Quality professionals frequently express confusion as to the difference between corrective and

preventive action. A corrective action deals with a nonconformity that has occurred, and a
preventive action addresses the potential for a nonconformity to occur.

Corrective Action Process

 Locate and document the root cause of the nonconformity.

 Scan the entire system to ensure no other similar nonconformity could occur.
 Analyze the effect such a nonconformity may have had on a product or service produced
before the nonconformity was discovered, and take action appropriate to the severity of
the situation by either recalling the product, notifying the customer, downgrading or
scrapping product.
 Establish thorough follow-up to ensure the correction is effective and recurrence has been
prevented.

Preventive Action Process

 Take proactive steps to ensure a potential nonconformity does not occur.

 Employ process and system analysis to determine how to build in safeguards and process
changes to prevent nonconformance. For example, use a failure mode and effects analysis
to identify risks and potential deficiencies and to set priorities for improvement.

Developmental Action Process (Treated as Preventive Actions)

 Initiate an improvement project, with project plans, justification for planned

expenditures, resource controls and evaluation.
 Contain a related series of actions, often separated by long periods so you can wait and
see progress and results.
 Use a variety of appropriate disciplines at different times during the project.
 Establish a means for communicating what has been done and what has to be done to
facilitate communication about changes to project team members.
 Include a clear trail of actions taken and decisions made to substantiate the decision to
proceed, document lessons learned and avoid needless reinvention on future similar
projects.

Documenting and controlling corrective and preventive actions ensure appropriate action is taken
within a reasonable timeframe and the resulting changes work.

Quality Assurance and Quality Control are two very closely related concepts and because of that
close relationship they are often confused and one is inappropriately used as a substitute for the
other.
Quality Assurance is a process focused concept, where the processes are put in place to ensure
the correct steps are done in the correct way. If the correct processes are in place there is some
assurance that the actual results will turn out as expected.

Quality Control is a product focused concept, where checking of the actual results are done to
ensure that things are as expected. If the correct controls are in place you can know for certain
that the actual results have been achieved because the actual results have been checked.

Quality audit is the process of systematic examination of a quality system carried out by an
internal or external quality auditor or an audit team. It is an important part of an organization's
quality management system and is a key element in the ISO quality system standard, ISO 9001.

What is Quality Audit For?

Quality audits are typically performed at predefined time intervals and ensure that the institution
has clearly defined internal system monitoring procedures linked to effective action. This can
help determine if the organization complies with the defined quality system processes and can
involve procedural or results-based assessment criteria. Internal auditing frequently involves
measuring compliance with the existing policies and procedures, work instructions etc. However,
internal auditors are not responsible for the execution of company activities; they advise
management regarding how to better execute their responsibilities.

Audits are an essential management tool to be used for verifying objective evidence of processes,
to assess how successfully processes have been implemented, for judging the effectiveness of
achieving any defined target levels, to provide evidence concerning reduction and elimination of
problem areas. For the benefit of the organization, quality auditing should not only report non-
conformances and corrective actions, but also highlight areas of good practice. In this way other
departments may share information and amend their working practices as a result, also
contributing to continual improvement.

Types of Audits:

Internal Audits

Internal audits ensure that an organization is meeting its own quality standards or contractually
required standards. This is also called a first party audit. Internal audits may be done by auditors
who work for the company being reviewed. They may also be hired by the company to audit its
own functions. However, auditors must be independent of the function they are auditing.

External Audits

External auditors are separate from the company they are auditing because they are independent.
They may be hired by a supplier or customer to ensure that the audited company meets their
quality standards. They may be audited by the government to verify that they meet military
specifications. External audits can be done by quality consultants specializing in the quality
standards for those organizations. In all of these cases, the audit is called an external audit.

Second Party Audits

External audits done by a company that has a contract with the audited firm is called a second
party audit. The second party quality audit is done by the company holding the audit.

Third Party Audits

External quality audits done by an organization that has no contract with the company it is
auditing is called a third party audit. A third party external audit can be done to attain or maintain
certification in a quality standard. A third party audit by an independent auditor can also be
mandated by law to qualify for government contracts. A third party audit of a company can also
be done at the request of a supplier or customer who would be considered a second party audit if
they performed the quality audit themselves.