Also available from ASQ Quality Press

ABer rlre Qtmliy Audit: Closmg rlie Loop 011 rl~eA d i r Process
J. P. Russell and Terry Regel

F~oidat~tertrds
of Q i r a l i Aitdirrr~g
~
B. Scott Parsow~th

The Q ~ ~ a i.iitriii:
in A illn~iage~~~eiir
Elwl~iar~on
Too/
Charles A.MiIls- - ..

Q ~ r n lAi~diis
i ~ for I i ~ ~ p r o vPr ~e l~ f o m m ~ cSecond
e. Edir~u~~
Dennis R. Anrr

md Use
How lo Pla~tcii~.4i~dii
ASQ Quality Audit Technical Commrttee: Charles B. Robinson. editor
Second Edition
To request n complimentary catalog or publicat~ons,call 1-800-248-1946
or v ~ s our
~ t Webslte at qualitypress.asq.org.

ASQ Quality Audit Division

j. I? Russell, Editor

ASQ Quality Press

Milwaukee, Wisconsin
The quality audit handbook 1 ASQC Quality Audit Diwsion: J.P. Russell, ediung
director.-2nd ed.
p. cni.
Includes bibliogmphical references and index.
ISBN (1-37389-460-X talk. paper)
I. Aurliimg-Hnndbook annuais, etc. I. Russell. J. P. (James P.).
1944- 11. Amcncm Society for Qunlity Control. Qualily Audit Divtslon.
tlF5667 .Q35 1999
h57'.45 2 I - d c l l 911-044972

0- 2000
- by ASQ...
All nghts resen,ed. No pm of [his book may be reproduced in any form or by any
means. electron~c.mcchantcal. pholocopyng. recording, or oihenv~se,w h o u t the pnor
willen pcrnusston of ~ l t epublishar.

Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XI...
Notes to the Render. . . . . . . . . . . . . . . . . . . . . . . . . . - ~ & -XI11
;\cqu~stiton~ Editor: Ken Zielske
P r o p s Erlitur: Anncn~~ekc Koud>ru~i
A&~odedginentst,. . . . . . . . . . . . . . . . . . . . . . . . svii
Producrioii Adnr~ii~smror: Sh.nwn Doiiogne Overvter~t... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SXZ!
RSQ Mission: The Aniencm Soclew lor Qualiry advances indindual and orgnnrzat~onnl
perfoniinncc excellence worldwide by providing opponuntties for Ir~rnlng,quaiit). - PART i ETHICS, PROFESSIONa CONDUCT,
itiiprouemenl. and knowledge enchanse. AND LiABILITY ISSUES
Artemon: Bookstores. Wholesalers. Schools and Corporat~ons:
ASQ Quality Press books. videotapes. audiorapes, and software are available at q u m l ~ l y
Chapter A ASQ Code of Ethics . . . . . . . . . . . . . . . . . . . . . 3
discounts w t h bulk purchases for busmess. educat~onal.or ~nsrrucr~onal
use. For 1. Conflicr of Interest . . . . . . . . . . . . . . . . . . . . . . . . . 7
~nformar~ott.p i e m conrnct ASQ Quality Press at 800-248-1946. or wnte lo ASQ Quality 2. Confidenrialirv . . . . . . . . . . . . . . . . . . . . . . . . . . . S
Prcss. PO. Boa 3005. Milwaukee. WI 53201-3005.
Chapter B Professional Conduct and Responsibilities . . . . . 13
To place orders or to request a free copy of the ASQ Quality Press Publications Cnlalo:,
mcluding ASQ membershtp ~nformalton.call 800-245-1945. Vislt our web slle at
1. Auditor Conducr . . . . . . . . . . . . . . . . . . . . . . . . . . 13
www.ssq.org. or qualitypress.asq.org. 2. Audiror Responsibilities . . . . . . . . . . . . . . . . . . . . . . 15
3. Discovery of Illegal or Unsafe Condit~ons
or Act~v~ties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Pnnted in the Unired States of Amenca
17
@ Pnnted on acld-free paper .........................
Chapter C Liability Issues 25
I. Personal and Corporate . . . . . . . . . . . . . . . . . . . . . . 25
Amerrcan Societv for Qualitv 2. Audit Record Disclosure . . . . . . . . . . . . . . . . . . . . . 29

PART I1 AUDIT PREPARATION

Oualiiy Press Chapter A Audit Definition and Plan ................. 33
611 East Wisconsin Avenue 34
Milwaukee. Wlsconsln 53202 1. identificat~onof Authority (Internal and External) . .
Call loll Ires 800-248-1946 2. Determination of Audit Purpose . . . . . . . . . . . . . . . 36
qualitypress.asq.org
 3. Determinaaon of Audit Type and Scope . . . . . . . . . .
4. Determ~narlonof Resources Required . . . . . . . . . . .
5. Team Selection and Identification of Roles . . . . . . . .
6. Rrqu~rementsto Audit Agalnst . . . . . . . . . . . . . . . .
Chapter B Audit Design . . . . . . . . . . . . . . . . . . . . . . . . . .
1. Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2. Data Collection Plan . . . . . . . . . . . . . . . . . . . . . .
3. Sampling Plan . . . . . . . . . . . . . . . . . . . . . . . . .
4. Loglst~csPlann~ng. . . . . . . . . . . . . . . . . . . ~.
Chapter C Document Review and Preparation . . . . . . . . . .
1. Audit-related Document Revlew . . . . . . . . . . . . . . .
2. Auditee's Performance History Review . . . . . . . . .
3. Prep~rat~on of Audit Checklists, Gu~delines,Log Sheers
Chaprcr D Commun~cationand Distributton
of Audit Plan . . . . . . . . . . . . . . . . . . . . . . . . . .
PART 111 AUDIT PERFORMANCE
Chapter A Audit Management . . . . . . . . . . . . . . . . . . . . .
1. Audit Team Management . . . . . . . . . . . . . . . .
2. Communtcat~onof Audit Status to Auditee . . . . . . .
3. Audit Plan Changes . . . . . . . . . . . . . . . . . . . . . . . .
Chapter B Opening Meeting . . . . . . . . . . . . . . . . . . . . . . .
1. Presentation and Revtew of the Audit Plan . . . . . . . .
2. Confirmation of Audit Logistics . . . . . . . . . . . . . . . .
3. Discussion of Auditee Concerns . . . . . . . . . . . . . . . .
Chapter C Data Collect~on . . . . . . . . . . . . . . . . . . . . . . . .
-1. Documenr/Record Examination . . . . . . . . . . . . . . . .
L. Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3. Physlcal Examination . . . . . . . . . . . . . . . . . . . . . . .
4. Observar~onof Work Activities . . . . . . . . . . . . . . . .
Chapter D Audit Working Papers ...................
1. Documentatlon of Audit Trail . . . . . . . . . . . . . . . .
2. Record of Observat~ons. . . . . . . . . . . . . . . . . . . . . .
Chapter E Audit Analysls .........................
1. Corroboration and Object~vtryof Evldence . . . . . . .
2. Data Patterns and Trends . . . . . . . . . . . . . . . . . . . .
38 3. Classificat~onof Observattons . . . . . . . . . . . . . . . . .
40 4. Classificat~onof Nonconformances . . . . . . . . . . . . .
43 5. Conclus~ons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter F Exit Meeting . . . . . . . . . . . . . . . . . . . . . . . . . . .
43
49 1. Presenrarion of Audit Results . . . . . . . . . . . . . . . . . .
39 2. Discussion of Follow-up Actlons . . . . . . . . . . . . . . .
51 3. Espectat~onsoi Auditors, Auditees, and Client . . . . .
PART IV AUDIT REPORTING
ha pier A Review and Finalize Audic Results.....
Chapter B Written Report Format and Content . . . . . . . . .
1. Audit Details.. . . . . . . . . . . . . . . . . . . . . . . . . . :
2. Compliance.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3. Svstem Effectweness . . . . . . . . .....-....
to Be Reported . . . . . . . . . . . . . . .?. .
4. Comiclus~o~~s
5. Request for Corrective Act~ons . . . . . . . . . . . . . . .
Chapter C Issue Written Reporr . . . . . . . . . . . . . . . . . . . .
I. Obtaln Approvals . . . . . . . . . . . . . . . . . . . . . . . . . .
2. Distribute Report . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter D Audit Records Retentton ..........
PART V CORRECTWE ACTION FOLLOW-UP
AND CLOSURE
Chapter A Corrective Action Follow-up ...............
1. Crlterta for Acceptabie Correctlve Action Plans . . . .
2. Acceptability of Proposed Correctwe Action . . . . . . .
3. Negot~at~on of Correcttve Acnon Plans . . . . . . . . . .
4. Methods for Verifying Corrective Action . . . . . . . . .
5. Follow-Up Audit Schedule, as Requued . . . . . . . . . .
6. Verification of Corrective Action Compietion . . . . . .
7. Effectiveness of Corrective Act~on . . . . . . . . . . . . . .
8. Strategies When Correctlve Action Is Not
Implemented or Is Not Effective . . . . . . . . . . . . . . . .
Chapter B Closure ..............................
1. Crlterla For Closure . . . . . . . . . . . . . . . . . . . . . . . .
2. Timeliness.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PART VI AUDIT PROGRAM MANAGEMENT Chapcer B Basic Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Chapcer A Administration . . . . . . . . . . . . . . . . . . . . . . . . . 1. Time-Management Techniques . . . . . . . . . . . . . . . . :
193
1. Audir Program Objectives . . . . . . . . . . . . . . . . . . . .
139 2. Conflict Resolution . . . ' . . . . . . . . . . . . . . . . . . .
I
194
140 3. Effective Communication Techniques . . . . . . . . . . . . 196
2. Identification and Justification
4. Presentation hlethods and Techniques . . . . . . . . . . . 198
of Resource Requirements . . . . . . . . . . . . . . . . . . . 142
3. Management's Relat~onshipto the Audir Function . . 143 .
Chapter C Tools nnd Techniques . . . . . . . . . . . . . . . . . . . 201
4. Credibilicy of Audic Funcclon . . . . . . . . . . . . . . . . . . 144 i. Checkiist, Gu~delines,and Log Sheets . . . . . . . . . . . 201
5. Linkage to Business Pertormance . . . . . . . . . . . 146 2. Sampling Theory, Procedures,
6. Linkage to Continuous Improvement . . . . . . . . . . .
;

;
148- - and Applications . . . . . . . . . , . . . . . . . , . . . . . . . . 205
7. Evaluation of Audit Program Effectiveness . . . . . . . . 150 3. Flowcharts and Process Mapplng . . . . . . . . . . . . . 206 I :

3. Summary of Audic Program Results for Review . . 153 4. Pattern and Trend Analysis . . , . . . . . . . . . . .
9. Long-Term Audit Planning . . . . . . . . . . . . . . . . . 154 7. Root Cause Analvsls . . . . . . . . . . . . . . . . , . . -21
? 14
0 I ~

Chapter B Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - Cause and Effect Diagrams . . . . , . . . . . . . . . . . 216

6. I

157
/ Pareto Charts . . . , . . . . . . . . . . . , . ; , . . . . . . 217
I. Development and Implementat~on
ot Audit Program Procedures . . . . . . . . . . . . . . . . . 8. Histograms . . . . . . . . . . . . . . . . . . . . . , . . .'% 219
: : 777

3. Development and Implementation

158 9. Descriptive Statistics . . . . . . . . . . . . . . . . . . . . . ---
I ;

of Audit Program Scheduie . . . . . . . . . . . . . . . . . . . 10. Control Chart Interpretations . . . . . . . . . . . . . . . 224

160 11. Process Capability Interpretarlon . . . . . . . . . . . . . 22s
3. Audit Record-Keeping Requirements . . . . . . . . . . . . ,. ; :

162
Chapter C Audit Personnel . . . . . . . . . . . . . . . . . . . . . . . . 1G5 APPENDIX A AUDIT SAMPLING . . . . . . . . . .1. . . . . . . . 231
1. Qualifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
2. Seiection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Chapter A Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
3. Tramng and Recertification . . . . . . . . . . . . . . . . . I 169 Chapter B Nonstaustical Audit Sampling . . . . . . . . . . . . . . 237
4. Performance Evaiuat~on. . . . . . . . . . . . . . . . . . . . . . 173
Chapter C Statistical Audit Sampling
for Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 241
PART W GENERAL KNO\VL,EDGE AND SKILLS
Chapcer D Sampling with Standards . . . . . . . . . . . . , . . . . 245
Chapter A Auditing Basics . . . . . . . . . . . . . . . . . . . . . . . . 177
1. Quality Concepts, Terms, and Definitions . . . . . . . . 177 Chapter E Proportional "Stratified" Sampling . . . . . . . . . . 249
2. Theories and Practices In Qualiry Auditing . . . . . . . . 179 Chapter F Sampling Summary . . . . . . . . . . . . . . . . . . . . . . 251
3. Benefits and Consequences of Audits . . . . . . . . . . . . 182
4. Roles and Responsibilities of Client, Auditor, APPENDIX B ASQ CERTIFIED QUALrrY AUDITORS BODY
and Auditee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 OF KNOWLEDGE . . . . . . . . . . . . . . . . . . . 255 .
5. Characteristics of System, Process,
and Product Audits . . . . . . . . . . . . . . . . . . . . . . . . . 185 APPENDIX C CHANGES AND TRENDS
6. Characteristics of Internal and External Audits . . . . . 187 IN AUDITING PRACTICES . . . . . . . . . . . . 259
7. Characteristics of Fist-, Second-, References.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
and Third-Parry Audits . . . . . . . . . . . . . . . . . . . . . . . . 188 Recommended Readings. . . . . . . . . . . . . . . . . , . . . . . . . . . . 270
8. Characteristics of Qualitative Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
and Quantitative Analys~s . . . . . . . . . . . . . . . . . . . 190 Index . . . . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
 The quality audit protesslon has grown remarkabiy in the two peArs since
the handbook was first published. IS0 9000, IS0 14000, QS-9000, and a
mynad of other recent standards call for the certification of audit per-
sonnel and the performance of audits. This growth has been ~nternatlonal
in scope and has given new opponunities to every quality auditor. It has
-given nse to new job opportunities, new companies, and even new busi-
ness sectors. We have witnessed a transition from stated quality to ven-
fied quality for many businesses. We have witnessed a renaissance of the
quality audit profession and its recognition as an integral part of doing
business.
The second edition of the handbook has recognized the transition and
transformation of the audit profession. In addition, we have all learned a
lot since the first edition was published in 1997. Some of what we have
learned has been added to this second editlon of The Qimlity Audir Hflnd-
book. Some must wait while we develop more information, develop trans-
ferable techniques, and develop a consensus among auditors before
including it m the handbook.
This edition has been expanded to include more information on the
softer sides of auditing, including ethics, liability, and sampling consider-
ations. Each chapter has been revisited and, where necessary, revised to
address our current howledge of quality auditing. Some chapters have
had extensive revision; some have had little revision. We anticipate more
changes, revisions, and additions as we move into the new millemum.
A journey of a thousand miles begins with the f m t step. Our f i s t step
was the first edition of The Quality Audit Hnndbook published in 1997.
 This second cdit~onrepresents the second step of our Journey. The hand-
book has becn reorganized to parallel the rev~sedASQ Certified Quality
Auditor Body o i Knowledge.
Regardless 01' the updating. reorgmizatlon, and new material added,
the handbook will always be a wok-ln progress because auditing is a
virai, changing, growlng profession seehng continuous improvement. In
kcep~ngwith thc a m of continuous improvement. we invite each member,
organization. and industry w ~ t hinformation to share on Subjects related to
the BoK. to subinit tlleir new knowledge, new perspectives, or new prac-
. .
tices to the editor.
I want to thank 1. P. Russell for his patient efforts at coordinatmg the
second edit~onof the handbook. His efforts at bnnglng some f o m ~of con-
sensus to each chapter are recogmed by all who part~c~pated in the sec-
ond edition. I also want to recognize Wendy Finnerty, Chairperson for the
Quality Audit Divis~on.who au~horizcdthe second edition and worked This handbook supports the quality auditor Body of Knowledge (BoK)
with US to cnsui-e that we met the vanous deadlines tor publishing. developed for the ASQ Certified Quality Auditor (CQA) programhThe
quality audit Body of Knowiedge was revised in August 1997. The second
editlon addresses the new Body of Knowledge topics and the new arrange-
Norman C. Frank
ment. The body of knowledge was re-arranged from V Parts to VII Pans
Vice Cha~rperson,Techn~cal
and (27 percent of the toplcs in the new BoK were not specifically
ASQ Qualiry Audir Divmon
addressed in the old BoK). The fundamental quality audit principles have
not changed, but additional topics were added to address ethlcs, alignment
with organization objectives, audit program management activlnes, and
corrective action of audit findings. The second edition also contains addi-
tional ~nformat~on on sampling in an appendix.
The text is aligned with the Body of Knowledge for easy cross-
referencing. Through use of this handbook, we hope to increase your
understanding of the quality audit Body of Knowledge.
The Use. The handbook can be used by new auditors to g u n an under-
standing of quality auditmg. Experienced auditors will find it to be a use-
ful reference. Audit managers and quality managers will use the handbook
as a guide for lead'ig their auditing programs.
The handbook will also be used by trainers and educators as source
material for teachlng the fundamentals of quality auditing. It is not
designed as a stand-alone text to-prepare for the ASQ Certified Quality
Auditor (CQA) exam. As for a l l ASQ certificahon activities, you are
encouraged to work with your local section for preparation. The Quality

xiii
Atrdit Hrr~irlbuok,when used in conjunction with other published materi-
als, is appropnate for refresher courses, and we hope that trainers will use
it in that manner.
The handbook contains information to suppon all aspects of the qual-
ity audit Body of Knowledge and is not limited to what only new auditors
need to know. Hcnce, tlie amount of material in each part of the handbook
IS not directly proportional to exam emphasts. The CQA exam is desizned
to tcst a candidat<s basic knowledye of quality audiung. All the inforrntt-
tion tn tlie handbook is important, but those preparing for the CQA esnm
should spend morc umc in tlicir wcakcst :mas and the BoK pans receiving
more emphasis on the exam. The number of questions and percentage of
CQA exam questions is indicated at the start of' each part of the handbook.
T h c Contents. Tliz handbook IS organized to be in alignment with the
quality auditor Body of Knowiedge. We have tncluded this Body of
Knowledze i n back of the handbook as an appendix. Since many concepts
and practices ofc~ualityaudittng are still evolving. the Body of Knowled~r
will be revtsed from rime to time. As changes occur. tile handbook must
also be revised to keep current.
Temis and detintttons are addressed throqhout the text and especially
in Part VII. Chapter A and tn the glossary. The glossary is based on the
definittons in ANSIIISOIASQ AS-102-1994. ANSIflSOlASQ A5-102-199-1
definitions have undergone extensive peer review and are accepted world-
wide. However. even the defimtlon of audit terms continues to evolve tn
order to meet the needs of standard users.
The Qrialitv Artdir Handbook represents generally accepted quality
audit practices for both internal and external applications. As such. it may
not depict the best practxce for all sttuatlons.
The handbook uses generic terms to support broad pnnclples. For ciar-
ity, specific mdustry examples and stones from CQA's are sometimes used
to explan a topic in the Body of Knowledge. The stones, depicted as side
bars, are a way to share the experiences of other quality auditors. Industry
examples incorporated into the text are not intended to be all inclustve and
representatwe of a11 zndustnes. Needless to say, this work cannot address
the most appropnate practice for every industry or organlzatlon.
n u s publicat~on,which describes audit methods and their application,
is not intended to be used as a nattonal or international standard, although it
references many existing standards. The conventions for writing strmdards
and using the term st~allto mean a requuement and shorild to mean a guide-
line do tior apply to the quality audit handbook.
Who Wrote It. The Certified Quality Auditors who supplied informa-
uon for the handbook represent a broad spectrum of oganizatlons in the
United States and around the world. About 70 individuals contributed
matenal for the first editton and another 40 for the second editzon. Input
from members and a number of published texts were also used to create
and develop Titc Qlrnlip Arrdir Handbook. It represents Internal and
cxteriial audits in a variety ot product and service industnes. regulated
and nonregufated.
To avold the perception of bias toward any particular approach, for the
tirst edition we chose a unique way to develop the handbook. A professional
wnter from outside the quality field conducted telephone interviews to sup-
plement the information provided in conmbuted papers and published texts.
Significant issues relattng to the pnnclples and Intent of quality auditing
were reterred to a tie-breaker committee for resolution. Extensive"peer
revtew further strengthened the manuscript. We followed a similar (though
less extensive) approach for the second edition. The handbook comrnlttee
members were the wnrers; revzewers provided feedback on the revised test;
and the editor sorted. culled, and refined the manuscnpi.
Why the Handbook. The ASQ Quality Audit Division sponsored the
development of thts handbook to promote the use of quality auditing as a
management tool-our p n m a y msston. We believe that the Quality Audit
Div~stons members possess the greatest concentration of theoretical and
practical quality audiung knowledge in the world. In The Quality Audit
Handbook, we tned to glve you the benefits of ttus collective expertise.
J. P. Russeli, Editor
ASQ Quality Audit Div~slonmembers contributed to both the first and
second sditlons of Tlrr Qiiniin Audit Hmdbook. For the first edirian.
some wrote top~calpapers specifically for use in the handbook, and oth-
ers provided input through a series of telephone interviews. A professional
writer prepared a manuscnpt. md a team of revlewers provlded feedback.
For the really difficult areas, a tie-breaker committee made the final decl-
sions concerning the technical content. over 70 Quality Audit Diviston
members participated. The tnltial effort resulted in the fist edition, pub-
lished in January 1997, whlch became the basis for the second edition.
Where possible the exact wording of the f i s t edition was retamed for the
second edition except for when addit~onalclarification was needed and
when apparent conflicts exlsted w~thinthe handbook.
For the second edition, members of a handbook c o m t t e e provided
text and examples to fill in the gaps created by the quality audit body of
knowledge issued in August 1997. A team of reviewers provided feedback
to the editor who revised and refined the second edition. The evolution
and development of the handbook has continued to be a team effort. In ail,
over 40 QAD members participated in the second edition.
The acknowiedgments for the first and second editions are in chrono-
logical order of involvement of project by teams and do not reflect the slg-
nificance of individual contributions.

xvii
 EARLY PROJECT PARTICIPATION Interviews w i t h t h e Writer
(OUR VISIONARIES) Some of the necessary matenal was not initially available. Additionally,
some of the matenal from the referenced texts was conflicting. We therefore
Norman C. Frank
found it necessary to query some of our members by teiephone about cer-
Barbara Houlihan tain topics within the quality audit Body of Knowledge. They provided sup-
John C. Dronkers plemental information and esamples fbr us to use. They helped fill in the
missing pteces of informanon needed to complete the work. The members
who participated i n the ~ntervtewsand their credentials at that time are:

FIRST EDITION Dennis R. Arter. PE. FASQ, ASQ CQA .. ~ - .

Topical P a p e r Contributions John Barrett, ASQ CQA, ASQ CRE, RAB QSA
Exly In the dcwlopmcnt of the handbook. division members provided Don Beckwith, ASQ CQA. Ball State University CTC
ne\v or existing papers lor constderatton for the proposed handbook. Some
Mary Caner Bemos. ASQ CQA. ASQ CQE. ASQ CQM
papers were not selected because they simply did not tit our needs. Putttng
together a credit:ible paper is \ w y difiicult. and ihr importance of the con- Cheryl A. Boyce. ASQ CQA and RAB QSLA
h
tributions cannot be overstated. We wish to thank ail those who prepared John J. Boyle. ASQ CQA
and submitted papers to support [he development of the handbook. Here
are the author?:~ l i o s epapers were used. Bruce H. Campbell. PE. FASQ. ASQ CQ.4. ASQ CQE
Mike Coughlin. ASQ CQA. 4 S Q CQE
Glena C. Anger and co-authors Robert Cofer. Tom Feyerabend,
Joyce Ford. ILlarti Lrv)'. Patti McGuire. and Betty Wims Traci V. A. Edwards. ASQ CQA, ASQ CQE. ASQ CQM
Shyam Banik Norman C. Frank, PE, ASQ CQA, ASQ CQE
Rudolph C. Hirzei Marvin C. Gabalsb, ASQ CQA, ASQ CQE, ASQ CRE,
RAB QSLA
Kathryn E. Jackson and Thomas B. Tucker
David A. Kelly, Ph.D., ASQ CQA, ASQ CQE, RAB QSLA
Joseph H. Maday. Jr.
Judith Ann Malsbury, ASQ CQA, ASQ CQE. ASQ CQM
Larry McArthur
George Mouradian, PE, FASQ, ASQ CQA, ASQ CQE,
Jerry Nation
ASQ CRE
Robert J. Nash, Ph.D., ASQ CQA, ASQ CQM
Writer O r g a n i z a t i o n Teny Regel, ASQ CQA, ASQ CQE, RAB QSLA, IRCA LA
Donnda Clippinger (owner of Penworthy, Inc., of Cincinnati) and Janice Charles Robinson, FASQ, ASQ CQA, RAB QSLA
Smith [writer) worked well with the members of the Quality Audit Divi-
sion. Their professional approach and can-do attltude made the develop- Haalion Rud. DnV Certified Lead Auditor
ment of the handbook run smoothly. They provlded us with a great first Douglas Stimson, ASQ CQE, RAB QSLA
edition of the handbook. Steven Wilson, ASQ CQA
 -
-
r-
Manuscript Reviewers i Jerry T. Nat~on.PE, ASQ CQA. ASQ CQE. ASQ CQM.
It was the job of the revlewers to revlew text for technlcai correctness. The f RAB QSLA
Inany revrewers prov~dedfeedback. ideas for deveioplng the work. and -L
prov~dedexamples for ~nclusioninto the handbook. --;
L

--
-i
.
Chns Newcomer. ASQ CQA

United States Reviewers

5
1
.
--
--
-*
blanm F. Patron, ASQ CQA. RAB QSLA. IRCA LA
Steven L. Pearson. ASQ CQA. P I B QSLA. AlAG Crrl.
Ronaid L. Ackers, PE, FASQ, ASQ CQA. ASQ CQE, ASQ
CRE. ASQ CQM. IIE-CST. RAB QSLA -
r
c
QS-9000 LA
Dumd Pnns. ASQ CQA. ASQ CMI. ASQ CQE. ASQ CQT. r\SQ
Dwg1:1s C. Anderson. ASQ CQA F
k CRE. NAPbI-CPM
. . - ..
--
5
Richard ib1. Baehi; ASQ CQA. RAB QAL.4 B
-E Terry Regel, ASQ CQA, ASQ CQE, RAB QSLA, lRCA LA
Lon L. Barrett. ASQ CQA -
..zE:
5 John Rinaldi, ASQ CQA
Jininiy Bell. ASQ CQA C
Gwen E. Sampson. ASQ CQA
Bcrn:~rd Carpenter. ASQ CQA. ASQ CQM. bISQA %

AI-ielCiis~ro.ASQ CQA
F Stephen Sheng. ASQ CQA. RAB QSLA
"r
: Ron Spr~iiz.ASQ CQA
Robert G . Chadw~cl;.FASQ, .4SQ CQA. .ISQ CQE, ASQ CMI
Dav~dL. Thibault. ASQ CQA. ASQ CQE
Robert G. Chisholm. Sr.. ASQ CQA. ASQ CQE. ASQ CMI. tI : Alfred F.Wales. ASQ CQA. ASQ CQE
RI\B QSLA. QS-9000 Auditor
Jim Coley. ASQ CQA
-

Peter R. Corradi. ASQ CQA. ASQ CQE, RAB QSA

1 Stoney F. Walker, ASQ CQA

\Vorid\v<de Reviewers
Haroid Crotts. ASQ CQA. ASQ CQE, ASQ CMI, AAS, Ind. Eng. Steven Britton (Caniada), PE, ASQC CQE, ASQC CQA
Jeffrey A. Deeds, ASQ CQA C h u ~Karson (Honr Kong), ASQC CQA. ASQC CQE
Kathleen L. Eaves, ASQ CQA Darren Kent (Canada), ASQC CQA
Clieryi A. Hadley, ASQ CQA Ian A. MacNab (Canada),
Rudoipii C. Hirzel, ASQ CQA, ASQ CQE. ASQ CQM Akhilesh Singh (India), IRCA LA
Dav~dKildahl, ASQ CQA Peter Wnght (Canada), ASQC CQA, IRC A, AOQ CQT
Rarnesh Konda, ASQ CQA, ASQ CQE Jorge Xavler (Brazil)
Jim Lamar, ASQ CQA Roger Zigrnond (Canada), ASQC CQA, ASQC CQE

James (Rusty) Lusk, ASQ CQA, ASQ CQE, ASQ CQM,

RAB QSLA Tie-Breaker C o m m i t t e e
The be-breaker comrnlttee resolved differences that surfaced In the revlew
Donald Mason, ASQ CQA process. They prov~dedguidance to the editor and wnter. The t~e-breaker
committee heiped to ensure that vanolis vlews were considered. It also
kept ihe project focused on the quality audit Body of Knowledge.
Norman C. Frank. PE. ASQ CQA. ASQ CQE
Lmda Rcmhan, ASQ CQA
Gerry Sherman, ASQ CQA. ASQ CQE, ASQ CQM
SECOND EDITION
For thc sccond edition, a :roup of ASQ Quality Audit Divmpnmembers ..
formed the handbook subcommittee and voiunteered to be responsible for
updating one part of the quality audit Body of Knowledge. Updat~ng
included adding examples and addressing new top~csintroduced by the
A u ~ u s t1997 revised Body of Knowledge. Commtttee contributors and
thcir assigned part ol'the Body of Knowiedge were as follows.
Richard Pi. Baehr. Part VI: Audit Progmm Management
Wallace (Chuck) Carlson. Jr.. Pxt !V: Audit Reporting
Bernie Carpenter. Part 11: Audit Prepamt~on
Norman C. Fmnk. Part 1: Ethtcs. Protessional Conduct. and Lla-
biiity; Audit Sampling Appendix
Rudolph C. Hirzel. Pan VII: General Knowiedge and Skills
Baskar Kotte, Part 111: Audit Performance
Jim Maiden, Part VI: Audit Program Management
Terry Regel. Part V: Conect~veAction Follow-up and Closure
J. P.Russell, Handbook Committe Chair
Second Edition Manuscript Reviewers
The revlewers prov~dedfeedback on the updated ~nformahonfrom the
comrmttee members and the editor. It 1s obv~ousfrom the quality of the
revlew comments and the examples provided that many revtewers spent
long hours carefully reviewing the manuscnpt.
Rober A. Abbott, FASQ, ASQ CQE, RAB QSLA
Judith J. Akers, RAB QSLA
Ron Akers. PE. FASQ. ASQ CQE, ASQ CQA. ASQ CRE, ASQ
CQM, IIE-CSI, RAB QSLA
Ralph W. Amott. Prlncipai. ASQ CQA, ASQ CQE
Dennis R. Arter, PE, FASQ, ASQ CQA
Richard M. Baehr. ASQ CQA, RAB QSLA
Shyam Banik. ASQ CQA. ASQ CQE, RAB QSLA
John Barrett, 4 S Q CQ.4. ASQ CQE, ASQ CRE. ASQ CQM,
RAB QSA
John J. Boyle. Pnnc~palQuality Eng. ASQ CQA
James M. Cole!!. ASQ CQA. RAB QSPA
Lmda L. Feaster. ASQ CQA
Wendy Finneny, ASQ CQ.4
Norman C. Frank. ASQ CQA. ASQ CQE
Peter J. Gauthier. ASQ CQA
. Milad R. Matthlas. Ph.D.. PE
A. B. [Gus) Mundel. C h a r of TAG 69, FASQ,
ASQ Edwards ivledallist
Jay Michael Pratt, RAB QSLA, Institution of Nuclear Engineers
Fellow
Alfred F. Wales, ASQ CQA, ASQ CQE
Danlel S. Wheian, ASQ CQA, ASQ CQM
The final acknowledgment is for the QAD officers, espectally Norman
Franli (Vice C h a r Techn~cal)and Terry Regel (Technical Pubhcations
Chair). for their help and leaderslp. Many times they were asked for their
assistance on cenaln toplcs and the diiectlon the handbook needed to take.
J. P. Russell, Editor
 T h ~ sSecond Edition of the Quality Audit Division handbook starts with
Part i and ends with Part VII of the quality audit Body of Knowledge.
Although this has a distinct logic and value to the reader. it can also'$p
confus~ngto readers who are not familiar with auditing terms. This chap-
ter is an overview of quality auditing to better prepare readers for Part I of
the h.andbook. It is not meant to be an explanation of the Body of Knowl-
edge. If after reading the overview, you would like additional background
information, turn to Part VII, chapter A.
The word audit is associated with formal or methodical examlnmg,
reviewing, and investigating. Professional groups such as the Amencan
Society for Quality and the Institute of Internai Auditors define preferred
methods for conducting exarmnations and investigations. For qualie
nrrdirs, the Quality Audit Division of the Amencan Society for Quality has
developed a Body of Knowledge for quality auditing. The Amencan Soci-
ety for Quality also certifies individuals who meet the cntena for Certi-
fied Quality Auditor. This handbook explains the toplcs listed in the Body
of Knowledge issued by the Amencan Society for Quality.
Quaiity auditlng is a prescribed work practice or process. There is a
preferred sequentiai order of activit~esthat should be performed to con-
!
duct a proper quality audit. Part II (Audit Preparation) through Parr V
(Corrective Action Follow-up and Closure) of the Body of Knowledge fol-
iows the same preferred order. Quality audits must be prepared for (plan-
ning ahead), performed (conducting the audit), have the results reported
(let everyone know what was found), and then have the results responded
to [feedback on what is going to happen next) from the organization that
was audited. It is common to refer to these as phases of an audit: prepara-
tion phase. performance phase. report phase, and follow-up and closure
phase. As with most service jobs. the way the service provider goes about
performmg the job may influence the outcome. That is why Part I of the
handbook I S about etiiics and conduct. Auditing is considered a profes-
sion; therefore, ~iidividualauditors need to know how to conduct them-
selves in a professional manner.
Wc can start w ~ t hone oi 111s many defiintions of un ; d i t isee Part VII.
chapter 4 for a detailed discussion of uudit terms). The ASQC Quality
4uditmg Techn~calCommittee (now the Quality Audit Division of Amer-
icm Society for Quality) defined a d i r as "'A planned. mdependent. 2nd
documented assessment to determme whet'her agreed-upon requirements
iirc b e ~ n gmet."
For now. let us think oi a quality audit as an assessment to determine
wiietlier agreed-upon q l l d i p requirements are being met iwhereas an
e~iv~ronnient:ilmdii may be related to env~ronmentairequirements or a
iinancial audit to financial or accountmg requirements). A distinguishmg
attribute of an audit. comptired to an inspection. IS independence. The
~ndiv~dual pertorming an audit must be mdependent of the area being
audited. The degree ot ~ndependencevanes depending on the situation
and the type of audit. For examp16 one cannot achieve total independence
when auditing departments within hisher own organization.
There are several groupings or classifications of audits depending on the
relationships (external and internal), need for independence, and reason for
the audit (verification of product, process, or system). in the following dia-
gram, the circle represents an organization. Outside the cucle is the organi-
zation's customers and suppliers. 411 organizations have customer-supplier
relationsh~ps.Any audits done inside the cucle are inrenml audits, and audits
done outside the ctrcle are @.rremniaudits. We further classify the audits as
first-party, second-party, and thud-party audits based on relationships. Firsr-
1,at.Q arrcli~stake piace withm the orgmzauon itself (the same as mtenmi
audits) and are inside the cucle. Second-party audits are audits of supplies
or of customers crossing into the circle to audit the orgmzation (theu sup-
plier). Third-par??, audits are totally independent of the customer-supplier
relatlonshp and off to the right in the diagram. Thlrd-party audits may result
in independent ceriificat~onof a product, process, or system.
Customer
Second-Paw Third-Party
Customer audits your organlzatlon Independent audit organlzatlon
P4
First-Pam/
Audit your own organlzatlon/
Supplier
K+
Types oi audits.
rr:iining m:i~ciisir.tiscu w h nernilssluii.
S<,rrrre J. P. Russell k ASSOCI:IIL~S
Auditors can focus ihe audit (examination and investigation) on dif-
ferent areas, depending on the needs. A product or service audit deter-
mines if product or service requirements (tangible charactenstics or attri-
butes) are being met. The process audit determines if process
requirements (methods, procedures) are being met. A system audit deter-
mines if system requirements (manual. policy, standards. regulations) are
being met. The handbook discusses all types of quality audits, but most of
the discussion is focused on quality system audits (which are the most
complex and have the greatest potential intluence). A system can be
thought of as a group of processes providing n product or service.
When auditors are auditing, they are making observations and col-
lecting Objective evidence (data). They are seelang to verify that require-
ments are being met. They must do is by collecting hard evidence, not
hearsay or promises. Evidence produced as a result of the activity may be
tangibie objects, records, or eyewitnesses. Auditors must be familiar with
auditing techniques and the standards they are auditing aganst. What
auditors observe is not always suqhtfofonvard or obvious, so they must be
able to judgc whether the intent (reason for the requirement) IS being met
or addressed. The okgrctivt: zvdence and the method of collectmg the evt-
dcncc will l'orm the b w s ot'the audit report.
The pnmnry participants needcd for conducting an audit are auditor,
a~lditee.and client. The person conductmg the audit is called the auditor,
lead auditor. or audit team leader. The organization being audited or mves-
uf;ltsd is culled the auditre. There 1s aiso a client. the person or organiza-
tnw [hat l h rcquesied ihc audit. Audits are only conductrd when some-
one reqllesrs one: they do not happen by acc~dcnt.There has to be a
spunsoi- or clicnt w ~ t hauthority to call lor a quality audit.
Any typc ol' organizatlon can be audited against a set of standard
reqii~rements.Tlx organizatton can produce a product or provide a ser-
vice. .An org;in~ztitio~l c m be audited against almost 311s iype of sti~ildards
or a t reqt~~rcments. The requirements or pertornlance standards c m be
govemriisnr regulut~ons.ANSVISOIASQ Q9001-1994 or Q900c1994
rcqiilrclnwh. QS-9000. Mdcoi~nB a i d r ~ y"icit~onaiQuality Axvard crric- [5 of the CQA exam questions or 3%] L%

I-la.m d so on. Il' there I S n set ol I-uits. :iuditors can compare actual p w -
Ilcc 10 the r111cs.
\\%ilc auditors are comparing actual practtce to the rules or standards
I dctei-mlnmf conlpliance to requirements). they niay also observe that crr-
lam prncticcs and--trends are not in the best interest of the organization
bung audited. Hcncc. In some cases. areas that are not efiect~veor areas
lhai can be improved are reported as input for mana,~ e m e n review.t
Firlr1irl::s are the restilts of the investigation. Findings of the audit may
be reponcd as no~lconfoinlances.lindings, noncompliances. defects, con-
eel-ns. and so forth. It is important for everyone to agree on the terminoi-
ogy that will be used in the audit report.
Recently there has been more emphas~son looking beyond conduct-
ing the audit steps to management of the audit process. It is important to
understand the objectwes of the audit funct~onand the potential benefits
to the organizatlon. This understanding and clarificat~onhas resulted in
some audit programs betng stnctly lirmted to auditing for compliance and
other audit programs seehng management input on the effectiveness of
compliant systems.
Auditing 1s a management tool. Used ~nternally,its purpose is to ver-
ify that systems are compliant and suitable to achieve objectives. Exter-
nally, it may be used to determine compliance to a set of ruies. For addi-
tionai background information on quality auditing, turn to Part VII,
chapter A.
Part 1 covers three areas ot pnme importance to the professionalism of a11
auditor and the quality audit profession. Ethics affect profess~onalcon-
ducr, and professional conduct affects liability.
E t h m are basic philosophical conclusions about whether conduct and
behavior is nght or wrong. Ethics are also moral principles by which an
individual is guided. I t is imperative that quality auditors be ethical ii.e.,
honest and mpartial) and behave appropnateiy ( i t . , w t h professional
conduct) in canylng out thex responsibilities.
Professro~ml corldilct is the manner in wh~chthe auditor conducts
h~m/herself. Objectivity, courtesy, honesty, and many other character
attributes combine to make up the particular conduct of any auditor dur-
mg an audit.
Liability is the degree of legal responsibility an indiv~dualor company
has in a given situation. Liability issues are beginn~ngto surface wlth the
increase in Uud-pmy auditing and certification/regtsiration. The effect of
the I S 0 regisiration program has yet to be fully felt in the legal arena, but
several issues important to the auditor will be discussed in this part of the
book.
The Amencan Society for Quality (ASQ) developed a code of ethlcs that
each ASQ Certified Quaiit!. Auditor must understand and follow. The con- .%
tent of the ASQ code ot ethics is included in the examination for Certified
Quality Auditor. Acceptance of the code of ethlcs by the esamlnee is
requrred pnor to cenificatron.
Audit ethlcs is perhaps the area that demands the most skill from an
auditor. Trarnlng is available for enhancmg skills tn checkiist develop-
ment, interwewing technrques, audit documentation, follow-up methods,
and almost all other phases of an audit. Vexy little information, on the
other hand, is available on the topic of audit ethlcs. An auditor's use of
questionable or unethical methods dunng or followtng an audit can
qurckly erase any favorable impressions and be detrimental to the auditor
and the auditing organization as a whole.
A code of ethlcs 1s a standard for conduct. An auditor's ethical and
moral principles should be compatible wlth a formal set of ethlcal stan-
dards. ASQ's code of ethics' for members is shown in Figure 1.
Many companies and profess~onalorgamzatlons have developed a
code of eulics to guide them in the performance of their work. The Instl-
tute of Internal Auditors (IIA), the professional soclety for financial audi-
tors, developed their code of ethics in 1974. The IIA took a slightly dif-
ferent approach in the content of thelr code of ethics than ASQ. Although
these codes of ethics represent different perspechves, they both have the
same basic principles described in their standards of conduct. Figure 2
presents the IIA Code of Ethics.

;taiidards of Conduct
I. Members and CIAs s11a11exercise honesty, objectivity, and diligence
in the perforormance of their duties and responsibiliues.
11. Members and CIAs shall exhibit Loyalty in all matters pertaining to
the affairs of their organizatlon or to whomever they may be render-
In: a servtcc. However, Members and CIAs shall not know~nglybe a
party 10 any illegal or improper acrivtiy.
Ill. Members and ClAs shall not knowingly encage In acts or acttvlrtes
wh~chare discredirable to the professton of inrernai auditm," or 10
therr organmatson.
IV. Members and CWs shall refrain from entenng into any acuvlty which
may bc in conflict with ihe Interest of t h r organization or which
would prejudice lheir ability to cany- out ObJ?CtiVely thelr duties and
responsibiliues.
V. Members and CIHS shall not accept anything ofvaiue from an
employee. clienr. customer, supplier, or business associate of their
organtzation which would impair or be presumed to tmpair their pro-
fesstonai jud,"ment.
VI. Members and CIAs shall undertake only those services whlch they
can reasonably expect to complete with profsssional competence.
V11. Members and CIAs shall adopt su~tablemeans to comply with the
SruridurdsJbr rite Profasronul Prucrlcr ofi~rrerr~ui Audirrng.
$111. Members and CIAs shall be pmdent in the use of information
acquired in the course of their duties. They shall not use c o ~ d e n t i a l
tnformauon for any personal gain nor in any manner w l c h would be
contrary to taw or detrimental to the welfare of theu organization.
IX. blembers and CIAs, when reportmg on the resuils of theu work, shall
reveal all matenal facts known to them which, if not revealed, could
either dision reports of operations under review or conceal unlawful
practices.
X. Members and CWs shall continually stnve for Improvement in their
proficiency, and in the effectiveness and quality of theu service.
X1. Members and CIAs, in the pracuce of their profession, shall be ever
nundiul of thew obiigauon to maintain the high standards of compe-
tence, morality, and dignity promulgated by The Institute. Members
shall abide by the Bylaws and uphold the objecuves of The Institute.
Figure 2. Connrriced
According to Charles A. Mills:
"'Aformal code of ethics allows quality auditors to approach audit per-
tormance uniformly. A iormal code provides a benchmark against which
an auditee and client can measure an auditor's aciiviues. establish an
auditor's independence_and recognize potenttal conflicts of interest."'
Ethical standards serve as a general behavioral g u ~ d efor auditors.
Audilors oflsn rsiy on personal judgnlents and past experiences to deter-
inme etluca1 conduct in specific sittiations. howevcr. Auditor's personali-
ties. tcrnperammrs, u d i t i n f stylss. and b;isic pcrccpttons can vary
tremendously. By lncorporatlng a set o t ethical pnnclples into h e x daily
audit acttvities. auditors can mamtain the h ~ g hstandards of conduct,
honor. and character needed tor audit results to be received as un unbiased
and accurate product.
1. CONFLICT OF INTEREST
The subject of contlict of interest often m s e s dunng audits. Conflict-of-
interest situations sometimes encountered pnor to and dunng audits include:
Previous employment of the auditor ( o r close relative) by the
auditee or a major competitor ot rile auditee. regardless of the
reason for separation
Holding of significant amounts of stocks or bonds in the auditee's
busmess or that of a major competitor by the auditor
Previous or current close workng relationship (e.g., teaming
partner, major supplier] with the organizatlon
Pnor involvement by the auditor in developmg the quality
program or procedures used by the group being audited
Desire to be hired by the group being audited
Close friendships wirhm the group being audited
. Offer by auditee of money, goods, or servlces in the nature of a
bribe, hckrback, or secret c o m s s i o n
Acceptance of a gift (money, ,atuity, or other thmg of value) wlth
more than a nomtnai value, or involvement m auditee-sponsored
 saies promotions or other act~vitiesthat may represent or be
construed as a conflict of interest
Perlormance of outside work for the auditee tlnat mglit adversely
affect the uuditor's performance or judgment on the job
The auditor should be aware of the different types of conflicts of inter-
est. Prior to accepting an audit, the auditor should examme h ~ s h e actw-
r Confidentiality and Security Concerns
ties m d relation~liipwith thc auditce and dctcrm~ncwhether an ilctilai or
powntiai conflict of interest cx~sts.
When a Conflict of Interest Exists
When there 1s an actual or potentla1 conflict of interest with the organiza-
tion or people being audited. the auditor must relay t h ~ sinformarlon to
management or decline to conduct the audit, whchever 1s more approprl-
ate. Actions [hat niunqement and the wdit team leader can rake includc:
- Ensuring !hat suflic~ent[ m e 1x1s passed to eliminate the conflict
. Ass~gn~ng
a different auditor to cover the specific area of conflict
Removing the auditor or the audit team leader from the team
xampie, dunng an internal audit, the auditor may face a sltuatlon
w iere the auditor was ~nvolvedin the development of the quality sys-
tem under evaluat~on.If the auditor developed the process or wrote
the procedure, it would be difficult for h~m/herto maintain objectiv-
ity when the process or procedure is audited for acceptability aganst
a reference standard.
By avoiding conflicts of interest, an auditor upholds the standards of
independence, famess, and 0bjectIvlty.
2. CONFIDENTIALITY
With processes, formulas, and equipment being developed by individuai
companies, the questton of confidentiality of propnetary informatton has
become a major concern dunng audits. Businesses could suffer great
financial loss if customers or competltors were to galn access to propn-
etary processing Knowledge, formulas, and trade secrets. The auditor must
malntain confidentlality. but not to the polnt of performmg an inadequate
aud~t.Each auditor needs to be prepared to stgn ageements or utilize tech-
nlques for workng around a proprietary area.
Auditees can use a confident~alityagreement or nondisclosure asreemen1
to protect ihelr interests. Both serve the same purpose-to ketp propn-
etary .intormation withm the control. of the auditee.
Confidentiality Agreement. An auditor often is expected to slgn a con-
fidentiality or nondisclosure agreement before an audit begins. In general.
these agreements require that the auditor not disclose any propnetary
rnformat~ongamed dunng the audit. They may be extended to the audi-
tor's company. family. aszigns. etc.. through iegal languaze. Some c o n k
dentiaiity agreements that auditees expect the auditor to sign before being
allowed to perform an audit of proprietary areas have become particularly
onerous. Often these are wntten in legal language and are understandable
only by someone fmiiiar w~rhthe legal definitions of the words used.
Auditors are normally not authonzed to obligate thex organizations.
Agreements should contaln a release that takes effect if propnetary tnfor-
matlon becomes public. An auditor should receive the a,oreement in
advance so that it can be rev~ewedand approved by the auditmg organi-
zationis legal counsel or deslgnated authority before the auditor signs it.
recently asked to sign a four-page confiaent~alicyagreement
before being allowed to perform an audit of a supplier. The agreement
was wntten in legal language and obhgated me, my heus, my asstgns,
and my company to pay for any damages that mght come about if the
lnformauon was obtmed by ther competltors. There was no tune
frame to the agreement, so if the informahon was disclosed at any time
and by anybody, we were all liable for the damages. Our company anor-
ney advised aganst signmg this agreement, and the audit team used
alternate techruques to deterrmne whether the process was adequate.
Conduct. Discussing propnetay iniormation with others destroys the secunty clearances. This requirement should be determined well in
integrity ot (lie audit function. While it is acceptabie for an auditor to dis- advance of the audit to permit sufiiclent time for processmg the request.
cuss actual audit expcnences with other auditors, the discussion should bc Without the proper secunty clearance, an auditor may be restricted to cer-
-
w i e r i c so tliai tlic atitlitre cannot be identilied. Proprietary information
should never be divulged in a sharing situation with other auditors.
tain areas of a coinpany.

Even body language could disclose proprietary information. For

example. when asked a question about a proprietary process, ;in auditors ne way to work throuzh thls without having a secunty clearance is
shrug. rolled eyes. or ralsed eyebrows could s~gnaithc answer cvcn if no
to be constantly escorted. with classified areas. equipment. and activ-
words were spoken.
itieb shielded from vlew. T h ~ way,
s the auditor can evaluate part of the
Techniques. Several techniques are awilable to the auditor to cnsure that process and interview the people on the line.
p r o p n e t q information remalns p r o p n e t q . When auditing in a nondis-
closure area. rhe ~iuditorcan rely on memory and noi wntc audit iiotes.
Any notes could become accessible to the public and would be discover-
able in iitigation.
An atiditor can "nudit around" an undisclosed area. The auditor needs
to be very llesibie to be able to accomplish audit objectl\'es everi when the
auditee erects barriers. .At times. ;l company may be in the process ot get-
tin: a patent on a new method. tor example. and may ilatly refuse to allow
the auditor to \ww :I certain portion of that system. In these instances. the
auditor must respect the auditec's wishes :and "audit around the undis-
closed area. If the inputs going into the undisclosed area appear to be cor-
rect and the outputs are likewise acceptabie, then the auditor can assume
that the undisclosed process is doing its job correctly.
The auditor can view pans of a document or have the auditee certify
it. A company sometimes will refuse to allow an auditor to look at the pro-
cedure for a certain process even though a written procedure is required.
To verify that the procedure exists, the auditor can ask the auditee to cer-
tify that the procedure does exist and that i t covers the relevant process.
The auditee may allow the auditor to view nonconfidentlal sections of the
document. The auditor may never actually view all the details, but can
assume that a procedure does exist and is approved for use.
Such situations often resolve Ulemselves on subsequent audits involv-
ing the same parties. As an auditee becomes more comfortable with the
audit team and places greater trust in the ethics of the team members, the
need to limit access to certain areas often becomes nonexistent.

Security. Companies in certain highly senahve industries, such as those

involved in national defense, may requlre that auditors have or obtain
 I. AUDITOR CONDUCT
ProJrssror~aiisrrris defined as the aims and qualities that charactenze'9
profession or a professionai person. Auditors must comply with high stan-
dards of honesty, integrity, work ethic, diligence, loyalty, and commit-
ment.? Auditing is a profession that requires individuals to conform to cer-
tain behaviors for maxtmum job proficiency.
The Institute of Internal Auditors developed a set of Staridnrdsfor the
Professro~zalPrflctice of Ir~terrialAudirr~ig.' This document defines and
amplifies five general standards:

I I. Independence-Internd auditors should be independent of the

activiues they audit.

I 2. Professional Proficiency-Internal audits should be performed

wlth proficiency and due professional care.
3. Scope of Work-The scope of the Internal audit should
encompass the examatlon and evaluation of the adequacy and
effectweness of the orgamzatlon's system of internal control and
the quality of performance m carrying out assigned
responsibiliues.
4. Performance of Audit Work-Audit work should include
planrung the audit, e x m n g and evaluating mformauon,
conduct~ngmtervlews, cornrnurucaung results, and following
UP.
 5 . Management of the Internal Auditing Department-The
director of internal auditing should properly manage the internal
auditing oepartment.
These general standards could also apply to quality auditing. People
In the auditing field should be aware of standards of performance of other
prol'essions. A broader knowledge allows the auditor to quickly under-
%URIdifferent anu diSficult situations as they ansc.
Communicating w i t h t h e Auditee
An auditor's temperament is often key to malclng an audit z success. A sullen
or unfriendly manner could lead to resistance or malicious compliance.
Overiy friendly or arml lo us behavior could lead to the Impression that the
sudit is not senous. The auditor should be able to find an acceptable balance.
By approaching an auditee in n diplomatic and objective manner. an
auditor can set (I tone of success for an audit. An auditor must be aware that
each auditee views the audit process differently, on the basis oi individuai
managcmcnt style. culture, personality. and opinions. Many auditees are
reluctant to weicome auditors into thelr world. Resentment, fear. and anuety
are obstacles that must be overcome. By diplomatically presenting and main-
ratnmg the audit progranl. an auditor can intluence the auditees perception
of the audit functlon as well as the overall success of individual audits.
An auditor can establish good rapport with an auditee early in the audit
by being respectful, courteous, and appreciative of any special arrange-
ments made for the auditor's comfort and convenience. By demonstrating
that the audit has been adequately planned and prepared for and by mak-
ing cvery effort to maintain the audit schedule, the auditor projects an
Image of efficiency and professionalism.
Maintaining open communication channels throughout an audit is
essential. An auditor must listen attentively dunng internews, allow the
interwewee adequate response tlme, and refram from asltlng leading ques-
tions. Frequent and timely commuNcation of findings, questions, and
concerns gives both the auditor and the auditee opponuNties to request
clarifications, address corrective action, examine the scope of the situa-
tion, and discuss the progress of the audit.
The audit team should aiso try to gab a sense of management's atti-
tude about sharing information with auditors. In some situations, mem-
bers of the auditee organization have been punished for providing infor-
mation to the auditor (e.g., performance appraisal was significantly
lowered). Auditors should avoid "narmng names" and should emphasize
the purpose of the assessment of the process or system.
Additionally, an auditor can set a positlve tone for an audit by hgh-
lighting commendable findings and observatlons. The auditor's ability to
commuoicatz effecti'ely with illanagelnent sets tlle tone for the enttre
audit and may influence the auditee's response to the audit findings.
However, exempinry conduct by an auditor does nor prevent an audi-
tee from making false claims of theft, discnminat~on,sexual misconduct
or o!her forms of unprofcssionalism. No one 1s immune from false accu-
sations, but disgrunrled auditees may target auditors who ~ssueunfavor-
able I-cports. Grievance procedures can be abused by the auditee to "get
even" with th5 iuditor for finding problems In their area of responsibility.
gn%q
While performing an audit. the auditor found severai points where a
specific audittle was not toll ow in^ procedures. The auditee was
informed dunns the intzrvwv that these would show up in the a u z i
Isport. Unknown to the :ludicor. the auditee immediately filed a formal.
wntten complaint a p n s t the auditor claiming "unprofessional conduct
and lack 0 1 obje~iivity."After an extensive investigation. that was not
kept confidential and that damaged the auditors professional reputn-
tion. the end result was that the complaint was dismssed because there
was no baas for the complaint. Because of this investigation, none of
the auditor's concerns were allowed to be included in the audit report.
All audit orgamzations should have !$evance or complmt procedures.
The procedures should include the protection of the nghts of the accuser and
the accused. For audits that represent z high nslc of false claims or when the
auditor feels uncomfortable with a situation, n second person should be
-
scheduled to work with the auditor, recording devices (tape recorders, cam-
corders) shouid be used, or escorts should be present dunn, mtemews.
2. AUDITOR RESPONSIBILITIES
The auditee must be confident that the auditor will conduct the audit pro-
fessionally and that the auditor possesses the mtegnty and t e c h c a l h o w l -
edge to successfully complete the audit. Auditors are expected to exercise
due care dunng the performance of theu achvines. Thts means that an
auditor should be sufficiently competent to arnve at conciusions similar to
those that another auditor would reach in the same or similar circumstance.
Since an audit only samples a particular product, process, or system at a One Solutlon
particular point in time, an auditor cannot be held responsible if an audit
hils to recognize all deliciencies or i~~egulanties i n 2 system, as long as Requested personnel are Auditor could politely state that absence of
that auditor has used theorelically sound sampling techniques. has com- unavailable to the audit key personnel may prolong the audit or that
plied with applicable standards. and has adhered to the code of ethics. team. the audit's scope may have to be modified.
In :iddition to the usual respoiisibilities. an auditor may need lo Escort is repeatedly late i n Audiior could ask the escort lor suggestrons
address dilficult situations that require careful handling for successfui res- the mornrngs. on how to start the meeting on time and make
olution. Possible conllicis of interest should be r e c o p z e d and reconciled the necessary c l m ~ c to
s the schedule.
before an audit begins. The detection or unsafe. uiiethical. or even illegal Audirce makes me auditor Audrtor should request needed supplies
practices dunng an audit may rapidly change the planned course of the wart-repeatedly for needed dur~ngthe audit planning stage and anticipate
audit. Other less obvious, but equally challenging, situations may include supplies or requested document and record needs in advance.
mta~onisni.coercion. iind even rtme-wasting techniques eniployed by the documenis and records.
auditee to slow down or stop the audit process. Consrunt disrractlons occur Audiror could suggssi that they move away
Difficult Situations May Arise dunng intervrews larea IS from area or close doors if possible: phones
norsy. constant phone should be set to call forwarding or should be
At times, an auditor may encounter difficult situations that are counterpro- ringrng, or other nns\wrcd by someone else.
ductive to the audiung process. For esample. an auditee may be mragonis- interrupt~onsj.
tic or coercive. lnterviewin~may be made ineffective bv an interviewee
who talks too much or not at all. An auditec may also use time-wasting tac- lntervrewees srate that thev Auditor should confirm that emplovees
. . are
tics by deviating from the audit plan. In any difficult situation. the auditor were not informed of ihe aware that an audit 1s taking place and should
audit and are not prepared. ask auditee management about the state of
should remain polite but firm. maintaining self-control and complete con-
readiness of the quality system to be audited.
trol of the audit.
Diffusing Antagonistic Situations. Sometimes employees may be Figure 3. Common time-wasting ploys and possible solutions.
openly hostile to an auditor. The reasons for such reactions may be totally
unrelated to an audit. or the employees may be reacting to what they feel ning stage. For example, many audit teams prefer a catered iunch to going
is a personal attack by the auditor on their abilittes to do thetr work. An off-premlses for several hours. Of course, auditee management and the
empioyee may have been part of the team that developed a process or a client should be notified when an audit team repeatedly encounters delay
particular system, or may have just gone &rough a six-month-long tactics or if the audit schedule is severely compromised by such delays.
endeavor to improve something that the auditor is now picking apart. Figure 3 lists some common time-wasting ploys and suggests possl-
When an auditee gets defensive, the auditor should separate people or sug- ble solut~onsthat an auditor may use when faced with each probiem. An
gest a break to defuse the situation. If the conversation must be contmued, auditor adjusting to specific situations could likely think of equally effec-
the auditor should do so later, when evelyone is calm again. tive solutions. ..,!
Combating Time-bvasting Techniques. An experienced auditor will 3. DISCOVERY OF ILLEGAL OR UNSAFE
immediately recognize most tune-wastmg tacucs employed by an auditee.
An auditor needs to lead an audit and not allow the auditee to take con- CONDITIONS OR ACTIVITIES
trol. If an auditee attempts a lengthy presentatton at the opening meetlng Quality auditors are in a unlque poetton to observe illegal or unsafe con-
or an extended piarit tour, for esample, the lead auditor should call a halt ditions dunng the course ot an a u d ~ because
t of then access to almost any
to these activities or l i m t the time spent on them. Often, a lead auditor can area necessary for successfui compleuon of the audit. Each auditor must
eliminate wasted time by making specific requests dunng the audit plan- know what to do when these acuviues are detected.
When Unsafe Activities Are Detected
In sonic industries, an auditor may necd to access potent~allyhazardous
areas in a company during the course of an audit. Usually mdirors are pro-
vided with propcr salety equipment, such as goggles or hard hats. Nor-
mally, auditors face no phys~caldanzer as Ions as reghtions are enforced
and the process is functioning properly. Someumes. however. ne$igence
or incxpcncncc on 111u part of the auditus's umployees. 3 deficiency or
mulfiinction of equipment or a proccss. or 3 conlbinarron of these may
result i n potentially dmgcrous situations.
Whcn an unsaic practice-such 3s open COIII:~III~SS~ F h a ~ ~ r dchein-
ot~s
icds i ~ e xwork are:is or Ilammablc inarenais near a tvrlding station-is
detected, whether w~thinor outs~dethe scope of an audit, an auditor inust
not ignore 11. In an ~ntcrnal~iudit.an auditor should immcdiatcly intorm an
auditcc rcprescntativc and the audit tcam leadcr. \she \i.ill Inform th2 audi-
tee manager. so that the problem can be worked up the internal chain until
i t is resolved. 111 :in tstcrnai mdit (second- or th~rd-pan! audit). the audi-
tor must inimtdiatc'ly intoi-nl thc auditw and create 3 record ot [he situa-
tion. I f anyonu on the audit tcam IS endangered. the audit must be stopped
and the auditors returned to a sake area. In most situations. management
\velcomes intbrnlatron about Iiabilitv nsks or other poisntial danger.
When lllegai or Unethicai Activities Are Detected
An auditor finding evidence of wrongdoing. whether wlthin or outside the
scope of an audit assignment. has an ethicai duty to bnng the matter to the
attention of the client and appropnate management for action. The audi-
tor shouid keep a record of such matters. safeguard the evidence, and
obtain copies ot pertinent documents and records (if necessary). The audi-
tor must be aware of and appiy the eth~csof the profession and the law in
this regard. An auditor may ask ihe client about the company's ethlcs pol-
icy and ethics department prior to accepting the audit. If an ethtcs depart-
ment extsts, they may be a valuabie resource if potentially unethtcal situ-
ations surface before, during, or after an audit.
Management will take appropriate action on illegal or unethcal acuv-
ities withm the company. This may involve legai acrion of some type and
the involvement of the auditor. Auditors should be aware of their legal
responsibilities and nghts under the law, ~ncludingwhistle-blower laws
(see Figure 4).
If management sponsors allegedly illegal activities, either ~nternallyor
externally, the auditor's employment may be threatened. An auditor should
Examples of Federal whlstte-blower laws.
Code of Federal Regulations
Title 5 , Adrnin~strativePersonnel. Chapter 11-Ment Systems Protect~on
Board. Parts 1200-1210
Title 10. Energy. Chapter ill-Dcpanment of Energy. Pans 705.1-705.15
Title 29. Labor. Subt~tleA-Office of the Secretaq of Labor. Pan 24-
Procedures tor the Handling of Discnmrnarion Cornplarnts Under Fedma1
Employee Prorect~onSratucs. Parts 74.1-14.9
Figure 4. Examples of federal whrstle-blower laws.
.
Sorrrc: Cop?n:hl 1998 The Lam Ofice of Bradley Scort Wriss (I,trp:Nwwwbsw-la~v.com1
..
,.,..
....
whisiicb.hmi~.
have access to legal counsel to resolve questionable issues. Often that legal
counsel is best if it comes from outside the company. The U.S. C o i i g r e ~ s ' ~
and vanous states, listed in Figure 5. have passed laws protecting people
who rcpon incidents of wrongdoing. including waste. fraud, and abuse.
These whistle-blower statutes protect auditors and others. Qucst~onsabout
specificlaws should be directed to the appropnate federal. state. or local
authorities (see Figure 6 for an example of a local regulat~on).
The I863 False Claims Act was enacted by Congress to protect the
government from the fraudulent suppliers of faulty war equipment
during the Civil War. Thts law remained in effect until 1974, when it
was narrowed in scope. It was espanded and strengthened in 1986.
The 1986 amendment brought new attention to the whistle-blower as
/ a key to enforcement. There is a current effort withtn Congress to
/ issue an antl-gag statute, that further strengthens whlstle-blower laws.
/ The anti-gag statute will protect employees who stgned a secrecy pact
pnor to government employment, agreemg to never discuss certrun
subjects, usually related to nattonal defense issues. In the past, these
whlstle-blowers would be stnpped of theu clearances and, 1n most
cases, their jobs based on their violation of the secrecy pact. The anti-
gag StaNte allows such whistle-blowers to go around theu manage-
ment if management does not respond when given the tnformaaon.
L
 7 that company or internal group. If a thtrd-party audit is betng performed.
States wlth wli~stk-blowerstatutes.
the auditor should tmmediately report the situatton to the client. If the
The follow~ngstates have enacted laws that prov~deprotecuons for both auditee is a supplier, the audiung organlzanon may delay or stop shlp-
prlvate and public employees: ments (if gtven ihe authority lo do so) until the appropriate management
-
Connect~cut Hawaii Lou~siana I funct~oncan resolve the issue. The auditlng organizauon may advise 11s
Maine Michigan Minnesota : management to cancel any existing contracts or agreements and find more
Nrw Hampsh~re New Jersey New York reputable sources for the Item or service.
Ol~ro Rllode Island
The Ibllowin; states have enacted laws that protect only stare and locd
government employees:
0ne.auditor reported that one of the n!ost b l a t ~ n ~ l y u n e.t-.h ~.actlvttles
cal
Alaska hzona California
Colorado Delaware Florida he observed was by a supplier who bowtngly shtpped empty outer
Illinois lndiann Iowa caslngs for a pantcular device. The casings had a sttcker over the edge
Kansas Kentucky Maryland of the casing stattng. "\Varrant]i void if sticker broken." The stlcker
miss our^ New Hampshire North Carolina would be broken if the customer opened the caslng to look lnstdc.
OkI;~hom:~ Oregon Pennsylvanra After verifying what he had discovered. he discussed the situatlon
Souih Caroli~in Tennessee Texas w ~ t hthe audit manaser. who in turn discussed i i w~hhauditee [ a h -
Uiiih \Vashin$ton West Viqlma
Wiscons~n agement. The auditor's company ended up pulling theu order iron] <he

Figure 5 . Srsres w ~ r hwhistle-blower statutes. - suppiier.

An auditor who detects illegal or unethical activirles wlthln the audit-

/ Examples ot other wlustle-blower laws.
University of Caiifomia Business and Finance Bulletin G-29, Procedures
for Invesr~~ating
Misuse of Unwersity Resources, Appendix C. Whistle
Blower Policv
- plier. Illegal or unethical behav~oron the part of an ASQ member that vio-
Figure 6. Examples of other whistle-blower laws
An auditor may encounter illegal or unethical situations during the
course of an audit, such as when an auditee is deliberately shtpping defec-
tive products. The auditor should verify the situatton and then inform the
audit team leader, who will inform the auditee. If the problem is caused
by an oversight, it should be corrected immediately. However, an auditee
who !inowingly ships det'ectlve product may be unwilling to correct the
problem. i n thts case, the auditing organtzatlon should refuse to return to
ing organization must tell the audit team leader, who will Inform the man-
ager. If the same or similar sltuatton recurs often. the auditor's principles
I are probably not compatible wtth those of the organlzatlon, and new
employment should be considered. Unethtcal activity that is tn violation of
internal company policy should be reported directly to mana,Dement.
whether it is unethical behavior of another employee, a customer, or a sup-
lates the ASQ code of ethics should be reported to the local sectlon of ASQ
for investigation and possible reporting to the ASQ Ethics C o r n t r e e .
Although not commonplace, bribery is another example of an illegal
or unethical situation that an auditor may encounter. An auditor encoun-
tering obvious bribery should flatly refuse the offer and stop the audit. The
client and auditlng organization management must be alerted and gtve the
matter tmmediate attention. Gift-gtving could be a less obvtous form of
bribery. Many public agencies and pnvate c o m p a e s have specific regu-
iations and polictes on ethical behavior. For example, a limited dollar
amount, usually about $25, may be specified for gifrs that the auditor may
accept ethically. An auditor has an obligatton to refuse or return m y gift
that exceeds the stated amount and has the option of retusing any item.
Many auditors will accept an offer of an inexpensive meal since they feel
that both panles benefit from the rapport established in a casual setting,
while orhers will refuse even the o f k r of a soft drink.
13the course ot an aildit, :in auditor happened to rnentton char she
was an w i d tennts player. Several wccks later she rcceived a case of
tennis balls from thc mditee. She wrote a polite note and sent i t to the.
auditee. along wtth the case of tennis balls.
In the tntcrnarional audiring arena, an auditor must be familiar wtth
'local customs so rhat potentialiy unet'hical situations can be interpreted
correctly and responded to appropriately. For es;lmple. In the United
Srates $1is considered a breech of ethics for an auditor to accept a gift or
favor trom 3 person in the audited organtzarton. but in Japan g i f t - y i n g is
ottcn pan of doing business. and 11 would be rude for the auditor to
declinc. As quality auditing becomes increasingly global. organizations
and individuals must be aware of such differences in order to prevent sen-
ous cultural misunderstandings from underminmg the audit process.
The need to be familiar with different cultures and norms is not lim-
ited to lnternattonai audittng. Auditors should also be aware of cultural
differences and expectations in each individual workplace where the audit
IS being conducted. The auditor's awareness and willingness to work with
diffirent cultures will help avoid misunderstandings and ensure the effec-
tiveness of the audit.
O v e r c o ~ n i n gLanguage a n d Literacy Barriers. Audit personnel must
elther ( I ) be fluent in the agreed-upon language of the audit or ( 2 )have
available at all times personnel with the necessary technical language
skills? When necessary, an auditing organization should employ a slcikd
interpreter to assist with an audit.
Even if all primary pmicipants m an audit speat; the same language, the
auditor may encounter language or literacy bamers when attempting to
~nterviewindividual employees. These same baniers may prevent the
employee from understanding or performing assigned tasks. A written pro-
cedure may soive the problem; but if the employees are unabie to read or
understand the procedure. then the problem has not been addressed. If an
auditor understands the phystcal process before going into an audit and then
focuses on the work, some of the literacy issues may be overcome with the
atd of t?owcharts and other simple diagrams. At ttmes. an auditor may need
to ask exuemely simple questions to overcome a lack of language skills.
Avoiding Other Problems. Selecting an auditor trom wlthin an organl-
zatlon (for a first-party audit) can cause problems. especially in the case
01.2 one-sttc operatloti. The objectivity of an auditor working in ;in area of
previous empioymrnt may he cjuestloned. Former peers may be intlml-
dated. uiicooperdtive. .or use the auditor 3s 3 sounding board tor com-
pia~nts.m&ng i t difficult for the auditor to obtain objective infomlation.
They also may think that the auditor will not repon proced~inlv~olations.
Furthermore, the auditor's knowledge of how a product. process, or sys-.
tem functions may be outdated. and tlme may be wasted as the auditor tol-
lows the wrong paths itsing Incorrect crlrzna.
Ideally. an :~iiditut-will not be assigned to an nrrc; of prevloils e m p l ~ s -
mcnt. For ~nternalaudits. thoit~h.such assignments cannot 31waj's be
avoided. The negative effects must be weighed against the benefits that
selecttns an auditor from withtn the orzanizarion may offer. Such benefits
may include a supertor understanding of the organization's product or ser-
vice and the processes involved in productlonLand a strong iamiiianty with
the applicable quality requirements or standards. Negative effects may
include hidden agends, perceived bias on the pan of the auditee, and the
possibility that the auditors will try to solve problems using past linowi-
edge rather than auditing.
Dunng an audit. some auditees will request to be notified of potential
nonconformances/findings so that they can take Immediate actton. In many
cases, immediate action would be remedial action (also callea containment
actlon) and not corrective actlon. Remedial action only addresses the
symptom and does not elim~natethe underlying cause of the problem. The
auditor may discuss the pitfalls of takng remedial acuon wtth the auditee.
The auditor should also explan that even though remedial act'ion was
taken, it would be unethxxl not to include the observed nonconformance
m the final report.
Besides looking and acting professionally at all tunes, the auditor
must assume other responsibilit~es1n external audits, such as matntaning
the confidence of the auditing orgamzaaon by never divulging proprietary
information to the auditee, reliaining from speahng negatively about the
auditing organization or prevlous auditees, and reframing from discussing
the performance of previous auditees with people in the organization cur-
-E
*
rently being audited. When facing one of the above problems or other -.--

marc difficuit oncs. the auditor must remain focused and in control of the -k
audit function.

This is not a pnmer on law as applied to quality auditing and should not
bc considered to be providing legal advice. If questions anse, auditors
nv
must consult their own lawyers for information.
Liability issues have become more apparent with the advent of the
quality system and environmentil system registration schemes. Each com-
pany and each auditor is acceptinz liability for the decmons made r e p &
ing whether to grant registration. Thele are appeal processes that are used.
but in the end, a coun of law could be called in for the final decision. A
key liability consideration 1s whether a company relies on audit informa-
tion as the basis for making a decision.

1. PERSONAL AND CORPORATE

Illegal Activities
As an auditor collects information throughout the audit process, the auditee
may disclose c e m n kinds of information. Thls informauon can lead to ille-
g d activit~esby the auditor, unless the auditor 1s aware that use of this infor-
mation is illegal. Figure 7 provides a general explanation of each type of
informahon and the illegal achvity that the auditor can inadvertently take.
The Auditor as an Agent
As a representative of a company, an individual auditor can unknow-
ingly acquire legal liability in several areas. First, the auditor m ~ g h t
make statements that an auditee uses to make decis~ons.If these state-
ments axe later shown to be untrue, the auditee might have recourse
aganst the auditor's company for damages. For example, if a third-party

Lkildit~~ Esnlanation
IS simeoile lems
iecuriiics laws itilonixit~onthat is important
io investors but iiot av&bls
to the public and proceeds to
x i on 11 or tells so1112one
\ v h l iI1ct1 acts 011 ti. t i is 2
vto1;ition of securrues l;iws.
Violation oi I S someone learns
:ltiiltrUSt 1iiws infornlatlon and uses it to
restrtct Competltlon i n a
particuiiw ii~uket.ti IS ii
vtolatioti 01 antitrust liiws.
\~ioliittmt i 1
&I, r,.e
II wmcone i d s to exercise
re:isonable rare tor
cotnpcleilc~it1 the course
of providing gutdance tor
others ti1 their bustness
transactions. it is a
violatton of due care.
Aiding and If someone willfully causes
abetting an act to be done and the
same act would be an
olfense against the U ~ t e d
States if directly performed
by hlm or her, it COnstlNteS
a ~ d i and
n ~ abettlnz.
Figure 7. Illegal auditor actwines.
Source: ASQ's Foundailons ~n Quality: Cenificd Quality Auditor. Modulc i: Ethics, Profcs-
siurial Curtriu~.1.md Liability issuc.s th4il~vaui;cc.
\V1: ASQ Qudiiy Prcss. 199% pp. i-16.
Auditor Example
Dunnz an audit intenww. a
scnior manager accidentally
reveals acquisition plans to
an auditor. The auditor uses
the infomaiton to make
p~rsorwlI I ~ V ~ S ~ I I I C ' IinI I Sthe
stock market.
An auditor comments to the
auditre that ,mother supplier
w~ththe same qualiQ
system realizes h r tewer
Zains. The auditee uses the
informat~onto produce
ne:;iti\r adverltsemsnk
ayainst the supplier.
An auditor zrants a supplier
IS0 9001 ceniiicntton
dssptte rile audit tean1'~
failure to tollow correct
accredittng procedure [not
exercisln:. "due care"]
dunng the audit. Based on
the certification. a company
purchases faulty product
from the supplier for
commerciai distribution.
An auditor discovers that an
auditee is using marenals
againsi contclctilat
requlrernents but does not
lnclude the iformanon in
the finai audit report.
auditor told the auditee t'hat the auditee's company would get a discount
on insurance by obtaining I S 0 registration, and the auditee used that
informat~onas a reason for deciding to obtain I S 0 registratton, then the
: auditee mlght recover damages if no discount was iorthcomlng.
There ts a myth pushed by some registrars that third-pany registration
is a strong defense in the event OF a product liability lawsuit. This 1s
not necessarily true. It apparently began when some insurance com-
panies in the United Kingdom offered discounis of 20 percent to
1 0 percent to compantes that achieved I S 0 9001/2/3 reglstratlon.
Unfonunateiy, these discounts have not made i t to the Untted States.
No lawsuit involving I S 0 9001/2/3 has been publicized in U.S. mediz.
The first lawsult that comes to court will test the ability of third-party
registratton to limtt liability based on good management practices iad
a quality management system. Until then. lt appears that U.S. insur-
- ance companies are waiting to decide whether to give discounts."
An auditor also has to be careful not to tell the auditee how to do their
work or what decisions to make. If an auditee relies on the auditor's words
and Subsequently fails to prov~dea good product or service or obtam reg-
istration, the auditee rmght recover damages. Also, if an auditor provides
guidance, even if the gutdance fixes the problem, the auditor still owns the
solution. If the recommended solution is not the best, there may be mali-
clous compliance that will reflect back on the auditor.
An auditor discovers that the auditee is shlpping defective products.
After verifying and investgating the incident, the auditor records 10
product deficiencies that should be corrected before shipping
resumes. The audit team ranks the deficiencies in pnority order and
includes them m the final report along with its finding^.^
The fact that the audit team pnontized the defic~enciesmeans that
they accepted partial responsibility for the soluuon. This makes the
audit t e r n and thelr company at least parttally liable should a prob-
lem surface m the future mvoivlng the defectwe products.

Registrar organizanons and their auditors face a special liability dunng
tlic audit and after registration. An organization certifying that others meet a
sct ol' standards must use reasonable care or competency in cenify~ng.~ The
auditor must lollow die procedui-es of the registrar dunng tlie audit process
and base thc registration decision on tlie results of the audit. The registrar
must have spccific procedures and requirements for registration and these
must be applied equally to all compmes. Registrars accredited in the United
S t a m must inect requirements of the Registrar Accreditation Board. The
Rcgis~rarAccredi~aiionBoard requires adherence to IS0 Gtucle 61 and
intcl~i-euvcguidance ot the lntemational Accreditation Fonim.
Proprietary Information
Ail earlier section discussed propnetary information and techniques of work-
ing around ;I process or other infomiation that the auditor was not allowed to
\ww directly. Disciosure ot propnetary information can come about inadver-
LCIILJ\ ~ X I U S C 01 tiic legal process itscll: Ail ;iuditor co~iipletesaudit check-
lists. riidxs notes ol the results ot rhe audit. and often makes copies of infor-
mauoii supponing tlie findings of the audit. These notes. completed
checklists. and coples find their way into tlie audit record and arc kept for a
spccikied penod ot time. If. dunng that time. a lawsult is iniirated, Uie contents
of the tile may become available l'or "discovery' by the parries to the la\vsuit.
Records of both internal and external audits are subject to discovery by
parties in a lawsuit. For example, if a supplier to your organization 1s party
to a lawsuit and your organization conducted an audit (external) of the sup-
plier. your records are subject to discovery. The same nghts of discovery are
true for both civil and crirmnd legal proceedings.
Through discovery, these records can become public. This is one of the
main reasons an auditor should not make copies of or take notes on propn-
eta? mformation when audit~nga company. It is also a major reason for
keeping exmneous comments out of the audit record. Such extraneous
comments can come back to haunt an auditor at the most mappropnate time.
Dunng one audit, the regulators asked to review the completed audit
checklists. On one checklist, an auditor had wntten "this procedure is
terribie" in the margin. The auditor and lead auditor spent the next
three hours explainmg why the comment was on the checklist even
though the auditor evaluated the procedure as satisfactory.
-1t<1, L: 1 I,,. ill
-
-
-- 2. AUDIT RECORD DISCLOSURE
-
'
- Because the quality system requires records that each step is performed by
.. following documented procedures or methods, there are many documents
=
-
- and records available for both the defense and 1112 prosecut~onln lhe event
- of a lawsuit. Each record and document is made available to both the
defense and to the prosecution.
iscovery is s pretnui device used by s u e parry to obtain facts and
--. informarlon about the case from the other party in order to help pre-
pare formal. Under federal rules of civil procedure and in states that
have adopted similar rules, tools of discovery include deposition to
oral and wntten questions, wnttsn interrogatories. production of dor-
uments, pemiisslon to entcr land or other property. physical and men-
/1 ral exammanons, and requests tor admission. In urmr~irtlproceeding?
discovery emphasizes the nght of the defense to obtain access to evi-
/ dence necessar?. to prepare its own case.'
Copies of the audit report must be sent to the client. and almost
always are sent to the auditee. Clients either designate other organiza-
tions and individuals to recelve copies or make the distribution
themselves.
The audit records should be treated as confidential information and
not disclosed to Internal or outside entities Without pnor approval of the
client and the auditee. Accidental or deliberate disclosure of negative audit
information that other companies use as a basis for mahn, decistons that
adversely affect the auditee may make the auditor and the auditor's com-
pany liable for damages. These damages can be considerable if a major
contract is canceled or awarded to another company on the basis of the
negative information.
 [32 of the CQA-exam questions or 21 %I

Audit preparation consists of everythin? that is done in advance by inter;

ested parties. such as the auditor. lead auditor. client and audit progrmi"
manager. to ensure the audit complies wtth the clients objective. The
preparation stase ot an audit begins ivith the decision to conduct the audit.
For our.-purposes. preparauoii ends when the audit itself bqins.
For a third-pxty audit-or when an outscde organization is being used
to conduct a first or second-party audit-the client selects and contracts
with an auditing organization. For a first or second-pany audit, the client
andlor employer of the auditing organization usually initiate the audit
either by request or by approval of an audit schedule. The client and/or the
empioyer of the auditinz organization should define the purpose and scope
of the audit as well as the standard against which [he audit is to be con-
ducted. The auditing organization personnel, in return, prepare the audit
plan and other wor'lilng papers, select or participate in the seiection of the
audit team members. and notify the auditee in wnting of the impending
audit. For a contracted audit, the client should notify the auditee.
For a first-party Internal audit that is not contracted out, the prepara-
tion stage may be less formai. Since internal audits often are scheduled on
a regular or continuous basis, such as quarterly, an interoffice memo may
suffice for notification. In some companies, a phone call followed by an
e-mail message or memo might be acceptable because the lead auditor and
manager of the area to be audited are likely to have greater contact pnor
!
to the actual audit.
 An auditing organtzarion must prepare carefully for an audit. 4 well-
planned audit is more likeiy than an unplanned or poorly pianned audit to
progress according to scheduie, earn respect for the auditor, get the full
cooperation of the auditee, efficiently utilize the time and other resources
of thc auditec and auditor, and produce results that can be used by man-
agement in guiding the organization.
When prepanng to be audited, an auditee organization has certain
responsibilitics. such as ensunng that the audit team will have adequate
workinf spuce and that neccssary personnei will be made available as
incedcd. The auditre often assigns an escon to the audit team to function
as a lia~sonw ~ t hemployees, management. and the audit team.
If preparation for an audit has been inadequiite. the audit team risks-
wasting time dunng the performance stage of the audit or performing a
mechanicai audit on the basis of a " c ~ n n e dchecklist. An unprepared
Upon receiving an audit assignment from a client, an audit manager usu-
auditor may focus on trivlal matters or personal areas of interest or knowl-
ally assigns a lead auditor who will be responsible for all phases of that
edge jpet peevesl. or spend more time in a conference room than in work
audit. The iead auditor is responsible for prepanng an n i i d i r I J ~ R I ~Zener:
,
arms. Such m x i d i ~is of limited value. since it fails to properly assess the
ally a oiir- to two-page tlo~ument(see Figure S in Part II, chapter D) that-
quality system and \v:lstes resources.
serves as a link between audit planning and audit execution. An audit plan
identifies:
The purpose and scope of the audit
The auditee and organizatior& units to be audit&
The audit team members
The standard being audited aganst (specific sections of the
standard may be included)
Loglstlcal issues such as the date and place of the audit, the
expected duratlon of the audit, and the expected date of issue of
the audit report
In additton, when applicable, the audit plan may list confidentiality
requuements, transportation requuements, or requued health and safety
permits or secunty clearances.
Dunng the audit preparation phase, the auditlng orgmzatlon must
d e t e m e the audit's purpose and scope (defined by the client) and iden-
tify the needed resources and applicable reference standard. Based on
these cntena. the audit team is selected. The lead auditor then secures the
appropriate documentation, prepares (or ensures that other members of
the audit team prepare) applicable checklists and other workmg papers,
and determines the proper data collection methods. The written audit plan
should be signed by the lead auditor and approved by the audit program
[manager. or the client. or the auditee.
Tlie six arcas discussed in this chapter are:
I. idmtilicauon of authonty (internal and external)
7. Determin;ltion of audir purpose
3. Ucterniination of wdit type and scope
4. Deicriiiiii;lrion ot resources required
5. Team selection and identification of roles
11 Requirements to audit against
E x h will bc disciisscd in detail in the sections that follow. Logistics,
vd~ichis ;llso part of planntng. will be discussed in the next chapter.
1. IDENTIFICATION OF AUTHORITY
(INTERNAL AND EXTERNAL)
As won ;IS ; I I ~;iudit IC;IIII is selcctcd. the team must verify its autlionty to
pertorrn the audir. By identifymg the authonty tor the audit to all involved
~ a r t i ~an' ~:~uditor
. coiitcrs Iegitimxy on the audit and removes or mini-
mizes the adverse feelings the audiree may espenence when rnformed of
the torrhcoming audit. Also. this step keeps the auditor from wasting time
preparing for an audit that has not been a u t h ~ n z e d . ' ~
The authonty to perforni an audit may come from a slngle source or
a combination of sources. The important thing is not where the authonty
comes troni but that i t does indeed esist. Without a specific authonty
source that permits an audit, an auditor has no nght to perform one.
Audit Authority
The auihonty to perform an audit can come from inside or outside the audi-
tee organizauon. Internally, authonty may come from an organization's quai-
ity p r o - m or from the chain of command. Externally, authonty may reside
in purchase agreements, industry standards, or government reguiauons.
Internal Sources. Internal sources of authonty are either organizational
or hierarchical. Tlie term o,gniiz:nno~z describes functtons or groups but
does not rank them. The word tzzerarcizy refers to status, particularly
among individuals. Internal audit authonty can come from e~thersource
or a combmation, depending on the company's structure.
Orgarziiatloir. The source of authonty for the performance of internal
audits usually resides in a document, often called a quality manual, that
describes the orgaruzatron's quality program. This document should
define the authonty oi certan groups or indimduals to,perforni audits.
At other times, a company's quality policy defines and authonzes
audits. If an organization agrees to meet certain industry standards volun-
tarily, for exampie, then the quality policy specifies that those standards
will be met. In t h ~ scase. an audit is a planned group of activities to assure
management that the organization 1s meeting those industry standards.
which are usually promoted :IS voluntary. but _which are olren required of
organlzauons to be compeuuve 1n the mdustry.
Sometimes an organization decrdes to adopt or adapt certain cntena even
though not required to do so. For example. an organization may elect to meet "
I S 0 9001 or I S 0 9004 standards even though ir has no intentton of applying
for registrauon to IS0 9001. Likewise. cntena for <he Malcoim Baldnge
National Quality Award iiiay be used as a basis for quality improvement even
when an organization has no mention ot applying for the award.
-
Hirrcird? Hierarchy is the chain of command that controls how work IS
delegated and how responsibilities are assigned within an organization.
Rather than being dnven by wntten procedures, as in the case of organi-
zarional authonty, an audit is dnven by the people who have authonty. The
audit authonty must be hlgher in the organlzauonal structure than the
funct~onsbeing audited. For example. it would be extremely difficult for
a division or department of a company to c o m s s i o n an audit of corpo-
rate headquarters. But the Vice President of Operations might request a
quality audit of department operations. This lund of audit is not normally
defined or required by the organization's policies and procedures, and it is
usually requested at a higher level to address a specific need. The client in
this case would be the Vice Presrdent of Operations.
External Sources. At tunes the authonry for an audit is extemal to the
auditee orgmauon, as m the case of authonty speeaed by a contract, stan-
dard, or regulatory body.
Contract. The authonty to perform extemal second-party audits should
reside in the purchasing agreement-a contract or purchase order-between
an organization and its suppliers. Sometimes this authonty is not readily vls-
ibie; it may be included in a section on nghts of access. A nghts of access
clause gives a customer or regulation body the right to inspect or audit a sup-
plier facility, product, or service. The clause usually specifies reasonable
access dunng normal business hours. Federal acquisluon regulauons requue
lederal agencies to include this authonty in most procurement documents.
A contraclual audit source is common in second-party audits. The
source of authonty is the signed contract between two parties, a supplier
and 3 customer. Propnetary processes. such as research and development
projects or processes ihat are being conducted for a compeLitor, are defined
and ;ire excluded li.oi11 the concern of the audiior. Access to plant locations
IS restnclcd 111 these circumstances, but should be defined in advance.
Storida~-(is.iVational and international standards include the ANSIIISOI
ASQ 49001 and 49004 senes for quality management. These standards
m;iy be lollowed volunVarily or may be imposed by contract or regulation.
Industry siandaids are wntten to clarify, amplify. and, in some cases,
liinit ledcrai regulations. For exampie, in the pharmaceutical industry. vol-
t1ni;irl; iiidusiry associattons sucb us the Hcaitli Industry Manufacturers
i\ssoct:~tion h:ivc developed standards that may be used as the basis for
inlcni;ii audirs. .Alter an industry has demonstrated that voluntary stan-
d x d s x r working. the best practices may be incorporated into federal
I-cylations.However. industry standards are not regulatory documents.
'iomally, the requirements a t the standards are incorporated or inter-
preted by the company's internal documentat~on.The quaiity manual or
policy m ~ g h include
t the authonty to audit the organization and a remnder
to managers ihat they are to cooperate with the auditors. Also, procedures
implemented as a result of a national/internationaI standard may provlde
guidance on how the audit program will be conducted.
Rcgulnionc These are primarily used by third-party auditors. Intema-
tional. federal. or state law may be the source of authonty in certain reg-
ulated industries. Within the United States, these regulations derive from
iaws passed by Congress and interpreted by the code of federal reguia-
tions promulgated by the authonzed agency. The courts have enforced and
reinforced the nghts of regulatory bodies to conduct inspections and
audits of orgamzations to monitor their compliance with the law. Regula-
tory bodies include organizations that oversee safety, health, and envlron-
mental laws such as the FDA, EPA, and OSHA.
2. DETERMINATION OF AUDIT PURPOSE
It is the client's responsibiiity to determ~nethe purpose of an audit. Usu-
ally this statement is specific; however, a client may state the purpose m
-particulars
zeneral terms with the understanding that the lead auditor will specify the
to fit the situation. in the case of an audit performed on a re$-
uiar basis, Lhe purpose may have been defined and known by all parties
well in advance of the audit.
First-party audits may be performed to assure management that the
audited area is in compliance with pmicular quality standards and that the
goals and strategies of an organization are being met. Several sample pur-
pose statements tor first-party audits follow.
The purpose ot th~sfirst-gany audii is
. To assure conunued implementation ot the management system. to
evaluate ihe effectivmess of the system in meering ihe staled gods 2nd
objcci~ves.and to identify opportunltirs for conunuous improvement
rn product. process. and system
. To review h e mechanicai assembly areas compliance with procedures
and io e\raluatethe procedures for opporiunilies tor improvement
rill
To confirm that project engineenng. document conrroi. md procurc-
menr actwiles bemg performed i n support of basic design are being
accomplished in accordwce with the Qualirv Assurance Manual.
Selected integrlited executrnn procedures. and governing projecr pro-
cedures. ~ncluding.3s nppropnate. client requirements
- To assess the progress ot the quality system toward meeking the
requirements of IS0 9001: as outlined in the current Quality Manudl
For a second-party audit, an auditor's quality assurance department or
the purchasing department normally determines the purpose o f t h e audit
and communicates it to the auditee. The pnmary purpose of a second-
party audit is to assess a supplier to verify that contract requlrements are
belng followed or to assess a potentla1 suppliers capability of meeting
specific requlrements For a product or servlce. By determining that the
supplier 1s meeting the requirements specified in a contract, the purchaser
g a n s confidence in the quality of goods and services belng delivered."
Examples of purpose statements for second-party audits follow.
The purpose of t h ~ ssecnnd-party audit is
To assess the capability of XYZ Company to meet contract requue-
ments by a review of the available resources and by obtaning objec-
tive evidence of management's c o m m e n t to the quality require-
ments of our product
To verify that the matenals, equipment, and wort being performed
under Contract 12345-P-001 are in accordance with the procurement
 documents. as specified in Secuon 6 of this contract. and that the work
1s being executed by qualified personnel
To ~dentifytlte possibk cause of recent nonconformltles by conduct-
IIIX a comprehensive assessment of the tasks, procedures, records, and
systcm documentauon rciated to the production of the wlreless wldget
Most third-party audits are performed by auditing organizations to
determine the compliance of the auditee"~systems with agreed-upon cn-
tcna. In the case of an audit tor registration, an auditor examines an audi-
iee's systems for compliance wrrh :, specific standard-tor example,
ANSVISOIASQ Q9001 or current good manufactunngpracttces..Thr pur-
pose statement for most thud-party audits is very specific.
Tlie purpose oi' lhls third-pay audit 1s
To determine the degree ot compliance to the requlrements of
ANSIlISOlASQ Q9001 for the purposes of regtstrauon of the com-
pmy systen1
- To assess the compliance of the quality system to a11 requlrements of
ANSVISOIASQ Q900i: for the purpose of recommendin2 dte orynni-
zntlon for reglstrauon to ihe srandard
To assess the compliance of ihe organmtion to all requirements ot
Reguiation 122 for the purpose of recommending approvnl or disap-
proval as 2 supplier
Thlrd-party audits performed for regulatory purposes d e t e m n e the
compliance of the auditee's systems with reguIations or iaws. These audits
have penalties (fines, jail, or both) associated wtth them, so they are very
senous. The purpose of the audit 1s determined by the regulatory agency
and normally is specified in the regulation or law. These audits focus on
detailed compliance with the regulations or laws to assure that companies
are protecting the envuonment, the public, and their employees.
3. DETERMINATION OF AUDIT TYPE AND SCOPE
The scope of an audit is developed in conjunction w ~ t hthe purpose state-
ment. The scope establishes the boundaries by identifymg the exact items,
groups, and activities to be examined. The auditor and the client must
agree on the scope; it is documented and communicated in the audit plan
to confirm a common understanding.
By looking at the specitic circumstances surroundiig an audit and by
exarmning the auditee's audit history, an auditor can confirm that required
correctwe actions have been implemented and m&e Judgments about
which areas rmght requue less attention. Areas that involve less nsk and
areas with excellent audit histones may require less sampling.
Exampies of scope statements for first-, second., and thud-party
audits follow.
First-party: To audit the Purchasing Manual for wueless widget production.
Second-party:To audit the heat treatment facility as 11relates to contract
number 95-00:.
Third-pay: To audit Ule design and manufacture of gaskets, seals, and
other compounded elastomer products for commerctal and automotive
applications at Plant Number I. 123 Man St.. Anytown. U.S.
The scope of an audit will have a direct effect on the resources needed
to achieve the audit purpose or ObjeCti~e.Determining the scope of an audit
also keeps an auditor focused and keeps the audit from becormng a witch "*
hunt or fishing expedition. An auditor should not seek to uncover probiems
in areas outside the audit's stated scope. However, if such probiems emerge
in the course of an audit, the auditor must be prepared to address those con-
cerns. For example, an auditor should investigate when overdue calibration
of equipment is observed even though that equipment mght not pertan to
the process being audited or fall within the audit scope.
The scope of an audit significantly affects resources and time require-
ments. If the scope is immense, a large audit team will be needed to com-
plete the audit in a reasonable time frame. If the scope is too large for the
available resources, the audit may have to be scheduled for a time when
adequate resources will be available, or the scope may have to be nar-
rowed. However, too narrow a scope wastes valuable resources too. Clar-
ifying the scope makes audit planning and execution efficient since the
availability of resources diuectly bears on achevement of audit 0 b j e ~ t i ~ e ~ .
Observing Problems Outside the Stated Scope
As indicated earlier, while auditors should remain within the scope stated in
the audit plan, they may discover probiems beyond that scope. An auditor
has an obligation not to ignore probiems outside the stated scope. An audi-
tor's reactlon to such a discovery will depend on the seventy of the problem,
its effect on the quality system, and the type of audit being performed. Con-
ditlons outside the scope of the audit may not be lncluded m the formal

report as a linding or violatloll for that pmcular audit. Conditions should
be reported directly to the client and the auditee if there is a senous condi-
tion adverse to quality or a possibility of litigauon. However, nunor process
problems need only be reported to the auditee. For example. an unsafe prac-
tice or one with senous iegd ranlificauons cannot be ignored, while a minor
process problem may not be acknowledged in the formal audit report. A
riimor pi-oblenl m3y be communicated to the auditce as feedback for qual-
ity impro\8enicntacuons.
i n internai audits where manazemen~'~ goai is to improve ihe quality
system. probiems that iniirfere with ih3t goal usiuaily are not ignored
since continuous improvement of the quality system cannot be promoted
if an audiror iiitenrionally overlooks obvious problems. Theretore, the
audit team may expand the stated scope and look Into the problem. In an
internal audit. problcms wrthin or outside [he scope need to be identified
so thiu appropriate corre~tiveaction can rake place.
Sometimes an auditee will want to expand the scope of an audit.
Espanding the scope is permissible betore the audit begins as long as the
team has time to prepare for the modified scope. If an auditee asks to have
the scope espanded once the performance stage has begun, the lead audi-
ror should suggest that the nest audit encompass the additional area, since
the team will not have done the necessary preparation or may not have
adequate time to investigate thoroughly. There may be fewer obstacles
when expanding the scope of an internal audit because the auditor's time
1s not constrained by a contract, nor are external management approvals
required, and all partles internal to the organization should have the same
organizational objectives.
In summary, auditors should stay within the scope of the audit and use
thelr judgnenr when they encounter problems outside the scope.
4. DETERMINATION OF RESOURCES REQUIRED
Once an audit's purpose and scope are c o d i e d , an audit team must be
assembled. Often, a lead auditor has already been selected and has com-
pleted some of the p l m n g acnviues. The lead auditor usudly parhclpates
in the selecuon of audit team members and may help detemune the desued
size and composmon of the audit team. Each member of the audit team must
be independent of the funcbons being auditea. As noted in Part I, chapter B,
sechon 3, total mdependence may not be possible for internal audits.
-
..
- When selecting an audit team, the auditlng organlzanon must deter-
.i. ;,;.-
f- mine the number of auditors needed to complete the job. Often, the scope .. a:.
,,.-
1,. tl8.i
..
of an audit, the time frame in which rt is to be completed. and budgetary
s- concerns will determine whether z single audiior or an audit team is
:
- needed to complete the job. The inuitlple auditor, or audit team, approach
allows depth of inquiry and breadth of examination. In additlon, it encour-
ages balance, since no single individual can possess all the technical
knowledge and personality traits necessary in all audit situaiions. How-
wer. one well-trained and espencnced auditor may be all that is required
to conduct meaningful and effective audit."
.. -
An audit team may break down into mni-teams or subtearns to per-
t o m portions of an audit. Each mmi-team consists of two persons-one
to interview personnel, the other to listen and take notes dunng the inter-
views. Seldom does the availability of personnel pennit such lusury.
except when members of an audit team are accompanied by auditors-m-
training. A second way of forming mini-teams is to pair a technical spe- ".
ciaiist with a quality auditor. The quality auditor can explore rhe system
and management controls, while ihe technical specialist can observe the
work beins done to provide a product or Service.
When scheduling an audit, the lead auditor should calculate the esti-
mated number of personnel hours needed to complete each portlon of
the audit, then determine the total number of team hours required for the
audit. For example, if the sum of personnel hours is 10, then one audi-
tor should be able to complete the audit in 10 hours; two auditors work-
mg as a team but in different areas should complete t'he same audit in
five hours.
Detemuning the proper number of on-site audit days can be compli-
cated when all vanabies are cons~dered.However, minimum audit day
guidelines have been issued for use by third-party audit organizations.
Table I shows the m n ~ m u mnumber of on-site days that should be Spent
on TL 9000/ISO 9001 quality system audits and ongoing surveillance
audits. The table takes into consideration the number of employees of a
company, the exisung qudity system, and the cntena being audited
against. The table does not consider such factors as the complexity of
operations or labor mtensity. Audit days couid be added for very compiex
operations, or a request to reduce the number of audit days can be sub-
mltted to the accreditation organizauon for simple, single-product line
organizations.
 The lead auditor ensures that the size of the audit team 1s appropriate
on the basis of the amount of work to be performed, its complexity, the
availability of personnel and other resources, and the desired time frame
in which the audit is to be completed. Additionally, the lead auditor should
consider the physical size and layout of the space in which the auditors
will be workng.
The following factors may be considered when determimng the num-
ber of auditors needed on U1e audit team:
On-slte time restrictions or allocation
Average expected interview time per Interviewee
Number of interviews (percentage of employees to be sampled)
Time in meetlngs (opening, e m , auditee bnetings, audit team
meetings)
r-
Data analysis and report preparation tlme
Observation of work time
Records review tlme
Meal and break t~mes -
Lost time due to ineffic~enc~es,
such as distance from department
to department
The amount of audit prework could also affect the number of auditors
needed on the team. Examples include previsit communication (wntten
and verbal), review of documents, prepanng checklists, and prepanng col-
lectlon plans.

5. TEAM SELECTION AND IDENTIFICATION OF ROLES

An audit team is responsible to the client-the person or organization that
hired or directed them to perform the audit. An audit team is accountable jj
to the auditee because its goal is to help the auditee-that is, to assess the .,
:t
organization or process so that the auditee knows what is workmg and
where opportuluties for improvement exist. The members of an audit team
are also accountable to the audit program manager or registrar for whom
..
they are working. Therefore, their actions must reflect the audit o r g a ~ z a -
tion's standards.
Lead Auditor Selection a n d Duties
Every audit team has n lead auditor or audit team leader. Large teams may
have both. When thc audit team consists of oniy one auditor, that auditor
is the icad auditor. Whcn more than one auditor is needed for an assign-
ment. the iead auditor, usually an individual with supervisory expenence
or management capabilities, IS identified pnor to the other team members
and participates in their selection. A iead auditor whose duties include
auditing. directing. and monitoring team members usually has more audit-
c e other tenin members and is more familiar with the
ing c s p e r ~ c ~ ~1lii11i
sundanl being audited a g a m t .
The iead auditor has ultimate responsibility for the satisfactory per-
forniancc of nll phascs of thc audit as well as for the professional conduct
ot the mdit te:iiii i~ienibcrs.As the representative of the entire audit team.
tlic 1c3d auditor is responsible for in~tiating;uid malnr;lining communica-
tion \ \ ' ~ t h the wdiiee. The lead auditor prepares the audit plan. conducts
thc opening and closing meetings. rewews the findinss and observaLions
ot the auditors. prepares and submits an audit repon. and evaluates cor-
rective :Iction. The lcad auditor may also conduct daily hncfings with
tcaiii inembers throughout the audit.
Audit Team Selection a n d Assignments
When prepanng an audit plan, the lead auditor (and/or client or audit man-
ager) should assess the complexity of the activit~esto be audited and select
team members who possess the qualifications or expertise needed to per-
form that audit. If the area to be audited is highly specialized, the auditing
organization may have to outsource a specialist or consultant expenenced
in that area. To avoid misunderstandings, an outside speclalist or S ~ b j e ~ t
matter espert must be bnet'ed as to their expected role pnor to an audit.
Often. an audit team is a combination of quality assurance personnel,
tralnrd and expenenced in auditing techniques, and technical spec~alists,
trained and expenenced in the area to be a ~ d i t e d . ' ~
Personnel are seiected for specific quality auditing assignments on the
b a s s of expenence or trrunmg that indicates quaiificatlons commensurate
wtth the compiexity of the activities to be audited.lJ Each auditor is
responsible for preparing suitable working papers for the portion of the
audit for whlch heishe is responsibie. Workmg papers are discussed in
detail later in Part LI.
The responsibility of an audit team is to gather factual evidence of
compliance or noncompliance of the audited area to the standard. Since the
audit function intrudes on daily operanons, an auditor has a duty to gather
information promptly. objectiveiy, and considerately. After comparing and
analyzing observations. an audit team should be able to draw conclus~ons
about the systems and rtport those findings in a timely manner.
Additionally, audit team members should be free from biases or con-
flicts of interest, comply with standards of ethical conduct. and esercise
due care in the performance of their duties. These concepts were discussed
In Part 1 a t this handbook.
In summary. the number ot personnel needed and their espenence and
qualificattons depend on the amount of material to be covered. the avail-
ability of personnel and other audit resources, the amount of time avail-
able to perform the audit. and the subject of the audit.!' A quality systcm
audit of s bank will require different auditor skills lhan will an audit ot
technicai areas for 3 ~IieniicaIprocessing opemtion. or a robotics or soft-
ware compmy.
K.
6. REQUIREMENTS TO AUDIT AGAINST
Audits of quality progrums require reference standards against which to
judge i l e adequacy of the plans:
"The reference standards nonnaliy available inclutle:
. Written polic~esand procedures of the company as they apply to
quality
Stated object~vesin the budgets. programs, contracts. etc.
Customer and company quality specifications
. Pertinent government speciticat~onsand handbooks
Company. mdustry, and other pertinent quality standards on products.
processes, and computer software
.. Published guides for conduct of quality audits
Peninent qualir).depanment instructions
General literature on audit~ng"'~
Performance standards are the norms or cntena against which an
activity 1s measured. There are four levels of performance standards:
I !
1. Policy Documents-Examples include corporate policy
statements, International and national quality system standards,
regulatory standards, and business sector standards.
2. Transition Documents-Often called manuals, one should exist
for each sectlon, department, or division. Examples are
corporate manual and plant manual. i
 3. Procedure Documents-These include che step-by-step Policies. Internally, many companies regularly assess compliance and
requirements for dolng a job. effect~venesswlth their own quality policies or policy statements. These
4. Detailed Documents-These documents, such as drawings, policies are often stated in quality manuals and are the bass for the qual-
purchase orders, product specifications, and tnspection plans, ity program.
explain specific tasks." Laws and Regulations. Many companies perform internai audits to
"Shndards. codcs. and regulations . are Issued by related industrial assure that they are meetlng all rhe requirements lmposed by various iaws
or proiess~onaiassocrattons. by nat~onnlstandards wnting orgmzatlons and reguiations. whether zenerai or industry-specific. Thlrd-party auditors
concerned wtth ihe mended marketplace, by iocailstate/national lepish- wlthln a regulatory azcncy use the laws and regulat~ons.case law, and
live bodies and by iniernauonai bodies."lJ their Internal requlrements/gu!de!ines a s ~ h ebass Lor the audit..

Why Must an Audit Basis Exist?

To perform an audit, an auditor must be aware of the audit basls, some-
Lmes called reference standards or performance standards. The compli-
ance or adequacy of a system cannot be measured until those requlrements
are ddined. Regardless of [he requirements, an audit must be performed
ayalnst a basis for reterence (e.g., organizat~onperformance standards
and/or nattonal standards such as ANSVISOJASQ Q9001 or Q9004).
These reference documents can include (1) quality system, product, or
process standards: I?)contracts; (3) specificat~ons: (4) policies; and
( 5 ) iaws or rezulatlons.

Standards. Certain ~nternatlonal.national, and industry standards are

mandated for many organzittons. Audits verify compliance with the
appl~cablestandard, whether it be the ANSVISOIASQ Q9001, AS 9001,
QS-9000, or I S 0 14001. At tlmes, an orgaruzatlon may voluntarily adopt
cenan standards by lncorporatlng them into contracts or polictes even
though there is no requirement to do so.
Contracts. In a second-party audit, the purchase order or other contract
states the speclfic requlrements that must be met, and an audit IS per-
formed to verify that the supplier 1s meetlng those requlrements. A con-
tract may Include references to a specific standard, such as ANSI, ASTM,
FAA, or FDA standards.
Specifications. Specificahons are normally used when conducung prod-
uct or service audits. An auditor exarmnes physical dimensions, placement
or arrangement of items, or chemcal composmons, for example, to see if
they are In compliance with the specified requlrements.
 1. STRATEGY
Regardless ot whether a product. process, or system 1s being audited, the
wditor should use a general audir~ngstrategy, or audit path, so that data, '
are collected in a 1o:ical and methodical manner. Effect~veaudit plann~ng
ensures that an auditor will have the time and means to conduct a thorough
invesnga;ion of the audited organization. It also enables the auditor to seg-
nient the audit by element or department, or to use the discovery method
or tracing techniques to gather data-~dheringto such strategies helps an
auditor gain insight into the practices actually employed throughout a
company and assists in the identification of problems.
Some hnctionsldepattments lend themselves naturally to one particular
auditing strategy. For example, tracing techruques may be suitable in s~tua-
tions where there is a natural flow of work, such as in product~onareas."

Tracing
Tracing, or follow~ngthe chrono10,oxal pro,oress of something as it is
processed, IS a common and effective means of collecting ObJeCtlVe evi-
dence dunng an audit. In fonvard tracmg, an auditor staris at the begm-
m g or rmddle of a manufacturing process, for example, and traces for-
ward. In backward tracing, the auditor starts at the rmddle or end of a
process and traces backward. Backward traclng can be more revealing
than fonvard tracing, because the auditor examnes the process from the
perspective of seemg the results (product or service) of the preceding
activity.
 H flowchart can be used as a road map for tracing activities. When
tracing. the auditor shouid:
Stan at the beginning, middle. or end of the process
Choose an action, such as painting a wall. stamping. folding, or
bahng
Gather information in sis areas-people. equipment. method,
11~ateriai.environment, and measurement-l'or the action chosen.
and record this information on a chcckiist (these iactors are
discussed in Part VIlr . - .
- Follow the path of the transaction backward or forward though
the process"'
Discovery Method
The disco\.er'. method is sometimes called random auditing. This method
investigates \vIiat is currently taking place and therefore retlects prevuiling
work procedures. However. the discovery method offers no discernible pat-
tein lo an audit. and an auditor cun become disonented or spend too much
time i n the facility."
In most situations. the discovery method should not have to be used if
the audit has been adequately planned. However. this method could be
effective if the auditor b o w s that a problem exists b u t has not yet located
it. By goinp into the audit area and iooklng around, an auditor may be able
to bnng the problem to the surface.
Element Method
The element method is 2 commonly employed audiung strategy. The ele-
ment method can refer to any element of any quality assurance standard
or of the auditee s quality program. Examples of elements are:
20 elements from ANSL'ISOIASQ Q9001-1994
18 elements from 10 CFR 50, Appendii B
15 elements from 10 CFR 830.120
7 categones from the Malcolm Baldrige Nauond Quality Award
eiements from the ANSUISOIASQ Q9004 Gurdancefor
Perj%mnce Improvemenr
The auditor exammes each element individually to see how it affects
the entue system. Thls method 1s thorough and good to use on an annual
bass. However, when an audit team is very large or is spending several
weeks in a facility, the element method can become cumbersome.
Department Method
The depamnent method is another way of dividing an auditmg task and works
especially well when accountability at the department level is imponant. The
auditor focuses on the entue openuon of one department rather than on seg-
ments of it by reviewing numerous quality elements withm the depamnent.
This auditms suategy touches on aimost everyitmg 1n an audited facility.
Here. the auditor's ability to identify applicabie quality elements for that
department is put to test. While this is an excellent suategy when the audit
ream wishes "to slice the apple a different way," it should not be overused.
Focusing too much on one small group of people (one department) may not
accuratelv represent what is happemng throu~houtan organization.
*r
2. DATA COLLECTION PLAN
An allditor must develop a pian for collecring specific evidence needed to
answer checNist questions. The-collecuon plan provldes the auditor with
space for recording the results of e x m n a u o n s and identifying people
who were interviewed. The auditor should ask open-ended questtons that
result in verifiable data. The questions asked may deal with causal group-
ings such as methods, materials, machinery, people, measurement, and
environment-that may affect a specific action.
Data include any observation of facts and can be qualitative or quan-
titative. Sources of data could inciude records from the auditee as well as
observations that an auditor makes during audit performance, such as
countmg the number of press cycle openlngs or observing an operator dur-
ing a prescribed, defined operauon. Quaiitatlve data Indicate "yes, this
was performed, or this step was conducted." Objectwe evidence must be
available and reviewable for any data to be considered verifiable. Quanti-
tatwe data are collected by measunng or counting, such as the number of
defecuve pieces removed (inspected out) or the number of cycles of mold-
ing press observed during a period of tme. The number of complaints that
a complaint handling system received dunng a certain time period is
another example of quantitauve data.
 An auditor. as part of the planning, will usually have access lo work
instructions or written procedures. If the quaiity system is mature, the
written procedures will describe what records need to be maint;uned, who
maintains the records. who collects the data, and what knds of data are
collecied. As 2 result of thls prepmation, an auditor should know what
dais sheets or records to expect when remhtng the audit site.
An auditor should have a plan in mlnd for what needs to be csam-
incd. and i t shouiJ be described on the audit checklist. For txarnple. an
:iiidilor will he tniniliar with the inspection records on n production
line a i d may decide to csainirie them. Nest, the auditor may decide
how many tnspection records need to be esamrned. Depending on the
size of the auditee organization and objective of the audit. a sampling
plan may need to be developed. See the sampiing theory and proce-
dures section ot Part VII and the appendis tor more intormarlon on
sciccttng samples.
-\n auditor must be familiar with different data collect~onmethods
and ~helr.sircn$,s and weaknesses. Proper tralning teaches auditors
\vhtch rncthods can be used and which ones cannot be used for a specific
task in part~cularsituations. The audit program can dictate whlch data
collecuon methods are for compliance and which ones can be used only
tor inl'erence. Datacollection plans may include lntenriewtng, observ-
1ng. revlewlng records and documents, analyzing data, and stat~stical
and nonstatisucai sampling. An auditor needs to understand basic statis-
tical methods and must be able to choose the one that gives the desired
intormallon.
3. SAMPLING PLAN
A sampling plan must be developed for each audit. The type and extent of
sampling is normally the responsibility of the auditor, based on the pur-
pose and scope of ihe audit. Questions regarding the adequacy of the sam-
pling plan should be addressed by the lead auditor.
The purpose of sampling is to gain information about an entire g o u p
of units, items, things, or people based on observ:ng andlor inspecting a
segment of the group. Sampling is a techmque to gain the information
needed at a reduced cost (compared to 100 percent inspection). To be
valid, the segment or sample selected should be representauve of the
entire group.
Sampling of information ior an audit is not always statist~callyvalid,
however. The auditor normally does not have time to review a statisncally
valid sample from tilousands of instruments that need calibration or thou-
sands of engineering records. In such cases. the auditor should quanlify
!he number of instruments or records evaluated and identify the areas
where they were obtained. Items from a population could be sampled sev-
2r31 tlmes; each ttme. [he auditor will identify the number iqunntity) and
losatton. T h ~ ssampling technique allows the ciient and the auditee to
aopreclate the slgnificsnce ol [lie results and better locus [heir corrective
action activities. l?cvicw~n~ ti~s~rutncnlsor clocurncnts Iron1 a v:u.tety <>I'
areas. although noi statistic all^ sound. wili identity it' a problem is sys-
temlc or focused in cenain areas."
Sutlsttc~llyvalid sampling plans are normally used Tor product.
process. and compliance audits. It would be common tor a product :itidit
plan to require siattstically valid sampling. See Part Vll and the appendix
Ibr more d?wil on ssmpliny plans and techntques.
n.
4.LOGISTICS PLANNING
.Audit l~gisncslplanning IS necessap for both audit team coordination and
establislung auditre communication links. Good pimnlng will result tn 11
smooth, seamiess audit performance. Poor planning will malte the audit
team appear less professlanai and mght jeopardize meeung audit objec-
tives. Auditors nee0 to amve at the nght place, with the ngllt equipment and
mformation, at the nght tune, and for a suitable duration of time to get the
job done nght. To help the auditor properly think through what is necessaq
to start the audit process, It is prudent to outline a detailed iogisucal plan."
The 1og1st:cs of an audit are a crucial part of the planning process any
time the auditors must travel to the audit locatron. The following ltems
should be included in the plan that is typically given to the auditee in
advance of the audit:
A timeiine plan for the auditor's visit
The opening and closlng meekng locauon and tune
A request for an audit team meeting place, such as a conference
room for team debnefings and discussions of observauons,
equipped with telephones, computer, or any other equrpment
needed to conduct audit activities
54 I'm 11 :hdif I ' ~ L , P [ I ~ ( I ~ I ~ J I I
..
3 ==
..*.

4 request for facility layout maps, office locations, confidential

areas, and so on, and any special requirements such as safety,
cnvrronment, or heaith equipment like steel-toe shoes, hard hat,
lab coat. htur net. head cover, grounding devices, or s ~ f e t yglasses
-
-:E
&'
-+.

~*,
-g?

Travel plans. possibly rdentifying a rendezvous prior to the

+
opening meeting, and possibly including an extra day to meet at a
ncarby hotel m d _ret familiar w ~ t hthe area
:..&.
..&
1

1. AUDIT-RELATED DOCUMENT REVIEW

Before performing an audit, an auditor must secure documentatron of the
-
quality polic~esor practices and procedures of a company. so that compii-
ance of a product, process, or system with the requirements specified in
the documentatlon may be assessed.

Securing Quality-Related Documentation

An auditor should contact the auditee to determme the availability of
quality-related documentatlon and to request copies. Proprietary material
contained in the documents may be removed before it is sent to an audi-
tor. Historically, paper has been the conventional form of documentation,
but documentauon may be in any medium that can be recorded,
reviewed, and retrieved. For instance, magneuc media, computer files,
voice recordings, and videotape are all acceptable forms of quality-
related documentation. Many companies are now achieving a paperless
office and have placed thelr controlled documents on an intranet for use
and downloading by employees. A n auditor may be asked to visit the
Worid Wide Web site and obtain the documentation independently.
A quality andiror observes, examines, and reports compliance by
assessing systems, processes, and products a g m s t quality-related docu-
mentation. Processes are compared to quality objectives and standards,
while products are tested and inspected to d e t e m n e conformance to
specifications or standards. Documents that specify quality require- becomes part of the documentation for that audit, along with the corporate
ments include: training policy, the records of training for the indiv~dualsinvolved. and the
Quality manuals quality plan for training.
Procedures
Using Quality-Related Documentation
Detailed instructions Reaso~abledocumentation 1s secured before an audit so that the auditor
Workmanship standards or models can determine if the system 1s properly designed. An on-site audit will then
determine if the system is tunctioning satisfactorily. Infom~ationconrained
Policy manuals - -
in documents must be appropriate, adequate, and current if the documen-
tatIon is to be used in dec~sionmdang. The quality manual, a master list of
documents, or other similar documentanon should Instruct the auditor
where to locate and how to obtain applicable documents. Reviewing these
Quality plans documents before the audit helps an auditor prepare working papers and
Spucilicatioi~s determine where to concentrate effort during the perfomlance stage.
. Strategic plans to identify quality objwtives Documentation should meet minlrnum expectations in identifymg the
organization s requirements and what the policy of the organizatton is rel-
K

Certificate ot con~plianceforms ative to meetins those requirements. The audit team should review the
Industry prxuces/methods documentation to assure that it meets and complies with the requirements
of the applicable standards and laws/re~ulations.A matnx or table relat-
Fomis used to rccord data
ing each requirement to the location in the company's documentation
Schedules where it is addressed will greatly help the audit team make thls determi-
Trade practices nation as well as help the company ensure that all requirements have been
adequately addressed.
Service standards
Sottware operating manuals
2. AUDITEE'S PERFORMANCE HISTORY REVIEW
Work instructions
- Routing cards
An auditee organlzatton will have a performance hlstory unless the audit 1s an
in~tialaudit or qualiticauon survey. Knowledge of the performance hlstory
will help ensure that positive pracnces conhnue and problems are corrected.
Prevenuve mantenance plans
When pnor audit information exlsts, it should be renewed as part of
Quality inspection pians an auditor's checklist to ensure that corrective action has been imple-
*.!

Purchase order forms
- Flowcharts
Wntten procedures are reviewed before an audit starts because the
policies, specificat~ons,and standards dnve the audit preparation. In an
audit with a scope linlitcd to training in an organization, for example, the
mented effectively. Somehmes a pnor observation was reported that was
not a v~olation,but an emerging trend. Dunng audit prepmuon, an audi-
tor may examine data to see if this trend has conttnued or if some action
has been taken to reverse it.
Another reason to review past audit records is to identify specific
ireas likely to have continuing or repeat problems and to determine the , .

appropriate part of the standard that describes the training requirements status of actions taken earlier to resolve any noncompliance. The audit ..
,.
 -=
team should verify that the corrective actions implemented following pre-
vrous audits have remaned in effect and that they have prevented the
probiem or noncompliance from recumng."
-E. -
For internal audits. performance data may already be available to the
auditor. For second- and ihird-party audits, the performance data may -+:
need to be requested before or dunng the audit. Performance data may
rciatc LO the product, process, or system.
One ot the most common performance records reviewed by auditors ~?-
is lhc prior uudir report. The revlew may be for the auditor's professional
bcnclit. or rhc clicnt may rcqurst [hat [he auditor verify correcrlve actlons
Llom prlor audibs as part of the audit purpose. If the client has-a concern
about the objecuvity ot the pnor audit, the client may instruct the current -.
audit team not to revlew the pnor audit.
Performance records to be reviewed may include:
. Pnor audit reports
Customer feedback
Corrective and preventive actlon records
Product returns
Product warranty clalnls
. Product quality ievels
.-.
Process and unit performance compared to goals
. Organization and business performance
Customer surveys -B
' -
Field reports
3. PREPARATION OF AUDIT CHECKLISTS,
GUIDELINES, LOG SHEETS
An audit checklist is the primary tool for b ~ g i n order
g to quality audits.
With a well-planned and well-defined checklist, success is achievable.
Without a checklist, an auditor has a disjointed, disorganized activity and ;
no piace to record failed efforts. Before developing the checklists, an audi-
tor must know what the governing requirement's documents say.
6 ...
.--
A completed checklist provides:
. Objective evidence that an audit was performed
Order and organization
A record that all applicable aspects of the quality pro,m m were
exmned
Historical information on program, systems, or supplier problems
The essence tor the closing meetmz and audit report
An ~nfonnanonbase for planning future audits - -
A vehicle for tune management
.I
The purpose of a checklist IS to sather ~nformationdunng the course
of an audit that the auditor will need to jusrify the audit findings and con-
- -t clusion. The checklist guides each member of the audit team to ensure that
the full scope of the audit is adequately covered. The checklist provides
space for recording facts gathered dunng fieldwork. with places to answer ""
questions and numerous areas for taking notes.
. t A checklist is a set of notes and instrucnons about specific thin,-S and
specific areas, wlth specific questions to ask and specific techniques to use
i. dunng an audit. Checlclists or wntten procedures are used to assure conti-
nuity and comprehenstve coverage of the area of interest and to provide
evidence of the questions that were reviewed and a record of the review."
A checklist may contain a standard set of informanon that every audi-
tor looks for, such as the following:
A Does the person being audited have access to wntten procedures
and applicable work instructions?
Is the procedure up-to-date?
Does the scope of this employee's trarung cover the observed
activaies?
Is the organizational structure proper for what the employee is
expected to do in the observed procedure?
Are appropriate records being mantaned?
The specific format and construcuon of a checklist may vary from
auditor to auditor depending on what works best for the auditor. Some
checklists are yeslno questions that reference a specified requirement: oth-
ers arc open-ended interview questions that test the limits of a procedure;
and yet others are statements providing additional instructions for the
auditor. Vanations ot checklist questionlstateinent may be: "Does the per-
son being audited ;tlways have access to tile latest version of the proce-
dure?" "Verify. ihrouzh observations, discussions. and review of docu-
ments, that individtiais have access to written procedures and applicable
work instructions that cover their nct~vit~es."
I n addition. many checklists contain a set of questions for each section
ol the rcqiiiremeni standard that is being audited n:alnst. This part or the
checklist includes questions about ii~anagemenrresponsibilities, training,
cltiality planning, and so on. These "canned" or genenc checklist items
should be supplemented with time-specific and circumstance-specific
qursuons and observarions that the auditor wants to nmke during that audit.
Checklists sliould aiways be reviewed to make sure they are still current,
since stmdarcls chanye.
Deviations Iroin the checklist inay result trom 11 c h ~ n g ein the audit
schedulc or an obsrrvaiion that indicates a possibie problem. A checklist can
be expanded as is necessaq'. while sraymy within the scope of the audit."
An audit checklist is flexible: audit observations need not be restricted
to what the auditor has pianned. Also, it is permissible to abandon or make
adjustmenrs to the checklist items dunng daily meetings. A checkiist is
nonlimiting-it does not restnct what an auditor needs to do provided the
auditor stays within the scope of the audit: i t is simply a way ro plan so
that the auditor knows what to look for and observe in the given area.
The audit checklist may be forwarded to the auditee pnor to the audit.
This is a choice of the auditing ogmzation. Normally, for f ~ s t -and second-
pmy audits, if the auditee requests acopy of the audit checklist, it is provided
in the spint of cooperanon. Some audit orgmzations issue disclamers when
checklists are shared to remind the auditee that the checklist is not the stan-
dard and that areas not on the checklist may be exarmned as long as they are
within the purpose and scope of the audit.
It may benefit the auditor to review previous audits after the check-
list is completed to see if anything should be added that was a concern
in the past. The reason for waiting to review previous audits is to avoid
bias in audit preparation due to some hlstoncai event. If a previous audit
had a corrective action that requires follow-up, this is the time to add it
to the checklist. There may even have been some customer complaints
that were not coinpletely answered. These are iiilportanr issues that can-
not be ignored.
Gu~delinesare additional documented instructions considered good
audit praclice that may provide additional information tor conducting the
audit. Guidelines are not mandatory and are normally prepared in a state-
ment format.
Log sheets are another kind of working paper prepared in advance of
an audit. A log sheet contains auditor notes and becomes a record ot activ-
ties perfdrmed during ;in audit. wh;tt the auditor obser\'ed. and who the
auditor talked to.
Esarnple iog sheet
One example of a log sheer is a white ruled pad [hat chronolo:ically
I
/ derails wlwe the auditor wcnt and who was inten-rewed.
h
-
Esample Area Guidelines for a n auditor
Make sure posted instructions are signed and that any changes are
also signed.
If cyclical reports are kept, be sure older ones are marked as histon-
cal or reference. The same rhmg applies to drawings or specificauons.
Everyone should be able to use the intranet to view pracaces and
specificauons. Make sure all stations are capable.
Changes to WNs. routings. and OlSs must be imrialed.
All product should be identifiable (e.g., routing. tag) and noncon-
forrmng matenal segregated in the MRB area or clearly marked.
Housekeepmg need not be what we do for CAT VLPs, but there
should be some orderliness, and debns should be removed.
h y t h m g that needs to be calibrated should have a current label.
Also check for dates that may expue next week.
Personal trmlng records must be current and available.
An audit plan is a wntten description of the vanous elements of an UpCOm-
Ing audit. An audit plan is not the same as an audit schedule. The audit
describes what will be covered in a panicular audit or Sequence of
audits. The audit schedule states what audits will be pertomed w~thina
-
certain block of time.?' Fisure S shows a sample audit plan.

Communication of an Audit Plan

Before issuing an audit plan, the lead auditor should contact the audi-
tee by telephone to verify the proposed date of the audit. After an audit
plan has been finalized, the date and log~sticsof the impending audit
should be confirmed in wnting. For an internal audit, notification 1s
done by memo or published schedule. For a second- or third-party
audit, it is done by letter. The notification letter or memo should be
addressed to the senlor person in charge of the area to be audited. For
-er or area
internal audits, this person is probably the department mana,
superintendent. For second- and thlrd-party audits, this person is usu-
ally the plant manager or president." Figure 9 shows a sample audit
notification letter.
Even if the lead auditor prepares the letter or memo, the client should
sign it. '&s formal notice should be delivered before the field vis~t.The
ttmng of the nouce should be consistent with organizational procedures
and common courtesy, varymg from one week to several months. Advance
notlce of 30 days is common but not required.
 Audit Plan-2122IXS Warch 24.20XY
iudited Organization: ABC Industries, ABC Fla. 8:00 A.M-8:30 A.M. Daily bneting with ABC coordinator
'urpose: S:3O A.M.-1:OO P.M. lnrerv~rwsand observations continucd
To assess contormance icompliance) and effectweoess of the quality 1:00 P.M.-3:00 P.M. Audit team meeting, preparation of repon
management system against lntcrnai and externai periormance
3 0 0 P.M.-4:OO P.M. Closing meetlng
standards and to report tindin~s.
Team blenibers:
jcopc ot' the Audit:
John Smith. Lead Auditor. .ASQ CQA
. The ABC production tiiciiity and suppon nctivitics will be included in the
audit. The audit lncludes all departments that suppon the producrlon of Jane Doe. ASQ CQA
Flzmos that we responsible for meeting I S 0 9001 requirements. The areas
o i interest include t11e Purchaslng. Quality Assurancc. Laboratory. Approved: Approved:
Ui.;uibution. Older E n q . Scheduling. Producuon. m i TrJlmng depmments. Audit Organiratlon ABC Industries
<equirements:
Figure 8. COIII~IIIIPLI.
A\ ipecitisd in ANSI/ISO/ASQ QWJI and csisting .ABC company
policies and procrdurss.
ipplicable Documents:
The Quality $policy)i\.1anuaiis)-QIv190OI ~istribu6onof an Audit Plan
Ciui procedures that cover the ANSVISOIASQ Q900i rcqulrements Members of an audit team receive coples of the audit plan. as does the
auditee. The auditee 1s responsible for distributing the audit plan wlthin
Other replatory requirements and industry standards the organlzatton.
h e r a l l Schedule tdetailed interview schedule to follow): Several parallel act~vttlesare Involved in the preparation of an audit
Xluch 23.20SS plan: scheduling the audit, notifyin? the auditee, and l i n ~ n gup audit
resources. Once the audit plan is prepared, it is formally commun~catedto
S:00 A.M. Onentauon for auditors the auditee. The lead auditor should publish the audit pian, notify the
(safety and environment) client and the auditee of the impending audit, and confirm that any speclal
9:00 A.M. Openlng meeting (for auditees) needs or plans, such as travel requtrements and security clearances, have
9:30 ,\at. Tourlreview documents been arranged. Once these steps have been compieted. the performance
stage of the audit is ready to begln.
10:30 A.M.-4:OO P.M. Interviews and observations
4:OO P.M.-5:OO P.M. Audit team meeting

Figure 8. Audit plan.

 Mr. Dale Smith
ABC Indusmes
1 t\BC Blvd.
RBC. FL XXXXS
The :iudii tem will pertoim a quality system audit of the ABC facility io
;is\i.ss c u n l o r i n a i ~to~.A8SUISOIASQ
~ Q9OOI standard requirements. The
scope ol.llie audit will bc limited to the requirements stated i n IS0 9001
IANSI/ISO/ASQ Q9001.1and existing inremai quality system policies and
procedures. The audit process will be conducted according to recognized
auditiii: con\wulons as ustined tor ASQ Ceniiiea Quality Auditors.
You should p1:in tor thc audit to requm two days of on-site interviewin? and
vwI!.iilg 01 I~cquIICIIICIiL~.
.A drali report will be left alter the audit, and the
I tirid report will he iorwrded w h m two business days. The auditors will be
h e Red ;ind in?self
I The on-siie audit is scheduled for March 3 r d through March 24th. The
audit teain will need 3 room with z table. telephone. and electrical outlets for
computers and printers. The audit plan is enclosed. As a p e d , please for-
w a d the qualit!, manual to illy attention to amve no later than two weeks
before the scheduled audit.
T h n k you for your cooperation in making the necessary arrangements to the
planned quaiity audit. If you have any questions I can be reached at the
CcW-XXX-XXXX.
Sincerely,
I John Doe, ASQ CQA
e/.pjc"w
Chip jones, Client
Copy: Jane Red
Enclosures: i
Figure 9. Notification letter.
Problems Commonly Encountered During
the Audit Planning Stage
Problems likely to be encountered dunng the pianmng stage of an
audit include difficuities related to the availability of personnel and
other audit resources and scheduling the audit.
Availability of Audit Team Personnel. A common detnmcnt or inn-
drance to effecttvc planning for an internal audit is the reluctance of
some organizations to release their people to doeffectwe audit plan:
ning. Most audit team members are not tull-tune members of a quaiity
assurance staff or of an audiung organization. Thcy are etther volun-
teers or people drafted from other areas of the company. such as pro-
duction. accounttng, sales, and personnel. IL 1s often difficult for them
to find the time ~ i i is
a ~oceded to effectively plan :in audit-generally h.
four to sls hours per person.
Availabiiitv of Other Resources. One problem is the lack of avaii-
ability of other resources, such as funding, that can have an effect on
audit planning. Another probleiii is that the auditee may fail to ior-
ward the necessary documents to the auditor in tune to allow adequate
preparation.
Scheduling Difficulties. Often other events i&e pnonty and make
the audit difficult to schedule. Such events could include a major reor-
ganization or merger. Perhaps the auditee has just recetved a major
contract, or the audit is scheduled at the same time a regulatory
agency plans a vistt. The audit is an important event. but sometimes
other events taite higher pnonty.
Auditee Availability. At tunes, in spite of all good intennons, some
auditees can not be available due to pnor business comrmtrnents or
personal ernergencles.
 Part 111

[32 of the CQA exam questions or 21 %I

The psrfonnance phase of an audit 1s [he actual fieldwork. It is the data- h

nathenng portion of the audit that covers the time from the auditor's
L

arrival at the audit locat~onthrough the exit meet~ng.'"

The lead auditor is responsibie for managing the audit. Pnor to amvlng at
the audit location, the lead auditor should confirm that all other auditors 'A,

were properly prepared and that they are aware of <he place and staning
tlme. The lead auditor is determined by the client or audit pro,-ram man-
aser and,.should not be confused with national certification pro,-rams that
classify auditors as an alrdiror or lead auditor.
-
1. AUDIT TEAM MANAGEMENT
The lead auditor should convene the audit team in a quiet portion of the
facility or in a conference room at least once a day throughout an audit.
Some teams prefer to hold daily meetings in the momng, while others
prefer to hold them before lunch or at the end of the day. The tlrning of the
meeting is less important than the topics discussed.
Fist, audit team members share the informahon they have gathered so
far. Then team member; propose conclusions or identify potential problem
areas on the basis of the informahon gathered. If contradictory information
has been gathered or if team members disagree about what has been
observed, the team must gather additional information. Finally, in an effort
to keep the audit on schedule, the audit team discusses what areas may need
more or less attention than originally thought. This discussion redirects or
modifies the remaming audit schedule, which helps keep the audit on track
and prevents the audit team from b e c o m g distracted by m o r issues.
Between meetmgs, the audit team members are "on their own." If a team
member mns into a problem durhg the audit and is u n c e m about how to
handle a situation, the-member should contact the lead auditor immediately.
 In summnry, daily meettngs help a11 audit team (1) discuss and con-
firm obscwations and potenttal findings, (2) determine how they rnlght
relate to ocher areas, (3) plan tor the next day. and (4) prepare for the daily
meeting wtth the auditee.

2. COMMUNICATION OF AUDIT STATUS TO AUDITEE

XI tlic hcginn~ng01.cnd ol etich day. an audit team should meet with the
auditce to discuss what will be.or has been clone that day. This meeting
gives the lead auditor an opportunity to explan what has been iooked at.
what will be observed nest. and where problems may exist.
Con~riiunicat~n~ potential findings every clay serves two purposes.
First. thc audilee can communicate potential findings up the command
chain so that zuditee management is aware of probiems betore the exlt
riieetin~.Sccond. thc auditre c m either confirm or deny that a probiem Soon after the arrival of the audit team at the acidit s~te.the audit team and
Vr
eslsts. An auditce who inslsts that a problem does not exist can offer more auditee gather for an oprnrng meettrig. sometimes called a preaudii con-
data ~nan attempt to conwnce ihe auditor that there is no problem. ference or entrance meetlng. ' h s meeting starts the dam-gathmng phase
A daily meeting ot the audit team and auditee can help prevent diffi- of the audit.
cult sttuations. scich as auditre management's refusing to accept tile audit
team's findings at thc eslt meetlng. If an auditee will not agree to a daily I. PRESENTATION AND REVIEW OF THE AUDIT PLAN
meetin$. the iead auditor must take responsibility for informing the escort
The principal objectives of the opening meetlng are to:
and area supervisors of potential findings in an area. For intemai audits,
Formal nieetmgs may not be needed or desirable. However, the auditee Introduce audit team members to auditee management
should still be intormed daily of progress. whether by vo~cemail, e-mail,
on-the-spot conversations. or other means.
- Establish communicat~onlinks and roie of the escort
Communicate the audit plan by: 1) reviewing the scope and
purpose of the audit, 2) r e a f i m n g the reference standards betng
3. AUDIT PLAN CHANGES used, and 3) describing the methods and procedures to be used
Tlie lead auditor ensures that any change in the audit plan or schedule 1s dunng the audit
proactlvely discussed. during the opening meetmg and obta~nsconsensus Inform the auditee how the results will be reported
for changes. The lead auditor needs to be flexible enough to make audit (nonconformances, findings, or other) and the methods used to
plan and schedule changes at the auditee's request. This is critically classify and pnonuze results
important to ensure that the audit gets off to a good start. At the same time,
the lead auditor must be understanding if the auditee refuses to make Inform che auditee of the possible outcomes of the audit
schedule changes at the request of the audit team. C o n f i log~stics,such as hours, escorts, tentahve schedules,
The iead auditor ensures that all discussed and agreed-upon schedule needed facilit~es,and availability of resources
changes are fully documented in a revised schedule, and comrnu~ucatedto
all invoived parties or departments prior to the interview process. The
- Confum t m e and date for exlt meetmg as well as tntenm auditee
daily bnefings .
auditors are responsibie for ensuring that audit plan changes do not result
in saerificins the ori~inalt m e allocations established to effectively evai-
 Additionally. if applicable, the openrng meetlng may: DAY ONE:March 23.20XX
Inciude a revlew of prevlous audits Item/Eiement Areflunetion Contact / Auditor / Time
Help ensure that the audit team understands the confident~ality
agreement
Openmg
meeting
Document
Conference
room
Quality
All / All 9-9:30 .A.M.

Verify requ~redsafety and secunty clearances Control assurance Ms. Aposuophe Mr. Brackets 10-1 1 A.M.
Ident~tyloc:li language Issues and concerns (different languages Customer
used in the work place, slang, word usage level) Requirements Marketmg ivlr. Colon Ms. Dash 10-1 1 .&.hi.
Desrgn and
Ident~fywork agreement requirements between management and Development
labor that may affect the perfomance of the audit ..
Control R&D ~ ..
The opening meetmg establishes the best climate for developing rapport
and sets h e ground rules for conducnng an audit. Before an audit starts. mdi- Figure 10. Detailed audit schedule.
vlduals should know the daily audit schedule and what to expect in the exlt
meeting. \vntren repon. corrective acuon I-eques~s.and possible follow-up. Cr

The structure of the openmg meetmg should be ilexible and the levei of for-
mality will depend on several factors. mcluding the audit scope. the purpose,
the size of the audit team. and whether the audit 1s internal or
While an openmg meetlng should always take piace. in the case of an
internal audit. it is frequently a-short, informal meeting. Often there IS
more lnteractlon between ihe audit team and management in the prepara-
tion stage of internal audits. Since internal audirs usually occur on a fairly
regular bas~s.all partles normally understand what will he examined
before the audit takes place.
Roles and Responsibilities of an Auditor
The enure audit team should attend the operung meetmg, whch 1s conducted
by the lead auditor. The lead auditor prepares the meeung agenda and often
hands out copes in advance. At the opelung meehng the lead auditor:
Introduces audit team members and presents theu credent~als
May present the audit checklist to the auditee
Sets the detailed audit schedule (see Figure I0 for an example)
Describes the quality-related documentatlon used to deveiop the
audit plan
Ensures meenng mlnutes and attendance are recorded. These
dutles may be completed by the lead auditor, or the lead auditor
may asslgn the dutles to an audit team member
Verifies that auditee's management has communicated to
employees and other Interested parties, such as a unlon, that the
audit 1s belng conducted
The lead auditor should also describe the audit process and the anuc-
tpated benefits. The lead auditor should allow tune in the schedule to
answer any queshons From auditee personnel. ., , 4

Restates the purpose and scope of the audit ln a clear and

diplomahc fashon
May refer to previous audits of the facility and previously reqwed
correcuve actlon
Roles and Responsibilities of an Auditee
Auditors expect at least one representative of management to attend the
opening meehng. The management team member may be the person who
-
coordinated the audit on behalf of the auditee oramzauon or someone
, I/
; /1
!I!
/I #
else. Other responsible and interested parties, such as the supervisors or 1I
May ask specific questions as a result of the document renew or managers of the areas to be audited, may attend. In some cases, the lead : !.j
.
other lnfomatlon provlded to the audit team
auditor may specifically request certain representahves or may suggest
Soliclrs areas of interest from the auditee or menhons areas of rmnimum attendance based on the auditor's judpment (for example, if the . ..
specific concern room 1s too small to hold many people, if the wrong people want to attend,
or if tiierc are culture issues). The auditee's senior management represen-
t:iavc should bc irn'lted to introduce hisfher attendees.
The auditee should be expected to achieve consensus with the auditor
on the following:
Thc individual who will rcprcsent the auditee on all matters
during the audir
- Facilities for the audit team's use
- . - .
- Support personnel to be provided: escorts. specialists. line
personnel. etc.
..SaSety and regulatory requirements
Piatc.ctioii a t proprteiary rights."
If mcinbers 01' ;in auditre's ~ [ a f f d i ~ a g r ewit11
e or need ciarification on
any 01 [hi: lead auditor's statements. they should express zi opin~onor ask
tor clarification ;lr this time. For example. ii' the stxed scope of the audit
docs nor match the audiree s expectations. the auditee must point out this
fact at the opening meeting, rather than dunng or on completion of the audit.
Sometimes an auditee may wish to make a presentation to acquaint
the auditor with the firm or give a plant tour to famiiianze the auditor wlth
thc facility. Brief presentations or tours are permissible and at times hlghly
desirable: but if the time spent on these activities becomes excessive, it 1s
the lead auditors responsibility to politely call a halt to the proceedings
so that the audit schedule remains intact.
When an audit is not moving along as planned, the auditor can say:
"I'm really enjoying this conversauon, but all of us have a lot to do; so
what do you say we get started."
'This tour has been very helpful, but I mnk it has accomplished what I
needed: so let's stat the audit mterviews."
"Since we have so many areas to cover today, can we speed things up so
we don't have to stay after worhng hours to complete the audit?"
"What's next on the schedule?" (The auditee notes the next step from the
provided copy of the audit agenda.) "OK, let's move on so we don't
affect the operation."
2. CONFIRMATION OF AUDIT LOGISTICS
A number of logist~calissues need to be settled at the opening meetlng.
The number of Issues will depend on whether the audit is ~nternalor
external, the size of the organization. the size of the audit team. and the
complexity of the area to be audited. lssues include but are ilot necessar-
ily limited to:
hleetiiig roonls for audit team use and I'or daily ttudiree brielin:s
. Office sp5ce for auditors
Access to necessary facilities and equipment required for
verification activities
Documents and records needed
Special safety. environmental. or bscurity issues
Facilities tor the safe storase of confidential records
Access to telephones
. The distances between areas to be vrsited
-
Housekeeping items lrest rooms. lunchroom, break area)
An escort
Tours"
An auditee should provide an escort for each subgroup of the audit
team. (An exception can be made for internal audits if the auditor 1s
already familiar w ~ t hthe organization and activities belng audited.) The
escon accompanies the auditor on the entue data-gathenng portion of the
audit and serves as a lialson between the auditing orgmzation and audi-
tee management. The escort performs personnel lntroductlons and pro-
vides cianfylng information as needed. For example, an escort can sug-
gest a way of rephrasing a question, perhaps by subshtutlng termnology
more familiar to the person being interviewed. However, the escort should
refrain from answenng questions for the auditee unless asked to do so by
the auditor.
Other duties of the escort mciude:
Providing or requestmg supplies and records requued by the auditor
Actlng as an observer for management, and providing an overview
of the auditor's observations, findings, and conclusions to auditee
.. "..............
 - Acting as a guide for the auditor
Confirming or dcnying that z discrepancy or nonconformity has
been found before moving on to the next area to be audited
Ensuring that auditors comply with company rules, including
safety rules
3. DISCUSSION OF AUDITEE CONCERNS
- - . -. .
It is not unusuai for an auditee to have concerns about an audit. Auditees may .--.-
be unfamiliar with the auditor's mode of operation. Or an overly conscien- '*"
t~ousauditee may be obsessively concerned about potential deficiencies. The
opening meeting can senle to allay these and other auditee concern^.?^
For t111rd-party audits. the lead auditor addresses and obtains consen-
sus to the foilowing potential concerns ot the nuditee dunng the opening
meeting:
Audit plan or sci~eduiechanges
Nonconformance or noncontormity reporring
Process for providing additional evidence to address a potential
nonconibrmance or nonconform~ty
For second-parry audits, the lead auditor addresses all clarifications
related to the criteria or guidelines aganst whlch the audit will be per-
formed and the usage of the audit results.
For first-parry audits, the lead auditor addresses concerns related to
reflection of auditee job performance based on the audit results. Auditee
difficulties wtth the implementation of procedure or work instruction is
the greatest concern dunng first-party audits. It may be helpful if the audi-
tor emphasizes that the systems and processes are bemg audited and not
the individual employees.
-
--
-.
..~
-
~- ~~
-~
.-- -
>-
- r
An audii team should employ one or a combination ot sevcral. auditing
strategies dunng the data-gathering phase of an audit. As ciata are gath-
ered. the audit team should reassemble periodically to sort i t and to fornl
tentative conclusions. If the data that have been gathered ate unclear or
contradictory, the audit team should determine the need for additional data
that can be used to confirm or deny tentative conclusions. The audit team
1s also responsible for ensunng that an auditee representative is made
aware of potentla1 problems as they surface.
The data-gathering process normally takes most of the time and effort
in the performance phase of an audit. The job of an auditor is to collect
factual information, analyze and evaluate i t in terms of the specified
requuements, draw conclusions from t h ~ scomparison, and report Ule
results to management."
When using a particular audit strategy (department or element), the
auditor must be aware of the interconnectedness of the departments and
quality-system elements. If an auditor's focus is too narrow, the results of
-
.-".
the investigation will not be comprehensive or reflect the actuai situation.
For example, an auditor conductmg an audit of the sales department
should reco,@ze the interconnection between the process of identifying
customer requxements, activiues related to design requirements, customer
feedback activities described in control of nonconforming product and ..~.. . ,
~
correcuve actlon, credit approval guidelines. and so on. :, 3 .
i: j .
In auditmg, information or objective evidence can be gathered in sev-
eral 'different ways. The auditor may examine documents and records,
-"
interview employees, physically examine samples of product, and observe
work in progress. The auditor must sort and summarize the objective evi-
dcncc gathered lobservru~ons)into a format that will bc useful to the client
and/or auditee.
1. DOCUMENTIRECORD EXAMINATION
An auditor must he well-tniriied in methods tor examining documents and
I-ccords.A docuinc~~l specifies ~ 1 x 1 1.s/ro~~l~l
be done: 3 record specilies
what lrm been done. Docin~re~iis are written instructions or procedures
that establish a practice or tell a person how to do aj0b. Examples of doc-
uinents includl: writlei1 work instructions. purchase orders. proccdurcs.
diagrams. dn\'ings. and blank forms. In contrast. records resuit when a
particular step or process is performed as directed in the documents.
Rtcord< :ire tv~dencct h ~ practices
~t outlined in documents have been
pertormed. Thus. records venfy thth the actions specitied in docurncnts
have indeed taken place as required.
Reasons for Examining Documents and Records
Documents and records must be examined for the following reasons:
To ensure that docuinents adequateiy meet h~ghertier
requirements, such as policies, codes. and standards
To ensure that records provide the objectwe evidence to
demonstrate product acceptability and the appropriate
~mpleinenrationof system/process controls
To provide the auditor with an understanding of the
system/process under investgation
Document and record examination may reveal incomplete, conflicting,
or incorrect information that must be addressed by the audit team. The
implementauon (deployment) of documents (policy, procedure, plan, etc.)
are normally verified through examnation of records, interviewing, physi-
cal examinatton and observing work.
Document and Record Considerations
To ensure that documents and records reflect actual practice, the auditor
should verify that thcy ilrc secure, permanent, current, and accurate.
Records should not be accessible to unauthonzed personnel. They should
be backed up or stored in more than one location. Wntten records should
be pemianent-wntten in ink, unless environmental circumstances do not
allow recording data in ink. For example. some chemicals used in labora-
tones may cause reactions when they come in contact with ink, so an
alternate means of recording data would be permmible. If records must
be changed. the changes should he dated and signed or initialed. The ong-
inai ~nforn~atioii shouid be kept intact so that the new information and the
reason l'or the change can be sssessed. Er~suresand use of correction fluid
ure stnctly forbidden on records.
Documents shouid be curent and available to the peopie who need
them. Sometimes. what an auditor sees on the production floor does not
match the documentation because the documentation has not been
updated as procedures have changed.
Some documents and records reside in computer programs. Access h
and changes to documents. as well as changes to computer code. must he
controlled. For records. controls should be in place to limit who can
access records. enter data as a record. control record changes, and control
code changes to the softwnrc.
Tracing IS a common means of collecting obje~ti'e evidence (Facts)
dunng an audit. An auditor may read a procedure or become familiar with
a method and then observe others attempting to accomplish the procedure.
If it cannot be done. the auditor needs to d e t e n n e whether the procedure
is inaccurate. which could indicate that the person who wrote the proce-
dure did not understand the process or that the process was changed and
the document was not updated. The altemauve is that the process is being
improperly performed, wb~chcould indicate that employees have not been
adequately trained.
An auditor may examine items to verify information. For example, if
a record says "thls cabinet was panted blue," the auditor examines the
item to see if it is mdeed blue. If the records states "there we 10 noncon-
forming items awamng disposiuon." the auditor should go to the noncon-
forming bold area to count the number of items awaiting disposit~on.
Documents and records can be sampied to verify &at they are accu-
rate. Sampling is employed when 100 percent inspection is not practical.
To test the accuracy of a document, an auditor reads it and then goes to
where the work is being performed to observe andlor interview operators
about the process. In the case of records, an auditor can sampie portions

of a record by verifying that the recorded result occurred. This verification
can be done by talking to the person who recorded the information or by
alternate means. sucli as cross-checking a log calculation.
2. INTERVIEWS
Interviewins, the process of obtaining informatron from another person rn
response to questions. IS an important and widely used form of data col-
iection in auditing. However. verbai statements arc hearsay unless corrob-
orated. Auditors must realize that the Interviewer may have a hidden
agenda or certan biases when responding to questions.
Interv~e\vsare nornially conducted one-on-one: but an audit team may
occasionnlly find i t necessary to interview groups of individuals or to con-
duct .rnterviews by teieplione or videoconterencing. While one-on-one,
face-to-face interviews arc preferable for ohtaui~nginfomiarion. other
methods can conserve resources.
Int~.rvrewsare used in audits to gain insights, clarify information. con-
firm or deny suspicions. and elicit details that may nor be brought out by
other audit activities. Arter has suggested using 3 sis-step Interview
process developed by Frank X. Brown."'
I . Put the interviewee at ease.
2. Explan your purpose
3. Find out what they are doing
4. Analyze what they are doing
5. Make a tentative conclusion.
6. Explain your next step.
When conducting an interview, the auditor should begin by introducing
hmself or herself and'putting the interviewee at ease. The purpose of the
interview should be explained, followed by general, open-ended questions
that get an interviewee tallcing about the job. An auditor may simply say,
"What are you doing?" or "What tells you to do that?" If the intervlewee's
answers c o n h n the documentation. the information has been corroborated.
If not the auditor needs to probe by askmg more specific questions to ascer-
tain if a work problem does indeed exist, or whether the interview is being
hampered by mscommumcation. An auditor may not understand the process
the interviewee describes, or the i n t e ~ e w e emay misinterpret or fail to
Clionrer C Darn Collecr~o~r 83
understand a question. An escort can often help clarify commumcation prob-
lems resulting from unfamiliar terminology by rephrasing a question. An
escort should not be pernutted to answer for an mterviewee, however.
When auditors make a conclusion about whether necessary controls
are in place, they must communicate the prelimnary conclusions to the
interviewee and/or escort. For example, an auditor could say, "That's
good. I t looks to me as though you have a thorough understanding of the
requirements of your job and are doing good work." An auditor who sus-
pects-z~otentialfinding could say, "It iooks like we nught have aproblem
rn this area. I can't see where those controls are placed." Such comments
give the interviewee an opportumry to offer more information. If the inter-
vlewee is able to allay the auditor's concerns, no problem exists.
The auditor usually takes notes throughout an interview and should
take a few minutes at the end of each interview to ensure that the notes
will be complete and meamngfui when reviewed later in the duy. If exten- .-
sise note-taking is necessary, it may be best for the auditor to step out of
the room or into a secluded iocation to record observations so that the
rnrerviewee will not become unnerved by the auditor's recording large
amounts of information.
In all communications with the auditee, the auditor must focus on the
situation, issues, documentation, actlvlties, and/or behavior-not on the
person. When commumcating with auditee management, the auditor
should avoid naming individuals whenever possible.
People respond readily to inquiries and offer helpful suggestions for
improvements if they feel that the audit team is smcere, appreciates their
views, and has their needs and interests at heart. Each person involved
with an organization has a unique perspective, as does each member of the
audit team. One person can filter information differently from another,
miss an angle, or stop short of getting the full story. For these reasons,
facts stated and other data collected during an audit lntervlew must be cor-
roborated to ensure accuracy. The information can be corroborated in one
of three ways:
1. Another person, preferably from another g o u p or management
level, says the same thing.
2. Another member of the audit team hears the same thlng from the
same or a different source.
3. An Item, document, or record verifies the action.)'
Steering the Auditor Toward Specific interviewees Not
The auditor should sag
Several types of problems niay occur dunng interviews. and auditors
should bc trained in techniques that minimize such interference. One How (where. when. who. what. Do you record the tesr.results i n the
sucli problem occurs when an auditee attempts to steer the auditor toward why) do you record the tesr resulls? lab log book'?
spccitic tnterviewees. Auditees often prefer that auditors intcrvrew cer- How do you know thts value is nght? This instrument is calibrixcd. isn 1 it?
tain personnel and avoid certain others. However, this person's h o w l - Whut is rhe fin1thing you do? First you set up the equtpment. nghi?
cdxc mav iiot bc typical ofothcrs in the organization. Therefore, the audi-
lor shouid lahe ciiai-gl: of [Re selection process. How do you know this is thc current Is this drawtng curreni (correct)'?
An-auditor shouid approach an area and look around !o see who is icorrect) version ot the drawing'!
doing what jobs. Candidates for interviews can be randomiy chosen as How were you maned lo perform Did you read <he standard opemiins
Ion: as it is safe to intemipt them in their jobs. The auditor should follow this procedure? procedure dunng trmning?
thc intcrvtew protocol described on the precedins pages. What are tlir reporting requirements Don't you have to notify your
11 ail auditre insists that il specilic person is unavailable for inter- for noncontornnnces? supenxor whenever a
viewin:. the ;itiditor should be consider~tebut persistent i f the interview nonconformance occurs?
is si1a1 ill the succcss 01' tlic audit. Without bein: threatciitng. the auditor
can su::est that the person's unavailability may prolong <he audit. A state- What is ilie standard procedure tor When a customer calls. don i you h x e
responding io customer cornplatno'? to record ihe details on Form )iX?
men1 such as "1 may h a w to stay over for another shift" may gain the audi-
tor thc desired cooperation. Is rhls equipment calibrated? How Does this sticker indicate that the
do you know'? equipment is calibrated?
Answering for the lnterviewee How do you know how to do this Do you follow ihe procedure for thls
Another common problem occurs when an escort or area supervisor operation? operation?
answers for the intervlewee or intimidates herhim. An escort generally
What do you do with the finished Do you place [he finished product on
stays within iistenmg distance and takes notes, but should step back the rack?
product?
slightly. An ideal arrangement is for an auditor to sit or stand between the
interviewee and the escon. facing the interviewee.
Figure 11. Open-ended questions conrrnsred with closed-ended questions
An escort is to be an observer only and should not be involved in the
interview unless there are communication problems. An auditor can m n -
imize an escorr's participation in the interview by directing questions to
and maintaining eye contact with the interviewee. For example, questtons wlth the questionmg. Leading questions can be avoided if the auditor asks
about machine setups and the measunng of parameters are normally open-ended questions, such as those in Figure 11. Addiuonally, if an audi-
beyond the knowledge of an escort. If an escort starts to answer for an tor goes into an interview expecung to hear c e n m answers, the audit results
auditee, the auditor needs to redirect the question to the interviewee, likely will be biased.
avoiding eye contact with the escort. If an escort conunues to interfere, an
auditor shouid say, "I prefer to get the informatton from Me staff member." Communication Problems
Communicatmn problems or other conflicts may occur between auditor
Asking Leading Questions and interviewee. CommunicaOon problems are probably the pnnclpal
A different land of problem occurs if an auditor asks leading questmns, difficulty that must be overcome durmg an audit. An auditor can nuni-
expecung to hear certan answers. An auditor should not lead an interviewee m z e the effects of mlscommumcation by relylng on the escort to correct
misunderstandings and by corroborating all information through one of
the methods aiready mentioned.
An auditor who does not have a good grasp of the process being
audited may not ask the nght questions and may realize only after com-
pleting the interview that imponant issues were not addressed. To recover
troin such an overs~ght.the auditor may revisit the area or rase the Issue
at thc daily meeting for necessary action.
Other types of contlicts may lnclude empioyees who are hostile to
rinyonc in authority. Sometimes interviewers are unable to concentrate
becaus; they are distracted by the fact that their jobs &e not getting done.
People are afraid to say. "I am very busy. I need to complete t h s test. Can
you conic back in 10 mi~iules?"A good auditor will sense when an inter-
viewcc IS prcoccupied, movc off, and find other ways to keep the audit
inovlng. Aiditlonally. the auditor should guard against reacting rmprop-
erlv io eiiipioyces who h : w -hidden agendas" or "ascs to gnnd."
3. PHYSICAL EXAMINATION
The typ?s of physicai esaminatlon tools used by auditors can vary widely
depending on the industry. An auditor needs to be familiar with thetools
and techniques applicable to the industry or company being audited. In
addition to knowing which tool to use in what situation, the auditor should
bc aware of the problems that can anse if tools are used incorrectly or
inconsistently. If the auditor has no espenence wtth the necessary tools, a
technical expen should be included as part of the audit team.
Physical exarmnation tools are normally associated wlth product audits.
In a hruvy manufacturing environment, an auditor may use calipers, steel
rules, or micrometers. for example. to take measurements. An auditor may
31~0observe others using these tools in order to verify that a product meets
cenan charactensucs. In most circumstances, it is essential for tools to have
been properly calibrated; however, exceptions do exist (e.g., a volt meter
may be used to detemme if power is turned on or off, not to measure volt-
age). If the auditor uses measuring devices that require periodic calibrating,
the audiung organmuon should follow an accepted caiibranon pro,gam.
Beyond examinanon of finished product, all tangibles can be physi-
cally examined and characterized in some way. Tangible items that have
physical properties may include m a r h g s on tags, types of packaging
materials, condition of work area, and ihousekeepmg), condition of equip-
ment. Physical examnation is one of the most relyable sources of objec-
tive evidence.
Before takmg an 1nspecUon tool in hand, the auditor should be aware
of work rule restrictions that may exibt in union shops.
4. OBSERVATION OF WORK ACTIVITIES
An auditor observes '.work in progress" to see if it meets requirements. An
auditor gruns this knowledge by monitoring a process bemg performed to
see how the work is belng done.
Obsenmio~zmeans "to watch attentively" or "to watch or be pre-
sent without participating actively." Hence. auditors must be well-
trained in observation techniques so that they learn how to observe
closeiy but not obtrusively. Because an auditor's presence may be dis-
tractlng to peopie at work, the auditor needs to nlinimize any inrerfer-
ence resulting,.from it. An auditor also should realize that disrupnng a
worker may be unsafe.
An auditor needs to know when to observe work. For example. if
auditors desire to observe work being done by different shifts, they should
be aware of when shift changes will be taiclng piace. Auditors should
avoid retaining people through shift changes or dunng the~rbreaks.
Most importantly, auditors need to understand what to observe and
what they have seen. For example:
The auditor should establish if the product is made according to
the documented procedures by the mdividuals responsible for
using the specified equipment. The auditor records the results of
observanons.
. When lookng at equipment, the auditor should note the type,
condition, use, and any identiiicahon tags or numbers. The auditor
should also establish that the equipment has been properly
mantaned and calibrated, if applicable.
The auditor should verify that employees are familiar w~thpolicies
and procedures, that they know their responsibilities and roles,
 -
I .-
&
and that they have the necessary training. skills, experience. and
authority to perform their jobs.
When revlewmg dociu~~r~rts an auditor should verify contents,
. i;
. ...
j'
type. scope. tormat. readability, and date. How the document has
been filed and distributed and the method by which modificat~ons
-
~----
=
.
i..
have been made are also important. .= k
&
By listentng and watching, an auditor should be able ro ascertain if
what tile worker 1s doin; supports the procedures outlincd in quality-
i1
'-

related ilocumcntarioii. It 1s usually best if an auditor obscrves people

doing their actuni work mther than creating work for (hem. . . . .. _ .-

Working papers are the documents required to facilitate the auditor's

investlgarlon and to record and report results. Worlilng papers are an aid
"-
to the auditor and should not restnct the scope of the audit act~vit~es or
h~nderthe rffect~venessof the investigation or report.

1.. DOCUMENTATION OF AUDIT TRAIL

Auditors require papers to record audit results dunng fact-finding lnrer-
views. The following working papers may be used dunng audits:
- Related audit procedureslinsuuctions/gu~delines
Sampling plans
Pertinent audit standards (if any)
Questionna~re(questions requiring ev~dence)
Audit checklists (yeslno, suficient/defictent, acceptablelnot
acceptable)
Memory jogger's
Auditee feedbacWevaluation forms
Log sheetslforms
Forms to record negatwe results that require corrective 01
preventive actlon
Attendance record form
pue sapnu~o~uosuou Z q o d a l l o ~s~seqaql aq EM stsXpu~a m y~.repuqs
~o/puesannsarqo & e n b 01 a s m o ~ u o4s m a i a p JO asodmd aw JOJ lypnr,
ayr 4mmp pa1aqlc2 EITpue uopenuoK 30 uopenpna aql sr s?sLlmw
.uoqeluasald pue ' u o n m p a n 'h~reurruns'srsLput?
JOJ are a n p palaqeZ 30 sasn u y m a m ~iuaruano~drn~ snonuguos JOJ
seam m u a p r 01 p m spmpueis loput? sa~qsarqoX ~ p n b01 asuemroJuos
JO aaGap a q a u p a i a p 01 asuaprna anqsarqo sc elep lawe: sloiypnv
.(san~isaiqouonczgnBla 10 'ampaso~d'Xxlod jeuraiul 'pnpurtis)
iuaruambar c 01 a4t:quq Xq pauoddns aq pjnoqs s2qpug ITV,'pa~aqurnu
p m paisg aq plnoqs ~ u a w a ~ ayi c ~ s103 srseq aql ~ o q ise q S I am~ uaqL
.maurnsop Zugjonuos JOJ i u a r u a ~ ~ n buar c~~ 4 o ~Qdp n b aqi ' a ~ d m x a103
-uonuanc JO paau ur SI ]em iuarua~aIonuos nqnsrmd a q l ~ luamaiclsa1 o
jauq e Xq paMoI1oj aq plnoqs iuau~a~eis 2mpug 4 x 3 ,;shqap ajnpaqss
pue sunuano is03 aSne3 plnos q s r q ~Lpa~~olluo:, IOU arc sluarunsop uon
-sru~sur~ J O M , ,'aldmxa loj-walqo~d 1e~auaZe 30 iuauraieis asrsuo:, puc
n a j s c aq ~snru%!pug q ~ c xpne z am 4uunp pa~anosunSI:,EJ Ire sassn:,
-s!p pun s ~ o weals aqL '4urlaaur m a aqi ie aanpnc aqi 01 sllnsa~i!pnr:
2unuasa1d a o p q palsajlo~a:,uaprAa aql Sj!ssep puc azilcuc 01 aurn rcu!~
c laaiu slaqmaru ruca upnc 'pasol:, sr ascqd ZuuaqicZ-elcp aqi a s u o
'UOTIISO~
c h a p 10 ~ J ~ I 01 O elep
J aiow syaas u c a vpnc aql ~hoi:,!pn.nuos aq
\ wos ~?u~ut:x;i
01 sJc?ddt: U O I I ~ U I J O ~J I .asuaprr\;, i j ~ l a , puc 01 1du;lm
smqruaru weal .sSuiiaaw .ij!ep ~ a q u~ i . p a q l e Z si 11 sc cicp az.ilcur:
01 l d w a i l ~Q~nnunuo3smqwaru liucai 'i!pnc uc 40 aunos aql inoqZno~q~.

-
.- .i!pnc aqi jo i ~ o i s r qaqi ? p ~ ~ o l d
puc suoneuasqo p~osal01 a x j d e a p r ~ o ~plnoqs
d s.radcd S U ~ J O~Ap n~ r :
-
-- - aqi Zuunp pasn sladcd S U ~ J O1yc
M a ~ o ~ d plnoqs
dc .Iol!pnc psa1 aqL
-... .asuaprna annsalqo plosa101 pasn an! sladnd
- Jaqio put? smro.~'sJoi!pne u a a ~ ~ X~uals~suos
aq aplno~dpop a:,ucru~o$uo:,
30 asuap~naan~isalqoaprnold a1reuuo1isanb puc sxqqsaq:, upnc aqL
audit findings. This evaluation may be the result of the auditor's professional
judgment, or the auditor may use staUsucal techniques. The auditor needs to
be able to apply rood judgment as well as have ;I worhng knowledre of sta-
tisiicni ai~alysistcchriiqucs. Whatever the mcthod of cvaluauon or analysis
uscu. the auditor must ensure that drc~sionsmade froill data and inforn~auon
gathercd d u n y the course of the audit stand up to scrutiny by others.
An auditor must bc able to summarize the results ofdata analysis Into
;I u n ~ l i dsiatcmcnt about thu adequacy and cffectivcness of the process
rcprescntcd by the anaiyzcd data. The ;~uditorshould esaiiiinr patterns or
trends a i d cons~lidaicsimilar observdtions into a single finding.
Pnor to the final presentatton to the auditee, the audit ream members
should review the final results. judgments. and analyzed data to confirm
the accuracy 01 the data and the decisions denvcd from that data. In the
event ol a conllict between members of rhe audit team as to the accept-
;ibilitv ot the audit resulis. the lead auditor is responsible for resolving all
issues an3 dctermiii~n~ wli;it shouid be reported. The other members of the
audit lemi I I ~ U S Is~ipport~ i i edccistoo of the iead auditor. Verification 1s
done primarily to preycnt errors in the reporring oS audit results.
Facts 01 the audit x c prcsenied at the exit meeting and in the final audit
report. The methull of presentation depends on the type ot data analysis
used. The rcporiing method should enable the auditee to understand the
finding to tncilitate investigation and to take proper corrective action.
I. CORROBORATION AND OBJECTiViTY OF EVIDENCE
An auditor measures compliance with and conformance to specified
requirements by gathering and analyztns O b j e ~ t l ~
evldence,
e "information
which can be proved true, based on facts obtained through observation,
measurement. test. or other m~ans."~'Objective evldence is uninfluenced
by prejudice. emotlon. or bias. I t is anything that can be proved or dis-
proved when requ~redactlvitles are t&ng place. Records, wimessmg an
event, and discussions with personnel could all be sources of 0bjectlve
ev~dence.Sampling different sources 1s a means to verify the observation
as objective ev~dence.Two auditors examining the same objective evl-
dence should be able to reach ihe same conclus~on.
An auditee presents evidence to an auditor to prove that the audited sys-
tem works as the auditee has explaned it and that wntten documentation
exists to support the system. If something cannot be observed, then it must
be verified with a record. A check sheet that confirms a particular actlvzty.
or minutes from a meetlng can be ObjtCU\,e evidence. If an auditor talks to
a supervisor and get. one story. and then talks to several operators mdepen-
denkly atid hears Uie same cxplaiiations, rhat auditor has corroboration of thc
evldencc for the investi~auon.Techni~~ues to corroborate information from
interviews were presented in chapter C. "Data Collection."
Corroboration methods are used by the auditor to make more ceriain
about or io validale data that could be considered unreliable or quesl~on-
able. lnforniatron from interviews must be corroborated by asking another
person or chechng records and documents. Another corroborauon method
may be to check different shifts or departments to establish consistency or ~.
... .
~
inconslstcncy.
Evidence should be collected on all matters related to audit objectives
and scope. Evidence can tnclude procedures or work rnstructions and proof
of thelr implementation. esanilnauon ot personnel training and quaiifica-
rioti records. esamination ot process controls and records. a d reesamlnri- h.
tion 01 selected work. Evidence needed to support the auditors findings
may be physical. testimonial. documentary. or mnlytical. Objectlve cvi-
dence niay*beobtained internally from the organrzation under audit. ester-
nally from thlrd parties. or by coiilpanng evidence obtained from two or
more sources. Evidence obtamed from independent, estemai sources is
generally more reliable than information obtaned from Internal sources.
Knowledge obtained throush physlcai exmnatlon, observat~on,computa-
tion- and lnspeclion ts more reliable than interview comments. Evidence
denved from records is likewise more reliable than oral evidence. Any evl-
dence should be suffnent. complete. and relevant, to be useful as a sound
bass for audit findings and recommendations. .4 rational relationship
should exist between the cost of obtauung evldence and the usefulness of
the eviden~e.'~For example, the costs involved in shutnng down a manu-
facturing piant to obtaln data or in traveling to 100 service centers to ver-
ify that employees know the quality policy may not be justifiable.
2. DATA PAlTERNS AND TRENDS
At its final gathenng before the exll meeung, audit team members evalu-
ate the accumulated data; they sort 11, see what supports it and what 11sup-
ports, and look at it away from the sltuatlon to see what it means. Any
finding should be clear to a reasonable person. The auditor has to look at
the evidence found, its reiution to the purpose of the audit, and its impor-
tance to the entire scheme that lias been audited.
The lead auditor must make every effort to resolve contradictory evi-
dencc or open issues prior to reporting the results of the audit. However,
if contradictory evidence lias been gathered and the audit team cannot
obtain additional data, rile contradiction should he included in the audit
rcport as 3 finding or observation. and clarification should be requested. A
supplemcntal report can be generated if needed to clarify the onginal audit
ircport.
Througli unnlys~sol':i~iditdata. he uudit team can distinguish between
systcrnlc and isolated incidents. An auditor who detects a possible prob-
lem looks for a recurrence. If subsequent data show recurrence of the inci-
dent in several placcs. it is a systemic incident. Data that reveai a trend and
pattern may also support a conclusion that an incident is systemic rather
than isolated. For example. if one piece of equipment is overdue for cali-
bratioii by about n month. but all other equipment is in calibration. the
audiree may havc a good calibrar~onprogram and the one piece of equip-
incnr IS an isolated case. However. if a high percenmge of equipment has
~iotbecn czlibratcd on scheduie, thc probleni is systemic.
Thus. an auditor needs to look at things from a system standpoint and
try to assess how the overall system is worktng. If, after preliminary eval-
uation of data. a problem appears to be systemic, the auditor may need to
draw another sample. Once i t has been determined whether a problem is
a systemic or isolaled event, it can be classified for reporting purposes.
3. CLASSIFICATION OF OBSERVATIONS
An auditor uses several techniques to classify and prioritize observations
before the exit meeting. In any audit, nsk is associated with reporting a
finding on the basis of available data. An auditor may fail to identify a sig-
nificant problem or may Identify a problem that is not significant. Evalu-
ation is often based on a relatively small sample and, therefore, mvoives a
large sampling nsk. A problem or noncompliance may be classified as a
nonconformity, noncompliance, or finding. The auditor should also group
"like" observations under similar findings or nonconformances.
The risk-benefit ratlo is a method of analyzing the risk of reporting
(based on the sample) or not reporting compared to the benefit to be
gained by reporting or not reporting an area of concern. Criticality refers
to the importance of an observation. If there is significant opportunity for
project failure or a safety concern, a cntical activity or item should be
reported after one occurrence as opposed to multiple occurrences for an
Item of lesser importance.
Additionally, observations may be classified as nnprovement points or
positive practices (not a violation of a requirement). An observation of a
process or system that is very effective may warrant reportins the obser-
vation as a positive practice.
Depending on the client, <he industry, and audit procedure requ11-e-
ments. auditors may define and rcport other clussifications ior obssrv:i-
[ions. The other classifications include concern. -0bservauon. issue, and
continuous improvement point. They are not violations o i a requirement;
hut based on the auditor's experience. thcy are noteworthy and in some
cases they could develop into a problem if not corrected. A11 classifica-
tions of observations should be identified along with expected follotv-up
actions. *r.
4. CLASSIFICATION OF NONCONFORMANCES
An auditor must sort and classify facts based on the seventy of the prob-
lem. the frequency of occurrence, and the nsks associated with the prob-
lem. The terms no~?co~npiiance and 1101icot1fort7lnr1ceare frequently used
to report the results of the audit. In common practice, these terms are
used interchangeably. The most cntical problems are often called major
nonconformances. Reporting problems found during the audit as non-
conformances is one of the most popular reporting techn~ques.A non-
conformity is nonfulfillment of a specified requirement fANSIIISOIASQ
AS402-1994,2.21) or alternatively a failure to meet a requirement. Most
quality system registrar auditors are taught to report nonconformances,
and consequently many auditors of registered organizations adopt t'he
same method of reporttng. A nonconformance may be systemic or iso-
lated and major or mnor, depending on its effect on the product, service,
or system.
Some audit organtzations report problems found dunng the audit as
findings. In general, tbe repomng of findings is c technique m whlch only
systermc issues or conciusions regarding individual processes or systems
are reported. S o m e h d i n g s are more mportant than other findings-all
findings don't have the same importance to the organizauon being audited.
 The methods used to classify audit results vary from organization to
organtzation. Some organizations classify findings as major or as category --.:I
i findings, whilc observations are classified as minor or category 2 find- --
rngs. Others simply report the tindings in the order of their importance. .&
Sorting and classifying nonconfomties and findings is a method to a s s e s s 7
their significancc.
klinor nonconlorrnlties usually do not denote a system breakdown, ---
but they could ~ ~ s uini tone in the future if not properly corrected or con-
taincd. Whatcvcr tcrnls arc uscd to report the results 01 thc audit. they
should be clearly defined by the audit organizauan. - ., . ~
-
-
-
---
5. CONCLUSIONS
For audits that x e meaunng conlpiiance. or fuUillment or requirements. the
lead auditor should report the overall d e r e e to which those requirement; are
hein: mct. The audit conclusion sliould m:ttch thc :iudit purpose. For exam-
ple. 11 the purpose vl11ie :iuilit is to detemline if the extsting controls comply
\\pithinternatioixil ~rdiillurdsand x e being m3intained. then the audit conclu-
sion should state the degree to which this has been accomplished.
son^ audits measure not only compliance. but aiso the efliciency and
e#ectiveness of the controls that arc in place. If a control IS attempting to
achieve a certain result. an auditor can determine if the des~redoutcome is
being achieved by analyzing observat~onssuch as: "the presence ot dam-
aged material in a warehouse indicates that matenal handling procedures
Employee awareness, and dissem~nationof established quality
policy
Teamwork and employee involvement with management
parucipation. and demonhlmted resource conlmtrncnt
Auditee organization's business and strategic pians, culture, and
values
Cntlcui system issues. rather thdn nitpicking trrvi a I'itics
Opportunit~esfor improveiileilts, without acting as a consultunt
Positives
An auditor can get an indication of the effectiveness of controls by the
nature and number of nonconfomlances observed.
The final audit team meeting is held after improvement areas have
been identified 2nd just pnor to the exit meeting. The team collects all
K.
intormution and identifies signiticdiit areas to be mentioned at the exit
meeting. The team:
Decides on the content and emphasis of the report
. Sumiiiarizes all nonconfonnities- and/or findings
Finalizes a list of opportunities for improvement
- Decides on a list of posltlve practices or noteworthy achievements

may be ineffective", "the use of nonconform~ngmaterial in finished prod- Based on the conclusions formed at this meeung, the lead auditor
uct indicates poor control of nonconforming material", and "obsolete prepares a preliminary draft of the audit report. The draft report can be
drawmgs and procedures in a manufactunng area ~ndicatethat the docu- handwntten or typed on a computer. Part IV of the handbook presents
ment control system is ineffective." additional information about audit conclusions and reporting the results
The lead auditor's overall assessment of results plays a cntical role in of the investigation.
meaningful audits for improvement. The following items should be con-
sidered in the iead.auditor's assessment:
Quality management system matunty --
- I
-
-.. I
--
.
Overall system effecttveness, rather than segmental ineffectweness %I..
=I
-*
Implementation of corrective and preventlve actions and theu
effect~veness ---
-
5
'.
Internal quality audits and their effectiveness related to continuous -
improvement mechanisms in place -
:..=
% .-,
-1
The exlt meeting, sometlines called a post-audit conference or closure
meeting. ends the pertonancc stage ot an audit. At the exlt meetins. the
lead auditor presents a draft or preliminary audit report to the auditee.

1: PRESENTATION OF AUDIT RESULTS

The exlt meetiq is zpresentationof the audit results to the auditee orga-
nization and, in some cases, the client. The client may choose not to atrend
the exlt meeting, in which case the auditor 1s givlng the auditee a prelim-
inary view of the information that will be provided to the client. The pur-
pose of the exit meeting is to present audit obsenetlons to senior man-
agement to ensure that audit resuits are clearly understood. The exit
meeting normally takes place following the conclus~onof the interviews
and the find team meeting.
The lead auditor should circuiate an attendance roster for the exit
meeting. Attendees should lnclude the audit team, at least one auditee
management representahve, and other personnel deemed appropriate by
auditee management. For example, the escort may be present to help
explain details of findings. Usually, the same people attend the emt meet-
ing as attended the opening meeting. Sometimes higher levels of manage-
ment attend, since they want to be lnformed of the audit results. The lead
auditor should do most of the talking, and a member of the audit team
should keep mnutes of the meeting. The minutes should include any
agreed-on changes to the audit report.
 Individual auditors may present their own findings, or the lead audi-
tor may prcsent all findings and reiy on the appropriate auditor to clarify
and nnswcr questions. Discussions should be kept brief and pertinent and
should clarify thc audit findings, not justify tile audit method." Finally,
the lead auditor should present the audit team's conclusions about the
quality system's overall adherence to requirements and its effect~veness.
Thc pnmary duty of the lead auditor at the exit meeting is to be a ciex
commun~cator.To avoid misunderstandin%s. the lead auditor should pro-
vide written findinzs or nonconforma~icesto tbc auditee organization at
the exit incrtlrlf. Findings. nonconformances. and audit reports should be
marked "dralt-'or "prelim~nary,"smce they have not been approved by the
client m d also may need to be edited for ianguage and grammar. The audit
tca~n'swnttcn tindinzs or nonconformanccs and the team's ability to
cspiain the rcsults in pcrson are important factors for ensunng tllat the
auditcc understands thc results and will be able to identify necessary cor-
~recti\~e
:zcllons.
Prcsentatloii techniques ernploycd by the auditor will vary depending
on whcrhcr i t is a first-. second-. or third-party audit and on what methods
are considered most sumble for the situation (Pass or Fail). First-party
audit exit meetlngs tend to be iess formal than second- or third-party audit
esrt meetinp. One ot the toughest challenges for the lead auditor is the
delivery of bad news. The actual methods and equipment (flip chart, data
projector, or overhead projector) used will also depend on the availability
of resources and what best fits the situation (mature system, awarding a
contract. small orpnizat~on).Different presentation technques are cov-
ered in Part VII. Chapter B.
2. DISCUSSION OF FOLLOW-UP ACTIONS
The lead auditor 1s expected to clarify all follow-up actlons to the auditee
and client and to m i v e at a consensus. The lead auditor will have an open
discuss~onwith the auditee organization at the exlt meetmg to determine
adequate time for corrective action plans andlor corrective action imple-
mentation. The following are some guidelines for discussion with the
auditee:
Cleariy defined nonconformance/fmding
Process for effectwe correctlve action
detem~nat~on/implementat~on
Emphas~son timely corrective actlons with accurate root cause
detennat~on
Follow-up audit dates or follow-up corrective action review
Areas and departments to be audited in follow-up audit
The most senous problems need the auditee's u r p t attentzon, wliile
the less Important ones are treated with the tlme frame and pnority they
desenfe. It' the auditee needs addit~onaltlme to anaiyze the root cause of
a senous problem, the auditor should allow it. The tiiii~ngot correctlve
actlon is dependent on its importance and complexity and the availability
of the resources needed for rorrecnve actlon.
3. EXPECTATIONS OF AUDITORS, AUDITEES,
AND CLIENT
Role of a n Auditor
The eslt meetzng is conducted by the lead auditor. who should:
Present the summary
Read the results of the audit without intemptton from the auditee
Discuss audit details
Allow individual auditors to clarify statements or respond to
specific questions about the areas they audited
Indicate how audit results are categonzed and pnontzzed
Explam the requ~redfollow-up and expected correctlve action
response'"
Obtain and verify acknowledgment from the auditee representanve
Ensure that mnutes and an attendance record are kept
Affirm confidentially of the report
A b ~ problem
g at exit meetings occurs when communication between
an auditor and auditee was not reported to the top of the command chain
before the meeting. The auditee, caught off guard, may become defensive.
Daily meetings help prevent this problem. If' an auditee does not want
daily meetlngs, the auditor can prevent problems by promoting commum-
cation during the audit. An auditor who suspects that information is not
getting to the top should casually, but deliberately. inform management of
audit findings.
The formal. official audit report should be issued to the auditee by the
client tor lead auditor, if authonzed to do so by the client) within the time
penod previously agreed to or specified by organizational procedure.
Roie of a n Auditee
The exit meeting should be attended by senior managers of the areas that
were audited. Attendance by several layers of management should be dis-
couraged: it often leads io arguing and unproductive time since employ-
ees often feel obligated to defend their positions to their s u p e ~ i s o r s ? ~
At the exit meeting, auditee representatives have the responsibility to
listen altcntivcly. There should be no extensive discussions unless the
auditee needs clarification of items in the audit report. If the auditee and
auditor disagree as to whether a finding exists. or have different opinions
on the desree of criticality of a finding. the audites can present its view of
thc situation as part of its response to the requests for corrective action.
Role of a Client
The auditor should invite the client to attend the exit meeting. If this
proves impractical. the auditor should arrange to debnef the client. The
auditor expects the client's support in resolving any findings or issues. In
some cases, the client and the auditee are the same and must undertake
both roles.
Problems Commonly Encountered During
the Audit Performance Stage
The followmg are examples of the types of problems commonly
encountered dunng the performance stage of an audit.
Losing Track of Time o r Scope. Problems regarding a lack of ume
or loss of focus or scope are frequently encountered dunng audits.
D a l y meetlngs that assess the audit's progress should help prevent
such problems. Also, properly prepared workmg papers can help
eliminate problems related to time management or the focus of the
audit.
Unreasonable Absence or Unavailability of Key Personnel, An
auditor needs to be abie to work around the absence of key
personnel. However, if t h ~ ssituation is happening regularly dunng
an external audit, the auditor may need to call a meeting with
management or stop the audit. If an obsuuctlon exists and no mutwdl
agreement can be reached at the meeting, the auditor shouid report
to the client for advice on how or whether to continue the audit. Of
course. unreasonable absence assumes reasonable notification by the
auditor or audit organ~zationof the impending audit. In an internal
a u d i .peopls.often.
~ t-&e the avui!abiliry of the audit team for granted.
They may feel free to handle their own cnses as they anse because.'
they believe it should be easy for the audit team to reschedule.
Interference from Internal Problems. Employees sometimes wish
to involve the audit team in internal problems. For example, if
employees believe that their pertonance would improve with the
addition ot a certain piece of equipment, they may attempt to enlist
h.
the auditor in lobbying management for the purchase of such
equipment. It may be necessary to state that auditors do not get
invoked in advisin? the auditee how to run their business.
Extensive Discussions or Arguments. The auditee may attempt to
prolong the exit meeting with extensive discussion or arguments.
The exit meeting is not a time for negotiation; the lead auditor
should present the informauon contained in the draft audit report,
make sure that the auditee understands the results and what is
expected in the way of a corrective actton plan, and end the meeting.
Lack of Effective Communication. Communtcation bamers pose a
threat to [he successfui completion of an audit. T h ~ iss why traimng
in mtervlewing rechnlques is so important. Unless the auditors can
word questions in an unbiased and concise manner, they may not
receive accurate responses.
 [I0 of the CQA exam questions or 7%1

KI

The purpose ot the quality audit report 1s to communrcate the results of the
Investlgatton. The report ~Ilouidprov~drcorrect and clear data that will be
effective .as a management a ~ din addressing lmponant orpizatlonai
~ssues.? The audit ends when the report 1s Issued by the lead auditor.
However. follow-up and closure actlons may be necessary, as will be dis-
cussed in Pan V.
After audit results have been reported at the exit meeting. the lead auditor
formally communicates the audit resuits in a wntten audit report. While
the audit team may have prepared a handwritten or typed report to present
to the auhitee at the exlt rneetlng, that report should have been clearly
marked "draft" or "prelimtnary..' The exlt meeting shouid include discus-
slon of all significant findings so that <he auditee is not surprised by infor-
matlon m the final audit report. The final audit report formaiiy cornmuni-
cates the audit results to the ciient and the auditee. The audit report is
prepared, signed, and dated by the lead auditor. It should be reviewed and
approved by the management of the auditing organlzatlon as we11 as by
the ciient before it is sent to the auditee.
The audit report should be sent to the auditee in accordance wrth a
mutually understood time frame. Short tlmelines between performing and
reporring about the audit are highly des~rable.When a significant amount
of time passes between the end of an audit and the Issuance of che audit
report, the urgency of the corrective action is d-shed, misunderstand-
ings or miscommunicahons are more likely to occur, the auditee may be
less motivated to resolve problems, and the audit program may be viewed
as inefficient.
An audit report serves the following functions:
It supplies information that verifies adherence to requuements or
that initiates correcttve actlon and system improvement.
luo Purr !s . h d t c, , c , ~ , ~ ~ ~ r ~ ~ d :

- I: gutdcs management and their consultants

decisions and activities.
in subsequent
i
t
Chapter
It establishes 3 record ot the investigation and conclusions.
A report should be sent even if there are no deficiencies. Organiza-
tiuns miiy compare :he results ycar to year to identify positive and nega-
-
II
3

uvc lrcnus. This same type of analysis 1s valuable to the auditor, auditing
w p i ~ z i u i o n and
. miicei. crntern:ii deparirnmt. supplier. or costomcrj." I1
i

1. AUDIT DETAILS
While the format of the written audi: report can vary w~deiyfrom com-
pany to company or industry to industry. cenzin intomation alwdys -.
should be included. Most audit reports contain an introduction. n sum-
mary. ;Ilisting of the findin~s/noncontormiries.2nd requests for corrective
3CtlOIl.
An audit report should not normally name mdivlduai employees of the -
auditee in connection with specific findings. observations, or nonconfor-
mantes; a report should refer to posinons, titles, or systems when identi-
fying deficiencies. However, an auditor may encounter a situation where
nammg an mdividual is appropriate and essennal for effective corrective
action-if the mdiv~dualhas speclal or unlque knowiedge of a sltuatton,
product or process.
There is no standard length for audit repons. However, repons should
be conctse and should conram prescribed information. The content may
depend on the size and compleslty of the audiree organization and the
number of findings/nonconfomances identified, as well as client or audit
organizauon report procedures and guidelines.
Repom may or may not conratn attachmenrs. Attachments (or exhibits
or examples) may ~ncludeminutes from the exdopening meetm,,0 atten-
dance roster of exitlopening meetktg, requesls for correctwe action issued
at the exit meeting, nonconformance forms Issued at the exit meeting, and
charts. calculations. documents. records, or other matenal required by
audit procedure or that add value to the report.
The audir repon starts off with an introductton or background. Much of
the introductory matennl included in an aud~treport can be completed from
the audit plan betore the audit is pertormed. The audit repon introduction:
States the purpose and scope of the audit
Identifies the auditee. client. and audittng organtzation
- presents
ldsntifics the audit ream members and the lead auditor, and
thetr quniitications -. .
Specifies the audir dates and locations
Specifies the stmdards (manuals. procedures, memationti1
standards, etc.) used for the audit
Addrebses confidenttality issues
May list auditee personnel involved in or contdcted dunng tlie audit
Lists report distribut~on
Nomyally. an audit report identifies an area of noncontonnance in the
auditee s system and does not contain derailed techcal informauon about a
propnetary process or matend. Any confidenud informauon rhat may appear
in an auditor's notes or m the completed checklist must etther be protected to
prevent disclosing a confidence or destroyed. The official records contan a
copy of a blank checklist, whch does not c o n m propnetary informauon.
Additionally, the inroducnon may mention the auditee's audit history,
discuss the methods used dunng the audit, and mention the records or
documents that were examined as part of the audit. Each report should be
uniquely identified by title, number. letters, or a combination so that the
report can be properly referenced and retrieved.
2. COMPUANCE
The results of the audir may be Indicated as findings, nonconforrmues,
deficiencies, adverse conclusions, or significant observations and conclu-
sions. The most common terminoiogy used to repon the results of an audit
are nonconfbr-niiryandfildi~~g. The termnology used should be defined to
ensure the auditee's understanding. Observations made dunng the audit
that vtolate a requirement should be reported and theu importance s'hould
be taken Into account. Withln rach category, further classifications of cnt-
ical. major, and minor may exist.
Each problem area should be listed in one or two sentences. The
report should include facts or examples that suppon or explain each find-
ins or posmve practice. The results of the audit may be listed in order of
importance. in sequence of the procedure or performance standard
clauses. or in no p;trticular order. Noieworthy accomplishments, positive
practices. or processes Chat work exceptionally well may he mcluded and
can be lisled at the front or back of the report, depending on the auditor's
preference. The auditor should note that the findings are symptoms, the
causes of which remain to be identified.
The results section of a formal report should include the follow in^
information:
. Audit findin~s/nonconfomiriesand number
. Specific requirement
Details or specifications of the nonconformity or finding
Provisions for auditee's response
Provisions for recording corrective acuon and follow-up activities
Recommendations (if required by client) for correcting
deficiencies, or suggestions for improving the quality program
When the client requests recommendations from the auditor, the recom-
mendations should be clearly marked or placed in an appendix or separate
report. In most cases, the auditee is under no obligation to implement
auditor recommendauons. Some auditors use the term sitggesrlon for
rrnproventer~ras a less formal term with a lesser chance of being msinter-
preted as directive in nature.
The audit report should explain how the results of the audit are
classified and prioritized. For an example of an audit report format, see
Figure 12.
 To: Auditee responsible for rcpiy
From: Lead audit01 ~ c t r o naddressee: Finding ::
Subject: Audit of iprocedure. rirle. md number or sub~rct) Director of engineering I.C. 1
Director of operations I.C.2.3. 61 7
Reference: List of procedures audited and to which ret'erence is made in Director of quality wurance I.C.&. 5 , S: 6
rhe list ot bindings. 1.r.. quality tmnual dated XS-XX-SX.
MIL-STD-SSSS. ere. B. Follow-up
Reference matertai pertaming to this audit IS avnilatlle from (the
I. Present audit auditor)at estens~onXYXX/XS>;S. Replies will be toilowed up ;inti
.A- General . correcuve action wtll be confined.
Slate 111e purpose and objectives of the audit, where and when it was - .
performed. and what was rncluded or excluded: be specific on quanttties
audited. Lead auditor
B. Summa?
Provide a synopsis oS thc inost srgniticant audit findings. Figure 12. Coimi~rred.
C. Findings
For each discrepancy stare the requiremeni. document the observatrons. 3. SYSTEM EFFECTIVENESS
shnw rhe effect. 2nd idenrify rhe rcsponsiblr. supervisor conlacred
rslallve to r3ch tinding. A sjsreiit is a coilect~onof processes supported by an mfrastructure to
manage and coordinate its function.lh TyptcaI systems are document con-
- trol systems and training systenls. In a system. processes lnteracr and
A. Audit hrstor?.
work together to achieve a common g o d or objective.
State previous audit results and comecttve acrtons iaken.
It has become increasing popular to tdentify an audit as either 2 com-
B. Analysis and evaluation pliance audit or management audit. Compiiarlce aildirs d e t e m n e if there
Provrde auditors anaiysrs and conciusron. rncludinf an evaluation of are rules and if they are being followed, not the effectiveness or surtabil-
correcttve acttons [&en.
ity of the rules. Managemerit audits seek to d e t e m n e both compliance
111. Required action and effectlveness of controls. Management audits are also called "perfor-
A. Response mance improvement audits" and "value-added audits." A product, process,
The persons listed heloiv are requested to review and respond to this or system audit can be either a management audit or a compliance audit,
audit wrthin I5 woriclng days trom the dm of this report. The response depending on the wtshes of the client.
should include the tollowing: Effectiveness of a process or system is d e t e m n e d by its ability to
1. Colrecuve acuon taken and reason finding existed. achleve its objectives or intended purpose. Assessment of effectlveness
2. ActLon taken to correct the cause. goes beyond d e t e m n i n g the degree of conformance to requirements and
3. Date by wtuch the conecttve acuon will be complete. maintenance of procedures. When discussing e f f e c ~ e n e s sof corrective
(conrirrued) actlon, Russell and Regel state that system effectlveness has two compo-
nents: whether it is achteving the cteslred result and whether the process 1s
Figure 12. Typical audit repon format capable, efficient, and consistent with ob~ectives?' One measurement of
Source: From How ro Plan an Audit, ASQC Quality Audii Tcchntcd Comrmtlee. Chvlcs B. effectweness is the degree to which objectives are acflleved in an efficient
Robinson. Ediror. ASQC Qualily Press. 1987, pp. 33-39. andeconomcal manner.
 -
~iuarua~oldmr lo3
can: uc SCM p w slcoZ ~euoricz~ueZ~o Z u ~ ~ a aIOU
w WM SIW 1eq1 paa&
auohahg 'sqluoru a u ~ u01 dn 103 uoysods!p 1noq11m plaq Zuraq alam
siuauodruos a ~ ~ s u a d xiaL a 'lsos pmdes Z u r y ~ oampa1~ 01 sem uorl
-ezrw%o a q l ~ anpsalqo
o u v .sq~uoruauru 103 auo VIM ' s h p 0s laho
103 ean: ploq ayl ur uaaq peq srua11 aW jo l s o 'can ~ ploy ayl ur uaaq
pay small Zunrrro~uosuoua q Zuol ~ o $no y pug 01 payse aJaM sluap
-nls a q ~uaqL wal[asxa sen\ ZuyiCiang .paJols p m p q m m Llladold
alan\ sluauodmos Zuruuo~uo~uou aqI puc :leualcru Su~uuo~uosuou
SCM a ~ a q: ~~~ U I C I U I ~ a1aM
UL L a q ~'~olluo:, lsnpo~dSuruuo~uosuou
JOJ sanpa301d pcq e a n Surnrasa~a q -~p a ~ p n nsem c a n uousnpoid
l e n m aql 'ssauahtisa~jaJOJ npne 01 M O uo ~ ssep ZUIU~CJI e JO m d sv
correctlve actlon. They should be asked to respond to the report in wnung.
The response should dearly state the root cause, corrective action pianned or
taken to prevent recurrence and the scheduled compleuon date for the cor-
rectlve action. If corrective actlon is not appropnate, the response should
specify the reason for no acuon.i1
All requests for corrective actlon should ask the auditee to detemne:
Short-tern1 (remediaVcouta~nment)actlor1 planned. if appropnate
The root cause ol the probiem
Long-term corrective action planned for the cause
Schedules and responsibiliues for these act~on?'
To prevent a nonconformity or problem from recurring, an auditor
will ask thc auditcc to glve attentlon to and take actlon on certain items.
Depending on the audit's purpose and scope and the delegated responsi-
bility of the ~iuditlngorganization, the client may assums t h s function. In
some cases. the auditor may not have any responsibility tor the correctlve
actlon phases of the audit process. Espec~allyin many th~rd-partyaudits,
h e auditor may collect and interpret mfomation and provlde this infor-
marlon to the client. who in turn manages the correctwe action phase.
Therelore, it may be appropnate to substitute "client" for "auditor" here
and cn other follow-up acttvitles.
Adverse findings may be recorded on a separate sheet called a "cor-
rective action request" or "discrepancy notice." A corrective action request
is a statement of what the condition should be and what it is, and it
includes several examples of what occurred. Senous problems are nor-
mally supported by many inc~dences,but an auditor can also record single
-- t
instances of major problems, such as the lack of or total breakdown of a
system. An auditor issues reports or corrective action requests for areas in
whlcl~[he auditee needs to take action. The auditee needs to Identify and
correct the root cause of the problem.
On receipt of the formal audit report, an auditee may employ the same
or similar techniques to determine which problems the organization should
concentrate on correcting &st, based on the significance or cost of the inef-
ficiency. After m&ng this determinailon, an auditee can focus on prepar-
ing a comective action plan that addresses the remediai acuon or other
action to eliminate the problem.
1. OBTAIN APPROVALS
The audit report should be remewed and approved in accordance wltll the
audit organizations procedures and gu~deiines.Normally. tile lead auditor
I 'A.
prcpares and signs approval of the audit report. The iead auditor approves
i any inputs to the audit report by audit team members. In many organlza-
I tions the 'client andlor audit program manager revlew and approve the
I
!
audit report before final release. Procedures may require other appro\,ers
due to nsk or communication Issues wthm the organlzanon.
There is no limlt to the number of people who can review the audit
report. The lead auditor may ask audit team members to review the report.
Auditee management could review the report to ldentify factudl errors and
1 mrsunderstanding. Allowing auditee management to review a d n h audit
/
report has inherent risks: revlew may be construed as negotiation unless
i very clear instructions have been provided to auditee management. Addi-
! tlonally, too many reviewers and approvers could create lengthy delays in
I
1 lssu~ngthe final report.
2. DISTRIBUTE REPORT
The distribution list for an audit report should be noted on the report. Dis-
tribuuon is at the discreuon of the client unless Uus task has been delegated
to the lead auditor or auditing orgaruzatlon. An internal audit report is nor-
mally distributed to the supervisor of the audited area as well as to some-
one in higher management. An external audit report typically goes to a
div~sionmanager or CEO. In addinon, the auditlng orgmzation maintams
117
a copy of the report in its official files, and each member of the audit team
also retains a copy.
The lead auditor should not automatically send a report directly to the ....
auditce unless approved to do so by (he client. The client is given the
option o l receiving the audit report first and of attach~nga cover letter
-
=
:. ..
before the report is distributed to the auditee. T h ~ sprocedure promotes -...
accountability of the auditing function.
Responses by the auditee to requests for corrective action should be
sent ro the same distribution.

The lead auditor and audit team members must follow organizational
procedures concemlng the retentlon of audit records. Audit records
should be reasonably secure to prevent madvertent access by outside par-'--+.
ties. All audit records should b? considered confidznt~al.For high-nsk
arcas, there may be elaborate procedures for securlng or destroying audit
records ...
Under normal clrcumsmnces, auditors keep records until the nest
scheduled audit. If an auditor is certified, the auditor may need to keep
records for three years or the specified renewal penod.
Audit records may include:
Notice of the audit
open in^ and exlt meeang attendance and mlnutes
. Completed worlting papers
Draft and final copy of audit report
Correctwe action responses and relevant feedback
. Final close-out note to the auditee
Part VI, chapter B discusses audit retentlon pracnces.
 [ I 2 of the CQA exam questions or 8%]

"The audit is completed upon submlsslon of the audit report to the client"
iANSL/ISO/ASQ QI00ll-i-1994, clause 6.0). Some audit orpuzatlons
interpret the gu~danceof the international audit standard to mean that the
audcor should not be mvolved in audit follow-up activ~tles.However, many
organizations lnvolve the auditor or iead auditor in follow-up audirs and
some aspects of the corrective act~onhmprovementprocess. Someone-
whether the client, lead auditor, auditor, audit program manager, manage-
ment sponsor, or correctwe acuon team leader-must be asst,oned the
nonauditee duties discussed in this secuon.
The auditee is responsible for tahng corrective acuon and keeping the
client lnfomed of its progress. Sometimes, an auditee will lool; to the
auditor for a solution or recommendation, but the auditor should proceed fis
with caution. While not preciuded from prov~dinga solunon, the auditor
nuy not have the technical knowledge to address an0 solve the problem.
In addition, an auditor who advances r, solution takes ownersh~pof the
problem. An auditor who has studied a process may have an excellent
understanding of it and nlay be able to offer assislance to an auditee who
seems genuinely confused about What is expected in the way of corrective
action. It is important, however, that the auditee take responsibility for the
soiution. An auditor who panicipates in implementing or modiymg a
quaiity system compromises objectivity in regard to iater audits of that
area. For these reasons, many company auditors and most third-party
auditors are prohibited from recommending corrective action.
Both internal and external audit results can be input to the corrective
action process. The correctwe artron process can result in significant ben-
efits to an organization. The purpose of t h s part of the handbook is to
make suggestions on how auditors can most effectively c a n ' out theu
responsibiliaes relative to correcting the deficiencies found during the
audit. It is not a discussion about the organization's correchve acaon
process.
that the auditee IS doing what has been promised and is meeting the
requirements of the corrective action. The auditor often follows up with a
vkit 10 the work area to check that corrective action has been imple-
mented, to asscss its effectiveness, and to confirm that i t prevents recur-
rence of the problem.
When attempting to evaluate a proposed corrective action plan, an
auditor shouid make sure that the auditee is treatins the problem and not
a syniptom of the problcm. Thc proposed solut~onmight address the issue
on the surfiice but may not prevent the problems from recurring so the
auditor ~110uidaskwhether the-corrective action piail is specific enough to
ensure that changes will be permanent. Another questlon is whether the
proposed solution will cause another problem.
Corrective action must he timeiy. It is pemssiblc tor an auditee to
request reasonable estensions. slnce some problems take longer to solve.
However. the auditee may be asked to provide penodic status reports w t h
supporting ev~dcnccon the corrective action.
Correct~veaction must prevent reoccurrence. It must identify and
address a root cause in order to prevent the same problem in the future.
The principle of corrective action is that conditions adverse to qual-
lty must be identified and corrected. The root cause must be deter-
mined. Steps must be taken to preclude repetition, including the report-
ins of these actions to management. True corrective action is difficult
to implement, since the real causes of problems are seldom easy to
identify?
4 five-step process is recommended for corrective action:
1. Document what <he problem is, and "stop the bleeding" (that is,
implement immediate remedial or containment action).
2. Conduct an investigation to identify root causes.
3. Des~gnand implement the corrective action, and verify its
effectiveness.
4. Ensure that the noncompliance is managed and controlled to
avoid the potential of recurrence.
5 . Analyze the effects of the findings on the product being
manufactured. For example, what, if anything, does the
organization need to do (remediaYcontainment action) about
products sllipped or actrve systems while it was in
noncompliance?
Follow-up action may be accomplished through written communica-
tion, review of revised documents, reaudit after the reported implementa-
tion date. or other appropnate m e a n ~ . ~ V hauditee's
e pian should be
accepted if there is a reasonable chance that i t will correct the problem and
preclude a recurrence?'
3. NEGOTIATION OF CORRECTIVE ACTION PLANS
Findings should be ciearly stated by the auditor. and the audiree shouid
indicate that they x e understood. However, the auditor anu the auditee ~nuy
not agree on the proposed action plan or the timing of the corrective actlon.
In most cases. additional explanation of the requirements andlor the condi-
tions that ied to the identification of the finding may be sufficient iur the
auditee to develop an effective corrective action plan. Some situations are
complex and require senous evaluation by both the auditor and the audiiee. L
The auditor should nor assume that the auditee is automatically wrong
because there is a difference of opinion. Forcing one". will on the auditee IS
unacceptable and may lead to disasuous results for the audit function. instead.
the auditor might attempt to understand the auditee's interpretation of the
requuement and the underlying reasomng for the proposed corrective action.
Theauditor may lean that the auditee's proposed acuon plan addresses sys-
tem issues that were not identified dunng the course of the audit. If the audi-
tee's reasoning is valid, the auditor should accept the proposed action plan. On
the other hand, if the auditor has identified specific weaknesses in the acuon
plan, these should be presented to the auditee so that they may be understood
and addressed. Because of the diiculties of being involved in a team
approach to correctwe action but not recommendmg soluoons, many audit
organizauons have chosen not to parucipate in any follow-up activiues.
The review of the corrective acuon plan may indicate that the auditee 1s
not responsive or is evasive or that the proposed acuon is madequate. When a
response is questionable or unacceptable, the auditor should immediately con-
tact the auditee to resolve the auditor's perception. A sunpie telephone call
could alleviate the auditor's concern by clarifying the corrective acuon plan.
4. METHODS FOR VERIFYING CORRECTIVE ACTION
A revlew of the correctwe actlon response and its timeliness is, m some
instances, all the follow-up actton that 1s required by the client or the orga-
nizational procedures. O n e method of verification is for the auditor to
return to the work area. observe the new process, ensure that the paper-
work has been done, and ensure that enipioyees have been trailed in the Request for Corrective Action
iiew method. Pertormance records niay also be used by auditors to verify 3A REQUEST NO: :: INTERNAL :: EXTERNAL AUDITnVNPO:
corrective actlon.
..
The auditor's evaluatton should be documented io emure ihat all find-

I----
ings on the corrective action request have been addressed. The auditor -, ISSUED TO:
records actions taken to verify the corrective action and the resuits of that
\wific;illon. The auditor may record the verification on ;I conectlve action PART SO.:
REQUESTED BY:
Ibrni. an audit report. or both. The auditee's action must be traceable to
f x i l i ~ t everiticatlon.
~..
All the audit findings in one report do not have to &-closed at The ~~~
same time. but may instead be dosed out individually. Verification for
such correctwe actions does no1 have to be done immediately Vrrificmon
may be combined wlth aiiother v~sit.if possible, or another auditor may CIA REQUESTED FOR:
be asked to verify the corrective action and bnng supponmz infomiation
to the icad auditor. .A linding may be dosed pending final veriticat~on.
CIA REOUIRED DATC RETURN TO A l T S John Doc
- -

5. FOLLOW-UP AUDIT SCHEDULE, AS REQUIRED Corrective Action Response

Follow-up audits may be I-equired in some situat~ons,but many orzanma- PROB4BLE CAUSE
tlons do not requlre them due to cost considerations. Instead. toiiow-up
activities are lncluded with the nest regularly scheduied audit. When ibllow-
CIA TAKEN:
up audits are perfomcd as a separate activity. the audit schedule 1s deter-
m m d by the findings trom the onginai audit. These audits can aiso provide
EFFECTIVITY
Independent verification of corrective actron effectiveness. DATE: SUBMITTED BY DATE:
Follow-up actlvlties may be accompiished in another way. The auditee
may prov~dethe auditor with periodic reports containing evidence that the
corrective action plan has been implemented and is effective. In this way, REVIEW OF C l k
the auditor may be able to verify that the actlon plan is effective without the
added expense of an addit~ondon-s~tevisit. The auditor still has the option
of verifying the effectiveness of these acuvtties in a subsequent visit.'" .... SATISFACTORY ::: UNSATISFACTORY ;::I CA MPLEivlEhTED & EFFECTIVE:

6. VERIFIC4TlON OF CORRECTIVE COMMENTS:

ACTION COMPLETION
REVIEWED BY: DATE:
For effect~veimpiementatlon, the auditor should verify that people did
what they satd they were going to do and that everyone mvolved in the
Form 2. Sample request for corrective action form for fust-party audits.
change is mformed (see Form 2). People can be Informed by means of a
Sotme: Provided by Solar Tuibines. 1998 ivldcoirn Baldnge National Award Winner. Use0
discussion, a training session, a memorandum, or by another method. Thls with pemsslon.
is important for a new process, process changes, or personnel ch~mges.5~
 7. EFFECTIVENESS OF CORRECTIVE ACTION .-
ment corrective action does not always Indicate a lack of management
commitment.
Auditors must review the results of the corrective action plan to d e t e m n e :.-
When ihe corrective actlon is not implemented. the auditor should
thai the ilctions were iilipiemented and that they achieved the des~redresult.
take time to cvaiuate the sltuatlon thoroughly before m&ng any attempt
TRc auditcc should determine the appropnatr measures to be monitored to- ....
ar escalation (i.e. getting higher-ups involved). Jumping into the role of
demonstrate effectiveness. The auditor will then be abie to verify the cor- --
enforcer prcmatureiy puts the auditor in a negatlve position. It is in the
rectwe action by companng the end result to the onginal condiu0ns.6~
auditor's best interest to be viewed as one who is interested is assisting the
Effective rmplcmcntation ot a corrective action plan is not the same as
auditee lo ~ichievethe desired results. As a last resort. the auditor may
eiiecuve corrcctivc actton. The Iirst is iui indication that the actions were
need to go up the cilain of command to the next level of management."'
in~plemented.while the second 1s an indicaiion that the actions worked. .. .
- When the-corrective action IS not effective the auditorlclient should
~-
.--
Thcrt are two elements invoived in effective implementation:
i . Ach~evinstlie desired result is proof that the process unproved
- .-
e~therrecycie the fmding or issue a new finding (referencmg the original)
to start the corrective action process again. Failure of the corrective action
and the actions implemented are consistent w ~ t hbusiness goals. to be effective is serious and should be considered for a form of rework. If
.~ this is a frequent recurrence, the corrective action process may be suspect.
1.The fact that the process is capable. eEficient. and meets stated -.

objsct~vcsrcquires evidence that i t consistently achieves the For a third-party and some second-party audits, failure to imp'lement K.
desired results in a cost-effective manner. a corrective action could result in suspension. beins taken off thc
approved list, or loss of registration.
Tlie auditor does not determine effecttveness by verifying that a
change occurrcd. Effectiveness is verified when the auditor has deter-
mined that a change has occurred and that the product and process
acli~evedthe desired r e ~ u l t . ~ '

8. STRATEGIES WHEN CORRECTIVE ACTION IS NOT

IMPLEMENTED OR IS NOT EFFECTIVE
Audiiors and/or clients must be objective when determining what strategy
to employ when corrective action is not implemented or is not effectwe. -
Change may be requ~redin both the audit function and the audiree's orga- -.
nization. Auditors will need to draw on their communication and negotia-
tion skills to ensure that the appropnate actions are initmted. The auditor
must evaluate each occurrence of lack of implementat~onor ineffective 2
--
corrective action based on its own merits. .--.
Jx
,....".
a-

Rather than assume that the auditee is at fault, the auditor should ig
.*.."
.-=
reevaluate the corrective action and follow-up process with an open mind.
*
Perhaps an incorrect conclusion was reached due to a lack of tlme to ver- g
ify evidence. Available evidence may indicate an error in judgment on the ,s
part of the corrective action team, or there may be inadequate resources. tg
The lack of resources may be due to a change in business conditions ~5
beyond the auditee's control. Lack of success when attempting to imple- 3
?&
@
-%
After verification of corrective action implernentation. the auditing orga:
nization may prepare a follow-up report and distribute i t 111 a manner sim-"-
ilar to the onginal audit r e p o ~ . ~ ~ l o srequlres
u r e verification that correc-
tive acuons have been implemented as planned. The auditor notifies the
auditeerby letter that the audit is closed. The auditor may then discard cer-
tain papers accumulated dunng the audit, but 1s senerally required to
-
retain other records for specific time penods.

ce on Retaining Records
One auditor divides records into two categones. The first are defined
as q'uality records and are retained for evidential purposes. The second
type of retamed paper is personal auditor records that may be needed
as objective evldence for auditor certification purposes, or infonna-
tion that may help in future audit preparation. Examples may be hand-
wntten notes and completed checlciists. All other records and papers
can be destroyed.

For mternal audits, one orgamzatlon issues a blank tailorea worksheet

(slmilar to a checklist) to the auditor. The auditor fills ln the blanks,
retltles the worksheet as a report, and deletes the worksheet from the
database.
 Another auditor reports: "Several years ago, the company I worked
for conducted a study to determine the cost of retaming QA records.
The study concluded that each sheet of paper in the record cost about
$12, and the company was retaining millions of sheets of paper.
Because of the cost implications, 1 encouraged a legal and pragmatic
approach to deterin~newhat data must be kept arid the earliest desmc-
tion date. Cure should be taken not to retam darn solei!, to satisfy an
auditor: there must be another benefit."
According to another auditor, records to mamiam are a copy of the
onginal checklist, the audit report, and auditee-auditor correspon-
dence related to the lindings and response.
1. CRITERIA FOR CLOSURE
A letter ot ciosure assessing the auditee's corrective action plan implemen-
tation and effectiveness iisay be submitted to the client andtor auditee as
applicable. The audit is formally closed when the auditor issues the letter.@
When the client is not the auditee, communication between an audi-
tor and auditee will usually go through the client, since the client is the
pnmary link with the audited organization. For an external audit, the con-
tract may specify a contact person. Internally, ciose-out reports go to the
anginal distribution of the audit report, such as the audit manager and ihe
audited organizat~on.A summary repon of all audits performed m d their
ciosure status goes to upper-level managers.
Sometimes each corrective action request is individually Uacked. Track-
ing each mdividual corrective actlon and ciosing out a ponion of an audit is
acceptable. On resolution of each finding, wnnen notification should be sent
to those who received a copy of the uutial repon. This wnnen notification not
only satisfies the audiung department's records; it aiso iets the auditee h o w
hat the corrective actions have been accepted. If a satisfactory resolution
cannot be reached with the auditee, the finding should be forwarded to upper
management for resolution and then ciosed out if so directed.
2. TIMELINESS
The pnmary concern w ~ t htimeliness is the completion and verificat~onof
the effectiveness of the corrective action. An adrmmstrat~veconcern may
be the tuneiy closure of a request for corrective act~onor the audit report
once the corrective actions have been verified. The audit should be closed
out us soon as the corrective uctlon is verified and not carried as open item
or as a backlog activity.
Timeliness of corrective action does not mean that all corrective actions
will b r closed in 110 days. Timeliness with regard to corrective action is not
compared aganst-a-fixed tune penod but rather an agreed upon specified ~.
time pmod. The specitied time should be based on the lmponance and the
availability of resources. Some corrective actions may be completed in a
few mlnutes. while others may take weeks or months. The auditor is linuted
to reaching agreement with the auditee on the date for completion tor each
correctlve action plan. If these are completed on schedule, then correctlve
action is timely. There are times. ho\r,ever, when delays occur that are 'k.
beyond the control of the auditee. The auditor should accept these when
there is suffic~entevidence that <he auditee has lnltiated actions and
recordedthe reasons for the delay in comp1e:ing <he action plan.
Problems Conlmonly Encountered During
the Audit Reporting and Closure Stage
The following are examples of the types of problems commonly
encountered during the audit reporting and closure stage.
Lack of Response o r Inadequate Response. Sometimes an auditee
will fail to take the action specified on the correctlve action plan. The
auditee may fail to notify the auditing organlzatlon when action is
taken, or the action taken may not be sufficient to warrant closing out
the finding. The auditee may lose sight of the original intent of the
corrective acuon request and address a d i e r e n t issue. At times, an
!
auditee may not understand what a standard says or means and may
argue the issue's importance or relevance. As a result, an auditee may
try lo fix a problem haphazardly without understanding the need for
act~ono r tra~nmg.Sometimes the person involved in fixing a probiem . .-
was not involved in the audit and may not haw all the needed infor-
mation. An auditee may try to pit one audit team apinst another and +i
q u e h i t the other audit team had no findings in a certain area. ..--
On-the-Spot Corrective Actions. Sonle orgnlzations may ask for a
lisr ol findings prtor to the exit meeting so that correctwe actton can
bc ~mpkmentedbctore the auditors leave the building. The immedi-
ate management response should be recognized by the audit team, but
In must cases the underlying cause ot the problem is nor eliminated. ~- -
Continual Requests for Extensions. Sometimes an auditor and ~-=
.

iludiree ma). no1 agree on the s~gnificmceof a problem. When vested
merest IS not the same, agreement on the irnponance or pnonty of
s:,lv~nza problcm ma). be difticul~to a c h w e . An auditee may request
cont~nualcstcnsrons tor fixing the probiem. Excuses can range from
"We're worhng on a b ~ orderg and don't have tnne to fix 11nght now:'
to "We for~ot."
[I0 of the CQA exam questions or ?%I
The purpose of t h ~ spart ot the body ot knowledge IS to understand the
manapement controls needed for an effectwe quality audit program. Audi-
tors conduct audits under a prescnbed set of rules that are controlled by
management. Recognition of audit program manaxement responsibilities
will result in an effective auditor program that meets customer needs and
requirements.
An audit program is the organrzauonai strucrure, commitment, and docu-
mented methods used to plan and perform audits. Operat~onaleffecttve-
ness of the audit program depends on clearly defined object~ves.
"..
A well-managed audit program:
PIaw and performs the audit
Stnves to stanuardize and improve its performance
Produces audit results that are meanlngfui
. Verities compliance
Promotes continual improvement within the organization
Some audit orgamzations may chose to limit the objective of their
audit p r o g u n to verificauon of compliance to standards while others also
evaluate management controls.
All management systems, including quality auditing, conslst of four
fundamental activities: pianning, performance, measurement, and
improvement. Often referred to as the PDCA cycle (Plan-Do-Check-Act),
these activities are basic to any total quality management approach.6s
PDCA is commonly known as the Shewhart Cycle, named after Wal-
ter A. Shewhart, a pioneer in statistical quality conhol, who created it. The
Japanese call it the Deming Cycle, after W. Edwards D e m g , who first
described the cycle to them.66
The plan stage, or preparation phase, starts with the decision to con-
duct an audit. It includes all actmities from audit team selection to the
 ~ of intormation. Pan 11 of this handbook discusses the
O I I - S I ~ gathering
audit preparation phnse.
The do stage IS the performance phase. It beglns with the on-slte
openin: meeting, continues wlth the gathering and analysts of data, and
concludes w t h the extt meeung. Pan 111 of this handbook discusses the
performance phase of auditing.
The check s t a g . or reportrng phase, of the PDCA cycle covers the
translatron ot the audit team's conclusions into a tangible product. It
~ncluclc.~publica~ionul the formal audit report.
The ~icisrazc. or closure phnse. of the PDCA cycle conslsts of reactions
to [he report and thc recordin: of the entire ~ S ~ O I ?For
. nu_ditsresulungm the
tdentification of we;li;lless. the closure phase rnciudes tracbng and evduat-
in? the follow-up : x t m taken by others to fix the problem and prevent recur-
rcnce. Corrective actlon tlo\vs from this p m of the closure phase?' Parts IV
and V ot Ch~shandbook discuss the reporttng md closure phases ot audittn~.
1. AUDIT PROGRAM OB1ECTIVES
The first step in successtully impiementlng an audit prosram is to define
I & objectives. While objectwes v a q from one orsantzatlon to another,
they often include the tollowm~statements:
Perform and present audits meantngfully (in terms that appeal to
the custonlers of the audit process)
Ensure reguiar pertormance ot required audits. and ensure
frequent audits of cntlcal functions
Ensure that audits are performed only by tralned, qualified, and
tndependent auditors
Promote a strong alliance between the audit function and the
auditee
Standardize the audittng process, and form a basts aganst whtch
to measure conunuous improvement of the audit pro,o r m
- Support the objectives/strategies/goals of the orgumation
Audits are valuable tools for evaluating a company's ongomg compli-
ance and performance when they meet management's needs. Benefits
realized from the performance of an audit are welghed against the cost of
performmg the audit. "Such costs tnclude:
. The auditor s tlme spent preparing, performmg, follow~ngup and
completmg an audit.
The auditee's ttme spent pmtclpatrng in and followmg up the
audit results.
. Overhead costs assoctated w ~ t han audit."""
Audit program object~vesshould address the reporter's qusstlons:
who. what, where, when. why, and how. Rudyard Kipling provlaed the
following rhyme that sums up the reporter's role: "I keep six honest serv-
tng men. (They taught me all I knew.) Thex names were What, and Why,
and When. and How. and Where and Who."""
. Who pertornx and who pmlcipates in the audits'?
What act~vttyor system 1s bems audited?
Where are the audits performed'!
When are the audits performed?
. Why are the audits performed'? What is the dnvlns force behtnd
the audit'? -
. How is the audit performed?
wed lots of complimentary feedback from an auditee who was
very close to the process he managed. The staff auditor coached
the new internal auditor to ask the reporter's questtons. I had coached
the new internal auditor that the wl~yquestlon was not philosoph~cai.
The answer to why glves the reason or mver for an activity. After the
audit, the manager s a d that he had learned more from attempting to
answer and document the driver for the activity than from any previ-
ous audit experience. It reinforced the actlons needed for an activity.
It also Identified acilons he did not have to take.
 2. IDENTIFICATION AND JUSTIFICATION
OF RESOURCE REQUIREMENTS
A group responsible for performing audits should have a documented, lor-
malized program. The program that tncludes selecting and training audi-
tors and monitonng their performance is robust.'O
Some companies have a separate audit group to petiorm lnternai
audits. This group may consist of a few profess~onals.It reports to either
an audit manaser or the quality manager. Other companies use part-t~me
or subcontract auditors. Sometimes an audit program coordinator or qual-
ity nianger recruits and t r a m individuals to perl'orm audits part-time, in
addition to their regular assignments. Either arrangement or a combina-
tion of both is acceptable as long as thc auditors are well-qualified, tech-
nically compet?nt people who know [he audit system arid can perfom
internal audits.
An external auditor relayed the experience of one company that des-
~gnatedthe tooi-room attendant to be the internal auditor. T h ~ person
s function. th~sattitude will liliew~seinfiltrate the organization. An audit
reported directly to the president 01 the company. The person was
knowledgeable about the processes but had no direct mtluence on the
quality of the process. All the plant personnel knew the tooi-room
attendant. The company president asked the tool room attendant to
observe operations, interview operanons and support personnel, and
wnte up findings based on the observations. These observattons went
directly to the president of the company. Personnel responded well to
- the situation.
I manage our Internal audit program m addit~onto other related dut~es.
My arrangement is to have 80 to 100 engineers, operators, buyers,
matenal planners, and so on perform one audit per year ~naddit~onto
their other dutles. T h ~ leaves
s a great deal of p l m n g , evaluatmg, and
so forth in my hands, but it provides a w ~ d range
e of perspectives from
the auditors.
The justification for resources is based on the audit pro,omm schedule.
The audit program schedule should be based on internal orgmzat~onai
needs and external requirements, such as regulatoq and I S 0 require-
ments. The audi~program manager should ensure there will be sufficient
resources to conduct the quantity and type of quality audits required. If
there are objections to the amount of resources needed, then mana,oement
should reassess organizational needs and external requuements.
3. MANAGEMENT'S RELATIONSHIP
-
TO THE AUDIT FUNCTION
A n audit program is an extension of the management function. An audit
should identify wlth systems. not with people. Support by senior manage-
ment heips the rest of the organlzatlon keep a positive attltude about the
audit. When management emphas~zesthe importance of the audit function h
and its usriulnsss to ths organization. that attltude permeates the entlre
orgmization. If management fears or resents the Intrusion of the auditing
program set up to collect worthwhile information provides management
with two primary benefits: -
i . Verificat~onof on-~olngsystem compiiance to requirements
2. Identificat~onof improvement opportumtles within the
organtzatlon
Management's responses to audit results are also important. If obtaned
data Improves the management system, the employees will see the bene-
fits. T~IEis especially uue in an internal audit program, whlch helps a com-
pany Identify its own weaknesses before customers or others do.
On the other hand, if an auditor or management focuses on the people
being audited rather than on the processes or systems, the value of the
audit program can rap~dlydeciine. Rarely is n o n e mdivtdual's fault when
there are many audit findings or when system implernentaoon is poor.
System structure is often the cause of such problems.
e audiilng a company that I had visited many tlmes ln the past,
. I noticed coldness and unwil~mgnessto cooperate on the part of
many of the employees. I had found these same employees to be very

friendly and cooperative during pnor audits. Finally, somconc con-
fided to me that results from the prevlous audit I had performed pro-
v~deda basis for employees' performance appraisals. Although I tried
lo discuss the situation wtth the manager of that area. he Insisted that
pertormance apprxsal was a proper use of audit results.
~..Z
One auditor's reaction to i h ~ sdilemma was to state in the audit
rcport that this was an inappropnate use of the audit results and that
corrective actlon elimmating the practice ot using audit results in
cinployee pertormmce appraisals was required. in another cllse. the
auditor d e c l i ~ l ~fuiiire
d audit assignments in that p3rt1cuI~irdepdrtinent.
.-.-3
~..
-5-5
4. CREDIBILITY OF AUDIT FUNCTION
A credibie audit 1s a meaningful audit. Competent indiv~duaiswho gather
and handle all intormation pertaming to the audit 111 an unbiased and eth-
ic~! manner provide a credible audit. An audit group should be structured
so that i t does not report directly to the manager ot the funcuon being
audited. blanaeement !nust use the audit results appropnarely to establish
and malnrain the credibiiity of the program. The misuse of audit results or
l';~ilurcto inltlate corrective actions will erode the credibility of the audit
program regardless of the performance of the auditors.
Using a knowledgeable, experienced, skilled, capable, and well-
trained auditor is the most effective way to enhance the credibility of the
audit function. Becoming an ASQ Certified Quality Auditor 1s one way for
an auditor to demonstrate competence. The use of unqualified auditors
who possess little knowledge or who do not have the ability to asslst man-
agement in maf;ing good decisions or lmprovmg a process can discredit
the entlre audit process.
am familiar wlth the attltude of one company in choonng members
for its Internal audit group. Rather than selecting its best employees
and training them as auditors, this company uses the audit group as a
means of relieving its worst employees. These people are exactly the
wrong ones to be in that position.
...,%.
=;<.I
i
t
A good auditor does not have to be an expert In the area being
i4
7
audited. The auditor does need to be knowledgeable in the discipline of
quality auditmg. The auditor needs to have an understanding of what is
e being observed. At times, an auditor must be able to grasp that under-
1
4 standing in minutes. If the auditor needs help, helshe should ask another
member of the audit team to verify an observation or to assist in other
4! ways.
Auditors need to be able to cormnunicate effectively, both orally and
1 In wnting. A large pan of the job consists of interviewmg. A good auditor
must ask intelligent. proper questions and listen attentively. Part 111 of this
4f!
handbook discusses interviewing techniques.
An auditor nerds To-be tactful-and offer feedback in a positive, nonin-
tim~datingmanner. An auditor needs to be especially considerate of an
auditee's employees. The audit process IS disruptive to daily operations
-
j
and can cause inconvenience for employees. The auditor shows sensiti\'-
ity to those being audited by st~ckingto the proposed audit schedule and
?i
not retaining employees ihroueh the~rcoffee or lunch breaks. If people see 'K.
j ihc audit process as a nuisance. they are less likely to cooperate. and the
auditor runs the nsk of being unable to complete the assignment well or
t
!
I / As an auditee, I had recaved an audit agenda for a third-party audit
4 The first Item on the agenda was a quick plant tour. However, as we
4 started the tour, the audttor requested to see a c e r t m area of the plant
i
1
not scheduled for that audit. As we were about to leave the area he
s a d , "I know it's not on the agenda. but I would like to ask a couple
I of questions here. It won't take long; I don't want to get off schedule,
I
!
but I'd like to start here." A day and a half later, the auditor was still
in that area ashng quesuons. He never audited another department in
- the entire facility.
An auditor i m s to keep the credibility of the audit funchon on a hlgh
plane. The auditor does thls by loohng at information ob~ecUvelyand
avoiding eUucal conflicts. An auditee must vust that an auditor will not
divulge proprietary mformation to competttors or other outsiders who can
use it to their benefit. Even ~ntemally,auditors must be careful to m a n t a n
confidences. This is especially true when the locations or departments Audit-Related Cost Savings''
report to different management.
The credibility of the audit function is enhanced if the role of the audit Audit Program Yearly
function is communicated and understood by a11 stalicholders. Fear of the Expense Cost' 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Net
audit I'uncuon will reduce its credibility. The credibility of the audit func- Saianss $57 ($60)
tion is enhanced if the auditors act professionally and the program is pro- lnduect
fessionally managed. The audit function should be managed arid nude Overtime
accountable the same as other functions withtn the or~anlzation. Frmga
Subtotal
5. LINKAGE TO BUSINESS PERFORMANCE Oumde Ssrvrceb
Ma~ntenance
Just as an audit program's mission should be linked to the organizat~on's Supplies
mission. thc audit p r o p i n ' s results should be linked to the or~anization's Genemi Supplrcs
nceds. L m h g rcsuits to needs dcmonstratcs that the audit program rec- Travel
ognizes and is committed to the organization's success. It aligns itself with Office Supplieb
thc business pu~poses.One method of linking audit results to Issues that
Subtotal
affect tile organization 1s to group benefits in terms ot cost savings. nsk
reduction. and increased opporrunity." Depreclauon
Rent
Cost Savings ~ubt&ai
Audit-related correcilve action may produce savings by:- Gross Operating
Lowenng cost per unit. per servtce, or per entry Exoenses
'* In thousands of dollars
Lowenng daily expenses
Reducing working capita! requirements Figure 13. Sample auto program contributions.

Lowermg capital espenditure Risk Reduction

Such organizational savings offset some of the cost of supporting the
audit program. The total saving, then, is the net of the savlngs produced
iess the cost of the audit program.
Figure 13 illustrates the program cost and savings accrued from audit
activities. Thls is an illustrative sample only. Details regarding particular
savings vary from company to company and industry to industry. The
sample shows that the audit program saved the organizahon $236,000
over the cost of the audit program's expenses. Distilling the savings fur-
ther, some lnternal audit programs may subtract costs incurred by the
nuditee, such as preparation time, lost productivity, and corrective action
tnmation. It ail depends on what numbers best measure audit program
progress or contribution.
Audit programs should avoid equatlng thelr value wtth only the costs
saved. In some cases, cost savlng is irrelevant because the organization
seeks to reduce nsk, such as the nsk of noncompliance to a law, regula-
tion, or standard. For instance, organtzations requxed by government reg-
ulation to have an IS0 9001 registered quality system to reman in busi-
ness cannot refuse an audit of a thud-party registrar slmply to save money.
Risk reduction in terms of safety, health, and envuonment concerns 1s
another way that audit programs contribute to business performance. Audit
results may reveal risks to the orgmzauon's wealth or well-being. Auditing
may reveal situations that could result in fines, legal violations, negative
publicity, or customer loss. In some cases, audiung 1s needed to provide pos-
iuve demonstration.of due diligence w i h n the framework of legd relations.
, 8 .,. , I ..,... . n,.:'..,...
.i llilll .,,..... iii
Increased Opportunity
Identific3tion of opportunities is of significant interest to mandgement and
a potential audit-related contribution. The results of the audit and subse-
quent follow-up actions may increase the organization's opportunity to
develop new prodocts, open new mxkets. add new services, or increase
services or production capacity.
6. LINKAGE TO CONTINUOUS IMPROVEMENT
In thi: 1970s. the principal locus ofkiudits was to attain compliance. Today,
companies are shifting their tocus from compliance to customer satisfac-
tlon. Ivlany firms see this as an operational imperative. Fewer and fewer
orgaiiiuilolis tsei cornpletcly at ease with their current customer relation-
ship. Listening to the voicc of the custo~nerand acting on that rntelligence
lo dc'b'elop new products becomes a necessary marketing strategy."
Definition of Continuous Improvement
Co~iirri~ro~is
IIII[JIUI.LWIL~I~~
IS a quality philosophy tbal assumes that organi-
zations can al\vays make improvements. In The Chirige Age!irs' Hniid-
book. liutton esplains. "No rnattsr how much improvement has been
accoinplished. there are always practical ways of domz even more with
less-providing ;In even better product or service at the same or iower
cost."" The marketpiace is constantly shifting. Continuous improvement
alio\ss organizations to meet customer needs and remain competitive.
Continuous Improvement in t h e Audit Program
When management looks at the data collected in audits, they can begin to
analyze the data and act on the conclusions. Thts anaiys~sof causes, cor-
rective actions. and preventive actions provides direcr~onfor audit pro-
gram improvements. In Afler- the Qiinlin. Audit, Russell and Regel provide
some concrete techniques to integrate continuous improvement into the
audit process, including:
Estabiishmg teams to lmpiement opportumnes for mproved audit
service performance
Providing tratnmg and resources to aswst introduction and
implement indicated changes
Deveioplng an audit program saucture that supports future
anticipated demands from tile customer, market, regulatory
agency, and other external and mternal requ~rements'~
Continuous improvement is an ongotng process. The audit program
never finishes making improvements. The successfui implementation of
one improvement simply flows into the next investigation.
Within the audit organization, the audit program provides the seeds
for change and the continuous improvement process. The audit program
serves as a pnrnary source of corrective action input. When the audit pro-
-
gram becomes trusted and credible, employees may share information
with auditors that they would not typically share with management.
Employees' candid suggestions. ideas. complaints. and observations are
invaluable to continuous improvement.
n a small rnanufactunng firm, the general manager coached the truck
dnvers OII observation techniques. The transportallon supervisor
debnefed the dnvers after every delivery. He asked for observations
<hat supported other marketing information and potential opportuni-.K-
ties for improvement. The delivery routine was one inore source being
cultivated for ~nformationon competltive advances. This same com-
pany act~velyencouraged all employees to forward observations oil
improvement opportunities and listened to and acknowledged each
observation. Management exhibited a uniform posture about external
and internal observations made by its employees.
The audit also provides an unproveinent support network. An or,oaiuza-
non may welcome corrective acuon and fully intend to complete it, but it may
fail to unpiement Ule action. By provtdig support throughout the correcnve
acuon process, the audit pro,- can promote process completion while
-
z m g msight i r o how correcuve action helps or htnders the orFuzanon.
In a semce orgmzation, day to day fire-fighung ieft little time for
focus& on corrective action. After experiencing significant numbers
of nonconfonnances, management started to see a pattern of common
cause. Then management directed that a root cause anaiysis be used.
The actions determined and impiemented significantly reduced cus-
tomer complaints. The comment by several managers after the
actions were complete was: "We should have done Uus years ago."
 7. EVALUATION OF AUDIT
PROGRAM EFFECTIVENESS
Penodic evaluatlons of all audit programs and audit teams causes
improvement opportunltles to surface. Audit programs are evaluated
through periodic management revlews. Management can review records, Audit Service Value-Added
Pertormance Pertormance Contributtons
annlyze performance, or appom an Independent audit team to review
audit results. In the case of a rnultlsite company. auditors from another
iocntion can come in ~nnuallyto audit the audit team. This evaluation
could mcludc:
Observing audit trams periorm an audit' - -

Examining auditor traimng records and audit schedules

Looking at sample audit results. corrective actions. and follow-up
actlvltleb to see it the program is worklng as lntended
Additlonu1 data can be collected by asking an auditer to rate audit
tram members in ihe areas of:
lntervlewing skills
Interaction with personnel
Reportmg resuits
Cntical revlews by peers, subordinates. and superiors provide exceptlonal
opportunity for growth and matunty. While it may be slightly unpleasant
to those being reviewed, it also helps keep things in perspective.
One auditor I know very well sald that after a pan~cularlysuccessful
senes of audits, his ego was startlng to inflate just a little. He was
help~ngto identify and solve the problems of the corporate world. Key
people were gettmg exclted about quality. Actlon that would change
the way the corporation was W n g were becomng common. His
ego qu~cklydeflated, however, when he bragged of his accomplish-
ments to hls wife, who s a d , "Well, that's nlce dear. Do you suppose
you could do something about the leak m the toilet?"
klanagemenr should treat the audit functlon the same as otner organi-
zational functions and department^.'^ There are three measures for moni-
tonns p r o p m effectiveness, as shown in Figure 14. Effective measures
ot an audit program include audit service periormance_ audiror perfo?
inaner. and value-added contributions.
bleasures are effecttve only to the exlent that they meet the audit pro-
g r a m : ~needs. An audit program must select its measures based on docu-
mented standards and obyxtives. In addit~on.11 must use data collected
over tune to accurately reflect ongoing program performance.
Audit Service Performance
Thls measure determines if the audit program meets customer expecta-
tlons. Sources of input data for managing the audit program may include:
Performance evaluatlons from audit customers
Focus groups to gather direct customer feedback
Audit-relatea loss of customer time, resources. or both
Contract term fulfillment
Quality of audit deliverables, including audit reports
An independent auditor to audit the audit program
The number and seventy of external audits performed on the audit
organ~zation'~
Auditor Performance
This nieasure assesses the competency of individual auditors as well as
consistency arnonp team members. To apply the measurement. manage-
iiicnt cuuld:
Observe auditor performance dunng an audit
Revtew customer performance evaluations
R w e w :~uJitclcii\wabies
Etlipioy ;ui ~ndependentauditor to evaliutc auditor techniques
4ppraise general auditor credennals
-
. --Eraluauon of 1he.adrquacy and eH'ecttveness of the qualily system
Value-added Contributions
This melisure looks at how the audit prograiii nnprovcs thc organizar~on's
busriicss performance. To apply tiic measurement. manageinen1 could:
Comparc planned completion of correctwe actton to actual
colllpletloll
Tmck the number and severtty of noncompliances issued by
?sternal audits
Plot the corrective action from the initiai performance level
through the stated perfomlance goal
Determine the degree to which planned corrective actton is
effectwe the first time
Ident~fythe number of "recycled" corrective actions that failed to
address root causes the first time
Identify the number of repeat problems due to the same cause
D e t e m n e the benefit of corrective actlon
8. SUMMARY OF AUDIT PROGRAM
RESULTS FOR REVIEW
In ninny organizations, the audit program is a key preventwe eicment in
the overall cost of quality. In these organizations, management has a
vested interest in the audit program's annual results.
According to ANSVISOIASQ Q9004- 1-1994: 6.3 Reporhng:
"9'lic lin:tnct;~i irporttn: ol qu:~Iity ii~t~vities
should he rc:uI:irIy pro-
vlded to and monnored by man;i:emsnt in order to promle for an:
identilicauon of addiuonal areas requmng attenuon and mprovement
Establishment of quality and cost objectives for the following p e n ~ d : ' ~
.4udit program management should address three main questions in
its annual summary.'Vhe first question is: Huw did t/ze nirdit depnrnitrr~r
ro~lrrib~cre ro rlir orgorumrion lnsr \ m r ' Manapement wants to it no!^
wiut the audit program contributed lo the organtzatio~l'sbusmess prrfor-
iiiancr during the previous period.
The audir program should nor attempt to address this question directly
betore; the review. It must compile and define program contributions
throughout the resiew penod as discussed in sectlons 1, 5 and 7 of this
chapter. Figure 15 summarizes the actions described in each section. These
Delinc audir m o p m D~Aincways that audit Define and apply rncasurcs
objectives barred on rhc actzri$i~s ro evamare the audii

Benchmark audit performance against other eompanles in the

oipnmuon r objectives.
-
Reduce coiic
increase opponunlties
Reduce nsw
~ r o g m m ' reifcenvcness.
tnctudin:
A u d i t service performmce
same industry .Auditor perfommce
Value-added conmbuuonr
Plot measures, such as types of customer complmts, warranty
costs, and scrap and rework costs, and compare trends to audit
results Figure 15. Audit result linkages
;ictlvlties secure nieanmgful data. The data drive the management sum-
mary. Thc audit program direction comes from the analyses of the consol-
idated data. The significance of the audit program and trends are denved
lrom the analyses. Typic:~lly,the significance and trends reflect areas of
strength as well as pomts ot vulnerability in the program. Therefore, the
wdit program annual conrriburion to the organization is the result.
Tlic zccond question is: llllrar will rhe rrirdir orogrnrn co~zfribf~le to flze
o~::rr~r~:cir~ori IILW ve(fr7 Based on historical trends. the audit program can
I-ecomnicnd futurc audit activity and define its intended benelit to the
orgxtimitton.
The rhird quesrion is: I s illere n17vtlzrizg trimzngei1zerzf siroirid k~lolvro
rr~~oirlJimrrr risks lo [lie orgatifzafiorirs iveolrlz? The audit program should
identil!. porentia11s crltlcal intonnatlon. such as regulatory changes or
defunct programs. and include them i n the summary report.
T p c a l l y . the audii program's s u i ~ ~ m areport

i ~ ~ t ~ h i i.Acconipnn~ing
ig.
q 1s one of many that
conipews lor iii:in:igcnietiL n1ten[ion. It inlust bc conctse. accurate. and eye-
graphs. matnses. and clam summanes must cap-
-
-8-
Audit-related cost savings

Cost o t audit program

rurc ;utd locus attentton on the issues. Fizure i6 provides two samples that
can enhance the summary report. Graphs such as these allow management
to appreciate the value of the audit prosram at a glance. "Expectations are
what people buy. not things."?" .

9. LONG-TERM AUDIT PLANNING

.
Long-term audit plannmg completes the loop in audit admin~stratlon.The
process begms with defining a mission statement and establishing ObjeC-
tives. From the mission and objectives flow the audit program and its
boundmes (scope). policies, and high-level procedures. These documents
guide daily actwlry. The process ends w ~ t hionpterm planning. The pro-
gram patrols the boundmes and ensures that the policles and procedures
still make sense before the process proceeds.
The itlalcoi~rtBaldrfge Narionni Qualiiy Award 1998 Critenafor Per-
fonnarlce Excellence states that the role of long-term or strategic plannmg
is "to align the work processes w ~ t hthe company's strategic directions, First Second Third Fourth
thereby ensuring that improvement ZUId learning remforce company pnor- Qtr Qtr Qtr Qtr
it~es."~OThe cntena outline the steps involved in strategic planning, wlth / O Number of Internal Audit Findings
I
three steps especially important for the audit program.
Step i: Ide,zrfi cnfomnt~ontlzatarniiglrt afect rlzeprogron~Sjirhrre oppor-
rimiries and directtor~s.Arret~~pt
lo rake a s iortg a view a s ispraclicable. This
'.%.
:.
I
....,~
I3 Number of External Audit Findings

Figure 16. Charting results.

..
.-
 i

Who are our customers?

Customer-Reiated
1 i.3
\Vl~;itdo they need 2nd want?
* How are we doins in therr eyes?

Auditor-Related

-- f-low a1.doewcthedoing
\V~;II
Wlial
.. .;ire
they
auditors needs and concerns'?
need to do a g r ~job?
~n tlicir eyes'!
~t

- Who 1s niabng r u l effort?

a
How do we say thank you?

Organization-Related Auditing often 1s i; function of an organization's quality department.

How does the organlzat~on'sstructure support what we ore trying to do? although it may also reslde in the manufactunng, operattons, compliance.
\ V h t o s ~ i l n ~ ~ i l issues
i~~i~ i ~ ulliiiiat~-Iy
will l affect us ie.2.. new product or technology department. Regardless of where the auditlng function 'K.

lines. new hus~nessrisks. new manqement structure^? resldes. 11 must bc ( 1 ) independent ot the audited areas. i l ) supported by
1-low can we niak better usc of rnanngrnlent experience and support'? management. and (3) deployed pos~t~vely.
How cm we help management improve'? >lanagemen[ of the audit function includes the foiiowlng actlvltles:

Figure 17. Open-ended questions. - Establishing a reporting relationship for the audit functlon
Establishing audit authonty, operational freedom. constraints, and
boundaries
first step provides the realistic content for strategy deveiopment. Figure 17
provtdes a focus list of open-ended questions to help with the identification Ensunng the avaiiability of adequate resources for all audits
process. Detemuning whether to use n slngle auditor or an audit team
Step 2: Define n srrorcglc direcrion. Based on lnformatlon gathered in
step 1; the audit program devises a long-term strategy to gulde ongoing Staffing and training auditors
declston rnakng. resource allocation. and program management. Establishmg procedures, processes, and cntena for an effecnve
Step 3: Pur rlie srrnregy 11:operarrorr. The audit program deveiops and and efficient audit program
deploys an action plan to make the strategy operational. Thls process
Establishing methods for evaluatmg an audit program
includes:
Establistung audit schedules
Defining new processes to accommodate strategx change
C o n f i m g audit dates and any requested changes of audit dates
Defining key measures, indicators, or both to track progress
-d Settlng pnonues for audit subjects
Communicating new strategic direction and new processes to the :
-.:
...:
...
audit team and the organization .- Reviewmg audit performance
.- -
..,.
Providing resources to support the new strategic direction, -.
Providing penodic reports to management on the status of the
including procedures, training, and incentives. .....
?.>)
quality audit program
.~.
157
 A n audit manager or audit coordinator is rcsponsibic for:
Prepanng an overall audit schedule
r'?Procedures

Budgeting resources
Assistrng with or overseerng other adm~nistrativedutles related to
Audit Auditor Audit
the auditing function
Additionally. the audit manager staffs and trams the audit department and
monitors and evaluates auditors in the performance ot their dutles. f: Figure 18. Areas requiring procedures.
8
1. DEVELOPMENT AND lMPLEMENTATlON
OF AUDIT PROGRAM PROCEDURES --
/ . Pmcess for training new m d existing auditors
Process for assessing auditor performance
Documcntcd procedures arc cnticai to thc succcss of a11mditee's quality sys- 7.3
~-

tern A procedure answers the reporter's questrons: who. what. where. when, Procedures for audit esecutron should include:
why. and how. "Documentalion of procedures is objectwe evidence that: i
I
. Process tor planning audits
A process rs defined Process for conducting xudits. to include
i
The procedures are approved - Recording and reporting audit resuits
The procedures are under change coi~trol.'.~' ! - Providing corrective action tollow-up
Procedures also allow for distribution control. ensunng that those who
need information have access to it.
- Process for rctainlng and handling audit records
-
The same ideas apply to the audit program. Procedures are cnrlcal to Process for billing audit customers, such as
I
the program's success. They promote constancy wittun the audit execu- I
- Invoicing and collcct~ngpayment from thud-party audit
!
tion. Procedures also provide a means to define and enforce intangible customers
i
standards and expectations. such as ethical behavior. - Conductrng internal money transfers for first- ana second.
!
I party audit customers
Procedure Development
Three areas typically require procedures, as shown in Figure IS. Overall, audit procedure development 1s a collaborative effort. Indi-
Procedures for audit scheduling should Include: vidual auditors should take advantage of practical knowledge and expen-
ence to develop functional, streamlined procedures. Audit program man-
Gurding pnnc~plesfor developing audit schedules agers should use their strategic perspective to direct the audit program and
Focus areas for auditing
Process for creatmg an overall penodic audit schedule
Procedures for auditor mmtenance should include:
-q
.**<
..- 7
.
,,
-

.-.
ensure that appropnate procedures are established and maintained.

Procedure Implementation
General auditor qualificat~ons
21
--. .
For successful procedure implementation, the audit program must com-
municate w ~ t hthe auditors and the organization. Each auditor must
Standards for e t h m l conduct
.-..~
-.
understand the ~mportanceand proper use of procedures. Members of the
-- 1
organization should also have a general understanding of audit proce-
Process for selecung and approvmg new auditors ... j
-.:
dures to avo~dconfusion.
 .-
:
:

To conipiete u procedure's implementation, audit program manage- 3;

ment ~ h o t ~ schedule
id a follow-up audit to verify the procedure's effec- 3 ~

tiveness. If a procedure faiis to faciiitate an audit process. modify or --.:!:

rcpiacc it. =T
-
1 ;
2. DEVELOPMENT AND IMPLEMENTATION
OF AUDIT PROGRAM SCHEDULE 2 ~

When schciluling an :ludit. tin audit proznun iiianazer typic:tll! identifies

1-
[hc' clicm and thc clicnt's I-equircmcnts and ohtuns initi;il tiiformation
about the auditrr. The audit p r o g r m manager may also selea the audit-.
tcam cotten with reconmiendations from ihe lead auditor) and identifies
other resources needed. such as :I technical specialist or consultant. Audit
program management should issue an audit program schedulc and update
thc schrdulc as changes occur. Many audit organizanons issue schedules
~~nnu;illv. semi-annually. or quarteriv. The auditee tacility should have a
cop). ol the plan in advance. sho\\:in: the tiiiie pcnod t\vrr!i or month) that
an audii will occur at the site.
Some audit prosram managers ds\.elop schedules using a horizontal
and verticni audit strategy. A iiovl:onrol i d i i is an audit of one system.
sucll ;IS trainin:. across several departments. A ~ w i l c di d i r I S ail audit of
scvcral systems. such as testing. test equipment. test status. and noncon-
formance~,within one department.
To develop a schedule, the audit program uses three process steps. The
first step ts to identify auditees. With lim~tedresources. the audit program
must determine w h ~ c hareas warrant scheduled audits. Some areas may
need an audit each year. Others may require an audit to mantatn registra-
tion or satisfy a regulatory requirement. Still others may need an audit to
monitor new products or processes. There shouid be some type of defined
rationaie for developing audit'schedules or audit program plans.Y' The
rationale may include factors such as routine check, regulatory or registrar
requirements, changes to processes, new product or service introductions,
previous audit resuits, or reported problem areas.
The second step is to assign available resources. The audit program
must assign available resources, particularly a team of auditors, to execute
requlred audits.
The third step is to schedule individual audits. The audit program has
to organize the required information to schedule activity for the upcoming
year. Figure 19 shows a partial exampie of an audit schedule of a services
organization.
 To implement an audit schedule. the audit program should notify Examples of long-term records tnclude:
auditees and auditors of the upcomtng schedule and update and redistrib- .4udit notification letter and audit plan
utc thc xhedulc ab changcs occur.
Blank checklists
3. AUDIT RECORD-KEEPING REQUIREMENTS Audit report and cover ietter
The auditlng organmation retains all audit documents and records by Response from the auditee
ngrcc.mcnt between tllc client. the ;tiiditrng organization. and the auditee. Follow-up audit or verification results
or i n xcordancc with any regulatory requirements. Auditors should adopt
re:~sonableprocedures to ensure the safe custody and retentton of workng Closing letter
- . - .
papers for a perlod of time sufficient to satisfy pertinent legal and admin-
istrative requirement^.^' Short-term Records
Properly re~iunedworking papers, reports, and other documents from The length of time to keep short-term records vanes from organization to
an :tudit hcilitnte tutore audit planning, review of audit work. preparation organizarlon. Some may keep short-term records until the next audit, auto-
of reports on thc wofk of audit depmments or groups. and proof of com- matically destroy r?cords after a specified itme penod, or keep them for
piiailce with ;luJit stand;trds. Retain compiere reports. including supple- three years due to the recertificat~oncycle and other rationales. Short-term .,
~nenialdocuments. ut least until the nrst formal audit is complete. When records inciude:
;I penod of certilication IS involved (typically three years). tt may be Coptes of auditor qualification records
;~clvis;ihlcLo retaiii audit records until the next certification penod. Tl~is
Cotilpleted checklists I workng papers)
provides evtdence that the findings ot an earlier audit have been identified,
corrected. ;md mainraincd.14 Documents and records obtalned from the auditee
Audit records are rnatntatned primarily as evidence that the quality
program has been evaluated and, secondarily, to sliow that the audits were
. Additional correspondence
pianned. conducted, and reported according to established procedures. The organizaoon responsible for conducung and reporttng audirs
Included in the category of quality records of the audit system are audit should malntatn the ongtna1 supporttng records generated dunng the audit
schedules. audit plans, audit reports, compieted audit checl;lists, auditor and used to prepare the final report. In all cases, label official audit records
qualification records, and audit follow-up record^.'^ and documents to be retained. The retention tlme for the audit files should
be conststent wttn organizanon policy and legal requtrements.
Long-term Records
Audit records are classified as elther long-term or short-term records,
depending upon [her use and the length of time Uiey are kept.86Long-term
record retention practices, vary, depending on organizational needs and
product or operation risk. It is a good practice to ask the general counsel
of an organization what the required length of time for record retention
should be. Auditors in regulated mdustries, such as pharmaceuhcals or
nuclear power, shouid check with Uleu legal staffs or contract admimstra-
tors.s7 Often, these records are lifetime records that need to be retained for
the life of the program, product, devtce, or Fdcility.
 I QUALIFICATIONS
While a formal post-srconckary education and pre\.lous work espenenck.
are helpful for those deslnng to work as quality audilors. audit~ngis a
learned discipline. An auditor's qualifications result from a comblnatlon
of forpal education. traning, onentation, expenence, contmued protes-
sionai study and worir. passing exammattons. a good performance record.
and acceptance by peers. subordinates, clients, auditres, and employers."'
!
1 Education and Experience
i Quality auditors should have n cornblnatlon of work experience and edu-
ii cation. Authontles such as the Amencan Soclety for Quality (ASQ), the
Reg~strarAccreditation Board (RAB), or thelr own organlzatlon qualify
i
! auditors. One method of proving qualification is to become an ASQ Cer-
tified Quality Auditor (CQA). To become a CQA. an auditor must have
'. '!
experience in one or more of the areas identified in the quality audit Body
of Knowledge, at least a high school education, and a commitment to the
.- ASQ's Code of Eth~cs.In the past, auditors usually had a general back-
.-~ ground in the quality field. Today, many quality auditors have diverse
...--+i.
-.-
..-..
-.
&
. backgounds and advanced t e c h c a l degees or have service industry
..
.:
~I-
degrees m areas such as hotel management.
-.

Interpersonal and Other Skills

. .-.
Re~ardlessof educahon or ~aming,an auditor who lacks c e r m interper-

.:1
~ . .

. .. '
sonal skills will not be able to conduct an effechve audit. Good commumca-
tion skills, both oraland written, are essential, as are excellent listening skills.
 Auditing methods include listening, questtoning, evaluating, judging,
recording. plannlng and controlling an audit, administering, leading,
supervlsmg, and dcc~sionmaklng. Interpersonal communication skills
such as tact, adaptabiiity, and the ability to analyze evidence and draw
concius~onsfrom i t are especially important in auditing.Y"Anauditor often
must cnticlze other people's work or at least question the validity of soine-
one else's actions. Tact helps. Furthermore, an auditor must be able to
hmdle situations where conllict 1s immrnent. These skills. taught to peo-
ple. necd considc.ruDle exercise.
- - An auditorn~ustbe able to understand the technical materials presented
during an audit. Depending on the compleslty of an audit, the auditor must
be able ro ask problny clucslions and get to the heart of the problem.
AnaIyt1~31skills are essential to gathering and syntheslz~ngaudit
~nfonnation.According to ANSUISOIASQC Q10011-2-1994: 7.0 Per-
sonal Atrributes. food a n a i y t ~ c skills
~ i inciudr:
Perccwmg siruattons reaiistlcally
- Understanding complex operatlons trom a broad perspective
Understanding the rolc of individual units within an organization*
Personal Traits
Auditors require certain personal tram to complement a strong skill base.
Specifically, an auditor should be:
Independent
Systemat~c
Trustworthy
Perststent
- Positive
Cunous
Open-mhded
Mature
- Tenacious
Patient
An auditor must be able to present a case clearly and concisely. Audi-
tors do not make assumptions; they verify evidence. An auditor should be
unbiased, never going Into an audit loo'hng for something specific ( h ~ d -
den agenda) and trying to prove it. An auditor also needs to realize how
far 3 team's authonty extends and should not exceed that authority. Audi-
tors develop most of the necessary lnteipersonai and other skills through
experience and training.
Based on dearly deiined quaiificanons. the audlt p r o p m mana,oer musr
select competent auditors. Russell and Regel's .43er rlie Qrtnliry ~rrdit
stresses that rhe people selected to perform quality audits should be the o r p
nlzatlon 5 best people.Y1Who the "best" people are, however. may differ from
0112 audit w o k assignment to another depending on theu backgrounds.
Vr
epmment of Energy nuclear facility, the contractmg operatlons
company used senlor managers from other nuclear facilities as man-
agement self-assessment auditors. These senlor operations manazers
were extremely skilled at tdentifying the significant safety Issues facing
the operatton managers of the faciliues. The self-assessments identified
s~gnificancissues, and company management addressed them in a very
timely manner. The operations managers perfornung the management
self-assessment were on temporary assignment from thelr normal oper-
ationai dutles.
Audit management musr consider a variety of factors for a particular
audit assignment to secure an auditor with the most appropriate skills.
Figure 20 summarizes some of the key factors.
Even with well-defined auditor criteria and a well-defined work
assignment, selection of individuals to be auditors may become arbitrary
without additional structure. Figure 21 outlines features w i h n sample
procedures that may be used to evaluate pparClcuiar auditor qualifications.
The results of the evaluation & selechon shouid be recorded and com-
municated to auditor candidates as quickly as possible.
 Work Assignment-Related 3. TRAINING AND RECERTIFICATION
Conducting audits against quality system standards, lor hudwarc. An auditor must have training to ensure competence in audittng skills,
softwtlre, process or s e n x e industries. related standards and regulations, general structure of quality assurance
Servrce or product type and its associated reguiatory requirements ce.g., programs, auditlng techniques, and other work specilk skills. Compe-
health care. bod. or nuclear devices) tence can be developed throuxh the following methods:
Audit Team-Reiated
- Audit team stze
Audit te~rnskill uolnposuron
Orientatton on relaied standards
Inlplementat~onprocedures
- .
Audit tcatn leadersl~~~~re~~urrem~e~ts Trainmg programs on subjects related to auditing
Auditor-Related On-the-job trainlngy2
Profcsslonai cjualiticarions or technical espertrse requlred in a pxttcular Auditors should maintain therr technical competence through contlnu-
discipline
Ing educatton and current relevant audit~ngexpenence. ANSLrISOIASQC
Personal skills rcqulred to deal wlth n specrtic auditee
L:lngua:e skills requrred Q 100 1 1-2- IC)% sussests traintnz wtth subsequent esamnatlon in staih
Redl or pcrce~vedcontlict of interest d u d s used wlthtn the audits and audittns techniques. In additton, audit0r.i
and irad auditors need management siiills."'
Figure 20. .Assrgnrnerlt consrdemtrons. Compan~escan oEer an organtzation-wtde c e d i c a t i o n prosram for
all auditors that ~ncludestrainins. Recognition and certificates lo tdentify
auditors approved according to the company's standards prov~desposttlve
feedback to the auditors. An auditor needs tratning in:
The standard to be applied
To evaluate education
Objective evidence-gathering
Review the candrdate s written work.
Obtatn evldence (such as an exam administered by a natlonal certification Interpersonal relations
body) that the candidate has the required knowledge and skills. Auditlng methodology
Admlnrster a separate competency exam uslng a company scenario.
Auditors should be trained to wnte audit obser\,atlons on the check-
To evaluate experience lists and notes used by audit teams as well as to gather evidence. At least
See&Outslde confirmatron of the candidate s expenence level one team member should be Familiar with the department operation or the
Interview the candidate to assess expenence in detail. scope of audited activities.
To evaluate personal skiIIs and traits A lead auditor usually has more expenence, may be more highly
If available, cons~derinformauon from prevlous employers and colleagues. trained in the applicable audit standards, and may have more training in
Interview the candidate to assess work style and personal styie. conducting audits. Policies and procedures defining the qualifications for
Perform role plays. lead auditors often require a certain number of years of expenence or per-
Observe the candidate worhng under actual audit condiuons. formance of a specific number of audits before promotion to this level.
Admlolster a personality test. Auditors should be recertified. Continuing thwr Gii~lmghelps auditors
maintain skills and. howiedge. Training may lnciude a refresher course
Figure 21. Eva1u:irion considerations. periodically. The refresher course, coupled with experience in performing
audits. is a reasonable expectation. Such requirements help an auditor keep
up ~ t t changes
h in standards.
Training ensures that auditors keep current on the organization's pol-
~ c and
y procedures in auditmg tcchniqucs. Audits provide a learnmg oppor-
tunity lo help an organization improve its operations continuously. Audi-
tors should likewtsc strive to improve their perfonnancc continuously.
Continuing Education Resources f o r Auditors
The field of quality auditing changes. Auditors must stnve to keep abreast
of changes and trends. Quality auditors must embrace current technology
lo avoid beconmg Iiabilitrcs rather ihan assets. Committed quality pro-
tessionais Increase their knowledge and Improve their skills throu:R con-
Linurng education. The ~ollowingare contlnuin: education resources:
Rc.ading tcchnicul literature taudiiing-rclated books. newsletters.
and periodicals)
Reading case studies
Readins research papers
Attending seminars and classes
Participating in professional oganizations
Consulting with peersv'
Attending the ASQ Quality Audit Division annual conference
More colleges and univers~tiesare prov~dingnetwork courses over the
Internet. This technology provides easy access to courses in remote loca-
t~ons.Near-realtme communmtions can be arranged?'
Many continuing educationopportunitles are available through the
ASQ. The Quality Audit Divlsion offers annual tutorials to reflect current
events and trends in auditing and holds a quality audit conference to
expand auditorsi knowledge in quality and related fields. Many other
orgamzations offer correspondence courses in standards and quality man-
agement. Continuing education requires attending conferences or taking
formal courses. Books and magazines are also available to expand an
auditor's knowledge.
The ASQ requires an auditor who has passed the CQA examination
and has been certified by the ASQ to recertify within three years. This can
be accomplished by earning recertification units (points) and retaking and
passing an examination. An auditor must collect a specified number of
points in a three-year penod to remain certified. Points accumulate by
attending regular ASQ section meetings. Points are also awarded for:
Completing additional course work
Being employed in the field
Wnting about top~csincluded in the Body of Knowledge
Attending or leading seminars or training sessions
- Recertification encourages auditors to remam in touch with ihe audit
cumculum and maintain a professional level of expertise. Some compa-
nies have additional tralning anci qualification requirements for members
of their internal audit functions.
Many opportunities exist for auditors to learn about the technical
aspects of quality. Pnvate consultants teach auditing courses and do on-site
auditor tramin:. More colleges are teaching statistical process control h.
courses. and courses related to auditins are part of the cumculum at some
technical schools.
Audirors may benefit from staying abreast of technology outside the
field of auditmg, as specified in the Certified Quality Auditor's Body of
Knowledge. For example, auditors may take courses in-leadership or com-
puter training classes. They may brush up on their facilitation and presen-
tation skills, public speaking techniques, and time management tech-
niques. All enhance auditors' performance and professionalism.
Auditors are better qualified and better trained than ever before. Con-
tinuing education opportunities for auditors, once scarce or unheard of,
are abundant and diverse. In the twenty-fxst century, management can
expect to reap the benefits of properly performed audits by exceptionally
well-trained personnel.
An informal type of internal continuing education is networ'litng with
other auditors. Team interactions can play a vital role in ensunng that
auditors follow unified policies and perform s~milady.Auditor discussion
groups can review unusual situations, findings, or problems encountered
dunng an audit. The entire team can benefit from the experience and gain
new skills and insights. Such discussion promotes:
Team spint within a department
: Open eommunicatlon
Unifomty of auditing practices
Some auditing departments plan weekly meetings to accomplish this
growth. They may even keep minutes of the meetlngs for future reference.
AII such discuss~onsiilust remain witiun h e department. Outsde discus-
sion is uncih~caland comproinlses a department's mtegnty.
Auditing is not a stagnant process; it is a continuous learning expen-
encc. Thc aim of the auditor should be to:
Stay currenr with product processes
- Cuiilosm LU chanprs in grneral auditing standards
ivlcct the ever-changing necds of manazement.
Internationalization of Businesses
As nudiung h:is become lncrenslngly global. many auditors are findirig the
ability to speak :I second language to be essential. The auditor shoi.11d be
ztble to use tactics that easc cuiturai differences. such as:
Employing an interpreter to tacilitate an audit
- Fmili;mz~ngh~in/herselfw ~ t hculturai differences that could
affect relations with the auditee
Prevent~ngseriousm~sunderstandingsby becoming acquainted
w ~ t hiocai customs
These tactics avo~dcultural differences that mterfere wlth the audit process.
performing an audit of a supplier in Japan, I worked late one
cvenlng, as was often my custom at home. When I opened the door to
eslt the ofice provided formy use. I notlced that all employees of the
company were still at ther workstaaons. The Japanese culture appar-
entiy dictated that every employee r e m m until I had left for the night.
I became embarrassed that my conduct had detained so many people
unnecessarily. Of course, I left promptly at 5:00 the following evening.
4. PERFORMANCE EVALUATION
According to ANSIIISOIASQ Q10011-3-1994: 4.5.1 Performance Evalu-
atlons. 'Xudit program management should contmuallv evaluate the per-
formance of its auditors . to improve auditor seiectlon and perfos-
mance and to Identify unsuitable perf~rmance."'~ Three steps are requlred
for an effective performance evaluat~on.
Step I : Con~rit~rrtrcnte
rspecrortor~s.A meaninghi pertormance evalu-
ation IS one that measures perl'ormance against cieai-I!. defined standards.
Audit manazement must provide consistent explanat~onof these standards
dunnz the initial- tralnlng sesslon. Proper training provldes auditors with -.
day-to-day performance expectations as well as inslght Into the bas~sfor
performance evaluation.
Step 2: El,nlnnre rite arrdiror's perforri~cr~tce.
Performance evniuat~on
should assess the competency of indiv~dualauditors. 2s well as the con-
sistency between them. against established standards. 4 s mentioned ear-+
lirr. audit management measures petiom~anceby:
Observing auditor performance dunng an audit
Revle\ving customer performance evaluations
Reviewing audit deiiverables
Employmg an independent auditor to evaluate auditor techniques
Appra~singgeneral auditor credentials
Step 3. Corm~~rizrcote
rlte atrdiror s perfornzartce. Audit management
should report performance evaluatlon results to the auditor. To improve
performance, an auditor must understand h ~ or s her strengths and weak-
nesses. Audit management should review evaluation results with the audl-
tor and they can work together on a tramlng plan to Improve performance.
Thls completes the evaluation loop. The performance evaluatlon pro-
vides a monltonng funct~onfor competency. The evaluar~onfeeds back
ways to Improve the aud~torselect~onprocess.
 [49 of the CQA exam questions or 33%]

The purpose of this part is to present fundamentai terminology and audi-

tor communlcatlon skills. and to introduce quality tools that auditors need
to understand and apply. The toplcs in this part are core knowledge for
quality auditors.
i 1. QUALIn CONCEPTS, TERMS, AND DEFINITIONS
Quality has been defined as fitness for use. conformance to requirenieni~
and the pursuit of excellence. Even though the concept of quality has
existed from early times. the srudy and definition of quality has been given
prominence only in the lasi century. Follow~ngthe industrial revolut~on
and rhe nse of mass production. it became important in the 1920s to bet-
ter define and control the quality of products. Onginally, the goal of qual-
ity was to ensure that eng~neeringrequirements were met in final prod-
ucts. Later, as manufactunng processes became more complex, quality
developed Into a discipline for controlling process variation as a means of
producing quality products.
In the 195Os, the quality profession expanded to include quality assur-
ance and quality auditing functions. The dnvers of independenr verifica-
tion of quality were primarily industries in wh~chpublic health and safety
were paramount. In the 1980s. businesses realized that quality wasn't just
the doman of products and manufactunng processes. Total quality man-
agement principles were developed to inciude all processes in a company,
including management functions and service sectors.
Over the past several years, there have been many interpretations of what
qualiry is beyond the dictionary definition of "general goodness." Qualiry has
been deined as fitness for use, reduction of vanation, value-added, confor-
mance to requirements or specifications, and so on. ANSUISOIASQC
A8402-1994 calls qiialiry the totality of features and eharaeterisnes of a
product or service that bear on its ability to satisfy given needs. Simply, q ~ a l -
iry can be thought-of as "meetmg customer requirements" or "achieving
177
customer satisfaction." Another descnpt~onof quality that takes Into account i
2. THEORIES AND PRACTICES IN QUALITY AUDITING
the customer and the prov~derof the product or servrce IS "Quality for the a
1 Audits are independent. unbmed fact-finding exercises that provide infor-
customer IS geltlng what you were expecting and quality for the provlder
(supplier) IS getttng kt nght the rust ume.""'
~

.-
A system of qlmlin: iimizrr$nnotr lncludes ail activlnes of the overall
management funct~onthat determine the quality policy. object~ves,2nd
responsibilities and the~r~~iipleitlc~ttation."~ The qiality i~iana~einent sys-
tcm IS t i i t m a n s o f i.srablishmg a c!u;~iitypolicy and objcctlves and of
achrevlns those objectives. - . - ..
Quality assurance and quality control are two aspects of quality man-
agement. Qiralit~omrrcrricr conslsts of "all the planned and systematic
~ -
acrrv1t1es ~mplemenredwrtlrrit the quality system. and demonstrated as
needed. ro provlde adequate cor~jide~~ce that an entlty (item) will fulfill
rcqurrements for quality.""" The confidence provrded hy quality assurance
is twoi'oid-inrcmaii): to mruia_u_einentand externally to customers. gov-
ernment agencres. regulators. certificrs. and third parrlrs. While some quai-
lty assurance and quaiiry control act~vttlesare interrelated, polin. cotrrwi
IS defined as "operational techniques and actlvmes that are used tofidfill
,z.c~u~reizr~.r~rsfor quality.~'"" While quality assurance relates to hour a
process is pertornled or how a product 1s made. quality control. 1s more the
rnspectlon aspect of quality management. Inspcrrorr 1s the process of mea-
sunng, exarnrnrng. and resting to gauge one or more charactenstlcs of a
product or servlce and the companson of these wlth specified requuements
to detemilne coniormlty. Products, processes, and vanous other results can
be Inspected to make sure that the Object comlng off a producuon line, or
the servlce berng provided, 1s correct and meets specifications.
Quality auditmg is part of the quality assurance function. It is lmponant
to ensunng quality because 11'1sused to compare actual conditions with
requirements and to repon those results to management. "A quality audit is
not an alternat~veto an tnspectlon operauon. . . The quality auditor may
I
-
i
3 mauon to management. T h ~ srnformatlon ~dentifiesopportunities and
34 reduces the risk of decisrons made by management. It is management's
! responsibility to r a h appropnate actrons based on the audit lnformat~on
1 provtded.
i ..The audit 1s a long-established and well-respected activity ~n the
I accounung professmn. . Because of many sunil~ntres in the acuv~t~es
-I
9
1
of the accounting and quality fields, quality professionals have adopted
the same word 'audit,' complete w11h some of the same modifier^:"^'
Quality audits emerged shortly after \Vorld War I1 and gamed
momentum when the military began issuing standards and specifications
for products. Quality auditing originally resembled an lnspectron activity
and was developed primarily in large manuhcturing Industries, such a h .
electronics, and in high-nsk fields, such as the nuclear and aerospace
~ndustrres.
Audits are planned, objective, and tndependent investlgatlons of prod-
ucts, processes. or systems. By examining documentatlon. implementa-
tion. and effectiveness. quality auditlng 1s used to evaiunte, confirm, or
verify actlvttles related to quality. "The quality audit may be a srngle
occurrence or a repetttlve actlvity, depending on the purpose and the
results of both the audit and the productkerv~ce,process, or quality sys-
i
tem concerned."'" A properly conducted quality audit IS a posltlve and
/ consuuct~veprocess. It helps prevent problems through the identification
! of acttvmes likely to create problems. Problems generally anse from the
., i ~neffic~encyor inadequacy of the concerned activity.
"All companies and enterprises, regardless of me, can benefit by exam-
inlng theu actlvit'ies and management systems. Ths applies to local gov-
I

i emment, ctvil servtce, commerce and the servtce industries as well as

use inspection techniques as an evaluation tool . . . but the quality audit manufacturing ~ndustnes."'~
$..
should not be involved in canying out any verification achvities leading to
the actual acceptance or rejection of a product or service. A quality audit
should be lnvoived with the evaluation of the process and controls covering
.
..

~.
..
.,-
-,.
j
.,-!,
- The pnncipies of quality auditing apply to any type of management
assessment. No valid reason exists for separating management auditing
the producuon and verificahon ac~vlties."'~~ Auditors make observations and . into subcomponents. Management controls the resources. The goals of
-
....
e-
report their findings. An observnrron is an item of objective evidence found quality, safety, environmental stewardship, and efficiency are all driven
.>..-. by the same set of ruies: define requirements, produce to requirements.
during an audit. Afizdinp is a conclusion of importance based on observa-
tion(~).(Refer to the ANSIXSOfASQC A8402-1994 glossary for additional ..- monitor achievement of requuements, and continuousiy improve on
terms and definitions.) -
->
.*..:. requirements.i05
..
What Do Audits Measure?
Quality audits examine products, processes, Sr systems with respect to
predeternltned standards. Within thts context. quality audits evaluate one
or more of the following: the adequacy of the documentation, compliance
lo the documented procedures, implementation and maintenance of the
procedures, and the effectiveness of the procedures to accomplish
intended objectives. Audit methods and techntques used to verify these
measurcs arc discussed i n Part I11 of this ha~~Jbook.
:\&yitnc~ is dclined as "the stnte of being suffictent for n specified
requirement." Quality audit evaluation for adequacy usually consists of
reviews to verify the sufhiency of documentation for defining work and
of records as evidcncc of satisfactory work completro~~. This typically
includus sucll irems as legibility, undrrstlu,dability. and implementability.
Adequacy alone. however. does not veriry whether work was performed
correctly unless i t is evaiuated in conjunction wtth compliance. or the
implriiientatioi~and maintenance of the documented system.
Conr/)limce refers to the affinndttve indication or judgment that the
audirce has met the requirements of the relevant specificattons, contract,
or regulatton. In auditing. the terms cotlforrnnrice and cot~~pliniiceare used
-interchangeably to report the results. However, many regulated indusrnes
tend to iavor the use of the terms cornplimzcr and tzoncotnplinrtce. In the
IS0 quality management system assessment process, the terms corfor-
niance and r~otzcotfortnarzce are normally used. The term iompliarzce
nit& is also used to indicate that the purpose of a quality audit is to deter-
mine the degree of compliance to rules.
Compliance looks for strtct adherence to a set of rules, wh~chmay
include requirements and standards. The compliance audit is not the
arena for questiontng these rules; they are set and tdentified for the
audit. Examples of audits involving compliance include regulatory and
high-nsk.
Regulatory audits are used in cases where acttvities are regulated by
government. Among these regulated acttvities are production of energy,
stewardship of the envuonment, production of food, protectton of work-
ers, and use of medical products. Auditors verify that the applicable laws
and regulations tn these areas are being ~mp'lementedto ensure the health
and safety of consumers.
High-rtsk audiu arc used when the consequences of failure are unac-
ceptable, such as in the launching of airplanes, submarines, and rockets.
A complete and thorough audit of the fimshed product is necessary before
it is activated or placed Into service. The audit checks inspection records,
craft qualification records, destgn review records, and other forms of
proof.""
A rnanageniettr nirdit assesses compliance and whether procedures
and instructions-and the tmplementation of those procedures and
instructions-meet pre-established goals and objectives. Compliance ver-
ifies the accomplishment of a set of rules, and adequacy verifies the proper
tmnslatton of those rules into procedures, whereas effecttveness measures
the achievemznt ol those rules and procedures. The goals verified as part
of dfecuveness are usually related to overall quality objecttves or contin-
uous improvement of the or,urnration.
How Do Audits Measure Results?
Quality auditing IS an tnkormation-intenstve acttvity. Therefore. auditors
nerd clcar. uscfui information to make efiecttve auditing j u d p e n t s an&-
decistons. Information musr be based on data, but merely obtatning data
does not guarantee that the information will be useful. To collect data
succes$ully. an auditor must know what questtons to ask and collect,
process, analyze. and present the specific data needed to answer that
questton. In additton. an auditor must ensure that the data they collect
represent objecttve evidence, "informatton which can be proved true,
based on facts obtained through observatton, measurement, test, or other
means."to7
Data must be prectse and accurate so that an auditor can form reliable
conclusions. When using measurement and test devices, the auditor needs
to verify that data-generattng equipment has been properly mamtained
and calibrated. If an auditor is relying on auditee's data, the auditor needs
to ensure that the audited company has an effective calibration system for
measunng and testing equipment. The objective of the system is to ensure
that inspect~onand test equipment is adjusted, replaced, or repared before
it becomes inaccurate. The system should constst of:
Labels, tags, color codes, or other means of tracing the
measurement devtce to the tndividual calibration record
A requirement for calibration practices
Certified pnmary company or reference standards traceable to
industry or to national, or internat~onalstandards, such as the
Nat~onalInsutute of Standards and Technology (NIST)
 Listmgs by department of calibration status and delinquents
tinstruments that are out of calibration cannot be used to cenify
product and must be removed i'rurn service until calibrated)
All personally owned tools that are used. wii~chshould be in the
system and calibrated
Inspection check of calibration by at1 inspection department before
signing off on items.1us
I n addition to deiining accuracy of inspection equipment. an auditee's
calibration procedures must address the issue of remedial action if equip-
ment is found to be out of calibration. In other words. how did the out-of-
calibration equtpment affect the products that were manufactured or tested
with that piece ufequipment'? I f necesswy. production should be halted or
;I product recall issued.
3. BENEFITS AND CONSEQUENCES OF AUDITS
The performance of a quality audit provtdes management with unbiased
hots thai can be used to:
Provtde input for management decisions, so that quality problems
and costs can be prevented 07 rectitied
inform management of actual or poientin1 nsks
Identify areas of opportunity for continuous improvement
Assess personnel training effectiveness and equipment capability
Provide visible management support of the quality program
Verify compliance to regulations
"The task of management inciude: ( I ) identifj.ing possible sources of
problems. ( 2 ) planning prevenuve action to forestall problems, and (3)
solving problems, should they arise. . . .Most problems are quality prob-
lems related to the quality of work being performed, the quality of items
bemg received, the quality of informauon being commumcated, Ule qual-
ity of available equtpment, the quality of decistons made. . . Since all
quality problems have a cost associated with them, avoiding, preventing,
and soivtng these problems prevents and reduces unnecessary costs?'0g
The benefits that a quality audit provides vary depending on whether
the audit is a first- second-, or third-party audit. For example, possible
benefits of a first-party audit include the assurance that procedures are
adequate and utilized and the early detection of a problem, which gives
mailagement the opportuntty to tnvestigate and identiiy root causes. take
~mmediatecorrectwe acuons, and ult~mateiyprevent problems from hap-
pening again.
Second-party audits benefit the supplier as well as the customer
because they help eliminate rhe shlpping of nonconforming products and
reduce costs and waste. Tliis in rum builds confidence between the sup-
plier and customer. promotes a better understanding of customer expecta-
lions, and provtdes an avenue tor quality technology tranzfer between the
customer and supplier. Second-party audits also heip ensure a better final
product by verifying that there are appropriate controls for inputs into the
system.
Third-party audits typically verify compliance to specified regula-
tions or standards. The regulations and standards may be required by
law. such as FAA or FDA regulations. or may be voluntary. such as IS0 rr
9001. The benefits of passtng a th~rd-partyaudit may be permission to
continue to operate, recognition in the form of a certificate or repstni-
tion. or an award.
'.The usual purposes of quality audits are to provtde independent assur-
ance of the followmg condiiions:
. Plans for attaining quality are such that, if followed, the mended qual-
tty will. in fact, be attained
Products are tit for use and sate tor the user
Laws and reguiattons are being adhered to
There is conformance io specifications
Procedures are adequate and are bemg followed
The data system provides accurate and adequate infomauon on qual-
ity to all concerned
. Deficiencies are tdent~fiedand corrective actton is talien
Oppomnities for unprovement are tdentified and the appropnate per-
sonnel alerted.""'
4. ROLES AND RESPONSIBILITIES OF CLIENT,
AUDITOR, AND AUDITEE
A quality audit involves three key participants who may interrelate in a
number of ways. Described by function, these participants are the client,
the auditor, and the auditee.
 The diellr is the person or organization who has requested or com-
intssioned an audit. The ciient usually is senior management. and the audit
is typically of an orpntzational untt under the client's junsdictlon. of
independent suppliers, or an application for third-party registratton."'
is the person who plans and cames out an audit. An audit-
The t~r~rlitor-
ing organtzation employs auditors to carry out audits. The auditing orga-
ntzation may be tntemai to a company or an independent organization,
sucli as thc auditlii: p o u p of a quality prozram re,~lstrilror consulting
orgaliizlltion.
The orrrliier is the or:anizatron to be audited. The auditee may be a
divts~onof the client's organization or an entirely separate entity, such as
3 supplier. At times. and often in internal audits. the client and auditee are
.-*
the s:uw pcrsoil or department.
Follow~ngat-e examples of esiernal audits:"'
Siri~urw~i: Or!puzat~on desiring recognition or approval or its ~a~)abilily
to ~iieeta piilrt~cularstandard SUCII as IS0 9001
Cli'vrr: The orgiinmtton deslnng registration or cenificat~odreg~strarion
.-Lrrrlirer: The organrzatlon desiring cenificat~odreg~suarion
- I ~ I I I ,oymr:rrrroIr: The organization granting rhs certification1
reg~strat~un usmg an auditor employed by . the audiring organization or
Illred to conduct ilir audit.
Sirrrorrotl: Customer organization deslres to evaluate a supplier
Clirtlr: The interested purchasing agent
Arrditce: The potential or exlsting supplier
Alrdimg o ~ g r r ~ ~ ~ ~ ivlemberls)
n f r o r ~ : of the customer organizallon staff or
auditors under contract to the customer organization
Sin~rrnoll:Regulatory organlzatlon verifies that supplier or operator 1s in
compliance with requlrements
Clie~rr:The regulatory agency
Airditee: The potentla1 supplier or operator
Audirmg orgmuiatiotl: Employee(s)of the regulatory agency or auditors
under contract to the agency
An example of an internal audit is:"'
Situotiotz: Organization desires to determme the degree of conforrmty of
its own organlzatlon elements to a predefined quality program
Client: Upper management team desmng to use the lechmque
Audiree: The element(s) of the organizatton to be evaluated
Airdiror: Ernploycc(s) of the organization
5. CHARACTERISTICS OF SYSTEM, PROCESS,
AND PRODUCF AUDITS
A qlmlie nrrdii IS '.a systematic and independent examination and evalua-
tton to determine whether quality activities and related results coillply
with planned arrangements and whether these arrangements are tmple-
mented effectivei)f and are suitable to ach~e\~ing objectives."11i There are
three distinct types of quality audits: product [which includes services).
process, and quality system.
i . - . .. - .
.--- . ! Product Quality Audit
A.-.
q.. A prorirrct qrtniin. airdit 1s nn esnmination of a panicuiar product (hard-
ware. processed material. software or service) to evaluate whether i t con-
forms lo requlrements (i.e. specificattons, performance smndards, and
customer requirements). IS an audit is being perfomled on a servtce
instead of a product. then it is called 3 s e n w e r l i f n l i ~tiitdir. Elementsh
examined inay mcltlde packagtng. shipment preparation and protection:
user instructions, product characteristics. product perforn~mce.and other
customer requtrenlents.
Product audits are conducted when a product is in a completed stage
of productton and has passed the final inspectton. The product auditor
uses inspection techniques to evaluate the entire product and ali aspects
of the product charactensttcs. A product quality audit is the exantnation
o r test of a product that has been previously accepted or rejected for the
charactenstics bemg audited. Such an audit is a reinspection or retest of
the product to measure the effecttveness of the system for product
acceptance. It includes performing operational tests Lo the same require-
~.
ments used by manufactunng, uslng the same production test procedure.
methods, and equipment. The product quality audit verifies confor-
mance to specified standards of workmanship and performance. Thls
audit can also provzde a measure of the quaiity of the product going to
the customer. The product quality audit frequently includes an evalua-
tion of packagmg, examination for cosmetics, and a check for proper
documentation and accessories, such as proper tags, stamps, shipment
preparation, and protechon.
~~
. .
..
.. Process Quality Audit
. The process quality. audit is performed to verify that processes are work-
ing within established limits. A process qrtaliry audit examines an act~vity
-. \ 1
to verify that the inputs, actions, and outputs are in accordance with
defined requirements. A process quality audit covers only a portion of the
toral system and usually tllkes much less time than a system audit. The
bouildary oS a process audit should be a singie process, such as marking,
stamping, cooking, cutting, coating, setting up, starting up, or installing.
4 process audit is very focused and usually involves only one auditor or
work crew."'
4 process audit is a verification by cvaiuat~onof an opcration or
method against documented instructtons and standards. to measure con-
lormnncr to these staildards and the effectiveness of the instructions.
Such ;In audit is a check of conformance of pr6cesS perso%& and
equipment to defined requtrements such as time, temperature, pressure,
c o r n p ~ s t ~ o;niiper:~:e,
n, and component mixture. It may invoive special
processes. such ;is heat treating, soldering, plating, encapsulation, weid-
in?. and nondesiructive examination. A process audit checks the ade-
L I U X ~ ;~nde f f c ' c t ~ \ ~ c ~
ot'~ ~
the
' s sprocess c011trois over tlic equipment and
operams as established by procedures. work Instructions, and process
be done. The .'how" IS left up to the organlzatlon being audited. An audi-
tor looks at the management systems that control all activities from the
time an order comes Into a company (i.e. how that order IS handled,
processed, passed on to operations, what operations does in response to
that order') t'hrough delivery of the goods, sometimes mciuding trans-
portation to the site.
A system audit looks at everything withln the quality system: the
processes. products. senlices. and supporttng sroups. such as purchasing.
customer service, design engtneenng. order entry, and traming. It encom-
passes all ihr systems ot the facility that assisr in prowding an acceptable
product or servtce. .~
6. CHARACTERISTICS OF INTERNAL
AND EXTERNAL AUDITS
.An audit mas be classifird ;ts lntemal or external dependin, on the inter%.

-
. the pmmpants. 1tzrertm1 nrldifs are first-
rslatlonshlDs t11at exist am0115
specifications."" pan? audits. while e.~lsrc.mrrlnimdiis can be either second- or third-party
audits.;Figure 22 illustrates the classificauons commonly used to differ-
Quality System Audit entlate between types of internal and external quality audits. The figure is
A quality audit conducted on a quality management system would be provided us a p d e to classiticat~ons~but there is no absolute rule because
callid a q i d i n . syreni uirdir. It can be described as a documented activlty there are exceptions.
performed to verity. by examination and evaluation of objective evidence,
that applicable elements of the quality system are appropnate and effec-
twe and have been developed, documented, and implemented in accor-
dance and in conjunction wtth specified requirements.
A quahty system audit evaluates an existing quaIity program to
determine tts conformance to company policies, contract commit-
ments, and regulatory requirements. It ~nciudesthe preparation of for-
I Internal audits
Classification of quality audits

, Exteryl audits ,
mal plans and checklists on the basis of established requirements, the
evaluatton of implementation of detailed activities within the quality
I
First-party Second-parw Third-party
program, and the issuance of formal requests for corrective action audits audits audits
where necessary."'
Cntena contained in the American Society of Mechamcal Eng~neers i----i--l
Quality audits Qualiry surveys
(ASME) codes, nuclear regulations, good manufacturing practices, or
I S 0 standards, for example, may describe a quality system. Normally
these descripttons state what must be done but do not specify how it must Figure 21. Classific~tionsof quality audits.
 7. CHARACTERISTICS OF FIRST; SECOND-,
AND THIRD-PARW AUDITS
First-party Audit
A first-pany audit is pcrformcd within an organization to measure is
strengths and weaknesses agarnst its own procedures or methods andlor
against external standards adopted by (voluntary) or imposed on (manda-
ton.) thc orpuznrion. A first-party audir is nn intemai audit conducted by
auditors who are rmploycd by the organizauon berng audited. b u t who have
no vestcll intcrest in the audit results ot the area being audited. Compmes
may have a separate audit group cons~sungof full-trm~auditors.orihe audi-
tors may bc trained employees from other areas of the company who per-
torin audits as needed on a part-time basis in addition to tbetr ocher duties.
A multisite coi1lpany.s audit of another of irs divisions or subsrdianes,
whether iocall~.nationally. or rntemat~onally.is often considered an inter-
nal audit. If. however. the other locxrons function pnmwily as suppliers
to thc inain operation Or location. audits of those sites would be consid-
ered sccond-party audits.
Second-party Audit
4 sccond-party audit is an external audit perfomled on a supplier by a cus-
tomer or by a contracted organizatlon on behalf of a customer. A contract
is in place. and the goods or service are berng, or will be, deli~ered."~
A q d i n sirrvqv, sometimes called n qrialiy nssessme~iror qualit))
E . ~ ~ I I I I I I ~ N1s
I Ia
O comprehensive
I~, evaluation that analyzes such things as
facilities, resources, economic stability, technical capability, personnel,
production capabilities. and past performance, as well as the entire qual-
ity system. In general, a survey is performed pnor to the award of a con-
tract to a prospective supplier to ensure that the proper capabilities and
quality systems are rn place."Y
An auditor told of one case in whch an o r g u a t i o n actually went out
to give a supplier an award for the perfect product they bad been receiv-
ing. However, during the award process it was discovered that the sup-
plier had absolutely no quality system in place! The supplier was able to
ship acceptable product simply because its employees were good sorters.
Third-party Audit
A third-party audit is performed by an audit orgmzation independent of
the customer-supplier relationship and is free of any conflict of interest.
Independence of the audit organizatlon is a key component of a third-party
audit. Third-party audits may result in certification, registratton, recogni-
tion, an award, license approval, a citation. a fine, or a penaity Issued by
the third-party organization or an tnterested party. Third-party audits may
be performed on behalf of an auditees potential customers. who either
cannot afford to survey or audit external organizations themselves or who
consider a third-pany audit to be a more cost-effective alternative. For
example, government representattves perform mandatory audits on regu-
lated industries, such as nuclear power stations, airlines, and medical
dev~cemanufacturers, to provide assurances of safety to the public.
Recognition Purposes. Companies applytng for the Malcolm Baldnge
National Quality Award. which recognizes worid-class companies and-
establishes the cnrona necessary to compete ~nternationally,must submit
to an examination. More than thirty-five states have programs modeied
after the h.lalcolm Baldnge National Quality Award program. and some
muntcipalities present similar awards. Japan's Deming pnze is another
example of such an award. The United States and Japan are not unique:
many countries have established similar cntena.
Registration Purposes. Companies in certm high-nsk categones-such as
toys, pressure vessels, elevators, gas appliances, and elecrncal and medical
devices-wanting to do business in Europe must have their management sys-
tem registered by audit to either ANSUISOIASQC Q9001-1994 or
ANSIIISOIASQC Q9002-1994 requirement cntena. Contractors to federal
agencies are recognized as regtstered suppliers by auditing agmst standards.
Customers suggest or demand that their suppliers conform to
ANSIIISOIASQC Q9001-1994 or ANSUISOIASQC Q9002-1994 cntena.
The U S . Federal Acqu~siuonRegulations ( F ' ) currently state that gov-
ernment contractors who comply with the I S 0 9000 requirement standards
are not requued to comply with other quality standards. Many national
standards have been canceled, and users have been referred to the U.S.-
adopted ANSYISOlASQC Q9001-1994 or ANSMSOIASQC 49002-1994
requirement standards. A thxd-party audit normally resuits in the issuance
of a certificate staung that the auditee complies with the requirements of a
perunent standard or regulation.
 Thlrd-party audits for quality system registration should be performed
late: the paycheck was wrong; the Injectton needle was contaminated: the
by organizations that have been evaluated and accredited by an established
wrong reference standard was used; the purcflase order specification gave
accreditation board. such as the Registrar Accreditation Board In the U.S.,
the wrong activity level; computer equipment was missing from the
as being competent to perlorm audits of coinpanles desinng to achieve
clerk's office; regulatory violation. Whether the evidence is quaiitallve or
quality system registration.
quantitative, i t shouid be objective, unbtased and proven true.
The auditor must analyze data to d e t e n n e reievancy. Some data are
8. CHARACTERISTICS OF QUALITATIVE imponant and should be reported due to frequency or level. Other data are
AND QUANTITATIVE ANALYSIS lrnportant due to the nature or kind of the inforinat~one\.en t h o ~ _ an ~h
During audit. an auditor must analyze many different r y e s of infor- event occurred only once.
mation to determine its acceptability w t h the overall audit scope and the With quaniltative intormarlon. $: deiermlnanon 01 licceprabiliiy Is
charactcnstics, goals, and objectives of the product. process, or system f a r & straghtfonvard for two reasons. First, a &rect comp<nson can be
being evalu:~ted. This intormailon may be documented or undocumented made between the ~nformaoonand the requirements or cntena tor the
iliid I I I C I U ~ ~procedures.
S draw in:^. work in~lruct~o~ls.
inanunls. trainlng audit. For Instnnce. suppose the measure of system effectiveness used in
records. electron~cdata on a computer disk. observation. :ind Interview an audit is found to have less than a predetermined number of customer
results. The ;~uditormust determine i f thc informarlon is rclevant 10 the complaints about product quality in a three-month penod. Analysis would
:~udirpurpose and scopc. consist of compannz customer cornpiaint records agaiilsi the criterla to "
Qirrir~rrrorii.edata means elther that measurements were taken or that determine if the system is effective. Secondly. most qunntltative informa-
il L'OUIII was niade. such as couiltin~the number ot defective pieces tlon 1s considered reliable due to the !act that by nature i r should be tree
removed [Inspected out). the number of customer complaints. or number ot emotlon and blas.
of cycles of a molding press observed during a t m e period. In short the Qualitative data must be unbtased and traceable. just like any observa-
data IS expressed as a measurement or amount. IIA's Iilterrtnl rlrldirir~g: tion that is used as objecnve ev~denceby the auditor. Addittonally, the audi-
Prir~czplesarld TL.cl~r~rq~rrs, suggests that there are many sources of quan- tor should determine the usefulness or relevance of the lnformatlon. For
titative data, such as: Instance, the auditor may be d o m e d that one customer complant turned
into a $10 million lawsult. In this case, the data must be verified, and the
Test reports Chi square tests auditor will seek to determrne if the data have any beanng on the quality
Product scrap rates Risk analyses system. Once the information has been detemned to have a real effect on
Trend analyses the system, the auditor may use the data to draw conclusions about system
Variance analyses effectiveness. Or the auditor may determne that the data represented once-
Histograms Budget compansons in-a-lifetime event and are not relevant to Current OpertItlOnS.
Regression analyses Mean, mode, median
Ratio anaiyses Profitability
Lost-time accidents Costlbenefit s t u d i e ~ " ~
Frequency distributions
In contrast, qrralitatrve data relates to the nature, hnd, or attribute of
an observat~on.Qualitative data may include single observat~onsor data
points. E s m p l c s x c : labt month's w~thholdingt u dcposit was three days
 1. TIME-MANAGEMENT TECHNIQUES
Proper preparation in the audit piannin_r s t a g can eliminate many delay?
in <he audit pertormancc stage. To make the most efficient use of time.
the auditor must plan an audit on ssveral levels. First. the audit manaser
must scheduie each individual audit in relation to other audits being per-
formed so that ihe availability of audit team members and other resources
can be assessed. Next, the lead auditor must prepare the audit pian for the
~ndivldualaudit. The steps involved in this audit phase were discussed in
Part I1 of t h ~ shandbook. Once a lead auditor establishes the auditing
strategy, a detailed schedule must be prepared that specifies which areas
are to be visited at various times throughour the day. The detailed sched-
uie may be revlsed constantly during the audit, but the auditor must
inform auditec management about planned activities. An auditor who
makes no attempt to stick to the proposed schedule may anta,nonlze mem-
bers of the auditec's organization who have made arrangements to be
availabie as requested.
The auditor's notification letter to the auditee shouid specify special
arrangements, such as transportauon from one audit site to another, the
need for an escort, the use of special safety equpment, or the need for a
conference room. At this time, the auditor should list required equipment
or supplies, such as access to copy machines, printers, overhead projec-
tors, and extension cords. By anucipating needs and m h g them known
to the auditee in advance, an auditor communicates preparedness and a
strong desire to focus on the important task of gathering information at the
audit site.

To ensure the efficient use of time dunng the audit performance stage,
Lhe audit team should amve promptly at the audit site at the agreed-upon
time tor the opening meetlng. - The lead auditor should retain control of the
opening meetin: and should not allow the audttee to take control with
extended plant tours or lengthy presentations, uniess such tlme has been
scheduled into the audit.
Throughoul an audit, the audit team meets daily to assess audit
pro!pss. ..\ddirionally. auditors should allow several minutes at the end of
e;ich intervtew to rcvlcw notes. present conciuslons. and rench a consen-
sus with :in audilee representntivr. such as yhe area supervtsor or escort. If
data ~ndicateLhat certain areas need additional attention, the auditors'
assignments mav need to be chan~ed.Findings that Indicate severe rami-
lications lbi- the quality program should be investtgated thoroughly as
soon as possiblc attcr they nre uncovered.
Audit teams ottcn ask to have lunch carered so that a working lunch
cai takc place. Schrdulint._:I small amount ot t m e tor an audit team meet-
iiig during the lunch break may aid the auditors in gathenng additional
nilormalion. i t needed. An audit tram should allow sufficient tlme to pre-
pare for the r s ~ mcetlng.
t especially when an audit lasts several days, in
case additional nil'orni~ilionneeds to be gathered.
An auditor should be able to recognize and overcome delay tactlcs.
Comnion time-wastmg techniques empioyed by auditees and possible
solutions by auditors are discussed in Part I. chapter B.2 of thls handbook.
When an auditee's repeated time-wasting tactics hinder the progress of an
audit and threaten Lo compromse the audit schedule severely, the lead
auditor is responsible for notifymg auditee management and the client.
2. CONFLICT RESOLUTION
The most effective method of resolving conflict is to take steps to reduce
conflict occumnce. Ways to reduce conflict include eliminattng msun-
derstandings, remainmg open-mded and flexible, and avoiding surprises
during the audit process.
Misunderstandings are the most common cause of conflict during an
audit. Sources of msunderstanding are poor communication, poor listen-
mg, and auditor bias. The auditor must always be on the lookout for signs
of msunderstanding. Indicators include a less than cooperawe attitude on
the pan of an intervlewee, repeated questlons about the audit scope and
purpose, and the provision of inadequate or incorrect records for review.
--
'~y In these sltuatlons, the best course of action 1s for the. auditor to repest the
z- informarlon that was not fully understood before proceeding. Also, the
--=' auditor must be an active listener, meanlng that heishe must not only hear
what 1s bemg said but must also r e c o g ~ z ewhen the message is clouded
--
--
-.= by a possible contradictory meanlng. Finally, the auditor must always
--
-
assume that the auditee is acting in good faith. Do not assume that a mis-
understanding 1s on the part of the auditee. Rephrase the question in a dif-
ferent way. Be careful lo a s o ~ dtenmnology that has confus~ngmeanings.
Don't assume that the auditee is familiar wtth specific industry jargon.
..During an audit, the auditor must remain open-rntnded and tlesible.
Auditors must bear in nund chat when they conduct an audit, for whatever
reason or from whatever source of authority. they are disrupting the daily
routine of the auditee. The auditor should conslder the effect of specla1
requests on the audited orsanizatlon and ensure that the audit takes into
consideration the work norms and culture of the auditee. CI
Unnecessary and unrensonnblc demands are often a source of conflict
dunng the audit. T ~ Ibecomes
S especially true when the auditee is r n t m i -
dated by the audit [?am and as a result is unwilling to say anything ahead
ot time. These kinds of issues can manifest themselves later in the form of
uncooperatlvencss, avoidance, belligerence, or even sabotage.
A sure way tocreate contlict dunng an audit IS to w~thholdImportant
informauon about the audit's status or results and surprise the auditee at
or after the ealt meeting. It IS therefore imponant that the auditor share
mformation with the auditee on a regular basis. This 1s usually done dur-
ing informal daily meetmgs or dunng actual audit performance. In addi-
tion, the auditor has an obiigatlon to inform auditee personnel of the
nature of the informauon they are recording, how it will be used, and so
on. Being upfront with auditees not only helps answer some of their con-
cerns about the audit process but also puts them at ease, thus reducing the
likelihood of conflict.
If conflict should develop d u ~ an g audif the best course of acuon is for
the auditor to temporarily stop the audit and allow a cool-down period before
proceeding. If auditors don't take this action, they run the ns'k of getting
overly involved and losmg control of the audit process. The ultimate result of
losing contlol is the premature termination of the audit or the disallowance
by the auditee for the auditor to proceed. Netther of these situations is accept-
able to the auditor's organization or the client. Once the conflict has d&used,
the auditor can meet with the auditee to determine the source of the misun-
derstanding. Auditors must reman open to the possibility that they may be a
 -
. ..
~
-2 I
direct cause of the contlict. To resolve the conflict and allow the audit to pro- In l n ~ t ~ meetings,
al the auditor has a lot of wor'k to do to establish
cced. auditors must I-emainopen-nunded and listen to the auditee.

3. EFFECTIVE COMMUNICATION TECHNIQUES

Quality auditing requires effective comnlunication with the auditee's
3
-~=.
.. ..>-.

.. -
...-

orpnizatlon. the auditor's organization. and within the audit team itself. .-::-=
-.
. -
-
effective communlcauons. Possible communication techniques the auditor
can use during the preaudit phase include:"'
Building rapport by exchmgmg small talk, perhaps over a cup of
coffee
Establishing trust by assunng confidentiality
This communlcarton can take many forms, Including wntten memos, noti-
licamos. and verbal conversattons before and dunng au audit perfor- f.1 Showing empathy for the disrupttons that will be inev~tabie.and
assunns the auditee that distract~onswill be kept to a minimum

4~ .
mance. Basic rules for effective communicating Include ( I ) ensuring that
the mess;ige IS clcru. i?)verifYlng that themessage is received and under- Demonstrating professionalism, and workng hard to be organlzeci
stood. and (3) utilizlny the appropriate medium for transmittai. -. ..- - Esplatnlng the process by reviewing the audit plan, and showlng
To eilsurc the mcssage is ciear. the auditor siiouid: how the auditee will he kept ~nformed
Use appropnatc tcrnlinology and avoid terms that are hard to
I
. -
Ensuring that the auditee "buys-in" by asking: Does this seem
understmd i reasonable? Do you recommend any changes to make the process
!
Avorcl Icngrlry chplanations that dilute h e point ot the message run more smoothly') r-

Ensure the accuracy of the ~nlormatlon 1 . Matntaining flexibility by considering all options. yet never
relinquishing authority to conduct the audit (be firm. but flexible).
Adapt the level and approach of the communications to the
audience ccg. CEO, technmans. all engineers. etc.) Effective cornmumcation dunns the performance phase of an audit
i
involves a vanety of factors, including:"'
To verify that the message is received and understood, the auditor
should: Actlve listening
Verify that the auditee recelved all messages sent (e.g. via Worhng wlth auditee escorts
telephone. fax, e-mail, or other) . Facilitating audit teamwork
Look for slgns of understanding, such as nods of the head and f Holding daily auditee briefings
words iike "I see"
I . Accommodating auditee language requirements
Seek feedback by aslclng clarifying questions, and listen to the
responses I
I
Incorporating technology that improves effectlveness
Accommodating changes In the audit schedule, if asked
Detemne.when a wntten record of the communication is needed --
To determine the appropriate medium for transnuttal, the auditor should:
- Take into account the formaiity of the message
.&-
N e w Communication Technology
With the growing popularity and Increased affordability of computers,
Determine the technology in use by the receiver -
zv
..- ~ technology can reduce audit cycle tlme, conserve paper, and lmprove
Use the appropriate format for transmission (e.g. notification .-.
. ;I
4
.
$$$]
.<z- audit effecttveness. For example, e-rnail and faxing can reduce turnaround
letters, memos, electronic mail, cell phones, ete.) -,
.=- times and costs associated wlth conventional or express mailings. Digital
7
--
.&-..
~ ,..~
cameras are becorntng a valuable tool for auditors. A digttal camera takes
ptctures on a disk: tliis disk can then be tnserted into a computer to show
plctures of problems uncovered dunng an audit. The pictures can be dis-
played 31 the c l o s q tneeting or can be pnnted and included in the audit
report.
An auditor can use a notebook computer in conjunctton with the
appropnate sottware dunng the audit preparation stage to customtze
checklists orcreate tlowchans. for esampie. Dunng the audit performance
s t q c . computers c m be used to cotisolidate observattoos in tlie audit
tcruii~sdaily tiiwungs and to prepare the pl-elimtnary audit report. A com-
puter also can be used to create the final audit report, which can be sent
vta e-mail if the client agrees. Additionally, it' tIte audit is being scored,
spreadsheet programs can format thc checksheets and automattcally com-
pute tlie audit ~ c o r c s . " ~
Cellular phones t~laybe useful when tm auditor needs to contact a
clictit or uudii mlnafer qu~ckly.A n auditor may also prefer to bring a cel-
iular piionc when auditing a larfe or remote tacility where a telephone
may not be accessed easily. Cellular phones can also increase productiv-
tty of those who spend large amounts ot ttme in cars or at airports.
Video conterenctng 1s used routtnely by some audittng organtzattons.
It 1s a valuable.method for brtnging groups of people face-to-face w~thout
lncumng travel espenses. In the future. vtdeo conferencing may prove to
be especially important tn audinng by eliminattng preaudit vtsits and even
follow-up audits in some situattons.
The use of electronic media requtres that other issues be addressed.
such as secunty, contidenttality (espec~allyfor networks), and document
controls (vlewing and changing documents, changtng code, and baclclng
up data).
4. PRESENTATION METHODS AND TECHNIQUES
Members of an audit team must create a favorable tmpression to auditee
management, both in appearance and ability. Audit team members should
dress appropriately for the opening meetmg. Credentials of the audit team
members are also presented at this ttme to instill coni5dence that the audit
IS being performed by competent, well-qualified individuals.
The lead auditor conducts the opening and e m meettngs, as well as
separate daily meettngs wtth the auditee and the audit team. By using
appropnate aids and handouts, the lead auditor ensures that the auditee is
in agreement with the details outlined in the audit plan and understands
the auditing methods to be used. In addition, the auditor should ensure that
the auditee IS able to Interpret data correctly, is in accord with the infor-
matton presented on the audit report, and destres to itnpiement the needed
corrective action.
The iead auditor is responsible for ensunng that a location has been
set asrde for presentattons. The location may be a training room, confer-
ence room. or wen a break area. The lead auditor should snsur? that there
1s adequale space lor expected tiirsttn: attendzes. Thts may tnclude dcter-
minatlon-of searing iirrangements, such :is classroom-style, ar a conter-
ence table, or at a U-shaped table. The lead auditor must secure equipment
that will be needed to make the presentation. such as flip charts. overhead
projectors, data projectors. pointers. and associated support equipment
and supplies (plugs. markers. pointersj. Finally. the lead auditor must
ensure that \.tsual aid materials will be prepared and available at the m&et-
mg. Such tiiatertals tilay include copies of pnnted reports, copies oi corn-
pleted handwrttten fornis. ti.?. correcttve action requests), overhead
slides. and prepared charts.
Some audit~ng organizations prefer audit team members to stt
together dunng meettngs. wtth auditee represenrattves likewtse grouped.
They beiieve that such an arrangement shows coneston and support for
one another. Other audittng organizations favor a less fornial atmosphere,
wtth auditors and auditees tntemungled.
The lead auditor should be certain to communtcate the data analysts
to the auditee both orally and visually. Usmg simple stattstical techniques
to recognize patterns and trends and evduate theu significance enables an
auditor to prepare an audit repon. These results must be communicated to
the auditee in a timely and effecttve manner, and the inclusion of slmple
charts or graphs in the audit repon or their dispiay on an overhead pro-
jecror can asstst the auditee in gainmg the necessary understanding of a
problem.
 Chapter C ~.

An auditor uses many types of tools to plan and perform an audit, as well
as to analyze and report the resulrs. An understanding of these tools aitd
their application is essential for the performance ot an effective quality
audit. The auditor m d auditee use many quality tools and techniques to
define processes, Identify and charactenze problems, and report results.
An auditor must have s u f ~ c ~ eknowledge
nt of these quality tools in order
to evaluate whether the auditee is using these toois correctly and effec-
tively. This chapter provides basic information on these tools, the~ruse,
and their limtations. For more in-depth informat~onon the application of
tools, readers should consult an appropriate textbook. Some general refer-
ences are provided in the Recommended Readings section at the end of
the book.

1. CHECKLIST, GUIDELINES, AND LOG SHEETS

Checklists are the most common tool used to collect data dunng an audit.
Similar to check sheets, they provide an organized form for Identifying
informahon to be collected and a means for recording mformatlon once it
is collected. In addition, the checklist serves as a tool to help guide the
audit team during audit performance. A checkIist usually contams a list-
ing of audit questions on areas where information is needed, places for
recording acceptable responses, and places for taking notes. Figures 23,
24, and 25 provide sample of checklists.
Audit guidelines are used to help focus audit activities. Typcally, these
consist of written amibute statements that are used to evaluate products,
processes, or systems. Audit gu~delinesare usually not prepared by the
 . Rerww of C I ~ S I O ~RJ~I P~ ~I I I I Z ' ~ J I ~ I I ~ S
1. Is there a quality revtew of purchase orders to Identify Speclai or
unusual requirements?
2. Are requlrements for special controls, facilittes, equipment, skills
preplanned to ensure they will be in place when needed?
3. Have esceptlons to customer requlrements been taken?
4. .Are customer requlrements available to personnel involved in the
manufacture, control. and lnspectlon of the product?
3. Are supplier and subtier sl;?tcNes. drawings. and speclficatloos
comparibie with the customers requlrements?
1. Supplier Coiirlai Pracrices
6. Is ihere a system for identifytng qualified sources and is thls system
adhered to bv the ~urchaslnefunction?
--
7. Are inrtial aidits df major s;ppliers conducted?
S. Does the system ensure that technical data (dra\vings. speclficatlons.
etc.) are ~"cludedin purchase orders?
9. Is the number and frequency of inspections and tests adjusted based
on supplier petiormancr'?
C. Noi~coifo~i~rri~g ~Wnrenal
10. Are nonconformances Identified and documented?
I I.,. Are nonconfom~ancesphysically segregated from conforming
' matenal where practical'?

12. 1s furiher processlng of nonconforming Items restrtcted until an

authonzed dispos~tlon1s received?
13. Do suppliers h o w how to handle nonconfomances?
14. Are process capability studies used as a pan of the nunconfomlng
matenal control and process planning?
D. Dmigiz atid Process C h a n ~ eCoilnal Roliniles
15. Are changes lnltlated by customers incorporated as specified?
16. Are lntemally lnltlated changes in processlng revlewed to see if they
require cusromer approval?
17. 1s the lnrroducrlon date of changes documented?
18. Is there a method of notifying subtler suppliers of applicable changes'
E. Process and Producis Audirs
19. Are process audits conducted?
20. Are oroduct audits used Independent of normal product acceptance
plans?
21. Do the audits cover all operauons, shifts, and products?
22. Do audit resulrs recetve management revlew?
23. Is the audit frequency adjusted based on observed trends?

Figure 24. Sample quality system checklist.

Source: From Chmlcs B. Robinson. ed.. How To Plon an Asrfir, (Milwaukee. WI: ASQC
Quaiiry Press. 1987). pp. 26-30
auditor but rather by ihe auditor's organization, client, or by a regulatory
authority. They are often used to ensure that specific Items are evaluated
during each audit when audit programs cover several locations, depart-
ments, or organlzatlons. The pnmary differences between checklists and
guidelines is that audit guideline Items are usually wntten in statement
form rather than as questions, and gurdelines don't ~ncludeprovis~onsfor
recording audit results. To provlde for the lalter, log sheets are often used.
Log sheets are smply blank columnar forms for wnting down information
dunng an audit. Used in conjunctton with audit gutdelines or to augment
checklists. they help ensure that object~veevidence collected - - dunng an
audit 1s properly recorded. See Part11. chapterc for additional informatloi<

2. SAMPLING THEORY, PROCEDURES,

AND APPLICATIONS
Srimpling is the prxnce of t ~ b n seiected
s items or umts from ;i toial p o p ,
ulation of items or unlts. The method and reason tor taking certain sam-
ples or a cenam number of samples from a population should be based on
sampling theory and procedures. Samples may be taken from the total
population or rrilrversr, or the popuiatlon may be separated into subgroups
called siram. Inferences drawn from the sampling of a stratum, however,
may not be valid for the total population.
To tnfer statlstlcal s~gnificancefrom any sample. two conditions must
be met. The populatlon under consideration must be homogeneorrs, and
the sample must be random. Honrogeneoru means that the population
must be uniform throughout-the bad parts should not be hidden on the
bottom of one load--or it could refer to the s~milantlesthat should exist
when one load is checked agmnst others from a different production setup.
Rmdom means that every item in the populatlon has an equal chance of
being checked. To ensure t'hts, samples can be pulled by a random num-
ber generator or other unblased method.
When looking at records, an auditor should take care not to pull all
samples out of one file drawer or from just the front or back of drawers.
Lower drawers are typically more neglected than higher drawers. If files
are color-coded, the auditor should ask what the color codes mean and
choose samples from each set. An auditor may choose samples on the basis
of previous audit results. In addition, an auditor should verify in each audit
that probiems detected by previous audits have remained corrected. If any
major changes have been made to a system (for example, calibration once
done in-house is now done outside), the auditor may desire to pull a larger
than usual sample.
It is preferable for the auditor to go to the location of the sample and
select thc sample for the audit. However, there arc situat~ons(long dis-
tnnces. convenience. files off sitc) where i t is perrmssible for the auditee
to provide the sample population, such as in a file. folder. or log book, to
the auditor, who can then select the sample.
When sampling auditor!: should record the identity ol's;~mplesselected.
- ..
3. FLOWCHARTS AND PROCESS MAPPING
Process mdps and tlowcharts are used to depict the steps or events in a
proccss or system that produces some output. Flowchams are specific tools
for depicting sequrntiai actlvitles and typically use standard drawing sym-
bols in the~rcreation. Process maps are tlowch:ut~ng that may or may not
use standnrd flowchart symbols. Flowcharts and process maps are effec-
tive means for understanding procedures and overall processes and are
used by auditees to help define how work is performed. Flowcharts are
especially helpful i n understnndins processes that are complicated or that
appear to be In disorder. Auditors can also use flowchan~to help under-
stand both producuon and service processes dunng audit preparation.
A flowchart can be used to describe an existing system or process or
to design a new one. It can be used to:
Develop a common understanding of an overall process, system,
and sequence of operations
- Identify Inspection and check points that result in a decision
Identify personnel, by job title, performing specific steps
Identify potential problem areas, bottlenecks, unnecessary steps or
loops, and rework loops
Discover opportunities for changes and improvements
Guide actmities for identifymg problems, theonzing-about root
causes, developing potential corrective actions and solutions, and
achieving continuous improvement
Flowchartmg usually follows a sequence from top to bottom and left
to nght, wtth arrowheads used to indicate the direction of thc acnvlty
sequence. Common symbols often used for quality applications are shown
in Figure 26. However, there are many other types of symbols used in
flowcharting, such as ANSI Y 15.3, Operation and Flow Process Charts
- 27a-d). Templates and computer software are available for
(see Fiwre
m&ng tlowcharts, which are both easy to use and fzrly inexpensive
The actrvrty symbol is a rectangle which deslg-
nares an activin.. Within the rectangle IS a brief
description of char activity.
The decrsron symbol IS a diamond which des~g-
nares a decision polnr from whtch the process
branches into nvo or more paths. The path taken
depends on rhe answer to the questlon which
appears within the diamond. Each path is labeled
to correspond to an answer to the question. %
The temzrnal symbol is a rounded rectangle wilich
unambiguously identifies the beginning or end of
a process, according ro [he word w ~ t h mthe termi-
nal. "Start" or "begin" is used to designare [he
starting point of process flow;"srop" or "end" 15
used to designate the end of process flow.
The doczrtnent symbol represents a document
pertment to the process.
The flow lrne represents a process path whick
-1 connect process elements. e.g., activines, deci
slons, etc.: the arrowhead on a flow line indicate:
direction of process flow.
The connector is a clrcle which IS used to mdicatc
a conunuarion of the flow diagram.
Fieure 26. Common flowchart symbols.
Sui~cs:J.M. Jurm. e m . Jurdr, s Qunlin Co,,rroi tlo,idlooi Jill cd. iSew Y O : ~ .ZlcGr3u-
;:
Hill. 19%). p. 67. Rcproauc:d will1 pcrmlsslon o i in^. McGrw-Hill Comp3nlci.
 L lob engnment.

Clarify with Lead.

I
3~
y
d
l
Resolve with Lead.

Complete work.
-

Ger supplies.
pa-, etc...

,.
i. . ~

available?

Check with Lead. D lob done.

3epartment 1
Person A

-
1
Realrlgnment of job.

Figure 27. Types of flowcharts.

Sourre: From Rudolph C. Hirrel, "A Systems Approach to Auditing Systems Workshop"
(presented at 28th Annual E D Conference, October 1998).
Figure 27. Conrlnired

208
 (dl Flow process worksheet . ~

1991-1 998-All Companv Warehouses

Sreps m
nrocess / OPER / TRAN I NIP I DEL ( STOR

4. PATTERN AND TREND ANALYSIS

"P;IIIC'~II an:ilys~sIIIVOIVCS tile coileciion of data in a \wy that readiiy
r c \ d s :any knid of clusienn: that mav occur. This technique-is of major
value i n internal quality audits. slnce i t is so effective i n makin: use of
data from repetitive audits. 11 can be both location- and time-sensitive.
Pattern analys~sis of lim~tedvalue in external quality audits owing to the
lack of repetition in such mdits:'"'
While no one specific single tool exists to determine patterns and trends.
the following tools. matnces and data systems can help make such deter-
minations. Patterns and trends can m d i c ~ t ethe seventy of a problem and
can be used to help determine whether a problem is a systemic issue.
LIIW~ r a p lconnect
l~ points, which represent pairs of nuinenc data. to
show how one vanable of the pair is a functlon of the other. As a matter of
convention, Independent variables are plotted on the horizontal axis, and
dependent vanabies are plotted on the vertical axts. Ltne graphs are used
to show changes in data over &me. A line graph is shown in Figure 28.
Bar graphs also pomay the relationship or cornpanson between pairs of
variables, but one of the variables need not be numenc. Each bar in a bar
Figure 25. Line graph.
-rrraph represents a separate or discrete value. Bar graphs can be used to iden-
tify differences between sets of data. A bar graph is shown In Figure 29.
Pte charrs are used to depict proportions of data or tnfotmatl~nin
order to understand how they make up the whole. The entlre ctrcle, or pie,
represents 100 percent of the data. The circle 1s divided Into slices. with
each segment being proponlonal to the numenc quantlty in each class or
category. A pie chart is shown tn Figure 30.
iLintrlcrs are two-dimensional tables showlng the relauonshlp between
two sets of informanon. Matnces can be used to show the logcal connect-
lng p a n t s between performance cntena and lmpiemenung acuons, or
between reqmred actions and persomel responsible for those actlons. Used
 Producrion Unir Comparison
Line A, 1991-1996

1991 1992 1993 1994 1995 1996

Year
Table 2. Area of responsibiiitles matnx.
Figure 29. Bar graph.
Sorrrce: Jerry Nmon. "Audiiq Tools.'' p. 6.

this way, matnces heip determine what actlons andlor personnel have the
I I
Prwm
devciopmenr
1
Ddicienc~
rracking
1
1
11IVock
~ m n m g control
11 Documents
and S C C W ~ S
rerenoon hsessmenr
S X
greatest effect on an orgamzation's mission. Matnces can be used by audi- Director
tors as a way to focus auditing time and to organize auditing conduct. In
Table 2, the matnx is used to heip the auditor by identifying orgmzational
responsibilities for the different audit areas. Thls particuiar matnx is used
O P ~
x - - X X
O P ~
to maximize use of tlme dunng the site visit. Table 3, a much broader support X S
matnx, allows the auditor to do the long-range planning necessary for Tech
X X X X
suppon
ensuring proper application of the audit program. In this example, the var- X x I
Admm.
ious audited areas on the Y axls are applied aganst the different organiza-
tlons to be audited. Sorrrce: Rudolph C. Hirzel, "Audits M&ng a Difference" (presnted nl me ASQC Fiflh
Annual Quality Audit Confcrence. 22-23 Fcbruw 1996. Kansas City, Missouri).
 Building
..-;--&
---r Work Work Days
A d m ~ n ~ s r r m o nChemistry Biology M a r e r d s rervres Engineering -~=-- crew lost
1 Dm Type Area
,"4..~..1..1 I I I I
C.Q-101
Spmn ~ I d g12 ~Cch 4
5
515 Spr~iil Bldg 5 MAP-2-12 Elcs
Xech 2
5/12 Burn Area S PXIP-1-4
5/15 Abrasion Arca 10 PMP-3-7 Grnds 3
prorccrion 4 Eirc I
C C 5/23 Burn Bid& 12 CAP-103
lndusrrial ii 5/25 Sorxn Admm bldg Xl.4 Xl.4
ratciv i\ A j-i - . .A Eiec 1
.I ~
5/29 Cut Bldg 5 MAP-2-17
Envmxmenral C C C C .d
t
-
Personnel
ciatnmg
Conduct
B A B C 1- i
z
of opr
Quditv
C C !
I
C : Number of days lost
zsSUra"CC A C A C 6 1
A = Firs: assessment B = Second arscssmenr C = Third asrerrmenr
R u d o l ~ hC. Mirrel. 'Uudits Making a Difference" (prcrsnrcd thc ASQC Fifth
Sr,o,r.c.:
Annual Qualily Audii Cunfercnce. 22-23 F e b r u o 1996. tians:ta Cii\.. Missouri). !

Darn svsrems exist in a wide ranze of forms and formats. They may
~ncludeweekly and monthly reports of laboratory or organizational per- I

formance used to alert the auditing organization of potential audit areas or !

computerized databases that link performance to specific performance 1
objectives or track actions to resolve programmatic weaknesses. In any
case. data systems are an important tool that provldes the auditor with the ~~ .!
data needed to Focus on audit activities. In Table 4. information on lost- "
time injuries 1s displayed in tabuiar form; the same information is dis- ~. Abrasions Breaks Burns Cuts Spratns
played as a graph in Figure 31.This information can be used to focus the S Electrical tBI Mechanical i
3 Other
assessment on etcher the location of the injunes or the work procedures
involved to identify weaknesses in the accident prevention program. Figure 31. Lost work thls month.
~.--.
- f
Source: Rudolph C. Hirzet, "Audits M h g n Difference" (presented nr lhc ASQC Fifth
A n n u l Quality Audit Conference. 22-23 February 1996, Kansas City, hlissouri).
5. ROOT CAUSE ANALYSIS . . . ..
....
.. .&
. .
Root cause analysis refers to the process of identifying the root cause for
~. It causes the effect--either directly or through a sequence of
the occurrence of an unwanted effect, consequence, condition, or prob- -&I
intermediate causes and effects.
iem. The root cause is the most basic reason for the effect, which if elim- 5
.4
. .
inated or corrected would have prevented the effect from existing or :-...
It is controllable-tntervenuon would change that cause.
occumng. Root cause has three primary charactensucs: -
-..-
.,..
:*-. Its e h m a u o n wiU result m the e l h a u o n or reducuon of the effect.
..-.
 Many methods arc available for analyzing data to ultimately deter--=
.*-.customer input Design Control
mine thc root cause. Less-structured techniques include flowchans,':..=:*
process control charts. trend analys~s,Pareto diagrams, nomnal group -- output Defined
techniques. matrices, tntuition based on observation, and brainstormins-?
Procedures
More tortiiai root cause analysis techniques mciude bamer analysis; Established
change analysis. event and causal factors anaiys~s,tree diagrams,
cause-and-effect diagrams. The method of root cause analysts is a Rewewed tor lntertaces
tivcly unintcpted collection of heunsttcs (slmple methods or advice Adequacy Controlled
to use). cuch ;~pplicablc.in certain s~tuations.'" Validatton

7
Properly Pertormed

6. CAUSE AND-EFFECT DIAGRAMS -

Documented
\ PREVENT
DESIGN
The cause-and-rffec? -- dia.qrnm (C-E dia.=am) is a visual method for ana-;l
2-
/ / ERRORS
ing causal hciors tor a gyven effect in order to detemne their relationship. f Responsibiitses
Established
Needs
Periorrned
I1 is one of the nos1 widely used quality tools and is aiso called an lshikacnlva
difr,~rf~rrr after its in\wtor. or afislrltotlc diagrmt because of its shape. Identified Changes
- . iharxteristics
13.JSIL . of h e C-E diagrm include the tollowing:
Controlled

It represents the factors that mght contribute to an observed

condition or effcct. Personnel Matntamed
Qualified
I t clearly shows ~nterrelationshipsamong possible causal factors. Accessible
- The interrelationships shown are usually based on known data.
Training Document Control
C-E diagrams are an effective way to generate and organlze the causes for
i
observed events or condit~ons,since they help display causal tnfomation ;I Figure 32. Cause-and-sffect diagram.
in a structured way. Soure: Rudolph C. Hirrel. "A Sysrcms Approach lo Audirmg Systcms" (presented at ASQ
C-E diagrams consist of a description of the effect wntten in the head i Quality Day, Motorol~Untvcraty. Apnl 10. 1997).
of the fish and the causes of the effect ~dentifiedin the major branches of
the body. These main branches typically mciude four or more of the foi-
-~;
I -.
lowing SIX intluences, but may be tailored specifically as needed: 7. PARETO CHARTS
1. People i worker) Parero cltarrs, also called Pareto diagmns or Pareto anal?.sis, are based
2. Equipment (machine) on the Pareto principle, which suggests that most effects come from rela-
t m i y few causes. As shown in 33, a Pareto chart consists of a
3. Method
series of bars in descending order. The bars with the highest incidence,
4. Material failures, costs, or other occurrences are on the left side. The miscellaneous
5. Environmental category, an exception, always appears at the far right, regardless of size.
Pareto charts display, in order of importance, the contribution of each item
6. Measurement .
-.. to the totai effect and the relative rank of the items.
.%7
Figure 32 is a C-E diagram used to identify all the program elements that s
;. Pareto charts can be used to prioritize problems and to check perfor-
should be in place to prevent design output 9:.
'7i; mance of implemented solutions to problems. The Pareto chart can be a
+j$
7-
 HOUSING CASTINGS
ATR002MF - Tradilional--'c' chart Parelo -. .

1 DEFECTS

Figure 33. SQM sofrwn~eexample of n frequency P;ticto ;i~ialysis

Sor~rcc Couricsy of CIM Vision 1t1tcrnetion;d
 A histogram is one of the simplest tools for organizing and summa- f z : ~
rmng data. It is used to show the number of times a given discrete piece - -
of information occurs and is essent~allya vertlcai bar chat3 of a frequency-=
~. .
.. ~-
distributwn. The histogram's simplicity of construction and interpretation=
makes it an effective tool in tiie quality auditors elementary anaiysis of
-
collected data.
--~

~. -
Histograms should indicate sample size to conmiunicate the degree of ---
confidence in thc concius~ons.Once a histogram has been completed, it
bhould be analyzed by identifying and classifying the pattern of vanation,
and developing a plausible and relevant explanation for the pattem. For a . ~

normal disuibution. the tollowing identifiable patterns. shown in Figure 3 .- 5 , ~

are commonly observed in h~stograms: -
2. Bell-.sl~npeil:4 symrnetncai shape with a pe& in the middle of the
r;inge ol data. This is the normal and naturai distribution of data. Devia-
lions from the bell shape might indicate thc presence of complicating fac-
tors or ours~di.~nlluences.While deviations trom a bell shape should be (c)Plateau
invest~gatcd.such desiar~onsare not necessarily bad.
b. Do~rbir-pcrrkerl(brrr~urld):A distinct valley in rhe middle of the
range of the data w t h peaks on either side. Usually a combination of two
bell-shaped distribut~ons.this pattern indicates that two disttnct processes
are causlng this distribution. -
c. Ploretr~r:A tlat top wlth no distinct peak and slight tails on either
side. This pattem is likeiy to be the result of many different bell-shaped
distributions with centers spread evenly throughout the range of data.
d. Comb: High and low values alternating in a regular fashion. This
pattern typically indicates measurement error, errors in the way data were
grouped to construct tiie histogram, or a systematic bias in the way data
were rounded off. A iess likely alternative is that this is a type of plateau ..
distribution.
e. Skewed: An asynimetncal shape in which the peak is off-center in
.
the range of data and the distribution tails off sharply on one side and gen- a
tly on the other. If the long tail extends rightward, toward increasing val- .:,%
ues, the distribution is positlvely skewed; a negatively skewed distribution 3%
.-.
exists when the long tail extends leftward, toward decreasing values. The -~
skewed pattem typically occurs when a practical limit, or a specification . '.g
->
limit, exists on one side and is relatively close to the nominal value. In t h ~ s .,:=
case, there are not as many values available on the one side as on the other. 3;
....,
f. Trr~rzcated:An asymmetrical shape in which the peak is at or near :.?-.
the cdgc of the range of the data, and the distribution ends very abruptiy
-
,.-,
: Figure 35. Common histopr+m patterns.
.- Soaxe: J u m Insutua, 'The Tools of Qualily Pan I? Hisro-:' ASQC Quoiiv PmL?rexs
(September 1990). p. 76. Adapred fmm Ule Juran Insumre's publicauon. Quniiy bnpmventeni
 .-a~

On
3.
one side 2nd tails off gentiy on the other. Truncated distributions a, phase of statistics that seeks only to describe and analyze a given group
smooth, bell-shaped distributions with a pan of the distribution draw,ng any conclusions or inferences about a larger
(sample)
removed. or truncated. by some estema~force. Croup ~populatlon)Is referred to as deducrilte or rlescrfPr1"e srflrrsrlcs.
Z. Isultrred-peakcd: A small, separate group of data
kerdistribution. Similar to the double-peaked distribution: iiowever, me
to Geasures of tendency and dispersion are the two most fundamen-
tal concepts statistical analysis.
short bell shape indicates something that doesn't hzlppen very often, .
E":W~eaked: .A 1arF Peal; 1s appended to an othenstse smooth dis- - -4- Measuresof ~~~d~~~~
tributlon. Similar to the comb distributloll tllat error lvas I1 ..Most frequency distributions eshib~ta .central tendency' ( a shape such
imde in the darn. All r e x i i n y oust a certatn point tnlly ~lasrbeen grouped that tile bull; of [he observations pilc LIP 111 the area between thc lwo
lnto one value."' - - . ..
estremes),.v~~ central tendency IS one of the most fundmental concepts
No rules exist to esphin pattern variation in every s l t u a ~ o n . ~h~ three .. ten-
in all statlstlcal analysis. There are three pnnclpal m%sures
most important chmcteristtcs are centering (central tendency), ,+,idth -.
1 dency: mean. median. and mode.
(spread. vanauon, scatter. dispersion). 2nd s]litpe ~f no dis-
f
''mihie Pattern appears to esist. the distribut~onmay not be normal, and 1 A~~~~~~~~~i\/iean. neo,.,r/lt,lerrcrllerrn,or nienn ~mlrle,IS the sum totJi of
[he data may actually he distributed according to some other distriburlon, divldi.d by the number of data values. It is the merase lhs
!i ail n.
"lch as esPOnentlal. gamma. or uniform. Analysts of distribuuons of these of saillple Mrun the most commonly used m?mn'e ofcrn-
FPcs 1s beyond the scope of tills text. 2nd further tntormarlonshould be
s o u ~ h from
t specialized statlstlcs texts, I [rul tendency
and is [he only such measure that incluaes even' value i n the
data set, ~h~ mrhn1etic mean is used for symmetncai or near s ~ m e t n c a '
peak.
I distributions,or for distributions that lack a slngie clearly
9. DESCRIPTIVE STATISTICS
~ ~ ~ ~ is , the middle value imldpoint) of a data set
d~h~i r,lrdia,r
"Descn~tWstatlstlcs fumlsh a stmpie method of extractlngInfo,,,,a1lon ! numerical order, either in ascending Or descending order. The
f manzed
from what often seems at first glance to be a mass of random numbers.
These chamctensucs of the data ma" relate to: ,i median used for
but
reducing
are not
the effects of extreme values, or for data that
econormcally measurable, such as shades of cO1-
can be

-
1. Typrcat. Or central. value (mean. medim.
ors, odors, or appearances.
2. A m ~ s u r eof how much vanability is present (variance. standlvd
dev~ation) -
~ ~ ~h~ d,no& ~is the .value or number that Occurs most frequently In a
3. A measure of frequency (percentiles)"l?" data set, jf all the values are different, no mode exists. If two values have the
S t a t i ~ t l1s~concerned
~ with sclentific methods for organlz- / most and same frequency of occurrence, then the data set or disuibuUon has
In& summanzing, Presenting, and analyzing data, as well as drawing valid j two modes and is referred to as bimodal. The mode 1s used for
cOnciusions and m*ng reasonable decisions on the basis of such analy- j slcewed disuibutlons, for describing an l r r e g u l ~slumon when two pealts
. . are found, or for eliinating the observed effects of ememe
sls. In a narrower sense, the term srarisircs is used to denote the data them-
..
,.
*.,.
a..-
.
selves or numbers denved from the data, such as averages, -.-.,
--
-..: 8
.~,- *,
An auditor must look at how an auditee defines the process and nec- -.,. . , Measures of Dispersion
essary and must establish some type of measurement system to Dispersion is he vanahon m the spread of data about the mean. Disper-
.+
ensure that the meaWr~mentsor the process were properly defined. ne sion is also referred to as spread, and scatter. A measure dis-
b the results of what other people have done, and if heyuse ...... ,,
a u d i t O r ~ o oat -.. .
...~- persion the second of the two most fundamental measures of all stat1s-
stattstrcal tools. he orishe must be knowledgable enough to decide tic.h analyses, ~h~ dispersion wltihin a central tendency 1s norma%'
.=. i
whether (he information they are gathering from the data is valid, ~h~ : measured by one or more of several measuring pnnciples.
 Data arc always scattered around the zone of central tendency, and the z .-
extent of lhis scatter is called dispersion or vanation. There are several meaL--z
-
sures of disperston: range. standard deviatton, and coefficient of variation.z-=
~.

Range.
-
.
The range ts the srmplest measure of dispers~on.It is the differen*=.
-
.. .

between the maximum and mntmum values in an observed data set. Sincei-c
is based on oniy two values troni a data set. the measurement of range is most-- -
,
.

useful when the n~imberof observations or values 1s small (10 or fewer). -.

Standard Deviation. Startdrird lietwrrrort. the most imponant measure of

variation, measures thecxtcnt of disperston around the zone of centrai ten- ~ ~

dency. For sampies from a normal distribuuon, it 1s defined as the result=

tng value of the square root of the sum of the squares of the observed vai--
LICS. illinus the anthnlet~cmean (numerator) divided bv the total number - Figure 36. Control chan.
of observations mtnus one (denommator). Soarcu: Nancy R. Tquc. Tile Q,mlim Tool6o.r (ir2ilw~ukce:.ASQC Quaiitv Press. 1993. n. 86.
Used x i t h pcmss~on.
Coeficicnt of Variation. Co~,@cjicreftri$tal?arrorr ts the tinal measure of dis- -I

perston. It 1s the standard dewation divtded by the mem. Vmance rs the s a r -

anteed existence of a difference between any two items or observattons. The
concept of vattlnatiffnstates that no two observed items will ever be rdent~cal.
10. CONTROL CHART INTERPRETATIONS
Many companies use stattst~calprocess control (SPC) techmques as pan of
a conttnutng quality improvement effort. Quality auditors should be f a d -
tar wltli stutistical techniques so that they can evaluate whether they are
being properly applied by the company betng audited.'jO Control charts,
also called process control charts or run charts, are toois used in SPC.
Statistical process control recogmzes that some random variauon always
extsts in a process and that the goal 1s to control distribuuon rather than mdi-
vidual dimensions. Operators and quality conrrol technicians use SPC to
detemune when to adjust a process and when to leave it alone. The abilitv to
operate to a bght tolerance without producing defects can be a
ness advantage. Control charts can tell an orgmatmon when a process
good enough so that resources can be directed to more pressing needs."'
A control chart, such as the one shown in Figure 36, is used to
guish variations in a process over time. Variations can be attributed to ' -
either special or common causes. Common cause variations repeat ran- =-.&.
domly within predictable limits and can include chance causes, random
causes. system causes, and inherent causes. Specla1 cause vanattons indi-
cate that some factors affecting the process need to be identified. investt-
gated. and brousht under control. Such causes include asst,unable causes.
locai causes, and specific causes. Control charts use operating datu to
estabiish limits within which future observat~onsare expected to remmn if
the process remains unaffected by special causes.
'.Control chms can monltor the a m and vmability, and thereby Coniin-
ually check the stability of a process. Thts check of stability in turn
ensures that ihr stat~st~caldistribution of the product charactensttc Is
consistent with qudity requtrernents.""'
'.Control cham are commonly Used to:
i. Attatn 2 state of stattsttcal conuol
2. Monitor a process
3, Detemune process capability""'
The type of control chart to be used in a specific sttuatlon depends on the
type of data being measured or counted.
Variable data, also called cor~trnuousdata or nreasureiJte!zt data, are
collected from measurements of the items being evaluated. For example, the
$< Ij measurement of physical characteristics such as time, length, weight, pres-
sure, or volume through inspecuon, testing, or measuring equipment
constitutes vuiahle data collection. Vzuiable data can be measured and
ted on 3 continuous scaie and are often expressed as fracuons or dec&&:=
The '7 (average) c h a t and the R (range) chart are the most common 3-
types ot conuol charts ibr variable data. The X control chart illustrates&&
averay measurement of samples taken over tme. The R control c h s q . -
illustrates tlie r:insl_eot the measurements of the samples taken. For these'.'""
cliarrs to be accurate. 11 is cntical that individual items comprising h e - -
sampis are pulled from the same basic production process. That is, the -3-
sanipies should be dr3wil around the same time, from the same machme,
from [he same raw matenal source, and so on.'" These charts are often-
used in conjunction will1 one another to record jointly Uie mean and rang
oS samples takcn from the process at tairly reguiar intervals. Figure- 37 1
sho\vs an .y -R chart 3
Attribute data. also referred to as discrete data or counted data. pro- i
-3

vldc ~niormauonon number and frequency of occurrence. By countlng

and plottlii: discrete events-the iiurliher ot defects or percentage of
failures. for exarnple-ln Integer values ( I . 2. 3), an auditor is able to
look a1 prev~ouslydetined critena and rate the product or system as
passifail. acceptableiunacceptabir, or goino-go. Several basic types of
control charts can be used for chart~ngattribute data. Attribute data can
be either a fraction nonconforming or number of defects or nonconfor-
mities observed in the sample. To chart fract~onof unlrs defective, the p
charr is used. The units are classified into one of two states: gotno go,
acceptableiunacceptable, conforminglnonconforming. yesino, and so
on. The sample size may be fixed or vanable, which makes the tech-
nque very effective for statistically monitoring nontraditional processes
such as percent of on-tlme delivery. Note, however, that if sample size is
vanable. control limlts must becalculated for each sample taken.
The rlp chart uses the number of nonconfomng units in a sample.
This chan is sometimes easier for personnel who are not trwned m SPC.
It is easler to understand t h ~ schart when h e sample size is constant, but
it can be variable like the p chart.
The c chart plots the number of nonconformities per some unit of :?%~
measure. For example, the total number of nonconfomties could b e -.....
..i-.

counted at a final inspection of a product and charted on a c chart. The .:?.* 1

number of nonconforrnlt~esmay be made up of several distinct defects,
zg,
...*.-
T,E:

i
.- ...
i.L
,.,.<-.c

2%~
which might then be analyzed for improvement of the process. For this
chart, the salnpie size must be constant from or unit to unit.
-
1
The u chart is used for average number of nonconformihes per some
unit of measure. Sample size can be either variable or constant since it 1s
charting an average. A classic example is the number of nonconfomties
m a square yard of fabric in the textile mdustry. Boits of cioth may vary
in slze, but an average can be calculated. Figure 38 is an example of plot-
tingattribute data using air chart.

Januari February
I'igurc 35. 11 c h r r tor tlie average errors per truck lor 20 d;ays ot production.
Sorwc.: J l , l ~ aT.Burr. SPC 7im1.%I r w Eve!so,ie IMilwaukce: ASQC Qunlitv Press. 1993). p. 5s.
GscLI Wtl, ~cnT,ss,o,,.
11. PROCESS CAPABILITY INTERPRETATION
"OIWof tile thuor~ermost widely encountered is: 'The process can't
liold [lie toler:inces.' To lest tlils theory. mmsurements from the process
nlust be taken and anaiyzed to detcrmlne the amount of vanability inher-
uii-ii~the process. Ths var~ilbilityIS Glen compared to the specificatlon
iim~ts.These steps are performed i n a process-capability study."'35
Process capability provides a quantified prediction of the adequacy of
a process: and it measures the capability of a process to produce products
that meet speciticatrons by measuring the inherent uniformity of the
process. Generally, tt is not feasible to d e t e m n e process capability by
direct measurement of a process under operating conditions, so capabiliiy
is determtned ~ndirectlyby measunng the uniformity of the product.
Process capability can be used to measure process performance, monitor
processes ustng control charts, evaluate process equipment, revtew toler-
ances based on common variation of a process, d e t e m n e the effect of
changes or adjustments to processes, and audit process performance.
Process capability can be detemined when a predictable pattern of
statistically stable behavior constsung of common causes of variation are
compared to specification limits. Process capability indices numerically
express the relation between the distribution and the specification limits.
A process is in a stole of stotisticat control when the plotted data points
are withm the calculated Upper Control Limit (UCL) and Lower Control
L i m t (LCL) almost all the ume (such as 99.73 percent) and the data do
not display a particular form that would indicate an out-of-control condi-
tion (such as 7 successive data points below or above the center line of the
control chart). A process is capable when the distribution of individuai
piece data is within or equal to the Upper Specificauon Limit (USL) and
Lower Specification Limit (LSL). Histograms can be used to graphically
show capability when upper and lower control limits and specification
limits are added to the histogram data.
A process capability indcs expresses a numencai relationship
.. betwcen the process vanability and the specification iimits. The most
-common indices currently in us? are Cpand Cpi If the upper control limil
and lower control limit are superimposed on the upper specification limit
... and lower specification limit. the Cl, would equal 1. This assumes that the
~2 mean of the process IS exactly centered wlth the specificatlon limtts. If the
-3 control limits fall outstde the specification iimlts, the value of Cpw,ouid be
---3 less than I . Cpi is n method of measunng process capability when the
I
inean of the process is not centered with regard to the specification limits.
A Cp, of i or greater means that the process 1s capable at a levei of at least
99.73 percent conlormtng. wh~chIS the limit assoctated with an X and R
chart. It IS extremely imponant when using these capability tndices [hat
the process be in-control because the theory IS based entlrcly on a normal
----A
- -
i
disuibut~on.If the distribution IS not normal. the indices arc meaningless.
'.A staustlcal control chm can be used to ldentify visible trends In the
performance data measured dunng the audit of a qudity system. It can
show this informauon in terns of both the average enor rate and the
acceptable performance levei."""
-
-
Appendix A
Sampling has always been a s t m n g point for discussion among auditors.
Some say that statistical sampling is the only way 10 perform an audit that
means anything to management. Others contend tl~atwe don't need to .%
look at a statistical sampie to determine whether there is a problem. There
are times when staristical sampiing is a must; and there are rrmes when
judgmental sampling gives the results needed.
There are many ways of choosing the samples to be evaluated during
an audit. T h ~ ssectlon explores the many ways and provides some gu~d-
ance about their application.

NONSTATISTICAL SAMPLE SELECTION

Nonstat~stlcalsampiing seems to be the general rule in quality auditing.
Perhaps m s is because of the need to keep costs down; one way to do that
is to keep the sample size small. Perhaps the system has reached near per-
fection, and the goai has shifted to fixing the minor or s~ngle-caseprob-
lems that arise. Perhaps the auditor wants to bnng these problems to man-
agement's attenuon, and the audit report 1s the only way to do this. For
whatever reason, nonstatistical sampling is very popular. Nonstatistical
sampling takes many forms.
Haphazard selection is where the auditor selects items with the goal
to be as random as possible, yet be a representation of the total population.
Here the goal is to gain insight into the population without using statisti-
cal techniques to quantify the results. The results are not statistically valid,
and generalizat~onsabout the total population should be made w~th
extreme cautlon.
B/uck selectruir (also called clrrsier snrrrpiirrg) rs wtlere corlsecuuve
ttenis w ~ t h ~a ntime frame, production run. dollar range. and so on are cho-
sen i'or evaiuat~on.For exampie. a11 purchase orders For the month of
March. 311 purchase orders o w S5000. or all S Y Z product produced on
swm: shift from April 2 to April 9 [nay be revlrwcd. Ivlmy blocks fitt~ng
the sclectlon category need to be enam~nedto gatn ;t pseudo-representative
sumple ot lhc to1:il populatwn. Block selecuon IS best when looking For a
root cause. a possible problem wtth a pan~culirmachlni. or a possibIe
problem with a particular process. Stat~st~cally valid comments can be
tuade about lhe blocks evaluated. bul not about the total populat~on.
e r r r o l IS JLISt that-auditors
J ~ ~ r l g ~ ~ ~ selerrro~r use tiletr knowledge or
cxperlence lo select s;~tnples.Norm~llysamples are selected based on nsk
l o the company and powni~altor loss 01 produ~mon01. data. Here lhe goai
IS to dererm~neif the Iilgh-risk areas are bemg 3dequately controlled. One
problem wtth judgment31 sampling comes about when the auditor specif-
tcally selecls samples wtth known problems. thus biasing the sample
toward the negatl\.e. T h ~ smakcs the sample completely nonrepresentative
';
ot the total populat~on.Onc reason for sampling thts way is when a
process is betng done so well that the auditors are work~ngon relativeiy
minor or slngle-case problems. However, if this IS the case. there may be
no need for the auditor at all.
bers and confidence leve!s have more meanlng to upper managelllent than
saylng that "we think there is a problem In document control."
There are rwo widely used methods of statistical sampling: simple
rmdoln sampling and systematic sampling. Sirilplr rfflld~fll~ f f l l l p & !
ensures that each Item in the populat~onhas an equal chance of being
selected. Random number tables and computer programs can help make
the sample selecttons. Svste,rirrtrc sari~plifzgalso ensures that each Item In
the population has an equal chance of being selected. The difference here
IS that :~fterthe sampie slze is determrned. it 1s diwded Into the total pop-
ulatlon s z e to determlne the sampiing interval (for example. every tli~rd
item). The stmlng point 1s detemned usmg a random number table. Nat-
urally. several computer programs me available to help determlne the sam-
ple slze. the sampling lntervai. the starting polnt. and the actual samples
to be evaluated.
SUMMARY
6 0 t h nonstat~stlcaland statistical sampling have then piaces In quality
auditmg. The job of the quality auditor is to know when each method is
- needed.
best for deternnn~ngthe iniomat~on

STATISTICAL SAMPLE SELECTION

For a sampling approach to be cons~dered'.stat~st~cal:'the method must
have random selection of items to be evaluated and use probability theory
valid sampling is neces-
to quantitatively evaluate the results. Stat~st~cally
sary to quantify probiems result~ngfrom an adm~n~strat~ve process or pro-
duction line. Statistically valid sampling allows the auditor to state m the
audit report that "we are 95 percent confident that the actual population
deviation rate lies between 1.2 percent and 5 percent. Since t h ~ sis less
than the tolerable deviat~onrate of 6 percent, the control procedure
appears to be functioning as prescribed." With a slightly different sam-
pling technque, the auditor would be able to state, "We are 95 percent
confident that the true population deviation rate is less than 4.5 percent,
winch 1s less than the tolerable deviation rate of 6 percent." These num-
 statistical A
i

Kx
The last section talked about nonstatistical types of sampling for audits: hap-
hazard, block. and judgmentai. This section esanunes these in more detail to
try to understand the pros and cons of using each. The goal is to provide man-
agement with supportable information about the company, with the expecta-
tion that management will W e action based on the results presented.
Hnphnzard sErnplirzg is used b y auditors to try to gather information
from a representative sample of a population. Items are selected without
intentional bias and with the goai of representing the population as a
whole. The auditor might ask to see the deficiency reports on the coordi-
nator's desk. The deficiency reoorts on the coordinator's desk when the !

auditor comes in might be rationaiized as being random and as represent-

ing the population as a whole. The auditor might ask for 10 deficiency
reports, two from each line, and will ask to be the one who picks them.
This might be rationalized as removing the bias from having the coordi-
nator select the sample.
The pro side of haphazard sampling is that it is easy to seiect the sam-
ple, so the audit can be completed more quickly. There is less preparation
time, making it possible to do more audits.
The con side of haphazard sampling could be stronger. If the coordi-
nator is reviewing the deficiency reports for a specific department at the
time the auditor walks in, the results of the audit will show that this . .
department has a disproporrionate number of deficiencies when compared
to the other departments in the sample. The auditor nught pick deficiency

reports that catch hisiher eye for some unknown reason, thus introducin.':r~.
an unkrwwri bias. Haphazard sampling is the easy approach to
The results do not reflect all departments, lines, items, people, problems,z-z
or a myriad oi other cons~derations.The results are not statist~callyvalid .
and generalizations about the total population should be made w i e
extreme caution. The results of haphazard sampling are difficult to defend=
objectively. Of 311 the nonstatistical audit sampling methods, haphazard i;:-.-'
:irgu:ibly the worst.
Block s~irrrplifryor cl~rstersrrrrli)liirg can be used by auditors to vain a
U
pretty good picture 01' the populatloii, if the blocks we chosen m a statis-
tlcai manner. T h ~ requrres
s that a lot of biocks be chosen before an accu- .-
rate representation of the total population is obtaned. and often more:z=
itcins :ire examined th:m i f a statistical sample was selected in the begin-
~.---
ning. Normally, auditors don1 use block sampling dunng audits, but do
use block sampling extenslveiy atter a problem has been identified. Audi-
tors nncl oihers use block sampling when t r y i n to deternuns when or how
. - ....- ..
I pwvrously identified problem beran. ended. or both. For example, if a
I
problem began in blay. we might examine a11 iteins made or processed in
May to try to determine when i t began and whether it is still occumng. If
we ~dentilicda probiem with calibration of balances, we could examine
every balance to -determine when the problem began and whether it
afl'ected only those in one building or in one department. Some may rec-
ogntze these activities as investigative actions taken subsequent to identi-
ficatlon of a problem. Block sampling is also used in investigative actions.
The pro side of block sampling is that i t allows stat~st~cally valid juag-
inents about the block examined. With a sufficiently large number of
blocks seiected randomly uslng the same selection criteria, we can make
sratist~callyvalid judgments about the total population. Single blocks allow
us to narrow down the root cause of a prev~ouslyidentified problem by
focused invest~gat~on in the area of concern. Sinzle blocks also allow us to
- audit. And, finally, selection of' the audit sampie is relativeiy simple,
recognize a possible problem with a stngle machine or a specific process.
The con side of block sampling is that it requues sampling a large .~++
number of items before judgments about the total population can be::!:<-. .-
made-larger even than statistically selected samples. Auditors often want
more than just information on a particular block of time, products, or loca-
tions. Auditors want to be able to provtde management with supportable
statements about the entue population. For thk reason, block sampling is
normally not used dunng the audit to identify problems.
- -
~-
.
.. ....
J ~ l d p e r ~ isampling
nl can be used by auditors to g ~ a npretty good pic- ..
-
-
. ...-.y
ture of what is happening, although the results are not statistically valid. In i
the first approach, the auditor selects samples based on hlsher best judg-
~
ment of what is believed to give a representative picture of the population.
These samples are chosen based on the auditor's past experience. Often
these samples are based on those that expose the company to the greatest
nsk, such as high dollar orders, special orders, or cntical appiication
orders. In judgmental sampling, the auditor may look back over tlme and
see that. hlstoncally, problems l~aveexisted in department A. activtly C.
Knowing this, the auditor examines that area in an audit. In judgmental
sampling, theauditor may also decide to lookat all orders over $3- nlillion. !
or all orders destined for installailon in the space shuttle. If a problem 1s ..--;
...
,
:::I
-
.
i
found. the audi~orexamines 3ddirional samples to determine the extent of
the immediate probiem.
In tlie second approach. the quality program Pas reached maturity. and
very Few problems are identified in n peneral audit using random Sample
K..
techniques. The company iuay then decide to audit nil areas in which
problems were identified with tlie intention of determlnin,0 whether the
activity can be ~mprovedbeyond its current level. The nuclear industry
and several othe; lndustnes have reached this point and have begun to rely
on judgmenral sampling to identify areas for improvement.
The pro side of judgmental sampling is extensive. The auditor focuses
on areas where previous problems have been Found and corrected. High-
nsk areas and actlviries receive the most attention. These are all areas
where management histor~callyhas focused attention. By doing judgmen-
tal sampling, the auditor will be provtding informarlon on areas known to
be of interest to management. Judgmental sampling allows companies to
focus their efforts on specific improvements rather than general assess-
ment. It allows the auditor to more effect~velyuse hisher tlme dunng the
which leaves more time to prepare for and perform the audit.
The con side of judgmental sampling is mat the results are not statis-
~
tically valid or objeet~velydefensible. Judgmental sampling is open to
-:~'. abuse through retaliatJon (seiectmg a group for detail audit because of
...
..~
.
some previous action). Judgmental sampling causes auditors to continue
,
to focus on areas where problems were found previo~siy.It is a fact that
an auditor focusing on an area will probably find problems <hat get
.1.
recorded and reported. An unwritten law of auditing is that "if we look for

it. we will find it." If we continue to focus only on areas where
are found, l o g would
~ talic us to the extreme where we always audit the
same thing over and over. Tlius. certain areas would be seen as pristine,:_-
while others wouid be seen as consistently incompetent. Stat~st~cal sm- -
piing 1s needed to provide a baseline from wll~chfurther auditing using-
judgmental sampling may proceed.
,,2-
Nonstatisticai samoling has 11s place in audit~ngand in the invesnga-
rron OF identified problems. Haphazard sampling should be avoided if m
all possible. Block sampling 1s effective in pinpointing problems, and sta-
tistically valid conclus~oilscan be made about the block evaluated, but
conclusions about the total population require more work.
sampling is effective in focusing the auditor's efforts and in
areas of improvement in a relativeiy mature quality program. The job of
the quality auditor IS to know when each method 1s best for d e t e n n i n s
the ~nf'ornlationneeded.
9;
3. Chapter C
-..
3 for
=i
It's not difficult to plug numbers into a formula and calculate the
results. Management likes to work with numbers that have meanlng and
that put boundaries around a question or an error rate. This is where sta-
ttstical sampling comes in. With stat~sticalsampling, we can state in
our audit reports that W e have 95 percent confidence that the purchase
orders are being correctly processed." Sample size depends on confi-
dence level and what we want to determine.
Naturally, the larger the sample slze, the more accurate the estimate.-
For small populations, we correct the sample stze for the popuiation.
Auditing by statistical sampling is best suited for single-attribute auditing.
However, once the item to be audited has been selected, many attributes
can be checked dunng the audit. A purchase order has many attributes that
can be checked simultaneously. In this way, one calculation for sample
scze can be used to report on many attributes.
Sample size is calculated uslng two formulas. The first formuia is the
"first estimate of the sampie size" based on the binormal distribution. This
formula is:
 where: This works out to:
I Z , ~ ,= first estimate of sample size 11(P = 238
= standard devlatlon tactor (1.96 for 95 percent Using this sample size and finding an error rate of 5 percent, we will
confidence) be able to report to management that we have 95 percent confidence that
P = estimated error mte the itemslprocesses in the population of 500 contans 475 error-free items,
A = des~redprecision
plus or minus 2 percent of 500 (10 items or processes).
This is a Ixge sample size for quality auditing, but it does Zive the

ii
The sccond ibrnu11:i uscs the tirst estimate of sample size and adjusts
lo fir the population:
-4 precision necessary to report ~ o o dnumbers to management. A littie work
with the formulas
. . . will
- . show that as the population gets iarzer. the reiative
sample size gets smal1er:Thus. the formulas-work best with larger popu-
lat~ons.Large populations can be found in purchasing and production and
lead to better applicanon of sratistical sampling. Other ways to reduce the
sample sxze is to reduce the precision ilarger A) or the confidence (larger
whcrc:
p and smaller 2).
I!,,, = linal sample s m Pertorming the calculations using a popuiation (NJ of 2000. the
deslred precision ( A ) IS 4 percent. the desired confidence level (ZJ IS
I ! , , , ~= firs1 esirnlate of sanlple size 90 percent. and the estimated error rate (p) is not to exceed 5 percent.
Plugging the numbers into the first equatlon gives:
-lo use these formulas: we plug in the numbers we h o w or expect. :
:
and determine thc sample szze. Consider a known population ( N ) of 500.
We decide that the desired precision (A) 1s 2 percent, the des~redconfi- f
4
dence level ( Z ) is 95 percent, and the estimated error rate (p) 1s not to 2 This works Out to:
exceed 5 percent. Plugging the numbers into the first equation gtves:
1
Although this is fairly reasonable, we will still use the formula to correct
i
for popuiarion. This gives:
This works out to:

..
This obviously won't work with a total population of 500, so we This works out to:
to adjust the sample size using the second equation. With I * , , = 456 and .*-:
.-A:@ = 142
..
the population (N)of 500, the formula becomes: .&.3
As you can see from the example, large popuianons make the first for-
mula accurate for determimg sample slze. Also note that wlth less preci-
sion and confidence, the sample slze is reduced to a more workable number.
Zreater bin or equal to 1011,where 11 is the sampie sze. This condition is
not required when the standards are used. as the s m p l e size is corrected for .... .
~
small population (lot size). But whal are the cha~ictensucsot'the lot that we
will csaminc dunng the wdit:'
. --....
T i E MOVING LOT
Most autlits arc ;I ~ i l a p ~ hCoverlil:
w a sptcilic lunc per~od.Our snapshot
I S of a lot from ;I contrnuocls production linc. 4 s part oF the scope of the
:iudik. we ml$ht haw io.e s m i n e the Deliclency Reports IDRs) for the last
quarter. Obviously there were DRs written beiore our time penod, and^..--_-
there will be DRs written after we are :one. This mlght look like this: - ..~ -. .
The popuI:itio11(lot S I Z ~wns1sts
I ot h e number oSDRs ivntten dunng the
selcclcd lime penod. Dunn: a subsequeni audit. the lot mght be compietely
scp;ir&c trorn he lot sciected dunn: this audit. or it inqht overlap the lot.
T h u ~the lot moves tor each audit pertormed. depending on the goals
bet lor the audit. The proces being examined can be said to have an
acceptable quality level (AQL) set by the people doing the work. This IS
the work standard they are attempting to achieve. Now that we understand
the nature ot our lot. we are ready to use the standards.
ANSIIASQC 21.9-1993 APPLICABILITY
ANSVASQC 21.9-1993 has been eiinunated from consideratton because it
IS vanable sampling, and auditors need to concern themselves with attribute
sampling. Thls leaves ANSIIASQC 21.41993 and ASQC Q3-1998 for pos-
sible use by auditors. We will consider them in turn.
ANSIIASQC 21.4-1993 APPLICABILITY AND USE
ANSJJASQC 21.41993 1s the revised and updated version of the old MIL-
STD-105. This standard assumes that isolated lots are drawn from a
process and sampled separately. The process Acceptailce Quality Level
(AQL) is a factor in detemtn~ngthe sample slze in this case. in auditing.
we want to know the maximum error rate. which translates Into a Limiting
..
Qilaiity Level (LQL) for the standards. Tables V1-A and VlI-r\ ol
- -. ANSIIASQC 21.4-1993 provlde LQLs as a percent nonconfom!ng w~lho
....
probability of acceptance P,, = 10 percent and 5 percent respecnveiy. P,, =
10 percent means that there is only a 10 percent chance [hat we will accept
a lot w~tha percent noncontorm!ng grcatcr than our specilird LQL.
As an example. let's assume that we want a 10 percent LQL tor our Tot
with P,, = 10 percent or less, and an AQL of 1.5 percent tor a senrs oi lots.
~ Enter the AiiSVASQC 21.4-1993 srandard at T ~ b V k I A and select an LQ ot
10 percent for the lot with P*, = I0 percent or less and AQL of 1.5 percent.
Table VI-A shows a sample size n of%, code ietter H. T h ~ sends
s us to Table
X-H-2 where we leam that for an AQL of 1.5 percent and a sin:le sample size
of 50. we clin accept the lot wit11 two problems noted but must reject the lot if
three problems are noted. The sample size of 50 implies thlit our popuiatlon 15
approxlmlireis 500 (IV is geater than or equal to 1011).If the population is very
much less than 500. we need to use the calcuiations presented tn chapter C.
Continuing k i t h the example. we need to choose a random sample of
50 items. Computer random number generator programs or random num-
ber tables provide the selection method for our sample. When completed.
assuming the results are acceptable, we will be able to say that there is a
90 percent probability that the audited attribute has a percent defective
less than 10 percent. When worlung to very exact requirements. such as
iow AQL and low LQ, we need to use the operatm, charactenstic curves
to determine the discnrnination destred. The operatln, charactenstic
curves are imprecise when working In thls area. This brings up the second
standard applicable to audittng, ASQC Q3-1998.
ASQC Q3-1998 APPLICABILITY AND USE
ASQC Q3-1998 is des~gnedfor isolated lots and uses the hypergeomemc
probability function. This applies even more directly to audits than
ANSVASQC 21.4-1993. ASQC Q3-1998 also uses the customer's specified
limiting quality (LQ) as the basis for sample sizes. The goal is to have a very
low probability of accepttng ( P a a lot that has a percent nonconforming
equal to or worse than the LQ. ASQC Q3-1998 ties back to ANSVASQC
21.4-1993 for AQLs to provide a commonality or cross-reference.
Because the process is a cononuous process from whtch we will be
pulling isolated lots, we will be working with Table B of the ASQC
258 ;l/,p<,!z~i;.y;\ A ~ t d i i rA < I I I ~ / J / ~ I ~ : < 4
3

Q3-!99S standard. Yes, there are cases when we will work with truly is
~.I-:s 7-

Iated lots. in which casc Tdble A would be used, but this is the exceptio
and tlie easier to use. Chapter E
ASQC Q3-1995 is fairly simple to understand. Let's assume that f r o m a -
the DR lug, we counted 739 DRs written during the period being audited-

4
Our client isn't overly concerned w ~ t hdetailed compliance with the pro~-
cedures. but does want each dcticrency corrected. For compliance, we - :- 3
scicct ;lii LQ 01' 17.5 pcrcent. ~IiicliIS hirly IOOSC. Table BS shows our
sitniple s a c to be 37. hx deliciency correction. wc select an LQ of 2 per-
ccnt. \\.hich 1s h r l y tisht. Table B4 silows .our sample size to be 200. . - .
Please note that this 1s aimost a 100 percent sample because our p o p. . u l c
tion is row. From Tablc C3, we find that in both cases we acceDt the loii-f-.'
~ -

we lind one or zero problems in our sample.

Wc approiich this by selecting a random sample of 200 for auditing
delic~encvcorrection. Nest. we divide 200 by the 32 samples needed for
the compliancc porrlon ot the audit. to get a frequency of 6. Thus for the
compliance portion. we will use every sisth item trom our deficiency cor-
rectmn sample ns one of our compliance samples, beginning with item 4
tcliosen because i t is less than 6). The sequence looks like this:
Note that because the division does not yield an even number. we end up
with 33 total samples for compliancel rather than the 32 from the table.
Use the estra sample as part of the audit.
We then perform the audit, and if one or fewer problems is noted for
each sample (200 and 32). we can be 90 percent confident that the DRs
meet the LQ specified for the attribute being checked (12.5 percent for
compliance and 2 percent for deficiency correct~on).
SUMMARY
Although not specifically skted as being applicable to quality audits, two
of the most familiar sampling plans, ANSUASQC 21.4-1993 and ASQC
Q3-1998, are readily applied to and used during quality audits. These
-.-I
.....
.:--
.. ..
Pro.por-r[orr~r/..sr,ur$ed" sumpling can be used to gain an understanding
of each stratum within a population. but cannot be used to make statisti- ".L-
cal inferences tor each stratum. The sample size is determined by my one
of the statistkcal methods/standards. Then the sample s u e is divided and
applied in proportion to the population of each stratum in the rural popu-
iation. If the sampie is not statistically determined, the stactstical validity
is compromtsed, and no statistically valid conclusions can be d r w n .
For example, tlie population 1s I000 purchase orders over the past
year. Eight hundred of these are for amounts of $500 or less: 150 are for
amounts of $1000 or less, and 50 are for amounts over $1000. We choose
a limiting quality (LQ) of 5 percent and use ASQC Q3-1998, Table B6, to
learn that the sample size is SO.
To apportion the sample to the stratum, simply set up a proportion
for each:
SO0 X<son
Under $500: -= -
1000 so

'1.
-i
Then we solve for Xu,:

i
allow the quality auditor to speak with authority to management about the 1
results of the audit. There is a iot to learn about applying the standards to 3
7
quality audits, but many peopie who have previousiy applied the standards 4
3
to product acceptance will quickly be able to apply the standards to their
auditing. Give these a try the next time you find yourself auditing a iarge
4
popuiation. You may be glad you did.
1
 .i
J
Similar proportions ,
-1ve us:
3
The saniples are chosen liom each stratum usmg the random sampling
te~hn~~!ues. 11' the samples are not chosen uslng a random sampling tech-
niquc. the results \\'ill not be stat~stlcnllyi'alid.
Wirn t h ~ sknowiedge. we can accept the total popularton withoneor- .-:$.
zero defic~enctesand reject the totai population wlth two or more defi-,,.-2
-
ciencws. Althoulrh wc cannot make staust~caiulferences on each stratum. - - 1
\vc zun some ~ntormat~on
--2
that we can use to Lurther mvestlgate the stn-
turn. it' all thc defictcnc~csarc found in a part~cuiarstratum, the auditor
c:ui rc\.w tile locus of the :rudit to further investgate that part~cularstra-
~ u m .11 all the d e i i c ~ c n ~ ;ire
~ e slound 111 a p;~rt~cuIar
str~uml.the auditee
could justifiably tocus correcuve act~onon that stratum.
Th15 method piaces emphas~son the populat~onof the strata within a
populnr~on.T h ~ may s nor be desirable to management. For example, man-
agemcnt may \wnt the auditor to lbcus on thc high-cost items. whlch 1s
where lhclr p a t e s 1 nsk lies.
Proport~onal.'Stratified" Sampling is deceptive in that the auditor and
;ruditee could be m~siedinto draw~ngconcluslons about each stratum
insteud of the totai populanon. The method, sample size, and resuits allow
the auditor to draw conclus~onsabout the total popuiat~ononly. The
results can be used by the auditor to detemlne where to focus further
tnvestigation. The results can be used by the auditee as a gu~defor where
to focus correctwe actions.
Chapter F
4!
3
IS appendix has looked at vanous methods of' sampling [hat are com-
rnoniy used in the pertormauce of quality audits. Tabie S summmzes the
methods. thc~radwntages and disadvmtages. and their applicability. .v
.
Simst~ca1ly.random sampling must ensure that each Item in the pop-
ulat~onhas an equal chance ot bein2 sekcted. A sampling scheme 1s
developed lor selection ot the samples. This scheme can use a strlctly ran-
dom select~on~based on rmdom number tables or computerized random
number !perators. or u systematic sampling scheme- based on the num-
ber of samples selected and the total population.
Nonstatisttcal sampling, aithough very easy and quick to perfom. has
many disadvantages. wh~chmclude potential blas in the sample, lnabiiity
to make generalizations about the total populanon, and indefensibility as
objectlve sampling.
Statlstlcally valid auditing must have random selection of items to be
evaiuated and use probability theory to quantitatively evaluate the results.
Two methods can be applied to quality auditing to provlde the ability to
make statistically valid concluslons for use by management: starisrical
snmpling for attributes and snnzplirig with standards. These methods
allow confidence levels and error estmahon based on the results of the
evaluation of the samples. . .
Auditors are encouraged to begin usmg statistically valid sampling
when it adds value and improves the effectiveness of the audit report.
When using statistical sampling techniques for the first time you may
apply a single method during an audit to learn the various methods. This
has the additional advantage of allowing you to educate management on
 a,\!l>a!l[<, <I! q q
.!sl,>pp 1011 ! l l c ~ ~ l ~ ! ~ n l l ~ l d
[l!l,,l aq1 InUq,! S ~ i ~ ~ ! l l ? ~ ! ~ l !
-~auaS~~I!III IIMIIII::) :a[<[ y s ! ~qB!q
-LII~!S ><[I it! SI!!~ ~ ~ L I ! S S I I ~ 10 wale put! s m i c iualqold
s,~ol.ta :pa.m!nai am n:w+tadxa So!uut:ld oh\ouy uo s n ~ !a~oa!.iadxa
o ~
,\jar a,,i!q QI p a a ! [ x l ~III! ~UI:UIJDII~II i s ~ dI! a I IL C 10 a8prr[n\ouy isi!d uo pasoq uo!l?a[as
ulals~s al,ll:Lu I I I .y>!tih .,<s~:as! LIO!ISJ~S sa[dutl:s S J S O O ~m ! p w pwau18pnr

oo!lcx[tld\i s*2t?p1:.tpi!s!(f sa3cluchpy no!ld!~ma pow14

parrrr!luo3 .g afqe;L
s t a t i s t d methods and the accurate results that can be obtained. OfIen
.. .a
managers have not had strong trainrng rn stattstrcal methods (other than asr.= 3l
..~~
applied to busmess applicatrons and budgeti. so you will have to do some-;-.-a
work to Samilianze management w ~ t hthe value ot statlstrcnl methods. ..:.=3
Afrcryou and management are familiar wrth the methods, perform aco&?-
plctc audit using statrst~csimethods and report the results to management:%~.a
The company can only benctir from decrsrons based on [he accurate infor- ~-.]
inailon p t h e r c d illrough stat~stic:~lquality uudi~ing. 4
a
7 (Revised 8/97)

1. ETHICS. pROFESSIONAL CONDUCT, S: LIABILITY ISSUES

(5 questions)
A. ,ASQ Code of Ethlcs
I . Conflict of interesl
2. Contident~aiity
B. Protessronal Conduct and Rzsponsibililles
I . Auditor conduct
2. .Auditor responsibilit~es
3. Discovery of illegai or unsafe conditions Or acUJwtleS
C. Liability Issues
1. Personal and corporate
2. Audit record disclosure
11. AUDIT PREPARATION (32 questions)
A. Audit Definition and Plan
i . Identificat~onof authority (internal and external)
2. Detemunat~onof audit purpose
3. Determination of audir type and scope
4. Deternunanon of resources required
5 . Team selection and ~dentificationof roles
6. Requirements to audit aganst (e.g., standards, contracts,
specifications,policy, quality award cntena)
B. Audit Design
1. Stlategy (e.g., traclng, discovery)
2. Data couectron plan
3. Sampling plan
4. Logistics planmng
 C. Document Review m d Prepamtion C. h u e Wntten Repon
1. Audit-related documcnr revtew I . Obtain approvals
2. Auditee's performance history revrew 2. Distribute report
3. Prcpamtion of audit checkiists. guidelines. log sheets D. Audit Records Retentton
D. Cuminunication and Distribution of Audit Plan V. CORItECTIVE ACTION FOLLOW-UP AND CLOSURE
111. AUDIT P E R F O I W A N C E 132 quutious) (12 questions)
A. ;\udit Mana_rement A. Corrective Action Follow-up
I. Audit team management I . Crtreria for :iccepmble corrective actton plans
2. Communication of audit status to auditee I<.:.. prevenrtve. assigned responsibilities. timeline)
3. Audit plan ch;ingcs ce.:.. schedule. priorities) 1. Acceptability of proposed coi~ecttvcaction
8 Openrii: ivleetiiig 3, Nrgouztion of conwtive ;ictioti plans
I . Presentation and revlew ot the audit plan 4. Methods-lor-\'erifying couectivs actton.
2. Conlirmation ot audit logistics 5 . Follow-up audit schedule, as requlred
. Discussion of :liiditee concerns 6. Verification of corrective action completion
C. Dim Collcct~on 7. Effectiveness 01 correctrve action
I. Ducurneorirecord examinatton S. Straegies when correctt\,e action 15~ ~ mpienientcd
o i
1. Inrenvws or is not effective
: l 3 I ~ y s ~e.~a~~trti:trion
~al B. Closure
4. Obser\~atioiior work actt\~iiies I. Critern lor ciosurc
D. itidit \Vorbn_r Papers 3. Timeliness
I. Docunienution ot audit trail te ig evrderice) VI. AUDIT PROGRAM I\l.ANAGEMENT 110 questions)
2. Record ol observations .A. Admrnistration
E. Audit Anaivsts I . Audit program objecuves
I. Corroboration and objectivity of evidence 2. Identiticatlon and justiiicarion of resource requlremmts
2. Dara patterns and trends 1e.g.. repeat observations, systermc problems) 3. Mnnagemenr's relationship to the audit function
3. Classiticatron of observar~ons 4. Credibility of audit functton
4. Classification of nonconformances 3. Linkage to business pertormance
5 . Conclusions 6. Linkage to continuous improvement
F. Exrt ivleetlng
i. Presentation of audit results
.i 7. Evilluatlon of audit program effectiveness
S. Summary of audit program results for revrew
2. Discussion of foilow-up acttons 9. Long-term audit planning
3. Expcctatlons of auditees, auditors, client B. Process
IV. AUDIT REPORTING (10 questions) 1. Development and implementahon of audit program procedures
A. Renew and Finalize Audit Resuits 2. Deveiopment and unplementation of audit program schedule
~. 9i 3. Audit record keeping requ~rements
B. Wntten Report Format and Content
1. Audit det3iis (e.g., purpose, team members) .:"'3 C. Audit Personnel
2. Compliance ;i 1. Qualifications
3. System effectiveness 2. Selection
14 3. Training
4. Conclus~onsto be reported 2
5. Request for corrective actions ?.
4. Performance evaluauon
 .apesap lsau aql UI saSueqs Xuew 01 peal 1pnj sassau~snqJO uo~lcz!lcuo~~
-nualur at11 ur aseamur aql put X2olouqsal suor~esrunmmosur sa~uonpb'
.spaau 1eqol2 pue relar3os ssalppc 01 pasrnal sauo plo puc paleals uaaq
aAeq 1061 OSI pue 0006 sv sc q m s ~ p m p u m smaN .saulsnpur %~otue
s c a p ~jo u o u e z ! ~ ~ ~ a ~ - sc sul
o ~ilnsal
s puc asuapuadapur lol!pnr? ~aicalS
amsua II!M ~ S L U ~ I ~ J O S Uurqo~OJ punoJ J O supnc lulol y ~ n o l l n'sdno14
i!pnc JO UOII~UUO] aql ur saaunq3 .loo1 luauraSr:unru 1uel.Iodulr ur: aq 01
V
anunuos ~I!,AIiuaurssas~clcql 1saZSns SpUaJL .apcs;~pixau a q ~U I p l y SUI
-]!pne Lqcnb aq1 UI Insso 1phl saSucl[~l c q uleLIasJoj ~ sm0u.y auo ON
.sruasaJ JO smaj ~ u a ~ u a S e u 11241
e ~ ~ LIIAIIJ~
r ue IOU .iuamaho~dlu~
101 [ooi ~ u a r u a ~ c uc~slmso661 aql ur Suwpne Llgonb 'Xlleap~. p o t ~ ley! d
,.. . 30 asoyl 01 asuclqwasa~a p g 1eaq hpo130 a!pne Ogcnb aql ' ~ 0 ~ Xi.rea 61
.- ..
,.. .~
. ..
.lo sob61 ale1 aql asuls asualsisa ur uaaq scq Surl!pne Xlgenb qZnorjyy
 3
A round robm audit team must be handled the same way as a thud- ..
~4
party regrstrar. Confidentiality agreements may have lo be signed, and .. ~ The I S 0 9001 standard and I S 0 9004 gu~deiinedocuments are be~ngstg-
auditors should not audit :I competitor or supplier. So the makeup of the , ~ - .
audit !cam must be carelully contemplated. An auditee does not pay for a~.r-::-
round robrn audit. unlike a th~rd-partyreg~strationaudit. Since each orga-~"---
~7
1
n1%i1110111s iudiiins tlie others. [he cost ol'contributing the time of an audi- -=:
tor is ~~wolved: but the cost is aosorbed by a11 companies that contribute
:n) :lu~Iitor~ >ilscr rhc .s?rvrcc.
Ti113 conccpi u n p a t e d because companies had difficult~esgetting
~ s p c ~ n c ~ l czudi~ors.
cd Thy cornpanles !nvoived in :I round robm consor-
ttum do not have to belong to the same tndusrry; for example, a textile.
manufacturer and a metals manufacturer may have auditors b e l o n g ~ n < i o ~ ~ment is criticized by some as too restricttve. ~t IS considered by many others
[he hame tc:im. .A> 11 result. a syner:); or cross-fertilizntion of ideas from -43 to be a breakthrough and ;forerunner of thrngs to come.
diil'crent ~ndusinrsoccurs.
i
Round rob111consortturns provlde many benetits: a company gets an x
indepeiidmt audit. :ind tlie rwditors get ths traning and expenence neces-
sary tor sonic typcs 01 certification. These consortlums are an excellent
.;ystcni lor gettins people qualified and getting an ~ndependentaudit per-
formed so 1h3i a company may know beforehand how ~t might fare in a
tli~rd-partyaudii.
.- ~. -
CREATION OF NEW STANDARDS
In the early days of quality audittng, very few natlonal or ~ntemational 1
standards exrsted to audit agamst. Some regulated Industries (the military,
:ivlatlon. processed food, and aerospace) had standards, but most other
oryanizatlons audited against self-determ~ned,self-developed standards or
: in
requirements.
In the past 20 years. the development of numerous intemat~onal,
natlonai. and industry-specific quality standarus has supplemented inter-
nal (self-determined) standards, prov~dinga common reference. The tnter-
natlonal standards in the I S 0 9000 senes, first issued in 1987 and revised
in 1994, describe what elements quality systems should encompass but do -:>:i 3
.d
not state how organizations should implement these elements. ~ 4
- ~ z ~ .
Since the management system of an organlzatton is influenced by the - a
objectives of the organization, by its products, and by the practices spe- ;
r
cific to the organization, quality systems also vary from one organization -4 ._:.*.
...
to another. All intemat~onalstandards in the I S 0 9000 senes are indepen-
ilcnt ol' any spccilic cconoinic sector. Collect~vely,they provide guidance
-. -.
-
1
.-
3 ciass levels, they focus notjust on complying with a part~cularstmdard,but
for quality management and general requirements for quality assurance.
nificantly reorganized for Issuing In 2000 or 2001.
In August 1994, the Automotive Industq Actlon Group (AIAG) pub-
lished QS-9000, a set of requirements for the automotive industry. QS~9000
is ident~calto the I S 0 9000 senes, w ~ t baddit~onalmdustly requirements
geared specifically toward automotwe quality unprovement programs.
However. wtlile IS0 9001, 9002, and 9003 are stnctiy compliance-type
documents. the addition of 1;TQM philosophy in QS-9000 moves the result-
Ing document in the diiectlon of continuous improvement. The AIAG has - .
also published Interpretations of QS-9000 requirements. While the docu-
The next version of ANSUISOIASQ 9001 is scheduled to be pub-
i Lished In late 2000. The new version is expected to contain changes that
i
emphasize customer satistact~onand conttnuous tmprovemeni.
h
: SHIFTING FOCUS
In the 1970s, the primary purpose of auditlng was compliance. Auditing
In certain highly regulated fieids, such as the nuciear industry. IS likely
to remain compliance-oriented. The current direction of the intema-
i tional standards groups IS to make quaiity and environmental standards
compatible and to combine quality and env~ronmentalaudit standards.
At t h ~ st m e , many are uncertain about the effects of the changes on the
users of the standards and on Lhe quality audit profession. Thc changes
I
the next Issue of I S 0 9001 should promote customer satisfaction and
i
continual improvement, and the compatibility with environmental stan-
dards should result in cost savlngs to users of both standards. Combln-
ing the quality and environmental audit gu~delines(IS0 1901 1) will
emphasize compiiance-onented auditing.
Quality audit~ngis expected to focus more on effect~venessas it
becomes more performance based, however. Rather than focusing just on
adherence or compliance to a certain standard, companies are assessing .
..
-~
their operations against those of world leaders by using benchmariang or
hv , ...
-,com~arisonwith criteria such as those for the Malcoim Baldnge
- - ~
~ a h o n aQuality
i Award or ANSI/ISO/ASQ Q9004.
.. ,
As companies uy to achieve conhnuous improvement and reach world- ;I
. ..
.. .-
# ,k.: ~ .
:r,;a;
,.. :,
,.:..A,
262 r\,rpef~i/i.uC
ralher ask. "How far can we reach, What are our goals to get there, and how
do ire go about that p r n c e ~ As
s ~ a~ result.
~ a luge percemaee of fie appfi----
cations handed out for the Malcoim Baldnge Nationai Quality Award every
year are used for self-assessments wltiirn a company and are never used to,_..--
apply tor the award. The comprehensive criteria are based on how a system12z3
needs to be structured to attain totai customer satisfact~on.Benchmarlung,
one of the toois used dunng that process. 1s defined by the Amencan Pro- --
duct~v~ty and Quality Center as "the process of identifyme. understanding,
and adnptln: outsranding practtces and processes from orgmizatlons any-
where in the world to heip your organization lrnprove its performance."
Winners ok fie Malcoim Baldnge National Quality Award are required
share w~thother conipmies what they have ieamed from the process, resuli--
ing i n nn open lnvitatlon for.others to ! e m from [hem.
4
3
4
-.....-
3
--"-;-
- - ... ...
-. 1. ASQ Cerrificat~onDepartment. CQA Brochure, irem B0020,
rewsed April 1999, p. 4.
2. Charles A. Mills, The Qtmlit?~.4rrdit: A Matzagenre~zt
Et',~lir'monTool (New York: h1cGraw-Hill, 19S9), p. S 7 ~
3. \Valter Willborn, Audit Standards: A Comparatrve A r ~ a l p s
(&lilwaukee,WI: XSQC Quality Press, 1993), p. 15.
4. ~ro?&-Cfs tor the Pro,kssmral Practtce of internal Atrditlttg
(Xitamonte Springs, FL: The Institute of Incernal Auditors,
-
1978).
5. ANSVISOIASQC Q10011-2-1994, Gnldelines for Arrditrng
-Otrality
. Systenzs (Milwaukee, WI: ASQC Q u a l i ~Press,
19941, p. 10, clause 10.0.
6. James W. Kolka, I S 0 9000: Legal Perspectrue (Milwaukee,
7tW: ilSQ Quality Press; Montclair, VA: Inrernarional Forum
for Ivlanagement Systems, Inc., 1998), p. 57.
7. American Society for Quality, ASQk Fozrndatrons in Qtmlity:
Certified Qtinlity Atiditor, Modtrie 1: Ethcs, Professzo~zal
Conduct, and L~abilityIssltes. (Milwaukee, WI: ASQ Quality
Press, 1998), p. 1-19.
S. Harold L. Federow, Quality Practices and the Law (New
York: Quality Resources, 1997), p. 179.
9. Henry Campbell Black, Black's Law Dictionan (St. Paul,
MN: West Publishing Co., 1990), p. 466.
10. Dennls R. Arrer, Q~ridityAudits for I~?iprovedPerfortmmce, 32. Certified Qtrality Auditor: ASQ's Fo~tndatlo~zs
III Qrraiity,
2d ed. (Milwaultee, WI: ASQC Quality Press, 1994), p. 18. Module 3: Azrdit Perforimmce (Milwaukee, WI: ASQ Qualiry
li. h e r , p. 12. Press, 199S), p. 3-20.
12. ASQC Energy Divis~on,Nuclear Qrlolity Systems Atrditor 33. Certified Q ~ a l i t yAtrditot.: Modzrle 3, p. 3-21.
Trarrrmg Handbook, 2d ed. (Milwaukee, WI: ASQC Quality 34. Arrer, pp. 39-40.
Press, 19S6), p. 26. 35. Arrer, p. 41.
3 ASQC Energy Division, p. 26. 36. Arrer, p. 43.
14. ASQC Energy Division, p. 40. -
37. Arrer, p. 42.
- .
i5. ASQC Energy Divlslon, p. 25. 33. Arrer, pp. 57-38.
16. J. &I. Juran and Frank M. Grvna. eds., Jrrrar~sQrmlit?, 39. ANSIlISOlASQ AS402-1994, Q r d i ~ Mnlzngement
l mtd
Corrtroi Hmdbook. 4rh ed. (New York, McGraw-Hill, Qtraiity Asszrra~tce-VocnbriIary (Milwaukee, WI: ASQC
19S9), p. 9.6. Qualiry Press, 1994), p. 5.
17, Arrer, pp. i 9-20.
40. Willborn, pp. 52-53.
1s. i\Iills, p. 89. 4 . ASQC Energy Divisron, p. 45.
i9. B. Scotr Parsowitil, Frtrrdarne~~t~ds
of Q~ralityArtditrrtg 42. Parsow~th,p. 30.
(blilwaukee, '271: ASQC Qualiry Press, 1993), p. 24.
43. Arrer, p. 62.
20. Arrer, p. 4 1.
44. J. P. Russell and Terry Regel, After tile QuoiitY Audit:
21. Parsowith, p. 23. Clostrzg the Loop or1 the Audit Process (Milwaukee, WI:
22. Certified Quality Auditor: ASQ's Fo~rrzdatrons111 Quality, ASQC Quality Press, 1996), p. 22.
Module 2: Airdir Preparattott, (Milwaukee, WI: ASQ Quality 45. Charles B. Robrnson, Hotu to Make the Most of Every
l'ress, 199S), pp. 2-45, 2-49. Audit, (Milwaukee, WI: ASQC Qualiry Press, 1992), p. 94.
23. J. P. Russell, Quality Atrditor Revtew 1 no. 4 (1997): 3.
46. Russell and Regei, p. 11.
24. Arrer, p. 35.
47. Russell and Regel, p. 104.
25. ASQC Energy Division, p. 26.
48. Lawrence B. Sawyer, Sawyer? Intental Atrdit~ng,4th edir~on
26. ASQC Energy Divis~on,p. 26. (Airamonre Spnngs, FL: Insurute of Inrernal Auditors, 1996),
27. Arrer, p. 23. p. 166.
28. Arrer, p. 26. 49. Richard L. Ratliff, Internal Atrditmg: Principles and
techniques, 2nd edition (Altamonte Springs, FL: Insrirute of
29. Arter, p. 37.
Internal Auditors! 1996), p. 758.
30. ASQC Energy Division, p. 42.
50. Arter, p. 66.
31. Mils, p. 185.
51. ASQC Energy Division, p. 47.
52. Arter, p. 69.
 4 --
53. Charles B. Robinson, Aziditing 0 Qzinlity System for t17e Defeme
lirdiistiy (ivlilwaukec, WI: ASQC Qualiry Press, 1990), p. 66.
~ 4 74. Russell and Regei, p. 127. ,
~.
. .
75. Russell and Regel, p. 127-146.
54. Certified Quality Auditor, ASQC Foundnt~omti!
-
Oiislit~~, itlodrde 5: Connectiue Action Folloru-Up
. .-
~.
-4
.=A
76. Russell and Regel, pp. 135-139-
77. ANSIASOIASQ 49004-1-1994.
,.

. --.
..-
s

4
. ...,
m d Cioszrrc (>lilwaukee, \VI: ASQC Qualiry Press, 199S), --==-, -.., -
p. 5-% .- 78. Russell and Regel, p. 146.
-. . .
7 . Arccr, p. i ~ . 79. Theodore Levlrt, in Quality Qrtotes, p. 77.
.ii,. XSQC Energy Div~slon,p. 49. SO. Unired Scares Department of Commerce, Technology
-- Robmson, ;\lrd;t;iig
. ,

5s.
lntilrsti~p. 66.
~7 Qzri~lit!. S?stciil for t / ~ e

Russell and Regel, pp. 119-122.

Defense

- -..
..
f
3 Admmisrrarion, Nac~onalInsticuce of Standards and
Technology, Narionai Quality Program, Mdco11i1Bizidriye -
Notional Qiiality Award, 1998 Criteria tor Perfortnaizce
Excellence, p. 23.
. -.
.
.
~,
.
.
,
cT . i

5% Russell and liegcl, p. 1 0 7 ~ -.

?
, 81. ANSIIISOIASQC Q9000-1-1994, p. i 1
60. Russell and liegel, pp. 111-114. -i1 82. Russell and Regel, p. 130.
I . R~iscllmri Rqci. pp. 103-107. S3. \Viilborn, p. 65. "..
62. Ilussel! and Regel, pp. 177-179. .
84. Parsowirh, p. 33.
63. XNSIl1SOlASQC Q10011-1-1994, clause 7.0, note 15. S j . ASCQ Energy Divlsiori, p. 37.
64. Pnrsowrh, p. 32. S6. Arrer, p. 7s.
~-
65. h e r , pp. 5-6. - S7. Ibld.
66. Robmson, How to Make fl7e Most of Euery Aitdit, p. 78. SS. Willborn, p. 13.
67. Arcer, p. 9. 89. \Villborn, p. 15.
6s. Allan J. Savle, itlonageii~eitiAudits: T\7e Assessmwt of
-
O ~ ~ a l i ilI~~ii~~genzent
ty Systeltu, 2d ed., ISBN: 0-9511739-1-X
(Great Brlraln: Allan Sayie Associates, 1985), p. 1-8.
90. ANSUISOIASQ Q10011-2-1994.
91. Russell and Regel, p. 132.
Reproduced with permisslon of Allan J. Sayle. 92. Willborn, p. 13.
69. Rudyard Kipling, "Elephant Child," In Qr~alityQuotes, ed. 93. Willborn, p. 14.
Hilo Gomes (Milwaukee, WI: ASQC Quality Press, 1996), 94. Rob~nson,p. 12.
p. 94. 4 - 95. Don Benbow, "Distance Learnmg in a Cyber Classroom," 1
70. Parsow~th,p. 14. - ..g

Ii
ASQ Qztality Progress, July 1998, pp. 43-45.
~. fj
71. Russell and Regel, p. 128. -.a.
-zi
96. ANSI/ISO/ASQC Q10011-3-1994, p. 3.
-.:>A

72. J. M. Juran, Jztran on Leadership for Quality: An Executive .~< 97. J. P. Russell, The Qttality Master Phn: A Quality Strategy for
Handbook (New York: The Free Press, 19S9), p. 7. - Bztsiness Leadership (Milwaukee: ASQC Quality Press, 1990; I I'
-
.~*
J. P. Russell & Associates), p. 7.
73. David Hutton, Tbe C/7mzge Agents' Handbook (Milwaukee, ..
W: ASQC Quaiicy Press, 1994).
:
F.:
--
.-
4
!a
>:
 1 - 2
dz i
93. ANSUISOIASQ A3402-1994, p. 5. 123. Russell and Regel, pp. 157-167. 4
3 =i
*j
99. Ihd. 3 124. Mills, p. 205. -
100. Ibld. f 2 5 Gerald F. Srnlth, Qrtality Problem Solvztzg, (hlilwaukee WI: 2
..-2.
-
'
:

101. Mills, pp. 5, 6. 7. ASQ Quality Press, 199S), p. 115. aP;t

b&
zF3- 4 a i-;l
126. John T. Burr, "The Tools of Quality, Part VI: Pareto Charts," ic :i
102.
103.
Mils, pp. 2-3.
Mills, p. 11.
1 ASQC Qrtality Progress, November 1990. p. 61.
'

xi
*=*,
104. Sayie, p. 1-7. Rcprotiucru w t h permlsslon of Allan J. Sayle. 4 117. Juran Inst~tute,"The Tools of Quality- Part IV: Hisrograms," -. :
.~..,
1 ASQC Qualit? Progress (September 1990) pp. 77-73.
105. Arter. p. 5 .
-
: 12s. Juran and Gryna, p. 23.15.
106. Arter, pp. ~1-2:
107, ANSIlISOlASQ AS402-1994. p. 5.
-.-.
'?"= -4
,
119, Juran and Gryna, p. 23.16.
130. Parsowith, p. xiii. ' -'?
-
-
.'

103. Dorsey J. Talley, il.larragcimirt iitrdirs for Excellence I

131. Peter D. Shalnm, "The Toois of Quality, Parr 111: Controi
(Milwaukee, IVI: ASQC Quaiirf Press. 198S), p. 42. Charts," ASQC Qzrniit?, Progress, August 1990, pp. 79-80,
i
109. Sade, p. 1-4. Reproduced w t h permlsslon of Allan J. Savle. 132. Juran and Gryna, p. 24.3.
i 10. Juran and Gryna. p. 9,4. Reproduced w ~ t hpermlsslon of The ,133. Juran and Gryna, p. 24.7,
McGraw-Hill Companres.
134. Parsow~th.p. 65.
i 11. \Villborn, p. 3 1.
135. Juran and Gryna, p. 12.41.
112. Mills. pp. 36-40.
136:-Mills, p. 214.
11?, Mills, pp. 43-46.
114. ANSI/ISO/ASQ AX402-1994, p. 8.
1.15. Arter, p. 13.
116. ASQC Energy Divmon, p. 3.
117. ASQC Energy Division. p. 2.
113. Arter, p. 4.
119. Parsowith, pp. 4-5.
120. IIA. Inter7rnl Ariditing: Pn7rclples a7rd Teclmiqtres; 2d ed.
(Altamonte Spnngs, FL, 1996), p. 671-749.
121. Certified Qttality Auditor: ASQ Fortndations 171 Quality,
- 3
':I1
i
Module 7, (Milwaukee WI: ASQ Quality Press, 1998)
p. 7-54.
122. Certified Qzrality Auditor: ASQ Forrndatiorrs in Qrtality,
Mod& 7, p. 7-55.

? ..-
,\iicrencs Materials Used t o Develop Exam Questlons
. -.-
.~;>iii>0::'SQC Q10011-1. 2, 3. C d e l i m s for rluditiirg Qrmlit?
.-7
Syzteii7r. Milwaukee, \VI: ASQC Quality Press, 1994. TlOOll
k t e r , Dennis R., Qtraiity Audits for I117pro~edPer/onl7fl11ce, 2nd
ed.. .lIilwaulice. WI: .iSQC Quality Press, 1994. HOS44
.ASQ Qualirv ..\udit Division, The Qirnlity A d i t Handbook,
hIil\w~ikee,WI: ASQ Quality Press, 1997, H0939
Federow. Harold L.. Qlmiity Practrces and the L'iiu,-Quality
Resources, New York. NY 1997,
Hutchins, Greg, Staizdard Mnir~rnlof Qrrnlity Arrditmg, Englewood
Cliffs, NJ: Prentice Hall, 1992.
Juran, J. Ad., Qilaiitv COnt7ol Handbook. 4th ed., 1988. P660
Kolka, James W., I S 0 9000: A Legd Perspective, Milwaukee, WI:
ASQ Quality Press, 199s. H0992
Mills, Charies A.. The Qttality Alrdit: A Mmiagerrtent Evalzmt~o~z
Tool, iMilwaukee, LVI: ASQC Quality Press, 1989, H0568
Parsowlrh, B. Scorr, Fznidainenmls of Q r r n l i ~h ~
d i t ~ i r g Milwaukee,
, Tame.
WI: ASQC Quality Press, 1995. H0794
Robinson. Charles B., How to Make the Most of Every Audit: An
Etiquette H~andbookfor Atldit~rrg,2nd ed., ivfilwaukee, W: ASQC
Quality Press, 1992.
Russell, J. P. & Terry Regel, After the Quality Audit: Closing the
Loop on the Audit Process, Milwaukee, WI: ASQC Quality
Press. 1996. 3 0 9 2 7
Sawyer. L. B., The Practrce of Modern it~terimlAcrditrizg, Altamonte
S p r i n ~FL:
~ . Insr~ruteo f Internal Auditor.; 1981
Savle, Ailan J., Managernei~tArrtiits, 3rd cd., A k t n J. Savic X ASSOL.
1997, P659
Thresh, James L., Now to Plm, Coirdlrct. Beiretit Froin Ejfcctiiv
-.Ortaiity Audits, Harrison, NY: MGI Management Insrirure,
19S4.
Boolw with boldcd item numbers can be purchased from ASQ.
Reference Materials Recommended by 1 9 9 s C Q X s
Takiny the Exam
Arter. Dennts R., Qlmlity Atrdits for lmproued P~rtorilmr~ce, lnc
ed., hGlwnukee, 'XI: ASQC Qualiltv Press. 1994. HOW4
ASQ Quality Management D~vlsion,The Cerified Qrmlit)~i\iir~~liig~;.
Hmdbook, Milwaukee, \VI: ASQ Quality Press, 1999. I-r.0977
Juran, J. hi., Qimlitv Control Hmidbook. 4rh ed., 19SS. P660
S~iills,Charies h.,T l ~ eQmlits Atrdit: i\ i\dmagetiieiii E~wiir~rtrw:
Tool, S4ilwaukee. \V1: ASQC Qualitv Press. 19S9. HO56S
Editor Selections for Additional Study
Duncan, Acheson J., Qrmlity Control m d iirdustrra( St~it~stics, 5rii
ed., New Yorli: IrwlnIh~lcGra~v-Hill, 1986.
Grant, E. L.. and R. S. Leavenworrh, St~ltut~cal Qlrillity C017t70l. 7rh
ed., New York: McGraw-Hill, 1996. P597
Ishikawa. Kaoru, Glrrde to Qrlaiity Coiztrol, Whire Plains, New
Yo& Krauss Internarional Publicar~ons,19S2. PI04
Mizuno, Shigeru. Edited by, Mairageiiretrt for Qzdity Iinprouerneizt:
The 7 New Q C Tools, Portland, OR: Productivlry, Inc., 19SS.
Pvzdek. Thomas. Pocket Ztride to Qtraiity
- Tools, Tucson, AZ: Quaiin'
Publishing, 1994.
" Nancy R.. T l ~ eQrralitv TOO^ Box. Milwaukee, XVI: ASQC
Quality hess, 1995. &OS&
Wilson, Ray and Paul Harsin, Process Mastering, Porriand. OR:
Productivity, Inc., 1998.
 DEFINITIONS TAKEN FROM
ANSIIISOIASQC A8402-1994*
Auditee Organization being audited
Business first party See Contractor
Business second party See Prtrchaser
Company-wide qualiq control (CWQC) See Total q u a l i ~nmnage-
melrt (TQMI
Compatibility Ability of entities to be used together under specific
conditions to fulfill relevant requirements
Concession Written authorization to use or release a product wh~ch
does not conform to the specified requirements; see also Wnzuer
Contract review Systematic act~vitiescarried our by the supplier
before signing the contract to ensure chat requiremenrs for quality
are adequately defined, free from ambiguity, documented, and can
be realized by the supplier
Contractor Supplier m a contrama1 situation
Correction Refers to reparr, rework, or adiustment and relates to the
disposition of an existing nonconformty
'ANSVISOIASQC A8102-1994,Qrcnlity Management nnd Quality Asntmnce-~ocnbllioryance-Vocabzdar~
(Milwaukee: ASQC, 1994).Repnnred with permrsslan.
273

Corrective action Action taken to elim~natethe causes of an emsting
nonconformity, defect, or other undes~rabiesituation in order to
prevent recurrence
Customer Recipient of a product provided by the supplier
Defect Nonfulfillment of a n mended usage requirement or reason-
3hi~ expectation, ~ n c i i i d i none
~ concerned with safety
Degree of demonstration Extent to which evidence 1s produced to
provide confidence that specified requirements are fulfilled
Dependability Collect~veterm used to describe the availability perfor-
~.
mance and its influencing factors: reliability performance, main-
tainability performance, and maintenance-support performance
Design review Docitmenred. comprehensive, and sysremntic examina-
tion ot a design to evaiuate its capability to fulfill the requlrements
for quality, den ti@ problems, if an?, and propose the development
ot solut~ons
Deviation permit \Vritten authorization to depart from the originally
specified requirements tor 3 product priofto its production; see
1U
aiso Prodzict~onpermr
Disposition of nonconformity Action to be taken to deal with an
. existing nonconforming entity in order to resolve the nonconfor-
mity
Entity Item which can be individuaIly described and considered
Grade Category or rank given to entities having the same functional
use but different requirements for q u a l i ~
Hold point Point, defined m an appropriate document, beyond which
an act~vitymust not proceed without the approval of a designated
organization o r authority
Inspection Actlvity such as measuring, examining, tesdng, o r gauging
one or more characteristics of an entity and comparing the results
with specified requirements in order to establish whether confor-
mity is achieved for each characteristic
interchangeability Ability of an entity to be used in place of another,
without modification, to fulfill the same requlrements
4 Glossanf 275
-
i
2
3
2 Item See Entity
2
J Lead quality auditor h qualitv auditor designated to manage a qual-
3
5 ity audit
-
3
i Management review Formal evaluation by top management of the
1
2
status and adequacy of the qualiw system in relation to qualitv
policv m d objectives
Model for quality assurance Standardized or seiected set of quality
syseem requlrements combined to satisfy- the qualitv assurance
--
-
needs of a i v e n situation
Nonconformity Nonfulfillment of a specified requirement
Objective evidence Information which can be proved [rue, based on
facts obtained through observation, measurement. test, or other
Organization Company, corporation, firm, enterprise, or institution,
or part thereof, whether incorporated or not, public or private,
that has its own functions and adm~nistration
Organizational StrucNre Responsibilities, authorities, and relation-
ships, arranged in a pattern, through w h ~ c han organization per-
forms its functions
Preventive action Action taken to eliminate the causes of a potentiai
nonconformity, defect, or other undes~rablesituation m order to
prevent occurrence
Procedure Specified way to perform an activity
Process Set of interrelated resources and activities w h ~ c htransform
inputs into outputs
Process quality audit See Quality azrdit
Process quality evaluation See Quality evaluation
Product Results on activines or processes
Product liability Generic term used t o describe the onus on a pro-
ducer or others to make restitution for loss related to personal
injury, properry damage, or other harm caused by a product

Product quality audit See Qitniity nrtdit
Producnon permit See Deviai~o;~ pem~it.A producrlon permit is for a
limited quannty or period and for a specified use
Purchaser Customer in a conuactual situation
Qualification See Qlralificnt~onprocess
Qualification process Process of demonstranng whether an entity is
capable of fulfilling <he specified requirement
Qualified Status given to an entity when the capability o t fulfilling-
specified requuements has been demonstrated
Quality Totality of characterlsacs of an entity that bear on its ability
to sat~sfvstated and Implied needs
Quality appraisal See Qrralih evairmzoit
Quality assessment See Qllnlity e~vlrratioir
Quality assurance All the planned and sysrematlc acrivtt~esimple-
mented wi<hln the quality system, and demonstrated as needed, to
provide adequate confidence that an enriqr will fulfill requirements
.for quality
Quality assurance manual See Quality m n m a i
Quaiitv assurance plan See Qtlality pian
Quality audit Systematic and independent examination to determme
whether quality activities and reiated results comply with pianned
arrangements and whether these arrangements are implemented
effectwely and are suitabie to achieve objecrives
Quality audit observation Statement of fact made during a quality
audit and substantiated by oblectwe ewdence
Quality auditor Person qualified to perform quality audits
Quality control Operatlonai techniques and activities that are used to
fulfill requirements for quality
Quality evaluation Systematic examination of the exrent to w h c h an
entity is capable of fulfilling specified requirements
\.. .
.
i
j
' Qualiy improvement ActIons taken throughout the organization to
increase the effectiveness and efficiency of activities and processes
i
in order to provide added benefits to both the organization and its
--.
2
customers
i
I Quality loop Conceptuai model of inreranmg activities that influence
quality at <he various stages ranging from the idenrificat~onof
needs to the assessment of wherher these needs have been satisfied
Quality losses Losses caused bv nor realiz~ngthe potentla1 of resources
- In processes and activ~ties
-
2 Quality management All activities of the overall management func-
tion that determine the quality policy, objectwes, and responsibili-
ties, and implement them by means such as quality planiuny,
quality control, quality assurance, and quality improvement
within the quaiiry system
Quality management manual See &iiv i7101rtlfl/
Quality management plan See Q ~ t n lpint?
i~
Quality manual Document stating the quality policv and describing
the quality system of an organization
Quality plan Document setting o u t the specific quality practices,
resources, and sequence of activities relevant to a partic~liarproduct,
prolect, or conuact
Quality planning AcnvInes that establish the objectives and require-
ments for quality and for the application of quality system elements
Quality policy Overall intent~onsand direction of an organizat~on
with regard to quality, as formally expressed by top management
Quality record Document which provides objective evidence of the
extent of fhe fulfillment of the requirements for quality o r the
effectiveness of the operation of a quality system eiement
Quality-related costs Those costs incurred in ensuring and assuring
satisfactory quality, as well as the iosses incurred when sarisfac-
tory quality is not achieved
 i

4
Quality spiral See Quality loop Subcontractor Organization that provides a product to the supplier
j
Quality surveillance Continual monitoring and verification of the sta- :
3
Subsupplier See Sttbcontrflctor
tus of an enrirv and analysis of records to ensure rhat specified
:
Supplier Organization that provtdes a product ro the customer
requirements are being fulfilled 7
i
Total quality See Total quality inntmge~nelzt(TQM)
Quality survey See @flifhl eunlrtatron
Total quality control (TQC) See Total quality ~?m~magc?m?tt
(TQJV)
Qualitv svstem Organizarionai structure. procedures, processes, and
resources needed to implement qualin management Total quality management (TQM) hlanagement approach of :In
organization, centered on qualir): based on the participation of all
Quality system record See Q~ialrtyrecord - - -
- ~ t smembers and atming a t long-term success through customer
Record Document which furnishes objective evtdence of activities a
sansfaction, and benefits to all members of tile organization and
performed or resuits achieved to sociew
Repair Action taken on a nonconibrming product so rhat it will fui- Traceability Ability to trace the history, applicmon, o r iocation o t an
fill the intended usage requirements although it rnav nor conform entitv by means of recorded idenrificat~ons
to the originally specified requirements
Validation Confirmation by examination and provision of oblectiw
Requtrements for quality Espression of the needs or <heir translation evldence that the particular requirements tor a specified intended
into 2 set of auantitativeiy or qualitativelv stated requirements for use are fulfilled
the characteristics of an entity to enable its realization and esami-
Verification Confirmation by examinarton and provision of objecrtve
nation
IU evidence rhat specified riquiremenrs have been fulfilled
Requuements of society Obligations resulting from jaws, regulations,
Waiver See Concession. A waiver is limited to the shipment of a prod-
ruies, codes, statutes, and other considerations
uct that has specific nonconforming characteristics wtthin specific
Rework Action taken on a nonconforming product so that it will ful- deviations, for a limited time or quantity
fill the specified requirements
Safety State in whlch the risk of harm (to persons) or damage is lim-
ited to an acceptable level
Self-inspection Inspection of the work by the performer of that
work, according to specified rules
Service Result generated by activities at the interface between the sup-
plier and the customer and by supplier internai activities t o meet
the customer needs
Service delivery Those supplier activities necessary to provide the
service
Service quality audit See Quality aridit
Specification Document stating requirements
 ZL 'saSucq2 u q d i!pnc
952 ' ~ L - I L 'luawa5rucw l!pnc
9SZ 't6-$6
' s p a n ~ U uCa m d C I E ~
9SZ 'E6-:6 '22UapiAa
40 . u s n ~ ~ ! qpur
o uollcloqolloJ
95; 'Lb-96 'SUOISIIPUOJ
9SZ 'S6+6
%mnraiasqo lo u o r ~ c q s s c [ J
qc;
~- '<)b-C(r 'SJJUCUllOlU03UOU
,a uollcJ~J~ssc~2
95; ;L6-[6 ' S ~ S A I C U C,!pnc
957 '501-69 ' a x c w ~ o , ~ a?pny d

,
.iSac.us 5u$1!pny aay ' y c d ?pn?
>-h+ '.iSalclls
Sr-Zr 'urld Suqdwes
t)-:r '5Ut""'~" sxlsl5ol

expectanon o t auditors, audirees.
and client. 101-102.756
presenmtlon of audit results,
99-100.256
openmg meeting. 73-79.256
confirmar~onot w d i t iogi~tics,
--!-78,156
! 55-57,256
discussion ot liudiree concerns,
is.256
prescnraiton and rcvlrw ot rile
.. . .-
;ludiiolan. 73-76.256
problems encountered in, 102-103
Audit oroeram manazemenr.
Audit personnei. 165-173.257
Audit plan, 33-47
~ u r h o t i t videntification. 34-36
beckground. 33-34
c h a n ~ c sin. 72
common ~ r o b i r m s .bi
commun~cationut. 55-65
conciustons. 96-9-
distribunon of, 65
long-term. I5J-l5b
In opmlng meennss. 73-76
PUtDOSe, 36-59
resources reuulred. 4043
-4
sample. 64-65
sample norificaoon lener. 66
sample plan. 64-65
scope, 38-40
standards. 45-47
ream selecr~onand roie
idenrificaoon, 43-45
versus audir sche~iulr,63
Audir preparation, 31. 31-67.255
oudir defincion and plan, 3-47,255
dcterm~nacionof audit purpose,
36-38,255
determtnanon of nudit type and
scope, 3840,255
determtnarlon of resources
requited. 4043,255
idenrificanon of authorir). linternai
and esernal), 34-36.255
reqummenrs to audit agamsr,
4547.255
ream selecnon and identification
of roies, 43-45.255
audit design, 49-54.755
data collection d a n , 51-52,255
log~sncsplanning, 53-54,255
sampling plan. 52-53,255
strategy, 49-51,255
bxkground, 31-32
communication and distribution of
audit pian, 63-67,256
document rewew and picpaiatlon,
55-62.256
audir-related document review,
;iudiree's pertotmmce hlsrorv
rcvmv. 57-58.256
prcparaimn ot audit chrcklisrs,
guidelines, log sheers,
SS-62,256
~
. "
137-173,257
adm~nisrrmon,139-156,257
audir program objecnves,
l39-i41.157
crcdibilitv ot audit funcoon,
144-iS6.257
evaluntron ot audir program
effecoveness, 150-153,257
tdenrificmon and iustific&ron of
resource reuwrements,
142-143*257
linkage to busmess performancF,
146-148,257
linkage to conanuous
Improvement, 148-149,-
long-rerm audir olannmg,
154156,257
-
manaecmenr's relatlonshio to the
audir tuncnon.
143-144.257
summarv of audit program resuits
for renew, 153-154,257
audit personnel, 165-173.257
performance evaiuanon, 173,257
qualificanons, 165-167,257
selernon, 167-168.257
tralnlng and recenificat~on,
169-172.257
process, 157-163,257
audit record-keeping
mqummenrz, 162-163.257
develo~mentand imoiementarton
of audir program procedures,
158-160.257
- deveiopmenr and implementation
ot audit program schcduie.
I 160-162,257
i sample audir schedule, 161
Audit program measures, 141-152
-
-: Audir record disclosure, 29,255
Audit repomng, 105-119,256
- approval and disrriburjon of wntten
report, 117-118
nudit records retention, 119.257
issue wrliten report, i 17-118,257
distribute report, 117-1IS,257
o b m n approvals, 117.157
. . and tuncrions, 105. 107-108
purpose
-~. retentson ot audit records, 119
revrerv and finalize audir results,
107-109,256
wnrren report format and content.
lO9-l16,256
amachmentr, 109-110
nudir derails, 109-110.256
compliance, 110-1I I, 256
conclur~onsto be reported,
I 15,256
confidenrd intormation, 110
example ot format. 112-113
recommendations. 111
request for correctwe actlons,
115-116,256
results section, 111
summary or abstract, 115
svstem effecr~vcness,112-115,256
Audit result linkages, 153
Audir sampling, 231-254
nonsranstical, 237-240
nonstmstaal sample sclecrion,
233-234
proportional "stratified" sampling,
249-250
sampling methods sumrnarv table,
252-253
See also Sampling theory,
procedures, and applicar~ons
with standards, 245-248
starisricd sample selection, 234-235
statlstlcai sampling for anributes,
241-244
Audit schedule, 75,160-162,257
versus audit pian, 63
Audir teams, 40-43
management of, 71-72
zeienron and role idenrificanon, 4345
Auditees, 273
communicar~onwith, 14-15,72
discursron oi concerns, 7S
performance history rrvtervs, 57-58
responsible for corrective actions, 123
role in e m meetings. 102
roies and responsibiliries of,75-76,
183-184,258
.Auditmg methods. 166
Auditing strategy, 49-51. 79
department method, 5l
discoverv merhod. 50
element merhod. 50-5I
tracing techniques. 49-50 -.
Auditors
as agents, 25,27-78
assignment consideranom. 169
certified. 119. 144. 165
sommunlcatron w t h the auditee,
1415.I45
and credibilin. at mdit tunctmn.
I-&!-i46
educatlon and experience, i65
evaiuarlon constderanons. 16s
inrerpersonnl and other skills.
165-166
performance oi. 151-152
personal trms, 166-167
professlonai conduct or. 13-24. i46
responsibilities of, 15-i7,74-75.
193-184,258
role rn exit meenngs. 101-102
See also Amencm Soc~etytor Qu3li0'
(ASQ) Cerrified Qualitv Auditor
exam~nation:Qualirv auditor
selecr#onof. 167-168
traming and recertificanon, 3,
169-172
Audits. See Quaiin, audirs
Awards, 183,261-262
-
Bar graphs, 210-211,212
Bell-shaped distribunons, 220
Benchmarking, 261,262
Benefits and conseuuences of audits.
182-183,258~
Bimodal distribuoons. 220
Block sample reiecnon, 234,238,240
Body of Knowledge, American Soclew
for Qualiy (ASQ) Certified
Qualiry Auditors, 255-258
Educntson and esperlence ot auditors, 165
See d s o T m n l n ~m d recertiiicmon
of auditors
Eifecr~veness.113. 114. 130, i 5 l
Effectircnm audits. i l 4
Elrcrronic media, 1 9 s
Elecrromcs rndistr); 179
Element method, 50-5 I
E n ~ x ~productton.
y IS0
Enntv, 274
linwonmenmi rcpuiniions. I SO. 26 I
Escorrs. 77-78
;Inswer#ng tor inrcrncwces. S-l
and communrcatlon problems. 85-86
Ethics
dcfinirion. 1
Seedsu Code o t erlucs
Ethics, protessiod conducr, and
linbilio. issues. 1-51. 2%
.ASQ Code of Ethics. 5-1 1. 255
con~identmlits.S-I I . 255
contlicr of interest. -4.255
lisbilirv issues. 25-29. 2 5
:iudir mcord disclosure, 29, 255
personal and corporare. 25-2S.25.5
protessional conducr and
responsihilines, 12-24, 255
auditor conduct. 13-15, 255
auditor responsibi!ities, i5-17, 255
discovem o t i1lee.d or unsafe
conditions or actlvitscs,
i7-24,255
ot audit program effecnveness,
150-155,257
of auditors, 168
of perfocmance, 173, 257
Evidence. See Data a n a l ~ s s
E s a m ~ n a r ~ ofor
n the American Socley
tor Quaiim (ASQ) Certified
Qualirv Auditor, 3
Fsir meenngz, 99-102
discussion of follow-up acoons,
100-101
presentation of audit results, 99-100
roles of auditors, audirees, and,
clients, 101-102
Exrensions tor corrective action, 136
External audits, 154, 187
corrective acnon, 123
records of, 28-29
responsibilities in, 23-24
See oiso Srcond-parw audits; Third-
parw audits
sourccs of authortry, 35-36
and unsde condinonr, IS, 21
External sources of audit aurhorlty,
35-36
False Clams . k t (lS631, 19
FARs. See Unmd Smres Federni
:\cqu~smoo Re~uiarmns
Faring. 197
Federal nyncicz, I S 9
%ederal rcguiarrons, 36
Final audit report. 107
See niso Audit rcporrmg
Findings, 94, 95, 11 1, 178
See nlro Dnrz malrsss
First-parts audirs. 2% IS7
benefits ot, IS3
charncterlsrics ot. IS8
mnclus~onsIn audit mporrs, I IS
esrr m e e t q s . 100
mtiarlng, 31
npenlng meetings. 78
purpose of. 57
reqoesr for cayrecove ncrion
torm; 129
See also Internal zudirs
Fishbone diacrams.
- . 216
Flowcharts and process mappmg,
206-210. 25s
flowchart svmbols, 207
process flowcharr, 208-210
Follow-up acoons, 95, 100-101
Food producnon. 180
Formulas for statmrcnl sampling for
arrr~bures,241-244
Forward rracing, 49
Frequency measures, 222
General knowledge and skills,
175-229.25s
audirmg basics, 177-191, 258
benefits and consequences of
audits, 182-183,258
characteristics of first-, second-.
and third-parry audits,
158-190.255
characteristics of inreinai and
esrernal audits, 157, 258
and product audits,
1S5-187.258
qualir). concepts, terms, and
drfimuons. 177-178. 25s
roles and rcsponsibilitles ot client.
auditor, and nudiree,
185-1S4,258
rheortes 2nd pracrlces in qua lit^
nudirlng. 179-1 S2. 25s
b w c skills, 193-199. 258
conflict resolurton, 194-196, ?55
effectme comrnunlcmon
techniques, 196-198. 258
presentation methods and
rechnroues,
~. 198-199, 258
rime-management technlques.
193-194.25s
tools and technlques, 201-229. 258
muse and effect diagrams.
216-2l7, 258
checkiisrs, guidelines, and 10s
sheers. 201-205, 25s
conrrol chart inrerpretmons,
324-223.258
descriptive sratlsrlcs,
222-224,258
florvchnrts and process mapping,
206-210,258
hisrograms, 219-222,258
Pareto charts, 217-219, 258
pattern and trend a n a l p s ,
210-214,258
process capabiliw inrerprerar~on,
223-229,258
root cause analssrs. 214-216, 258
sampling theor?, procedures,and
applicarlons, 205-206.258
GiFt-giwng, 21-22
Good manufacturing practtces, 186
Government regulanons, 180
Grade, 274
Grievance procedures, 1 5
Guidelines, 61, 89,201, 205
Haphazard sample selection, 233-234,
237-238.240
Heaith Indusrrv Manufacturers, 3 6
Hierarchical sources of zudir aurhor~rv.
34-55
High-nsk audirs, I SO-IS 1
1-lisrograms, 219-22. 229. 256
Hold DOlnt. 274
Homogeneious popuiar~ons.103
Horizonml audirs. 160
Illrgd acc1vit1es
bt, auditers, 17-26
h v aut,tors. 25-26
Improvement pomrs. 95
~ndusrrialrcrolmon. I--
intormatron veriticarmn. SI. 83 _
See also Corroboration and
obiecnvxs o! dam
Lnspccrlon, 274
Insrirure of Internal Auditors ill:\), 114
code ok erhas, 5, 5-b
Srmdards for the Pro/rsjmr.d Pr~lirfcc
of fntmml Auditvt?. I.;-i4
inrrrihaoge.~hilirr. 22-4
Internal audirs. 23. i 14. lS4. IS;
corrective acnon. i l j
and ~ndependencr.i i 40
openmg meerlngs. -4
records of, 23-29
scopr ot. 40
lnrernd sources ot mdic aud~ontv.5+55
Internxional srandards. 261
Inrernanonalizar~onof bustnesses. 172
Internet, 170
Inrerpersonal skills, 165-166
Interviews, 82-86, i45
ansrvermg tor ~nremiewees.84
cmdidares for. 84
communications problems, 35-86
lnformarion verificauon, 83
leading questloris, S4-85
note-taking during. S3
open-ended quesrtons. 85
process of, 82
Ishikawa diagrams, 216
IS0 9000 senes, 260-261
IS0 9001 cerrificar~on,26
I S 0 9001/2/3 regmraoon, 27
I S 0 G u ~ d e62,28
IS0 regrsrratlon progmm, 1. 27
I S 0 standards. 186, I S 9
Isolated incidcnrs, 9-1. 95
Isolmd-pcakcd distributions, 222
Item. See Enoru
Japanes~.culrurc. 22. 172
Judgmental snmplc rclccnon. 234,
239-240
L l n ~ u a F ei v r r w s . 22-13
~ 3 1 and ~ s regulations. 4 7
LCL. Sec Lower Control Lirnlr
Lead auditors. 4 0 . 4 3 .~
h a mnlvss conclusions. 96-97
In e s n meeongs, 100-102
cn o p e m y meeting. 74-75
sciecrton 2nd Juries. 44. 71
Lead qualirv auditor. 275
Lending quesrwns. S4-$5
I . t y l .~dnce.2.5
I.i.~hiIirv. 1. 75-19
Linc graphs. 210. 21 I
Litcr.icv ixrmrs. 22-13
Log sheers, 61, $9. 205
Loplsrxs
c.onfirrn;~rmnin opening rneetvngs,
:--;s
-n,planntng ot, 53-54
Long-term audir plannmg, 154-156
Long-term corrective acrlon-
116, I24
Long-term records. 162-163
Lower Control Lirn~rILCLI.
. ..
22s-229
Lower S~ecificationLirnx ILSLI. 219
LSL. See Lower Specificarlon Lirn~r
Major nonconformtr~es(cxegon. I ) ,
95-96
Malcolm Baldnge Notroml Qrro1it.v
Award 1998 Crzterra /or
Performance ErceNence, 154
iMalcoim Baldnge Narionai Qualioi
h a r d , 35,261, 262.
Management, 71-72, 179
audir plan changes, 7 2
ot audir program, 137-173, 257
of nudir ream, 71-72
cammunicmon wlrh audiree, 72
quality, 17s
reimonship to the audit function,
143-144
revlcws ot audir program
effecnveness. 150
---
,CIanagemenr audirs, 113, 181
Management rewey A,,:
ill;lnutacrurmg processes. 177
Mass production, 177
.\1arrices, 211-212.213, 214
Mean. nnthmenc. 212. 123
.\.lcasurement
h\, qunlirv ludits. 180-1 S2
in p h ~ s ~ c exnmmat~on.
al S6
Measurement data, 125-226
Median, 222,223
Slr.dicnl products. IS0
.Llerrqs. See Dailv meetings; Opmmg
nieenngs; Exlr meerrngs
Xlerhods ot zudirmf. 166
hiilitnrr. 179
\kills. Charles .,\.. -
Slinor nonconiorrn~riesicnrcgorr 21.
95-96
Sludr, 222.223
hlodel tor iiualin~nssurancc, 275
Movmg lor. The. 2-16
National cerriticar~onprogmms, 71
Nmonal standards. 46
See olso Srandards
Noncomplianccs, 94
See also Compliance;
Noncontormnnces
Nonconformances, 23,111
classificanons of, 95-96
See nlso Compliance;
Containment actions;
Noncompliances; Remedial
act~ons
Nonconformity, 275
Nondisclosure agreements, 9
See also Confidentiality
Nonstarisrlcal audir sampling,
237-240
Nonsransricai sample selecnon,
233-234
Notebook computers, 198
Notification letter, 63, 66
Nuciear mdustry, 179, 261
Nuclear regulartons, 186
Obiccr~vrrvdencr. 275
Observat~on
drfinmon, 17s
of work ncriwr~es,87-88, 90
Observar~onclassiticmons, 94-95
Open-ended quesrlons, 85, 156
Opening meetings, 73-78
audir pian. 73-76
audir schedule, 75
audirec cor.cerns. 7S
logmxs. 77-7s
Organmrlon. 275
Organtzarton pertormnnce srnnd:rds. -16
See 01x0 Standards
Organrzat~onalsources ot audir
;~u<horrty,34-3:
Organ~zanonnlstructure. 1 7 5
Pareto charts. 217-119. 25s
Pattern and trend nnairsls. 93-94,
210-lli.2jS
PDCX i d e (Pl~n-Do-Cbeck-i\crl.i39
Penairres in audits. 3S
Percentiles. 222
Performance ot nudirors, 151-151
Pertormnnce waiuanon. 173.157
Pertormancc hisrorv revtews, 57-58
Performance standards, 45-46
Personnel for audinng, 165-173, 257
Physical examlnnnon, 86-87
Pie chairs, 211, 213
Plan. See Audir plan
Plan-Do-Check-Act (PDCA cvcle), I39
Plateau disriiburlons, 220
Policies and standards. 47
Policy documents, 45
Pos~rtvepmcnces, 95
Post-audit conterences. See E x ~ rmeenngs
Preliminars audir repon, 107
See olso Audit reporrmg
Presenrarlon methods and techniques,
198-199,258
Preventwe action, 275
Procedure, 275
Procedure documents, 46
Procedures for audit program
management, 158-160,257
Process, 275
Process of audir program management,
157-163,257
Process qunlinf audir, 1S5-IS6
See also qua lit^ audit
Process qualirv cvnluarion. See Quaiin.
ev~lu~~on
Producr, 1 7 5
Product audits. Sh
Prnducr li:xbiliru. 2-5
Product ~ w d i t v. ~ ~ d i 1S.i
t.
See d s o Qo:ilirr oudir
.I'roducr~onpermit. 276
See also Devtation pcrmn
Protess~onaiconduct, 13-74, 146
Jeiinmons. I , i 5
Proportsonal "rrrmiied" sampling.
119-250
Proorternrs mtormmon. 9-10. 13. 1S
Qu~liiicartonproccss. 1-0
Qualiticd. 276
Qwilitnr~vrnndvsis. 190-tY I . 1 5 s
Qu~lin:276
cost ot, 153
Qualin. a p p t a i ~ dSee Qualirv
evaiua~~on
Qualim assessment. See Qualirr
evaluation
Qualiw assurmcc, i77. 178, 276
Quality Audit Div~sion.Amrr~can
Socmy tor Qualin.
(ASQ), 170
Qualirv audir obserwr~on.276
Qualitv auditlnr rheorm and pmcrlces.
- 178-182,Z5~
Qualirs auditor, 276
See also Auditors
Qualioi audits, 276
classificar!ons of, IS7
definmon, 185
See also Auditing; Audits
Oualiw conceors. terms, and definmons,
177-178; 2.58
Oualiw control. 178. 276
Qualitv loop. 2 7 7 Sce also Containment acrlons; Serrrce quality audit, 135 Tangible trems, Sh-ST
Quaiin, losses. 277 Nonconiormances Service qualirs audit. SCCQualitv mdits Teams. See Audir reams
Qualin. management. 178.177 Repa~r.278 Shewharr Cvcle, 139 Test dev~ces,181
Qudirv manuai. 2 7 Rcporrerz qucstlons, 141 Shewhxr, \Vaiter h., I 3 9 Srr d s o Measurement
Q u ~ l i yplan, 2 7 7 Reporting. See :\udir reporring Short-term correcovc x n o n , 116. 124 Third-partv audits, IS7
Quaiiry plann~og,277 Reqniremmrs, 91, 92 Short-term records, 163 benetits of, 183
Quaiits polic!; 277 See nlso Standards Simple random sampling. 234 characrertsncs of, 159-190
Quaiins record. 27: Requtremcnrs tor qualin: 278 Skewed distributrons, 220 and correctwe acnon. 123
Qualirv spml. Suc Qualirv ioop Requmments ok rocwry, 278 SPC. Sec Statrsrlcnl process conrroi exit meetings. 100
Q u ~ l i r rsurveillance. 278 Resource requirements. 142-143, 257 Speciiicnrlon. 27s #ninarmg,31
Qualit\- surrey. Sei. Q u d i t r ~ m i u a r i o n Rcsulrs, 153-154 Spccitis.~tlonsmndards. -16 ;ind laws and re;ulaiww. 4;
l>unIirr survcvs. xsessmcnts. ni chart#n$.:.:I Standard d e r m ~ o n 222. , 224 and lisbilirv tssues. 1
csam~nnrmns,ISS :\u~iit rep~rting
ALIL, .z/m Smndonds. 3 6 . 4 5 4 7 . SG) opemng n~errtngs,TS
Qualirv svsrem, 27s Rework. 275 - . . audit sampling w r i ~ i45-14s
, purpose of, 3S
Qualirv svsrcm audit, IS6-I $ 7 Risk reduction and audit program. 147 definmon, 46 rcgularorv sources ot audir
Qualirv-reiared costs. 177 Risk-benefit ranos. 94 European. IS9 nurhoncy, 36
Qumtlrarive a n d w s . I"-I9 1. 258 Roor cause anaiusls. 214-216, 25s ~ n r r m ~ i t o n a261
i, Sre d s o Exrernal audits
Qnesrlonnatres, 89. 90 Roor cause ot problem, 116. 124. 126 and 13115 m d regulmons, 47 and unsafe condirmns. IS, 1 1
Questions, 84-35 tor rnmsuremenr, 180-ISl.lS3 Time-management rechnroues.
Satery, 278 performance standards. 45-46 193-194.258
IlAB. See Regtsrrar .icciedirarton Board i ~ m p i c 1. 7 3 .d ~ x d i i i ~47
.~, Time-w3snng technqucs. 16-17, I"4
Random samnles. 205. 235 nndom, 205.234 tor ou.ilin. svsrcm audirs. IS6 Toots tor p h y s ~ dexatnmstkon. Sh-ST
Samplinz methods summarv table ietrrencc srand~rds.45 Toois and rcchnwu!s. 20 1-229, 159
tor resisrmnon purposes. IS9 Total popular~on.LO5
Sce olso Educarlon m d exprirencc o f - SCCd s o Rcqumments Total quaiin. manngemenr (TQXII. 7 3
auditors Sanpiing rheorv, procedures, and speciiic~rtons.46 TQM. See Total qu&r mmagcmrnr
Recogn~tlonpurposes ot third-part? a~plications.205-206. 258 veritic~ttonot compliance to, 139 Tr.~ceabiiiry, 279
a
."
audirs, IS9 hlso Audit sampling Storzhrrris lor the Profess~onnlPractrce Tracing rechniques, 49-i0. 8 I
See also Awards Scheduling, schedule. 41. 67. 158, of 1,rternnl Attditnrp, lnstlmrc ot T r a m n -c and recertificaoon o f auditors.
Recomrnendanons of audits, i I I 160, 194 lnrernal Auditors (ilh), 13-14 169-172
Record disciosure. 29 Second-pam audirs. IS7 Smnsrical audit samolinr , " tor attributes, See ~ ~ l Education
so 2nd e x ~ e n m c eot
Records, 278 benefits of, 183 241-744 auditors
ndvtce on rerainlne. u.
133-134 characrensocs o t 188 Stmsrrcai conrroi smrc. 228-229
~ ~ Trmnsbrion documcnrs. 45
requlrements for keepmg, conclusrons in mdit repom, 115 S r a r ~ s r dprocess control (SPC), 224 Trend analysis, 190, 210
162-163.257 conrracr sources ot aurhonty, 35-36 Stnnsnczl sampie seiecoon, 23G235 Truncated disrriburlons, 220. 222
See also Audit reportmg; e m meenngs, 100 Stntmlcal rcchntques, 92,221
Documendrecord L.sammanon mtitnrlng, 31 Sce nlso Dcscr~prwes m r w c s UCL. See Upper Control Limn
Reference standards. 4 5 opentng meerrngs. 78 Strata, 105 Unerhic.1 actiwres, i7-24
Reg~strarAccreditation Board ( U B ) , purpose of, 37-38 Strategy in auditing. See Audir~ng Union shops. 87
28, 165. 1 9 0 See also External audits strategy Universe, 205
Regstrat organrznnons, 28 and unsafe condioons, I 8 Subcontractor, 279 Unsafe conditions, 17-24
Regtstration purposes of third-parry SCCU~IN clearances, 10-1 1 Subject matter expert, 44 Upper Controi Limit (UCL), 228
audirs, 189-190 Stcurry concerns, 9-11, 198 Surtabilirv audirs, 114 Upper Specificanon Lim~cIUSL), 229
See also Cerrificarron/regisrrarion See also Coniidenuality Supplier, 279 USL. See Upper Specificarron Lim~r
Regulanons, government, 180 Selecrion of auditors, 167-168 System audir, w i i , 113, 124, 181, 187
Reeularorv audirs. 180 Self-inspection, 278 System effecr~veness,112-115, 256 Validation, 279
~ e & a t o i y source's of audit aurhonty, Service, 278 Systematic sampling, 234 Vaiue-added conrribunons, 152
36.38 Service delivery, 278 Systemic incidents, 94, 95 Vattable data, 225-226
Remedial acoons, 23 Servtce performance, 151 Systems, 112 Variance, 222, 214
Verificarmo, 279
V~.rt~caiaudits, 160
Video confeienclng, 1%
Waiver, 279
See d s o Concesston
\Vhisrle-blower laws, 19-20
ohscrrarton. ST-SS
\VoA 'orl;cr~vitv
\%rk iuic restnct~ons,$7
\Vorkcrs protection, 1SO
\Vorkink papers, 89-90
audit trail documentat~on.S9-90
record of observanons, 90
\Vorld \Vide Web, 55
\Vorld-cim levels, 261-162
\X1ri'rincn report. Sze Audit reporrlngs