate, or mitigate, risks to consistently fulfilling customer requirements and any established expectations (commitments) relating to the provision of products and/or services.

While not adopted by ISO, a “better” (more accurate) definition of an internal QMS audit is:

A structured investigative process for determining, through objective evidence, the adequacy and effectiveness of the controls implemented to eliminate or mitigate, risks to consistently fulfilling customer requirements and any established expectations (commitments) relating to the provision of products and/or services.

Although the word “risk” does not appear in ISO 9001/AS9100. sec. 9.2, “Internal Audit”, internal auditing can also be an effective tool for identifying quality-related risks; which present opportunities for improvement through implementing “risk controls” to eliminate or mitigate risks.

Risk-Based Internal Audits

Certification Bodies (CBs) are placing greater emphasis on companies performing “risk-based internal audits“.

Randall can also assist companies in developing and implementing “risk-based” internal audit programs. There are many different types of audits that can be performed in order to better facilitate a robust “risk-based” internal audit program.

Whether an AS 9100 series certified company performs "risk-based" internal audits is one of the criteria specified in SAE AS9104/1A, which requires AS 9100 CBs (Certification Bodies… i.e., Registrars) to use the ”Organization Certification Analysis Process (OCAP)“ for determining an overall “risk rating” (High, Medium, Low) for each certified company. This is also required for AS 9100 certified companies who choose the option to participate in the “Performance-based Surveillance/Recertification Process” (Described in AS9104/1A, “Appendix D”).

Auditor Qualifications

During his 25+ year career, Richard Randall has performed internal audits for micro-companies (as small as two people working from a residential home) up to mid-sized companies (50-250 employees) in the commercial (e.g., ISO 9001, Gafta), laboratory (e.g., calibration, testing, analysis) and Aerospace and Defense Industries (i.e., AS 9100 & AS9120).

Richard Randall is a Probitas Authentication certified AS 9100:2016 (Rev. D) Aerospace Auditor (listed in the Aerospace IAQG OASIS database). Probitas Authentication "AS9100 Aerospace Auditor" certificate.

Probitas Authentication "AS9100 Aerospace Auditor" certificate

Richard Randall was also a IRCA certified ”Principle Quality Auditor“ for 25 years (from 1993 to 2018). This certification was dropped because the Probitas Authentication certification includes ISO 9001.