Professional Documents
Culture Documents
Quality Audit Handbook
Quality Audit Handbook
ABer rlre Qtmliy Audit: Closmg rlie Loop 011 rl~eA d i r Process
J. P. Russell and Terry Regel
F~oidat~tertrds
of Q i r a l i Aitdirrr~g
~
B. Scott Parsow~th
The Q ~ ~ a i.iitriii:
in A illn~iage~~~eiir
Elwl~iar~on
Too/
Charles A.MiIls- - ..
Q ~ r n lAi~diis
i ~ for I i ~ ~ p r o vPr ~e l~ f o m m ~ cSecond
e. Edir~u~~
Dennis R. Anrr
md Use
How lo Pla~tcii~.4i~dii
ASQ Quality Audit Technical Commrttee: Charles B. Robinson. editor
Second Edition
To request n complimentary catalog or publicat~ons,call 1-800-248-1946
or v ~ s our
~ t Webslte at qualitypress.asq.org.
j. I? Russell, Editor
0- 2000
- by ASQ...
All nghts resen,ed. No pm of [his book may be reproduced in any form or by any
means. electron~c.mcchantcal. pholocopyng. recording, or oihenv~se,w h o u t the pnor
willen pcrnusston of ~ l t epublishar.
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . XI...
Notes to the Render. . . . . . . . . . . . . . . . . . . . . . . . . . - ~ & -XI11
;\cqu~stiton~ Editor: Ken Zielske
P r o p s Erlitur: Anncn~~ekc Koud>ru~i
A&~odedginentst,. . . . . . . . . . . . . . . . . . . . . . . . svii
Producrioii Adnr~ii~smror: Sh.nwn Doiiogne Overvter~t... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SXZ!
RSQ Mission: The Aniencm Soclew lor Qualiry advances indindual and orgnnrzat~onnl
perfoniinncc excellence worldwide by providing opponuntties for Ir~rnlng,quaiit). - PART i ETHICS, PROFESSIONa CONDUCT,
itiiprouemenl. and knowledge enchanse. AND LiABILITY ISSUES
Artemon: Bookstores. Wholesalers. Schools and Corporat~ons:
ASQ Quality Press books. videotapes. audiorapes, and software are available at q u m l ~ l y
Chapter A ASQ Code of Ethics . . . . . . . . . . . . . . . . . . . . . 3
discounts w t h bulk purchases for busmess. educat~onal.or ~nsrrucr~onal
use. For 1. Conflicr of Interest . . . . . . . . . . . . . . . . . . . . . . . . . 7
~nformar~ott.p i e m conrnct ASQ Quality Press at 800-248-1946. or wnte lo ASQ Quality 2. Confidenrialirv . . . . . . . . . . . . . . . . . . . . . . . . . . . S
Prcss. PO. Boa 3005. Milwaukee. WI 53201-3005.
Chapter B Professional Conduct and Responsibilities . . . . . 13
To place orders or to request a free copy of the ASQ Quality Press Publications Cnlalo:,
mcluding ASQ membershtp ~nformalton.call 800-245-1945. Vislt our web slle at
1. Auditor Conducr . . . . . . . . . . . . . . . . . . . . . . . . . . 13
www.ssq.org. or qualitypress.asq.org. 2. Audiror Responsibilities . . . . . . . . . . . . . . . . . . . . . . 15
3. Discovery of Illegal or Unsafe Condit~ons
or Act~v~ties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Pnnted in the Unired States of Amenca
17
@ Pnnted on acld-free paper .........................
Chapter C Liability Issues 25
I. Personal and Corporate . . . . . . . . . . . . . . . . . . . . . . 25
Amerrcan Societv for Qualitv 2. Audit Record Disclosure . . . . . . . . . . . . . . . . . . . . . 29
;
148- - and Applications . . . . . . . . . , . . . . . . . , . . . . . . . . 205
7. Evaluation of Audit Program Effectiveness . . . . . . . . 150 3. Flowcharts and Process Mapplng . . . . . . . . . . . . . 206 I :
3. Summary of Audic Program Results for Review . . 153 4. Pattern and Trend Analysis . . , . . . . . . . . . . .
9. Long-Term Audit Planning . . . . . . . . . . . . . . . . . 154 7. Root Cause Analvsls . . . . . . . . . . . . . . . . , . . -21
? 14
0 I ~
157
/ Pareto Charts . . . , . . . . . . . . . . . , . ; , . . . . . . 217
I. Development and Implementat~on
ot Audit Program Procedures . . . . . . . . . . . . . . . . . 8. Histograms . . . . . . . . . . . . . . . . . . . . . , . . .'% 219
: : 777
162
Chapter C Audit Personnel . . . . . . . . . . . . . . . . . . . . . . . . 1G5 APPENDIX A AUDIT SAMPLING . . . . . . . . . .1. . . . . . . . 231
1. Qualifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
2. Seiection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Chapter A Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
3. Tramng and Recertification . . . . . . . . . . . . . . . . . I 169 Chapter B Nonstaustical Audit Sampling . . . . . . . . . . . . . . 237
4. Performance Evaiuat~on. . . . . . . . . . . . . . . . . . . . . . 173
Chapter C Statistical Audit Sampling
for Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . 241
PART W GENERAL KNO\VL,EDGE AND SKILLS
Chapcer D Sampling with Standards . . . . . . . . . . . . , . . . . 245
Chapter A Auditing Basics . . . . . . . . . . . . . . . . . . . . . . . . 177
1. Quality Concepts, Terms, and Definitions . . . . . . . . 177 Chapter E Proportional "Stratified" Sampling . . . . . . . . . . 249
2. Theories and Practices In Qualiry Auditing . . . . . . . . 179 Chapter F Sampling Summary . . . . . . . . . . . . . . . . . . . . . . 251
3. Benefits and Consequences of Audits . . . . . . . . . . . . 182
4. Roles and Responsibilities of Client, Auditor, APPENDIX B ASQ CERTIFIED QUALrrY AUDITORS BODY
and Auditee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 OF KNOWLEDGE . . . . . . . . . . . . . . . . . . . 255 .
5. Characteristics of System, Process,
and Product Audits . . . . . . . . . . . . . . . . . . . . . . . . . 185 APPENDIX C CHANGES AND TRENDS
6. Characteristics of Internal and External Audits . . . . . 187 IN AUDITING PRACTICES . . . . . . . . . . . . 259
7. Characteristics of Fist-, Second-, References.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
and Third-Parry Audits . . . . . . . . . . . . . . . . . . . . . . . . 188 Recommended Readings. . . . . . . . . . . . . . . . . , . . . . . . . . . . 270
8. Characteristics of Qualitative Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
and Quantitative Analys~s . . . . . . . . . . . . . . . . . . . 190 Index . . . . . . . . , . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
The quality audit protesslon has grown remarkabiy in the two peArs since
the handbook was first published. IS0 9000, IS0 14000, QS-9000, and a
mynad of other recent standards call for the certification of audit per-
sonnel and the performance of audits. This growth has been ~nternatlonal
in scope and has given new opponunities to every quality auditor. It has
-given nse to new job opportunities, new companies, and even new busi-
ness sectors. We have witnessed a transition from stated quality to ven-
fied quality for many businesses. We have witnessed a renaissance of the
quality audit profession and its recognition as an integral part of doing
business.
The second edition of the handbook has recognized the transition and
transformation of the audit profession. In addition, we have all learned a
lot since the first edition was published in 1997. Some of what we have
learned has been added to this second editlon of The Qimlity Audir Hflnd-
book. Some must wait while we develop more information, develop trans-
ferable techniques, and develop a consensus among auditors before
including it m the handbook.
This edition has been expanded to include more information on the
softer sides of auditing, including ethics, liability, and sampling consider-
ations. Each chapter has been revisited and, where necessary, revised to
address our current howledge of quality auditing. Some chapters have
had extensive revision; some have had little revision. We anticipate more
changes, revisions, and additions as we move into the new millemum.
A journey of a thousand miles begins with the f m t step. Our f i s t step
was the first edition of The Quality Audit Hnndbook published in 1997.
This second cdit~onrepresents the second step of our Journey. The hand-
book has becn reorganized to parallel the rev~sedASQ Certified Quality
Auditor Body o i Knowledge.
Regardless 01' the updating. reorgmizatlon, and new material added,
the handbook will always be a wok-ln progress because auditing is a
virai, changing, growlng profession seehng continuous improvement. In
kcep~ngwith thc a m of continuous improvement. we invite each member,
organization. and industry w ~ t hinformation to share on Subjects related to
the BoK. to subinit tlleir new knowledge, new perspectives, or new prac-
. .
tices to the editor.
I want to thank 1. P. Russell for his patient efforts at coordinatmg the
second edit~onof the handbook. His efforts at bnnglng some f o m ~of con-
sensus to each chapter are recogmed by all who part~c~pated in the sec-
ond edition. I also want to recognize Wendy Finnerty, Chairperson for the
Quality Audit Divis~on.who au~horizcdthe second edition and worked This handbook supports the quality auditor Body of Knowledge (BoK)
with US to cnsui-e that we met the vanous deadlines tor publishing. developed for the ASQ Certified Quality Auditor (CQA) programhThe
quality audit Body of Knowiedge was revised in August 1997. The second
editlon addresses the new Body of Knowledge topics and the new arrange-
Norman C. Frank
ment. The body of knowledge was re-arranged from V Parts to VII Pans
Vice Cha~rperson,Techn~cal
and (27 percent of the toplcs in the new BoK were not specifically
ASQ Qualiry Audir Divmon
addressed in the old BoK). The fundamental quality audit principles have
not changed, but additional topics were added to address ethlcs, alignment
with organization objectives, audit program management activlnes, and
corrective action of audit findings. The second edition also contains addi-
tional ~nformat~on on sampling in an appendix.
The text is aligned with the Body of Knowledge for easy cross-
referencing. Through use of this handbook, we hope to increase your
understanding of the quality audit Body of Knowledge.
The Use. The handbook can be used by new auditors to g u n an under-
standing of quality auditmg. Experienced auditors will find it to be a use-
ful reference. Audit managers and quality managers will use the handbook
as a guide for lead'ig their auditing programs.
The handbook will also be used by trainers and educators as source
material for teachlng the fundamentals of quality auditing. It is not
designed as a stand-alone text to-prepare for the ASQ Certified Quality
Auditor (CQA) exam. As for a l l ASQ certificahon activities, you are
encouraged to work with your local section for preparation. The Quality
xiii
Atrdit Hrr~irlbuok,when used in conjunction with other published materi- and using the term st~allto mean a requuement and shorild to mean a guide-
als, is appropnate for refresher courses, and we hope that trainers will use line do tior apply to the quality audit handbook.
it in that manner.
The handbook contains information to suppon all aspects of the qual- Who Wrote It. The Certified Quality Auditors who supplied informa-
ity audit Body of Knowledge and is not limited to what only new auditors uon for the handbook represent a broad spectrum of oganizatlons in the
need to know. Hcnce, tlie amount of material in each part of the handbook United States and around the world. About 70 individuals contributed
IS not directly proportional to exam emphasts. The CQA exam is desizned
matenal for the first editton and another 40 for the second editzon. Input
to tcst a candidat<s basic knowledye of quality audiung. All the inforrntt- from members and a number of published texts were also used to create
tion tn tlie handbook is important, but those preparing for the CQA esnm and develop Titc Qlrnlip Arrdir Handbook. It represents Internal and
should spend morc umc in tlicir wcakcst :mas and the BoK pans receiving cxteriial audits in a variety ot product and service industnes. regulated
more emphasis on the exam. The number of questions and percentage of and nonregufated.
CQA exam questions is indicated at the start of' each part of the handbook. To avold the perception of bias toward any particular approach, for the
tirst edition we chose a unique way to develop the handbook. A professional
T h c Contents. Tliz handbook IS organized to be in alignment with the wnter from outside the quality field conducted telephone interviews to sup-
quality auditor Body of Knowiedge. We have tncluded this Body of plement the information provided in conmbuted papers and published texts.
Knowledze i n back of the handbook as an appendix. Since many concepts Significant issues relattng to the pnnclples and Intent of quality auditing
and practices ofc~ualityaudittng are still evolving. the Body of Knowled~r were reterred to a tie-breaker committee for resolution. Extensive"peer
will be revtsed from rime to time. As changes occur. tile handbook must revtew further strengthened the manuscript. We followed a similar (though
also be revised to keep current. less extensive) approach for the second edition. The handbook comrnlttee
Temis and detintttons are addressed throqhout the text and especially members were the wnrers; revzewers provided feedback on the revised test;
in Part VII. Chapter A and tn the glossary. The glossary is based on the and the editor sorted. culled, and refined the manuscnpi.
definittons in ANSIIISOIASQ AS-102-1994. ANSIflSOlASQ A5-102-199-1
definitions have undergone extensive peer review and are accepted world- Why the Handbook. The ASQ Quality Audit Division sponsored the
wide. However. even the defimtlon of audit terms continues to evolve tn development of thts handbook to promote the use of quality auditing as a
order to meet the needs of standard users. management tool-our p n m a y msston. We believe that the Quality Audit
The Qrialitv Artdir Handbook represents generally accepted quality Div~stons members possess the greatest concentration of theoretical and
audit practices for both internal and external applications. As such. it may practical quality audiung knowledge in the world. In The Quality Audit
not depict the best practxce for all sttuatlons. Handbook, we tned to glve you the benefits of ttus collective expertise.
The handbook uses generic terms to support broad pnnclples. For ciar-
J. P. Russeli, Editor
ity, specific mdustry examples and stones from CQA's are sometimes used
to explan a topic in the Body of Knowledge. The stones, depicted as side
bars, are a way to share the experiences of other quality auditors. Industry
examples incorporated into the text are not intended to be all inclustve and
representatwe of a11 zndustnes. Needless to say, this work cannot address
the most appropnate practice for every industry or organlzatlon.
n u s publicat~on,which describes audit methods and their application,
is not intended to be used as a nattonal or international standard, although it
references many existing standards. The conventions for writing strmdards
ASQ Quality Audit Div~slonmembers contributed to both the first and
second sditlons of Tlrr Qiiniin Audit Hmdbook. For the first edirian.
some wrote top~calpapers specifically for use in the handbook, and oth-
ers provided input through a series of telephone interviews. A professional
writer prepared a manuscnpt. md a team of revlewers provlded feedback.
For the really difficult areas, a tie-breaker committee made the final decl-
sions concerning the technical content. over 70 Quality Audit Diviston
members participated. The tnltial effort resulted in the fist edition, pub-
lished in January 1997, whlch became the basis for the second edition.
Where possible the exact wording of the f i s t edition was retamed for the
second edition except for when addit~onalclarification was needed and
when apparent conflicts exlsted w~thinthe handbook.
For the second edition, members of a handbook c o m t t e e provided
text and examples to fill in the gaps created by the quality audit body of
knowledge issued in August 1997. A team of reviewers provided feedback
to the editor who revised and refined the second edition. The evolution
and development of the handbook has continued to be a team effort. In ail,
over 40 QAD members participated in the second edition.
The acknowiedgments for the first and second editions are in chrono-
logical order of involvement of project by teams and do not reflect the slg-
nificance of individual contributions.
xvii
EARLY PROJECT PARTICIPATION Interviews w i t h t h e Writer
(OUR VISIONARIES) Some of the necessary matenal was not initially available. Additionally,
some of the matenal from the referenced texts was conflicting. We therefore
Norman C. Frank
found it necessary to query some of our members by teiephone about cer-
Barbara Houlihan tain topics within the quality audit Body of Knowledge. They provided sup-
John C. Dronkers plemental information and esamples fbr us to use. They helped fill in the
missing pteces of informanon needed to complete the work. The members
who participated i n the ~ntervtewsand their credentials at that time are:
--
-i
.
Chns Newcomer. ASQ CQA
AI-ielCiis~ro.ASQ CQA
F Stephen Sheng. ASQ CQA. RAB QSLA
"r
: Ron Spr~iiz.ASQ CQA
Robert G . Chadw~cl;.FASQ, .4SQ CQA. .ISQ CQE, ASQ CMI
Dav~dL. Thibault. ASQ CQA. ASQ CQE
Robert G. Chisholm. Sr.. ASQ CQA. ASQ CQE. ASQ CMI. tI : Alfred F.Wales. ASQ CQA. ASQ CQE
RI\B QSLA. QS-9000 Auditor
Jim Coley. ASQ CQA
-
\Vorid\v<de Reviewers
Haroid Crotts. ASQ CQA. ASQ CQE, ASQ CMI, AAS, Ind. Eng. Steven Britton (Caniada), PE, ASQC CQE, ASQC CQA
Jeffrey A. Deeds, ASQ CQA C h u ~Karson (Honr Kong), ASQC CQA. ASQC CQE
Kathleen L. Eaves, ASQ CQA Darren Kent (Canada), ASQC CQA
Clieryi A. Hadley, ASQ CQA Ian A. MacNab (Canada),
Rudoipii C. Hirzel, ASQ CQA, ASQ CQE. ASQ CQM Akhilesh Singh (India), IRCA LA
Dav~dKildahl, ASQ CQA Peter Wnght (Canada), ASQC CQA, IRC A, AOQ CQT
Rarnesh Konda, ASQ CQA, ASQ CQE Jorge Xavler (Brazil)
Jim Lamar, ASQ CQA Roger Zigrnond (Canada), ASQC CQA, ASQC CQE
Lmda Rcmhan, ASQ CQA Dennis R. Arter, PE, FASQ, ASQ CQA
Gerry Sherman, ASQ CQA. ASQ CQE, ASQ CQM Richard M. Baehr. ASQ CQA, RAB QSLA
Shyam Banik. ASQ CQA. ASQ CQE, RAB QSLA
SECOND EDITION John Barrett, 4 S Q CQ.4. ASQ CQE, ASQ CRE. ASQ CQM,
RAB QSA
For thc sccond edition, a :roup of ASQ Quality Audit Divmpnmembers ..
formed the handbook subcommittee and voiunteered to be responsible for John J. Boyle. Pnnc~palQuality Eng. ASQ CQA
updating one part of the quality audit Body of Knowledge. Updat~ng James M. Cole!!. ASQ CQA. RAB QSPA
included adding examples and addressing new top~csintroduced by the
A u ~ u s t1997 revised Body of Knowledge. Commtttee contributors and Lmda L. Feaster. ASQ CQA
thcir assigned part ol'the Body of Knowiedge were as follows. Wendy Finneny, ASQ CQ.4
Richard Pi. Baehr. Part VI: Audit Progmm Management Norman C. Frank. ASQ CQA. ASQ CQE
Wallace (Chuck) Carlson. Jr.. Pxt !V: Audit Reporting Peter J. Gauthier. ASQ CQA
I-la.m d so on. Il' there I S n set ol I-uits. :iuditors can compare actual p w -
Ilcc 10 the r111cs.
\\%ilc auditors are comparing actual practtce to the rules or standards
I dctei-mlnmf conlpliance to requirements). they niay also observe that crr-
lam prncticcs and--trends are not in the best interest of the organization Part 1 covers three areas ot pnme importance to the professionalism of a11
bung audited. Hcncc. In some cases. areas that are not efiect~veor areas auditor and the quality audit profession. Ethics affect profess~onalcon-
lhai can be improved are reported as input for mana,~ e m e n review.t ducr, and professional conduct affects liability.
Firlr1irl::s are the restilts of the investigation. Findings of the audit may E t h m are basic philosophical conclusions about whether conduct and
be reponcd as no~lconfoinlances.lindings, noncompliances. defects, con- behavior is nght or wrong. Ethics are also moral principles by which an
eel-ns. and so forth. It is important for everyone to agree on the terminoi- individual is guided. I t is imperative that quality auditors be ethical ii.e.,
ogy that will be used in the audit report. honest and mpartial) and behave appropnateiy ( i t . , w t h professional
Recently there has been more emphas~son looking beyond conduct- conduct) in canylng out thex responsibilities.
ing the audit steps to management of the audit process. It is important to Professro~ml corldilct is the manner in wh~chthe auditor conducts
understand the objectwes of the audit funct~onand the potential benefits h~m/herself. Objectivity, courtesy, honesty, and many other character
to the organizatlon. This understanding and clarificat~onhas resulted in attributes combine to make up the particular conduct of any auditor dur-
some audit programs betng stnctly lirmted to auditing for compliance and mg an audit.
other audit programs seehng management input on the effectiveness of Liability is the degree of legal responsibility an indiv~dualor company
compliant systems. has in a given situation. Liability issues are beginn~ngto surface wlth the
Auditing 1s a management tool. Used ~nternally,its purpose is to ver- increase in Uud-pmy auditing and certification/regtsiration. The effect of
ify that systems are compliant and suitable to achieve objectives. Exter- the I S 0 regisiration program has yet to be fully felt in the legal arena, but
nally, it may be used to determine compliance to a set of ruies. For addi- several issues important to the auditor will be discussed in this part of the
tionai background information on quality auditing, turn to Part VII, book.
chapter A.
The Amencan Society for Quality (ASQ) developed a code of ethlcs that
each ASQ Certified Quaiit!. Auditor must understand and follow. The con- .%
tent of the ASQ code ot ethics is included in the examination for Certified
Quality Auditor. Acceptance of the code of ethlcs by the esamlnee is
requrred pnor to cenificatron.
Audit ethlcs is perhaps the area that demands the most skill from an
auditor. Trarnlng is available for enhancmg skills tn checkiist develop-
ment, interwewing technrques, audit documentation, follow-up methods,
and almost all other phases of an audit. Vexy little information, on the
other hand, is available on the topic of audit ethlcs. An auditor's use of
questionable or unethical methods dunng or followtng an audit can
qurckly erase any favorable impressions and be detrimental to the auditor
and the auditing organization as a whole.
A code of ethlcs 1s a standard for conduct. An auditor's ethical and
moral principles should be compatible wlth a formal set of ethlcal stan-
dards. ASQ's code of ethics' for members is shown in Figure 1.
Many companies and profess~onalorgamzatlons have developed a
code of eulics to guide them in the performance of their work. The Instl-
tute of Internal Auditors (IIA), the professional soclety for financial audi-
tors, developed their code of ethics in 1974. The IIA took a slightly dif-
ferent approach in the content of thelr code of ethics than ASQ. Although
these codes of ethics represent different perspechves, they both have the
same basic principles described in their standards of conduct. Figure 2
presents the IIA Code of Ethics.
According to Charles A. Mills:
;taiidards of Conduct
"'Aformal code of ethics allows quality auditors to approach audit per-
I. Members and CIAs s11a11exercise honesty, objectivity, and diligence tormance uniformly. A iormal code provides a benchmark against which
in the perforormance of their duties and responsibiliues. an auditee and client can measure an auditor's aciiviues. establish an
11. Members and CIAs shall exhibit Loyalty in all matters pertaining to auditor's independence_and recognize potenttal conflicts of interest."'
the affairs of their organizatlon or to whomever they may be render-
In: a servtcc. However, Members and CIAs shall not know~nglybe a Ethical standards serve as a general behavioral g u ~ d efor auditors.
party 10 any illegal or improper acrivtiy. Audilors oflsn rsiy on personal judgnlents and past experiences to deter-
Ill. Members and ClAs shall not knowingly encage In acts or acttvlrtes inme etluca1 conduct in specific sittiations. howevcr. Auditor's personali-
wh~chare discredirable to the professton of inrernai auditm," or 10 ties. tcrnperammrs, u d i t i n f stylss. and b;isic pcrccpttons can vary
therr organmatson. tremendously. By lncorporatlng a set o t ethical pnnclples into h e x daily
IV. Members and CWs shall refrain from entenng into any acuvlty which audit acttvities. auditors can mamtain the h ~ g hstandards of conduct,
may bc in conflict with ihe Interest of t h r organization or which honor. and character needed tor audit results to be received as un unbiased
would prejudice lheir ability to cany- out ObJ?CtiVely thelr duties and and accurate product.
responsibiliues.
V. Members and CIHS shall not accept anything ofvaiue from an
employee. clienr. customer, supplier, or business associate of their 1. CONFLICT OF INTEREST
organtzation which would impair or be presumed to tmpair their pro- The subject of contlict of interest often m s e s dunng audits. Conflict-of-
fesstonai jud,"ment.
interest situations sometimes encountered pnor to and dunng audits include:
VI. Members and CIAs shall undertake only those services whlch they
can reasonably expect to complete with profsssional competence. Previous employment of the auditor ( o r close relative) by the
V11. Members and CIAs shall adopt su~tablemeans to comply with the auditee or a major competitor ot rile auditee. regardless of the
SruridurdsJbr rite Profasronul Prucrlcr ofi~rrerr~ui Audirrng. reason for separation
$111. Members and CIAs shall be pmdent in the use of information
acquired in the course of their duties. They shall not use c o ~ d e n t i a l Holding of significant amounts of stocks or bonds in the auditee's
tnformauon for any personal gain nor in any manner w l c h would be busmess or that of a major competitor by the auditor
contrary to taw or detrimental to the welfare of theu organization. Previous or current close workng relationship (e.g., teaming
IX. blembers and CIAs, when reportmg on the resuils of theu work, shall partner, major supplier] with the organizatlon
reveal all matenal facts known to them which, if not revealed, could
either dision reports of operations under review or conceal unlawful Pnor involvement by the auditor in developmg the quality
practices. program or procedures used by the group being audited
X. Members and CWs shall continually stnve for Improvement in their Desire to be hired by the group being audited
proficiency, and in the effectiveness and quality of theu service.
X1. Members and CIAs, in the pracuce of their profession, shall be ever Close friendships wirhm the group being audited
nundiul of thew obiigauon to maintain the high standards of compe-
tence, morality, and dignity promulgated by The Institute. Members
. Offer by auditee of money, goods, or servlces in the nature of a
bribe, hckrback, or secret c o m s s i o n
shall abide by the Bylaws and uphold the objecuves of The Institute.
Acceptance of a gift (money, ,atuity, or other thmg of value) wlth
Figure 2. Connrriced more than a nomtnai value, or involvement m auditee-sponsored
saies promotions or other act~vitiesthat may represent or be financial loss if customers or competltors were to galn access to propn-
construed as a conflict of interest etary processing Knowledge, formulas, and trade secrets. The auditor must
malntain confidentlality. but not to the polnt of performmg an inadequate
Perlormance of outside work for the auditee tlnat mglit adversely
affect the uuditor's performance or judgment on the job aud~t.Each auditor needs to be prepared to stgn ageements or utilize tech-
nlques for workng around a proprietary area.
The auditor should be aware of the different types of conflicts of inter-
est. Prior to accepting an audit, the auditor should examme h ~ s h e actw-
r Confidentiality and Security Concerns
ties m d relation~liipwith thc auditce and dctcrm~ncwhether an ilctilai or Auditees can use a confident~alityagreement or nondisclosure asreemen1
powntiai conflict of interest cx~sts. to protect ihelr interests. Both serve the same purpose-to ketp propn-
etary .intormation withm the control. of the auditee.
When a Conflict of Interest Exists
When there 1s an actual or potentla1 conflict of interest with the organiza- Confidentiality Agreement. An auditor often is expected to slgn a con-
tion or people being audited. the auditor must relay t h ~ sinformarlon to fidentiality or nondisclosure agreement before an audit begins. In general.
management or decline to conduct the audit, whchever 1s more approprl- these agreements require that the auditor not disclose any propnetary
ate. Actions [hat niunqement and the wdit team leader can rake includc: rnformat~ongamed dunng the audit. They may be extended to the audi-
- Ensuring !hat suflic~ent[ m e 1x1s passed to eliminate the conflict tor's company. family. aszigns. etc.. through iegal languaze. Some c o n k
. Ass~gn~ng
a different auditor to cover the specific area of conflict
dentiaiity agreements that auditees expect the auditor to sign before being
allowed to perform an audit of proprietary areas have become particularly
Removing the auditor or the audit team leader from the team onerous. Often these are wntten in legal language and are understandable
only by someone fmiiiar w~rhthe legal definitions of the words used.
Auditors are normally not authonzed to obligate thex organizations.
Agreements should contaln a release that takes effect if propnetary tnfor-
xampie, dunng an internal audit, the auditor may face a sltuatlon matlon becomes public. An auditor should receive the a,oreement in
w iere the auditor was ~nvolvedin the development of the quality sys- advance so that it can be rev~ewedand approved by the auditmg organi-
tem under evaluat~on.If the auditor developed the process or wrote zationis legal counsel or deslgnated authority before the auditor signs it.
the procedure, it would be difficult for h~m/herto maintain objectiv-
ity when the process or procedure is audited for acceptability aganst
a reference standard. recently asked to sign a four-page confiaent~alicyagreement
before being allowed to perform an audit of a supplier. The agreement
was wntten in legal language and obhgated me, my heus, my asstgns,
By avoiding conflicts of interest, an auditor upholds the standards of
and my company to pay for any damages that mght come about if the
independence, famess, and 0bjectIvlty.
lnformauon was obtmed by ther competltors. There was no tune
frame to the agreement, so if the informahon was disclosed at any time
2. CONFIDENTIALITY
and by anybody, we were all liable for the damages. Our company anor-
With processes, formulas, and equipment being developed by individuai ney advised aganst signmg this agreement, and the audit team used
companies, the questton of confidentiality of propnetary informatton has alternate techruques to deterrmne whether the process was adequate.
become a major concern dunng audits. Businesses could suffer great
Conduct. Discussing propnetay iniormation with others destroys the secunty clearances. This requirement should be determined well in
integrity ot (lie audit function. While it is acceptabie for an auditor to dis- advance of the audit to permit sufiiclent time for processmg the request.
cuss actual audit expcnences with other auditors, the discussion should bc Without the proper secunty clearance, an auditor may be restricted to cer-
-
w i e r i c so tliai tlic atitlitre cannot be identilied. Proprietary information
should never be divulged in a sharing situation with other auditors.
tain areas of a coinpany.
marc difficuit oncs. the auditor must remain focused and in control of the -k
audit function.
This is not a pnmer on law as applied to quality auditing and should not
bc considered to be providing legal advice. If questions anse, auditors
nv
must consult their own lawyers for information.
Liability issues have become more apparent with the advent of the
quality system and environmentil system registration schemes. Each com-
pany and each auditor is acceptinz liability for the decmons made r e p &
ing whether to grant registration. Thele are appeal processes that are used.
but in the end, a coun of law could be called in for the final decision. A
key liability consideration 1s whether a company relies on audit informa-
tion as the basis for making a decision.
-
-
Registrar organizanons and their auditors face a special liability dunng -- 2. AUDIT RECORD DISCLOSURE
tlic audit and after registration. An organization certifying that others meet a -
sct ol' standards must use reasonable care or competency in cenify~ng.~ The '
- Because the quality system requires records that each step is performed by
auditor must lollow die procedui-es of the registrar dunng tlie audit process .. following documented procedures or methods, there are many documents
and base thc registration decision on tlie results of the audit. The registrar =
-
- and records available for both the defense and 1112 prosecut~onln lhe event
must have spccific procedures and requirements for registration and these - of a lawsuit. Each record and document is made available to both the
must be applied equally to all compmes. Registrars accredited in the United defense and to the prosecution.
S t a m must inect requirements of the Registrar Accreditation Board. The
Rcgis~rarAccredi~aiionBoard requires adherence to IS0 Gtucle 61 and
intcl~i-euvcguidance ot the lntemational Accreditation Fonim.
iscovery is s pretnui device used by s u e parry to obtain facts and
Proprietary Information
--. informarlon about the case from the other party in order to help pre-
Ail earlier section discussed propnetary information and techniques of work- pare formal. Under federal rules of civil procedure and in states that
ing around ;I process or other infomiation that the auditor was not allowed to have adopted similar rules, tools of discovery include deposition to
\ww directly. Disciosure ot propnetary information can come about inadver- oral and wntten questions, wnttsn interrogatories. production of dor-
LCIILJ\ ~ X I U S C 01 tiic legal process itscll: Ail ;iuditor co~iipletesaudit check- uments, pemiisslon to entcr land or other property. physical and men-
lists. riidxs notes ol the results ot rhe audit. and often makes copies of infor-
mauoii supponing tlie findings of the audit. These notes. completed /1 ral exammanons, and requests tor admission. In urmr~irtlproceeding?
discovery emphasizes the nght of the defense to obtain access to evi-
checklists. and coples find their way into tlie audit record and arc kept for a
spccikied penod ot time. If. dunng that time. a lawsult is iniirated, Uie contents / dence necessar?. to prepare its own case.'
of the tile may become available l'or "discovery' by the parries to the la\vsuit.
Records of both internal and external audits are subject to discovery by Copies of the audit report must be sent to the client. and almost
parties in a lawsuit. For example, if a supplier to your organization 1s party always are sent to the auditee. Clients either designate other organiza-
to a lawsuit and your organization conducted an audit (external) of the sup- tions and individuals to recelve copies or make the distribution
plier. your records are subject to discovery. The same nghts of discovery are themselves.
true for both civil and crirmnd legal proceedings. The audit records should be treated as confidential information and
Through discovery, these records can become public. This is one of the not disclosed to Internal or outside entities Without pnor approval of the
main reasons an auditor should not make copies of or take notes on propn- client and the auditee. Accidental or deliberate disclosure of negative audit
eta? mformation when audit~nga company. It is also a major reason for information that other companies use as a basis for mahn, decistons that
keeping exmneous comments out of the audit record. Such extraneous adversely affect the auditee may make the auditor and the auditor's com-
comments can come back to haunt an auditor at the most mappropnate time. pany liable for damages. These damages can be considerable if a major
contract is canceled or awarded to another company on the basis of the
negative information.
Dunng one audit, the regulators asked to review the completed audit
checklists. On one checklist, an auditor had wntten "this procedure is
terribie" in the margin. The auditor and lead auditor spent the next
three hours explainmg why the comment was on the checklist even
though the auditor evaluated the procedure as satisfactory.
[32 of the CQA-exam questions or 21 %I
E x h will bc disciisscd in detail in the sections that follow. Logistics, I S 0 9001 or I S 0 9004 standards even though ir has no intentton of applying
vd~ichis ;llso part of planntng. will be discussed in the next chapter.
1. IDENTIFICATION OF AUTHORITY
for registrauon to IS0 9001. Likewise. cntena for <he Malcoim Baldnge
National Quality Award iiiay be used as a basis for quality improvement even
when an organization has no mention ot applying for the award.
-
(INTERNAL AND EXTERNAL) Hirrcird? Hierarchy is the chain of command that controls how work IS
As won ;IS ; I I ~;iudit IC;IIII is selcctcd. the team must verify its autlionty to delegated and how responsibilities are assigned within an organization.
pertorrn the audir. By identifymg the authonty tor the audit to all involved Rather than being dnven by wntten procedures, as in the case of organi-
~ a r t i ~an' ~:~uditor
. coiitcrs Iegitimxy on the audit and removes or mini- zarional authonty, an audit is dnven by the people who have authonty. The
mizes the adverse feelings the audiree may espenence when rnformed of audit authonty must be hlgher in the organlzauonal structure than the
the torrhcoming audit. Also. this step keeps the auditor from wasting time funct~onsbeing audited. For example. it would be extremely difficult for
preparing for an audit that has not been a u t h ~ n z e d . ' ~ a division or department of a company to c o m s s i o n an audit of corpo-
The authonty to perforni an audit may come from a slngle source or rate headquarters. But the Vice President of Operations might request a
a combination of sources. The important thing is not where the authonty quality audit of department operations. This lund of audit is not normally
comes troni but that i t does indeed esist. Without a specific authonty defined or required by the organization's policies and procedures, and it is
source that permits an audit, an auditor has no nght to perform one. usually requested at a higher level to address a specific need. The client in
this case would be the Vice Presrdent of Operations.
Audit Authority
The auihonty to perform an audit can come from inside or outside the audi- External Sources. At tunes the authonry for an audit is extemal to the
tee organizauon. Internally, authonty may come from an organization's quai- auditee orgmauon, as m the case of authonty speeaed by a contract, stan-
ity p r o - m or from the chain of command. Externally, authonty may reside dard, or regulatory body.
in purchase agreements, industry standards, or government reguiauons.
Contract. The authonty to perform extemal second-party audits should
Internal Sources. Internal sources of authonty are either organizational reside in the purchasing agreement-a contract or purchase order-between
or hierarchical. Tlie term o,gniiz:nno~z describes functtons or groups but an organization and its suppliers. Sometimes this authonty is not readily vls-
does not rank them. The word tzzerarcizy refers to status, particularly ibie; it may be included in a section on nghts of access. A nghts of access
among individuals. Internal audit authonty can come from e~thersource clause gives a customer or regulation body the right to inspect or audit a sup-
or a combmation, depending on the company's structure. plier facility, product, or service. The clause usually specifies reasonable
access dunng normal business hours. Federal acquisluon regulauons requue
lederal agencies to include this authonty in most procurement documents.
-particulars
zeneral terms with the understanding that the lead auditor will specify the
to fit the situation. in the case of an audit performed on a re$-
A contraclual audit source is common in second-party audits. The uiar basis, Lhe purpose may have been defined and known by all parties
source of authonty is the signed contract between two parties, a supplier well in advance of the audit.
and 3 customer. Propnetary processes. such as research and development First-party audits may be performed to assure management that the
projects or processes ihat are being conducted for a compeLitor, are defined audited area is in compliance with pmicular quality standards and that the
and ;ire excluded li.oi11 the concern of the audiior. Access to plant locations goals and strategies of an organization are being met. Several sample pur-
IS restnclcd 111 these circumstances, but should be defined in advance. pose statements tor first-party audits follow.
Storida~-(is.iVational and international standards include the ANSIIISOI The purpose ot th~sfirst-gany audii is
ASQ 49001 and 49004 senes for quality management. These standards
m;iy be lollowed volunVarily or may be imposed by contract or regulation.
. To assure conunued implementation ot the management system. to
evaluate ihe effectivmess of the system in meering ihe staled gods 2nd
Industry siandaids are wntten to clarify, amplify. and, in some cases, objcci~ves.and to identify opportunltirs for conunuous improvement
liinit ledcrai regulations. For exampie, in the pharmaceutical industry. vol- rn product. process. and system
t1ni;irl; iiidusiry associattons sucb us the Hcaitli Industry Manufacturers . To review h e mechanicai assembly areas compliance with procedures
and io e\raluatethe procedures for opporiunilies tor improvement
i\ssoct:~tion h:ivc developed standards that may be used as the basis for rill
inlcni;ii audirs. .Alter an industry has demonstrated that voluntary stan- To confirm that project engineenng. document conrroi. md procurc-
d x d s x r working. the best practices may be incorporated into federal menr actwiles bemg performed i n support of basic design are being
accomplished in accordwce with the Qualirv Assurance Manual.
I-cylations.However. industry standards are not regulatory documents.
Selected integrlited executrnn procedures. and governing projecr pro-
'iomally, the requirements a t the standards are incorporated or inter-
cedures. ~ncluding.3s nppropnate. client requirements
preted by the company's internal documentat~on.The quaiity manual or
policy m ~ g h include
t the authonty to audit the organization and a remnder
- To assess the progress ot the quality system toward meeking the
requirements of IS0 9001: as outlined in the current Quality Manudl
to managers ihat they are to cooperate with the auditors. Also, procedures
implemented as a result of a national/internationaI standard may provlde For a second-party audit, an auditor's quality assurance department or
guidance on how the audit program will be conducted. the purchasing department normally determines the purpose o f t h e audit
and communicates it to the auditee. The pnmary purpose of a second-
Rcgulnionc These are primarily used by third-party auditors. Intema- party audit is to assess a supplier to verify that contract requlrements are
tional. federal. or state law may be the source of authonty in certain reg- belng followed or to assess a potentla1 suppliers capability of meeting
ulated industries. Within the United States, these regulations derive from specific requlrements For a product or servlce. By determining that the
iaws passed by Congress and interpreted by the code of federal reguia- supplier 1s meeting the requirements specified in a contract, the purchaser
tions promulgated by the authonzed agency. The courts have enforced and g a n s confidence in the quality of goods and services belng delivered."
reinforced the nghts of regulatory bodies to conduct inspections and Examples of purpose statements for second-party audits follow.
audits of orgamzations to monitor their compliance with the law. Regula-
The purpose of t h ~ ssecnnd-party audit is
tory bodies include organizations that oversee safety, health, and envlron-
mental laws such as the FDA, EPA, and OSHA. To assess the capability of XYZ Company to meet contract requue-
ments by a review of the available resources and by obtaning objec-
2. DETERMINATION OF AUDIT PURPOSE tive evidence of management's c o m m e n t to the quality require-
ments of our product
It is the client's responsibiiity to determ~nethe purpose of an audit. Usu- To verify that the matenals, equipment, and wort being performed
ally this statement is specific; however, a client may state the purpose m under Contract 12345-P-001 are in accordance with the procurement
documents. as specified in Secuon 6 of this contract. and that the work correctwe actions have been implemented and m&e Judgments about
1s being executed by qualified personnel which areas rmght requue less attention. Areas that involve less nsk and
To ~dentifytlte possibk cause of recent nonconformltles by conduct- areas with excellent audit histones may require less sampling.
IIIX a comprehensive assessment of the tasks, procedures, records, and
Exampies of scope statements for first-, second., and thud-party
systcm documentauon rciated to the production of the wlreless wldget audits follow.
Most third-party audits are performed by auditing organizations to First-party: To audit the Purchasing Manual for wueless widget production.
determine the compliance of the auditee"~systems with agreed-upon cn-
tcna. In the case of an audit tor registration, an auditor examines an audi- Second-party:To audit the heat treatment facility as 11relates to contract
iee's systems for compliance wrrh :, specific standard-tor example, number 95-00:.
ANSVISOIASQ Q9001 or current good manufactunngpracttces..Thr pur-
pose statement for most thud-party audits is very specific. Third-pay: To audit Ule design and manufacture of gaskets, seals, and
Tlie purpose oi' lhls third-pay audit 1s other compounded elastomer products for commerctal and automotive
applications at Plant Number I. 123 Man St.. Anytown. U.S.
To determine the degree ot compliance to the requlrements of
The scope of an audit will have a direct effect on the resources needed
ANSIlISOlASQ Q9001 for the purposes of regtstrauon of the com-
pmy systen1 to achieve the audit purpose or ObjeCti~e.Determining the scope of an audit
- To assess the compliance of the quality system to a11 requlrements of
ANSVISOIASQ Q900i: for the purpose of recommendin2 dte orynni-
also keeps an auditor focused and keeps the audit from becormng a witch "*
hunt or fishing expedition. An auditor should not seek to uncover probiems
zntlon for reglstrauon to ihe srandard in areas outside the audit's stated scope. However, if such probiems emerge
To assess the compliance of ihe organmtion to all requirements ot in the course of an audit, the auditor must be prepared to address those con-
Reguiation 122 for the purpose of recommending approvnl or disap- cerns. For example, an auditor should investigate when overdue calibration
proval as 2 supplier of equipment is observed even though that equipment mght not pertan to
Thlrd-party audits performed for regulatory purposes d e t e m n e the the process being audited or fall within the audit scope.
compliance of the auditee's systems with reguIations or iaws. These audits The scope of an audit significantly affects resources and time require-
have penalties (fines, jail, or both) associated wtth them, so they are very ments. If the scope is immense, a large audit team will be needed to com-
senous. The purpose of the audit 1s determined by the regulatory agency plete the audit in a reasonable time frame. If the scope is too large for the
and normally is specified in the regulation or law. These audits focus on available resources, the audit may have to be scheduled for a time when
detailed compliance with the regulations or laws to assure that companies adequate resources will be available, or the scope may have to be nar-
are protecting the envuonment, the public, and their employees. rowed. However, too narrow a scope wastes valuable resources too. Clar-
ifying the scope makes audit planning and execution efficient since the
availability of resources diuectly bears on achevement of audit 0 b j e ~ t i ~ e ~ .
3. DETERMINATION OF AUDIT TYPE AND SCOPE
The scope of an audit is developed in conjunction w ~ t hthe purpose state- Observing Problems Outside the Stated Scope
ment. The scope establishes the boundaries by identifymg the exact items, As indicated earlier, while auditors should remain within the scope stated in
groups, and activities to be examined. The auditor and the client must the audit plan, they may discover probiems beyond that scope. An auditor
agree on the scope; it is documented and communicated in the audit plan has an obligation not to ignore probiems outside the stated scope. An audi-
to confirm a common understanding. tor's reactlon to such a discovery will depend on the seventy of the problem,
By looking at the specitic circumstances surroundiig an audit and by its effect on the quality system, and the type of audit being performed. Con-
exarmning the auditee's audit history, an auditor can confirm that required ditlons outside the scope of the audit may not be lncluded m the formal
-
..
report as a linding or violatloll for that pmcular audit. Conditions should - When selecting an audit team, the auditlng organlzanon must deter-
.i. ;,;.-
be reported directly to the client and the auditee if there is a senous condi- f- mine the number of auditors needed to complete the job. Often, the scope .. a:.
,,.-
1,. tl8.i
tion adverse to quality or a possibility of litigauon. However, nunor process ..
of an audit, the time frame in which rt is to be completed. and budgetary
problems need only be reported to the auditee. For example. an unsafe prac- s- concerns will determine whether z single audiior or an audit team is
tice or one with senous iegd ranlificauons cannot be ignored, while a minor :
- needed to complete the job. The inuitlple auditor, or audit team, approach
process problem may not be acknowledged in the formal audit report. A allows depth of inquiry and breadth of examination. In additlon, it encour-
riimor pi-oblenl m3y be communicated to the auditce as feedback for qual- ages balance, since no single individual can possess all the technical
ity impro\8enicntacuons. knowledge and personality traits necessary in all audit situaiions. How-
i n internai audits where manazemen~'~ goai is to improve ihe quality wer. one well-trained and espencnced auditor may be all that is required
system. probiems that iniirfere with ih3t goal usiuaily are not ignored to conduct meaningful and effective audit."
.. -
since continuous improvement of the quality system cannot be promoted An audit team may break down into mni-teams or subtearns to per-
if an audiror iiitenrionally overlooks obvious problems. Theretore, the t o m portions of an audit. Each mmi-team consists of two persons-one
audit team may expand the stated scope and look Into the problem. In an to interview personnel, the other to listen and take notes dunng the inter-
internal audit. problcms wrthin or outside [he scope need to be identified views. Seldom does the availability of personnel pennit such lusury.
so thiu appropriate corre~tiveaction can rake place. except when members of an audit team are accompanied by auditors-m-
Sometimes an auditee will want to expand the scope of an audit. training. A second way of forming mini-teams is to pair a technical spe- ".
Espanding the scope is permissible betore the audit begins as long as the ciaiist with a quality auditor. The quality auditor can explore rhe system
team has time to prepare for the modified scope. If an auditee asks to have and management controls, while ihe technical specialist can observe the
the scope espanded once the performance stage has begun, the lead audi- work beins done to provide a product or Service.
ror should suggest that the nest audit encompass the additional area, since When scheduling an audit, the lead auditor should calculate the esti-
the team will not have done the necessary preparation or may not have mated number of personnel hours needed to complete each portlon of
adequate time to investigate thoroughly. There may be fewer obstacles the audit, then determine the total number of team hours required for the
when expanding the scope of an internal audit because the auditor's time audit. For example, if the sum of personnel hours is 10, then one audi-
1s not constrained by a contract, nor are external management approvals tor should be able to complete the audit in 10 hours; two auditors work-
required, and all partles internal to the organization should have the same mg as a team but in different areas should complete t'he same audit in
organizational objectives. five hours.
In summary, auditors should stay within the scope of the audit and use Detemuning the proper number of on-site audit days can be compli-
thelr judgnenr when they encounter problems outside the scope. cated when all vanabies are cons~dered.However, minimum audit day
guidelines have been issued for use by third-party audit organizations.
Table I shows the m n ~ m u mnumber of on-site days that should be Spent
4. DETERMINATION OF RESOURCES REQUIRED on TL 9000/ISO 9001 quality system audits and ongoing surveillance
Once an audit's purpose and scope are c o d i e d , an audit team must be audits. The table takes into consideration the number of employees of a
assembled. Often, a lead auditor has already been selected and has com- company, the exisung qudity system, and the cntena being audited
pleted some of the p l m n g acnviues. The lead auditor usudly parhclpates against. The table does not consider such factors as the complexity of
in the selecuon of audit team members and may help detemune the desued operations or labor mtensity. Audit days couid be added for very compiex
size and composmon of the audit team. Each member of the audit team must operations, or a request to reduce the number of audit days can be sub-
be independent of the funcbons being auditea. As noted in Part I, chapter B, mltted to the accreditation organizauon for simple, single-product line
sechon 3, total mdependence may not be possible for internal audits. organizations.
The lead auditor ensures that the size of the audit team 1s appropriate
on the basis of the amount of work to be performed, its complexity, the
availability of personnel and other resources, and the desired time frame
in which the audit is to be completed. Additionally, the lead auditor should
consider the physical size and layout of the space in which the auditors
will be workng.
The following factors may be considered when determimng the num-
ber of auditors needed on U1e audit team:
On-slte time restrictions or allocation
Average expected interview time per Interviewee
Number of interviews (percentage of employees to be sampled)
Time in meetlngs (opening, e m , auditee bnetings, audit team
meetings)
r-
Data analysis and report preparation tlme
Observation of work time
Records review tlme
Meal and break t~mes -
Lost time due to ineffic~enc~es,
such as distance from department
to department
The amount of audit prework could also affect the number of auditors
needed on the team. Examples include previsit communication (wntten
and verbal), review of documents, prepanng checklists, and prepanng col-
lectlon plans.
ot the auditors. prepares and submits an audit repon. and evaluates cor- 6. REQUIREMENTS TO AUDIT AGAINST
rective :Iction. The lcad auditor may also conduct daily hncfings with
tcaiii inembers throughout the audit. Audits of quality progrums require reference standards against which to
judge i l e adequacy of the plans:
Audit Team Selection a n d Assignments "The reference standards nonnaliy available inclutle:
When prepanng an audit plan, the lead auditor (and/or client or audit man- . Written polic~esand procedures of the company as they apply to
quality
ager) should assess the complexity of the activit~esto be audited and select
team members who possess the qualifications or expertise needed to per- Stated object~vesin the budgets. programs, contracts. etc.
Customer and company quality specifications
form that audit. If the area to be audited is highly specialized, the auditing
organization may have to outsource a specialist or consultant expenenced
. Pertinent government speciticat~onsand handbooks
Company. mdustry, and other pertinent quality standards on products.
in that area. To avoid misunderstandings, an outside speclalist or S ~ b j e ~ t
processes, and computer software
matter espert must be bnet'ed as to their expected role pnor to an audit.
Often. an audit team is a combination of quality assurance personnel,
tralnrd and expenenced in auditing techniques, and technical spec~alists,
.. Published guides for conduct of quality audits
Peninent qualir).depanment instructions
General literature on audit~ng"'~
trained and expenenced in the area to be a ~ d i t e d . ' ~ Performance standards are the norms or cntena against which an
Personnel are seiected for specific quality auditing assignments on the activity 1s measured. There are four levels of performance standards:
I !
Tracing
Tracing, or follow~ngthe chrono10,oxal pro,oress of something as it is
processed, IS a common and effective means of collecting ObJeCtlVe evi-
dence dunng an audit. In fonvard tracmg, an auditor staris at the begm-
m g or rmddle of a manufacturing process, for example, and traces for-
ward. In backward tracing, the auditor starts at the rmddle or end of a
process and traces backward. Backward traclng can be more revealing
than fonvard tracing, because the auditor examnes the process from the
perspective of seemg the results (product or service) of the preceding
activity.
H flowchart can be used as a road map for tracing activities. When The auditor exammes each element individually to see how it affects
tracing. the auditor shouid: the entue system. Thls method 1s thorough and good to use on an annual
bass. However, when an audit team is very large or is spending several
Stan at the beginning, middle. or end of the process
weeks in a facility, the element method can become cumbersome.
Choose an action, such as painting a wall. stamping. folding, or
bahng Department Method
Gather information in sis areas-people. equipment. method, The depamnent method is another way of dividing an auditmg task and works
11~ateriai.environment, and measurement-l'or the action chosen. especially well when accountability at the department level is imponant. The
and record this information on a chcckiist (these iactors are auditor focuses on the entue openuon of one department rather than on seg-
discussed in Part VIlr . - . ments of it by reviewing numerous quality elements withm the depamnent.
- Follow the path of the transaction backward or forward though
the process"'
This auditms suategy touches on aimost everyitmg 1n an audited facility.
Here. the auditor's ability to identify applicabie quality elements for that
department is put to test. While this is an excellent suategy when the audit
ream wishes "to slice the apple a different way," it should not be overused.
Discovery Method Focusing too much on one small group of people (one department) may not
The disco\.er'. method is sometimes called random auditing. This method accuratelv represent what is happemng throu~houtan organization.
*r
investigates \vIiat is currently taking place and therefore retlects prevuiling
work procedures. However. the discovery method offers no discernible pat-
tein lo an audit. and an auditor cun become disonented or spend too much
2. DATA COLLECTION PLAN
time i n the facility." An allditor must develop a pian for collecring specific evidence needed to
In most situations. the discovery method should not have to be used if answer checNist questions. The-collecuon plan provldes the auditor with
the audit has been adequately planned. However. this method could be space for recording the results of e x m n a u o n s and identifying people
effective if the auditor b o w s that a problem exists b u t has not yet located who were interviewed. The auditor should ask open-ended questtons that
it. By goinp into the audit area and iooklng around, an auditor may be able result in verifiable data. The questions asked may deal with causal group-
to bnng the problem to the surface. ings such as methods, materials, machinery, people, measurement, and
environment-that may affect a specific action.
Element Method Data include any observation of facts and can be qualitative or quan-
The element method is 2 commonly employed audiung strategy. The ele- titative. Sources of data could inciude records from the auditee as well as
ment method can refer to any element of any quality assurance standard observations that an auditor makes during audit performance, such as
or of the auditee s quality program. Examples of elements are: countmg the number of press cycle openlngs or observing an operator dur-
ing a prescribed, defined operauon. Quaiitatlve data Indicate "yes, this
20 elements from ANSL'ISOIASQ Q9001-1994
was performed, or this step was conducted." Objectwe evidence must be
18 elements from 10 CFR 50, Appendii B available and reviewable for any data to be considered verifiable. Quanti-
15 elements from 10 CFR 830.120 tatwe data are collected by measunng or counting, such as the number of
defecuve pieces removed (inspected out) or the number of cycles of mold-
7 categones from the Malcolm Baldrige Nauond Quality Award ing press observed during a period of tme. The number of complaints that
eiements from the ANSUISOIASQ Q9004 Gurdancefor a complaint handling system received dunng a certain time period is
Perj%mnce Improvemenr another example of quantitauve data.
An auditor. as part of the planning, will usually have access lo work Sampling of information ior an audit is not always statist~callyvalid,
instructions or written procedures. If the quaiity system is mature, the however. The auditor normally does not have time to review a statisncally
written procedures will describe what records need to be maint;uned, who valid sample from tilousands of instruments that need calibration or thou-
maintains the records. who collects the data, and what knds of data are sands of engineering records. In such cases. the auditor should quanlify
collecied. As 2 result of thls prepmation, an auditor should know what !he number of instruments or records evaluated and identify the areas
dais sheets or records to expect when remhtng the audit site. where they were obtained. Items from a population could be sampled sev-
An auditor should have a plan in mlnd for what needs to be csam- 2r31 tlmes; each ttme. [he auditor will identify the number iqunntity) and
incd. and i t shouiJ be described on the audit checklist. For txarnple. an losatton. T h ~ ssampling technique allows the ciient and the auditee to
:iiidilor will he tniniliar with the inspection records on n production aopreclate the slgnificsnce ol [lie results and better locus [heir corrective
line a i d may decide to csainirie them. Nest, the auditor may decide action activities. l?cvicw~n~ ti~s~rutncnlsor clocurncnts Iron1 a v:u.tety <>I'
how many tnspection records need to be esamrned. Depending on the areas. although noi statistic all^ sound. wili identity it' a problem is sys-
size of the auditee organization and objective of the audit. a sampling temlc or focused in cenain areas."
plan may need to be developed. See the sampiing theory and proce- Sutlsttc~llyvalid sampling plans are normally used Tor product.
dures section ot Part VII and the appendis tor more intormarlon on process. and compliance audits. It would be common tor a product :itidit
sciccttng samples. plan to require siattstically valid sampling. See Part Vll and the appendix
-\n auditor must be familiar with different data collect~onmethods Ibr more d?wil on ssmpliny plans and techntques.
and ~helr.sircn$,s and weaknesses. Proper tralning teaches auditors n.
\vhtch rncthods can be used and which ones cannot be used for a specific 4.LOGISTICS PLANNING
task in part~cularsituations. The audit program can dictate whlch data
collecuon methods are for compliance and which ones can be used only .Audit l~gisncslplanning IS necessap for both audit team coordination and
tor inl'erence. Datacollection plans may include lntenriewtng, observ- establislung auditre communication links. Good pimnlng will result tn 11
1ng. revlewlng records and documents, analyzing data, and stat~stical smooth, seamiess audit performance. Poor planning will malte the audit
and nonstatisucai sampling. An auditor needs to understand basic statis- team appear less professlanai and mght jeopardize meeung audit objec-
tical methods and must be able to choose the one that gives the desired
tives. Auditors nee0 to amve at the nght place, with the ngllt equipment and
intormallon. mformation, at the nght tune, and for a suitable duration of time to get the
job done nght. To help the auditor properly think through what is necessaq
to start the audit process, It is prudent to outline a detailed iogisucal plan."
3. SAMPLING PLAN The 1og1st:cs of an audit are a crucial part of the planning process any
A sampling plan must be developed for each audit. The type and extent of time the auditors must travel to the audit locatron. The following ltems
sampling is normally the responsibility of the auditor, based on the pur- should be included in the plan that is typically given to the auditee in
pose and scope of ihe audit. Questions regarding the adequacy of the sam- advance of the audit:
pling plan should be addressed by the lead auditor. A timeiine plan for the auditor's visit
The purpose of sampling is to gain information about an entire g o u p
of units, items, things, or people based on observ:ng andlor inspecting a The opening and closlng meekng locauon and tune
segment of the group. Sampling is a techmque to gain the information A request for an audit team meeting place, such as a conference
needed at a reduced cost (compared to 100 percent inspection). To be room for team debnefings and discussions of observauons,
valid, the segment or sample selected should be representauve of the equipped with telephones, computer, or any other equrpment
entire group. needed to conduct audit activities
54 I'm 11 :hdif I ' ~ L , P [ I ~ ( I ~ I ~ J I I
..
3 ==
..*.
~*,
-g?
Certificate ot con~plianceforms ative to meetins those requirements. The audit team should review the
Industry prxuces/methods documentation to assure that it meets and complies with the requirements
of the applicable standards and laws/re~ulations.A matnx or table relat-
Fomis used to rccord data
ing each requirement to the location in the company's documentation
Schedules where it is addressed will greatly help the audit team make thls determi-
Trade practices nation as well as help the company ensure that all requirements have been
adequately addressed.
Service standards
Sottware operating manuals
2. AUDITEE'S PERFORMANCE HISTORY REVIEW
Work instructions
- Routing cards
An auditee organlzatton will have a performance hlstory unless the audit 1s an
in~tialaudit or qualiticauon survey. Knowledge of the performance hlstory
will help ensure that positive pracnces conhnue and problems are corrected.
Prevenuve mantenance plans
When pnor audit information exlsts, it should be renewed as part of
Quality inspection pians an auditor's checklist to ensure that corrective action has been imple-
*.!
Purchase order forms mented effectively. Somehmes a pnor observation was reported that was
- Flowcharts
not a v~olation,but an emerging trend. Dunng audit prepmuon, an audi-
tor may examine data to see if this trend has conttnued or if some action
Wntten procedures are reviewed before an audit starts because the has been taken to reverse it.
policies, specificat~ons,and standards dnve the audit preparation. In an Another reason to review past audit records is to identify specific
audit with a scope linlitcd to training in an organization, for example, the ireas likely to have continuing or repeat problems and to determine the , .
appropriate part of the standard that describes the training requirements status of actions taken earlier to resolve any noncompliance. The audit ..
,.
-=
6 ...
.--
team should verify that the corrective actions implemented following pre- A completed checklist provides:
vrous audits have remaned in effect and that they have prevented the
probiem or noncompliance from recumng."
-E. - . Objective evidence that an audit was performed
For internal audits. performance data may already be available to the Order and organization
auditor. For second- and ihird-party audits, the performance data may -+: A record that all applicable aspects of the quality pro,m m were
need to be requested before or dunng the audit. Performance data may exmned
rciatc LO the product, process, or system. Historical information on program, systems, or supplier problems
One ot the most common performance records reviewed by auditors ~?-
is lhc prior uudir report. The revlew may be for the auditor's professional The essence tor the closing meetmz and audit report
bcnclit. or rhc clicnt may rcqurst [hat [he auditor verify correcrlve actlons An ~nfonnanonbase for planning future audits - -
Llom prlor audibs as part of the audit purpose. If the client has-a concern
A vehicle for tune management
about the objecuvity ot the pnor audit, the client may instruct the current -. .I
audit team not to revlew the pnor audit. The purpose of a checklist IS to sather ~nformationdunng the course
Performance records to be reviewed may include: of an audit that the auditor will need to jusrify the audit findings and con-
. Pnor audit reports
- -t clusion. The checklist guides each member of the audit team to ensure that
the full scope of the audit is adequately covered. The checklist provides
Customer feedback space for recording facts gathered dunng fieldwork. with places to answer ""
Corrective and preventive actlon records questions and numerous areas for taking notes.
Product returns . t A checklist is a set of notes and instrucnons about specific thin,-S and
specific areas, wlth specific questions to ask and specific techniques to use
Product warranty clalnls i. dunng an audit. Checlclists or wntten procedures are used to assure conti-
. Product quality ievels
.-.
nuity and comprehenstve coverage of the area of interest and to provide
evidence of the questions that were reviewed and a record of the review."
Process and unit performance compared to goals A checklist may contain a standard set of informanon that every audi-
. Organization and business performance tor looks for, such as the following:
Customer surveys -B
' -
A Does the person being audited have access to wntten procedures
and applicable work instructions?
Field reports
Is the procedure up-to-date?
Does the scope of this employee's trarung cover the observed
3. PREPARATION OF AUDIT CHECKLISTS, activaies?
GUIDELINES, LOG SHEETS Is the organizational structure proper for what the employee is
An audit checklist is the primary tool for b ~ g i n order
g to quality audits. expected to do in the observed procedure?
With a well-planned and well-defined checklist, success is achievable.
Are appropriate records being mantaned?
Without a checklist, an auditor has a disjointed, disorganized activity and ;
no piace to record failed efforts. Before developing the checklists, an audi- The specific format and construcuon of a checklist may vary from
tor must know what the governing requirement's documents say. auditor to auditor depending on what works best for the auditor. Some
checklists are yeslno questions that reference a specified requirement: oth- that were not coinpletely answered. These are iiilportanr issues that can-
ers arc open-ended interview questions that test the limits of a procedure; not be ignored.
and yet others are statements providing additional instructions for the Gu~delinesare additional documented instructions considered good
auditor. Vanations ot checklist questionlstateinent may be: "Does the per- audit praclice that may provide additional information tor conducting the
son being audited ;tlways have access to tile latest version of the proce- audit. Guidelines are not mandatory and are normally prepared in a state-
dure?" "Verify. ihrouzh observations, discussions. and review of docu- ment format.
ments, that individtiais have access to written procedures and applicable Log sheets are another kind of working paper prepared in advance of
work instructions that cover their nct~vit~es." an audit. A log sheet contains auditor notes and becomes a record ot activ-
I n addition. many checklists contain a set of questions for each section ties perfdrmed during ;in audit. wh;tt the auditor obser\'ed. and who the
ol the rcqiiiremeni standard that is being audited n:alnst. This part or the auditor talked to.
checklist includes questions about ii~anagemenrresponsibilities, training,
cltiality planning, and so on. These "canned" or genenc checklist items
should be supplemented with time-specific and circumstance-specific
qursuons and observarions that the auditor wants to nmke during that audit.
Esarnple iog sheet
Checklists sliould aiways be reviewed to make sure they are still current,
One example of a log sheer is a white ruled pad [hat chronolo:ically
since stmdarcls chanye. I
/ derails wlwe the auditor wcnt and who was inten-rewed.
Deviations Iroin the checklist inay result trom 11 c h ~ n g ein the audit h
I tirid report will he iorwrded w h m two business days. The auditors will be
h e Red ;ind in?self
four to sls hours per person.
Availabiiitv of Other Resources. One problem is the lack of avaii-
I The on-siie audit is scheduled for March 3 r d through March 24th. The
audit teain will need 3 room with z table. telephone. and electrical outlets for
computers and printers. The audit plan is enclosed. As a p e d , please for-
ability of other resources, such as funding, that can have an effect on
audit planning. Another probleiii is that the auditee may fail to ior-
ward the necessary documents to the auditor in tune to allow adequate
w a d the qualit!, manual to illy attention to amve no later than two weeks preparation.
before the scheduled audit. Scheduling Difficulties. Often other events i&e pnonty and make
T h n k you for your cooperation in making the necessary arrangements to the the audit difficult to schedule. Such events could include a major reor-
planned quaiity audit. If you have any questions I can be reached at the ganization or merger. Perhaps the auditee has just recetved a major
CcW-XXX-XXXX. contract, or the audit is scheduled at the same time a regulatory
Sincerely, agency plans a vistt. The audit is an important event. but sometimes
other events taite higher pnonty.
Auditee Availability. At tunes, in spite of all good intennons, some
I John Doe, ASQ CQA
e/.pjc"w
auditees can not be available due to pnor business comrmtrnents or
personal ernergencles.
Chip jones, Client
nathenng portion of the audit that covers the time from the auditor's
L
were properly prepared and that they are aware of <he place and staning
tlme. The lead auditor is determined by the client or audit pro,-ram man-
aser and,.should not be confused with national certification pro,-rams that
classify auditors as an alrdiror or lead auditor.
-
1. AUDIT TEAM MANAGEMENT
The lead auditor should convene the audit team in a quiet portion of the
facility or in a conference room at least once a day throughout an audit.
Some teams prefer to hold daily meetings in the momng, while others
prefer to hold them before lunch or at the end of the day. The tlrning of the
meeting is less important than the topics discussed.
Fist, audit team members share the informahon they have gathered so
far. Then team member; propose conclusions or identify potential problem
areas on the basis of the informahon gathered. If contradictory information
has been gathered or if team members disagree about what has been
observed, the team must gather additional information. Finally, in an effort
to keep the audit on schedule, the audit team discusses what areas may need
more or less attention than originally thought. This discussion redirects or
modifies the remaming audit schedule, which helps keep the audit on track
and prevents the audit team from b e c o m g distracted by m o r issues.
Between meetmgs, the audit team members are "on their own." If a team
member mns into a problem durhg the audit and is u n c e m about how to
handle a situation, the-member should contact the lead auditor immediately.
In summnry, daily meettngs help a11 audit team (1) discuss and con-
firm obscwations and potenttal findings, (2) determine how they rnlght
relate to ocher areas, (3) plan tor the next day. and (4) prepare for the daily
meeting wtth the auditee.
Verify requ~redsafety and secunty clearances Control assurance Ms. Aposuophe Mr. Brackets 10-1 1 A.M.
Ident~tyloc:li language Issues and concerns (different languages Customer
used in the work place, slang, word usage level) Requirements Marketmg ivlr. Colon Ms. Dash 10-1 1 .&.hi.
Desrgn and
Ident~fywork agreement requirements between management and Development
labor that may affect the perfomance of the audit ..
Control R&D ~ ..
The opening meetmg establishes the best climate for developing rapport
and sets h e ground rules for conducnng an audit. Before an audit starts. mdi- Figure 10. Detailed audit schedule.
vlduals should know the daily audit schedule and what to expect in the exlt
meeting. \vntren repon. corrective acuon I-eques~s.and possible follow-up. Cr
The structure of the openmg meetmg should be ilexible and the levei of for- May present the audit checklist to the auditee
mality will depend on several factors. mcluding the audit scope. the purpose, Sets the detailed audit schedule (see Figure I0 for an example)
the size of the audit team. and whether the audit 1s internal or
While an openmg meetlng should always take piace. in the case of an Describes the quality-related documentatlon used to deveiop the
internal audit. it is frequently a-short, informal meeting. Often there IS audit plan
more lnteractlon between ihe audit team and management in the prepara- Ensures meenng mlnutes and attendance are recorded. These
tion stage of internal audits. Since internal audirs usually occur on a fairly dutles may be completed by the lead auditor, or the lead auditor
regular bas~s.all partles normally understand what will he examined may asslgn the dutles to an audit team member
before the audit takes place.
Verifies that auditee's management has communicated to
Roles and Responsibilities of an Auditor employees and other Interested parties, such as a unlon, that the
audit 1s belng conducted
The enure audit team should attend the operung meetmg, whch 1s conducted
by the lead auditor. The lead auditor prepares the meeung agenda and often The lead auditor should also describe the audit process and the anuc-
hands out copes in advance. At the opelung meehng the lead auditor: tpated benefits. The lead auditor should allow tune in the schedule to
Introduces audit team members and presents theu credent~als answer any queshons From auditee personnel. ., , 4
safety rules
-"
interview employees, physically examine samples of product, and observe Records should not be accessible to unauthonzed personnel. They should
work in progress. The auditor must sort and summarize the objective evi- be backed up or stored in more than one location. Wntten records should
dcncc gathered lobservru~ons)into a format that will bc useful to the client be pemianent-wntten in ink, unless environmental circumstances do not
and/or auditee. allow recording data in ink. For example. some chemicals used in labora-
tones may cause reactions when they come in contact with ink, so an
alternate means of recording data would be permmible. If records must
1. DOCUMENTIRECORD EXAMINATION be changed. the changes should he dated and signed or initialed. The ong-
An auditor must he well-tniriied in methods tor examining documents and inai ~nforn~atioii shouid be kept intact so that the new information and the
I-ccords.A docuinc~~l specifies ~ 1 x 1 1.s/ro~~l~l
be done: 3 record specilies reason l'or the change can be sssessed. Er~suresand use of correction fluid
what lrm been done. Docin~re~iis are written instructions or procedures ure stnctly forbidden on records.
that establish a practice or tell a person how to do aj0b. Examples of doc- Documents shouid be curent and available to the peopie who need
uinents includl: writlei1 work instructions. purchase orders. proccdurcs. them. Sometimes. what an auditor sees on the production floor does not
diagrams. dn\'ings. and blank forms. In contrast. records resuit when a match the documentation because the documentation has not been
particular step or process is performed as directed in the documents. updated as procedures have changed.
Rtcord< :ire tv~dencct h ~ practices
~t outlined in documents have been Some documents and records reside in computer programs. Access h
pertormed. Thus. records venfy thth the actions specitied in docurncnts and changes to documents. as well as changes to computer code. must he
have indeed taken place as required. controlled. For records. controls should be in place to limit who can
access records. enter data as a record. control record changes, and control
Reasons for Examining Documents and Records code changes to the softwnrc.
Documents and records must be examined for the following reasons: Tracing IS a common means of collecting obje~ti'e evidence (Facts)
dunng an audit. An auditor may read a procedure or become familiar with
To ensure that docuinents adequateiy meet h~ghertier a method and then observe others attempting to accomplish the procedure.
requirements, such as policies, codes. and standards If it cannot be done. the auditor needs to d e t e n n e whether the procedure
To ensure that records provide the objectwe evidence to is inaccurate. which could indicate that the person who wrote the proce-
demonstrate product acceptability and the appropriate dure did not understand the process or that the process was changed and
~mpleinenrationof system/process controls the document was not updated. The altemauve is that the process is being
To provide the auditor with an understanding of the improperly performed, wb~chcould indicate that employees have not been
system/process under investgation adequately trained.
An auditor may examine items to verify information. For example, if
Document and record examination may reveal incomplete, conflicting, a record says "thls cabinet was panted blue," the auditor examines the
or incorrect information that must be addressed by the audit team. The item to see if it is mdeed blue. If the records states "there we 10 noncon-
implementauon (deployment) of documents (policy, procedure, plan, etc.) forming items awamng disposiuon." the auditor should go to the noncon-
are normally verified through examnation of records, interviewing, physi- forming bold area to count the number of items awaiting disposit~on.
cal examinatton and observing work. Documents and records can be sampied to verify &at they are accu-
rate. Sampling is employed when 100 percent inspection is not practical.
Document and Record Considerations To test the accuracy of a document, an auditor reads it and then goes to
To ensure that documents and records reflect actual practice, the auditor where the work is being performed to observe andlor interview operators
should verify that thcy ilrc secure, permanent, current, and accurate. about the process. In the case of records, an auditor can sampie portions
Clionrer C Darn Collecr~o~r 83
of a record by verifying that the recorded result occurred. This verification understand a question. An escort can often help clarify commumcation prob-
can be done by talking to the person who recorded the information or by lems resulting from unfamiliar terminology by rephrasing a question. An
alternate means. sucli as cross-checking a log calculation. escort should not be pernutted to answer for an mterviewee, however.
When auditors make a conclusion about whether necessary controls
2. INTERVIEWS are in place, they must communicate the prelimnary conclusions to the
interviewee and/or escort. For example, an auditor could say, "That's
Interviewins, the process of obtaining informatron from another person rn good. I t looks to me as though you have a thorough understanding of the
response to questions. IS an important and widely used form of data col- requirements of your job and are doing good work." An auditor who sus-
iection in auditing. However. verbai statements arc hearsay unless corrob- pects-z~otentialfinding could say, "It iooks like we nught have aproblem
orated. Auditors must realize that the Interviewer may have a hidden rn this area. I can't see where those controls are placed." Such comments
agenda or certan biases when responding to questions. give the interviewee an opportumry to offer more information. If the inter-
Interv~e\vsare nornially conducted one-on-one: but an audit team may vlewee is able to allay the auditor's concerns, no problem exists.
occasionnlly find i t necessary to interview groups of individuals or to con- The auditor usually takes notes throughout an interview and should
duct .rnterviews by teieplione or videoconterencing. While one-on-one, take a few minutes at the end of each interview to ensure that the notes
face-to-face interviews arc preferable for ohtaui~nginfomiarion. other will be complete and meamngfui when reviewed later in the duy. If exten- .-
methods can conserve resources. sise note-taking is necessary, it may be best for the auditor to step out of
Int~.rvrewsare used in audits to gain insights, clarify information. con- the room or into a secluded iocation to record observations so that the
firm or deny suspicions. and elicit details that may nor be brought out by rnrerviewee will not become unnerved by the auditor's recording large
other audit activities. Arter has suggested using 3 sis-step Interview amounts of information.
process developed by Frank X. Brown."' In all communications with the auditee, the auditor must focus on the
I . Put the interviewee at ease. situation, issues, documentation, actlvlties, and/or behavior-not on the
2. Explan your purpose person. When commumcating with auditee management, the auditor
should avoid naming individuals whenever possible.
3. Find out what they are doing People respond readily to inquiries and offer helpful suggestions for
4. Analyze what they are doing improvements if they feel that the audit team is smcere, appreciates their
views, and has their needs and interests at heart. Each person involved
5. Make a tentative conclusion.
with an organization has a unique perspective, as does each member of the
6. Explain your next step. audit team. One person can filter information differently from another,
When conducting an interview, the auditor should begin by introducing miss an angle, or stop short of getting the full story. For these reasons,
hmself or herself and'putting the interviewee at ease. The purpose of the facts stated and other data collected during an audit lntervlew must be cor-
interview should be explained, followed by general, open-ended questions roborated to ensure accuracy. The information can be corroborated in one
that get an interviewee tallcing about the job. An auditor may simply say, of three ways:
"What are you doing?" or "What tells you to do that?" If the intervlewee's 1. Another person, preferably from another g o u p or management
answers c o n h n the documentation. the information has been corroborated. level, says the same thing.
If not the auditor needs to probe by askmg more specific questions to ascer-
2. Another member of the audit team hears the same thlng from the
tain if a work problem does indeed exist, or whether the interview is being
same or a different source.
hampered by mscommumcation. An auditor may not understand the process
the interviewee describes, or the i n t e ~ e w e emay misinterpret or fail to 3. An Item, document, or record verifies the action.)'
Steering the Auditor Toward Specific interviewees Not
The auditor should sag
Several types of problems niay occur dunng interviews. and auditors
should bc trained in techniques that minimize such interference. One How (where. when. who. what. Do you record the tesr.results i n the
sucli problem occurs when an auditee attempts to steer the auditor toward why) do you record the tesr resulls? lab log book'?
spccitic tnterviewees. Auditees often prefer that auditors intcrvrew cer- How do you know thts value is nght? This instrument is calibrixcd. isn 1 it?
tain personnel and avoid certain others. However, this person's h o w l - Whut is rhe fin1thing you do? First you set up the equtpment. nghi?
cdxc mav iiot bc typical ofothcrs in the organization. Therefore, the audi-
lor shouid lahe ciiai-gl: of [Re selection process. How do you know this is thc current Is this drawtng curreni (correct)'?
An-auditor shouid approach an area and look around !o see who is icorrect) version ot the drawing'!
doing what jobs. Candidates for interviews can be randomiy chosen as How were you maned lo perform Did you read <he standard opemiins
Ion: as it is safe to intemipt them in their jobs. The auditor should follow this procedure? procedure dunng trmning?
thc intcrvtew protocol described on the precedins pages. What are tlir reporting requirements Don't you have to notify your
11 ail auditre insists that il specilic person is unavailable for inter- for noncontornnnces? supenxor whenever a
viewin:. the ;itiditor should be consider~tebut persistent i f the interview nonconformance occurs?
is si1a1 ill the succcss 01' tlic audit. Without bein: threatciitng. the auditor
can su::est that the person's unavailability may prolong <he audit. A state- What is ilie standard procedure tor When a customer calls. don i you h x e
responding io customer cornplatno'? to record ihe details on Form )iX?
men1 such as "1 may h a w to stay over for another shift" may gain the audi-
tor thc desired cooperation. Is rhls equipment calibrated? How Does this sticker indicate that the
do you know'? equipment is calibrated?
Answering for the lnterviewee How do you know how to do this Do you follow ihe procedure for thls
Another common problem occurs when an escort or area supervisor operation? operation?
answers for the intervlewee or intimidates herhim. An escort generally
What do you do with the finished Do you place [he finished product on
stays within iistenmg distance and takes notes, but should step back the rack?
product?
slightly. An ideal arrangement is for an auditor to sit or stand between the
interviewee and the escon. facing the interviewee.
Figure 11. Open-ended questions conrrnsred with closed-ended questions
An escort is to be an observer only and should not be involved in the
interview unless there are communication problems. An auditor can m n -
imize an escorr's participation in the interview by directing questions to
and maintaining eye contact with the interviewee. For example, questtons wlth the questionmg. Leading questions can be avoided if the auditor asks
about machine setups and the measunng of parameters are normally open-ended questions, such as those in Figure 11. Addiuonally, if an audi-
beyond the knowledge of an escort. If an escort starts to answer for an tor goes into an interview expecung to hear c e n m answers, the audit results
auditee, the auditor needs to redirect the question to the interviewee, likely will be biased.
avoiding eye contact with the escort. If an escort conunues to interfere, an
auditor shouid say, "I prefer to get the informatton from Me staff member." Communication Problems
Communicatmn problems or other conflicts may occur between auditor
Asking Leading Questions and interviewee. CommunicaOon problems are probably the pnnclpal
A different land of problem occurs if an auditor asks leading questmns, difficulty that must be overcome durmg an audit. An auditor can nuni-
expecung to hear certan answers. An auditor should not lead an interviewee m z e the effects of mlscommumcation by relylng on the escort to correct
misunderstandings and by corroborating all information through one of physical properties may include m a r h g s on tags, types of packaging
the methods aiready mentioned. materials, condition of work area, and ihousekeepmg), condition of equip-
An auditor who does not have a good grasp of the process being ment. Physical examnation is one of the most relyable sources of objec-
audited may not ask the nght questions and may realize only after com- tive evidence.
pleting the interview that imponant issues were not addressed. To recover Before takmg an 1nspecUon tool in hand, the auditor should be aware
troin such an overs~ght.the auditor may revisit the area or rase the Issue of work rule restrictions that may exibt in union shops.
at thc daily meeting for necessary action.
Other types of contlicts may lnclude empioyees who are hostile to
rinyonc in authority. Sometimes interviewers are unable to concentrate 4. OBSERVATION OF WORK ACTIVITIES
becaus; they are distracted by the fact that their jobs &e not getting done. An auditor observes '.work in progress" to see if it meets requirements. An
People are afraid to say. "I am very busy. I need to complete t h s test. Can auditor gruns this knowledge by monitoring a process bemg performed to
you conic back in 10 mi~iules?"A good auditor will sense when an inter- see how the work is belng done.
viewcc IS prcoccupied, movc off, and find other ways to keep the audit Obsenmio~zmeans "to watch attentively" or "to watch or be pre-
inovlng. Aiditlonally. the auditor should guard against reacting rmprop- sent without participating actively." Hence. auditors must be well-
erlv io eiiipioyces who h : w -hidden agendas" or "ascs to gnnd." trained in observation techniques so that they learn how to observe
closeiy but not obtrusively. Because an auditor's presence may be dis-
tractlng to peopie at work, the auditor needs to nlinimize any inrerfer-
3. PHYSICAL EXAMINATION ence resulting,.from it. An auditor also should realize that disrupnng a
The typ?s of physicai esaminatlon tools used by auditors can vary widely worker may be unsafe.
depending on the industry. An auditor needs to be familiar with thetools An auditor needs to know when to observe work. For example. if
and techniques applicable to the industry or company being audited. In auditors desire to observe work being done by different shifts, they should
addition to knowing which tool to use in what situation, the auditor should be aware of when shift changes will be taiclng piace. Auditors should
bc aware of the problems that can anse if tools are used incorrectly or avoid retaining people through shift changes or dunng the~rbreaks.
inconsistently. If the auditor has no espenence wtth the necessary tools, a Most importantly, auditors need to understand what to observe and
technical expen should be included as part of the audit team. what they have seen. For example:
Physical exarmnation tools are normally associated wlth product audits. The auditor should establish if the product is made according to
In a hruvy manufacturing environment, an auditor may use calipers, steel the documented procedures by the mdividuals responsible for
rules, or micrometers. for example. to take measurements. An auditor may using the specified equipment. The auditor records the results of
31~0observe others using these tools in order to verify that a product meets observanons.
cenan charactensucs. In most circumstances, it is essential for tools to have
been properly calibrated; however, exceptions do exist (e.g., a volt meter . When lookng at equipment, the auditor should note the type,
condition, use, and any identiiicahon tags or numbers. The auditor
may be used to detemme if power is turned on or off, not to measure volt-
age). If the auditor uses measuring devices that require periodic calibrating, should also establish that the equipment has been properly
the audiung organmuon should follow an accepted caiibranon pro,gam. mantaned and calibrated, if applicable.
Beyond examinanon of finished product, all tangibles can be physi- The auditor should verify that employees are familiar w~thpolicies
cally examined and characterized in some way. Tangible items that have and procedures, that they know their responsibilities and roles,
-
I .-
&
and that they have the necessary training. skills, experience. and
authority to perform their jobs.
When revlewmg dociu~~r~rts an auditor should verify contents,
. i;
. ...
j'
type. scope. tormat. readability, and date. How the document has
been filed and distributed and the method by which modificat~ons
-
~----
=
.
i..
have been made are also important. .= k
&
By listentng and watching, an auditor should be able ro ascertain if
what tile worker 1s doin; supports the procedures outlincd in quality-
i1
'-
-
.- .i!pnc aqi jo i ~ o i s r qaqi ? p ~ ~ o l d
puc suoneuasqo p~osal01 a x j d e a p r ~ o ~plnoqs
d s.radcd S U ~ J O~Ap n~ r :
-
-- - aqi Zuunp pasn sladcd S U ~ J O1yc
M a ~ o ~ d plnoqs
dc .Iol!pnc psa1 aqL
-... .asuaprna annsalqo plosa101 pasn an! sladnd
- Jaqio put? smro.~'sJoi!pne u a a ~ ~ X~uals~suos
aq aplno~dpop a:,ucru~o$uo:,
30 asuap~naan~isalqoaprnold a1reuuo1isanb puc sxqqsaq:, upnc aqL
audit findings. This evaluation may be the result of the auditor's professional be verified with a record. A check sheet that confirms a particular actlvzty.
judgment, or the auditor may use staUsucal techniques. The auditor needs to or minutes from a meetlng can be ObjtCU\,e evidence. If an auditor talks to
be able to apply rood judgment as well as have ;I worhng knowledre of sta- a supervisor and get. one story. and then talks to several operators mdepen-
tisiicni ai~alysistcchriiqucs. Whatever the mcthod of cvaluauon or analysis denkly atid hears Uie same cxplaiiations, rhat auditor has corroboration of thc
uscu. the auditor must ensure that drc~sionsmade froill data and inforn~auon evldencc for the investi~auon.Techni~~ues to corroborate information from
gathercd d u n y the course of the audit stand up to scrutiny by others. interviews were presented in chapter C. "Data Collection."
An auditor must bc able to summarize the results ofdata analysis Into Corroboration methods are used by the auditor to make more ceriain
;I u n ~ l i dsiatcmcnt about thu adequacy and cffectivcness of the process about or io validale data that could be considered unreliable or quesl~on-
rcprescntcd by the anaiyzcd data. The ;~uditorshould esaiiiinr patterns or able. lnforniatron from interviews must be corroborated by asking another
trends a i d cons~lidaicsimilar observdtions into a single finding. person or chechng records and documents. Another corroborauon method
Pnor to the final presentatton to the auditee, the audit ream members may be to check different shifts or departments to establish consistency or ~.
... .
~
should review the final results. judgments. and analyzed data to confirm inconslstcncy.
the accuracy 01 the data and the decisions denvcd from that data. In the Evidence should be collected on all matters related to audit objectives
event ol a conllict between members of rhe audit team as to the accept- and scope. Evidence can tnclude procedures or work rnstructions and proof
;ibilitv ot the audit resulis. the lead auditor is responsible for resolving all of thelr implementation. esanilnauon ot personnel training and quaiifica-
issues an3 dctermiii~n~ wli;it shouid be reported. The other members of the rioti records. esamination ot process controls and records. a d reesamlnri- h.
audit lemi I I ~ U S Is~ipport~ i i edccistoo of the iead auditor. Verification 1s tion 01 selected work. Evidence needed to support the auditors findings
done primarily to preycnt errors in the reporring oS audit results. may be physical. testimonial. documentary. or mnlytical. Objectlve cvi-
Facts 01 the audit x c prcsenied at the exit meeting and in the final audit dence niay*beobtained internally from the organrzation under audit. ester-
report. The methull of presentation depends on the type ot data analysis nally from thlrd parties. or by coiilpanng evidence obtained from two or
used. The rcporiing method should enable the auditee to understand the more sources. Evidence obtamed from independent, estemai sources is
finding to tncilitate investigation and to take proper corrective action. generally more reliable than information obtaned from Internal sources.
Knowledge obtained throush physlcai exmnatlon, observat~on,computa-
I. CORROBORATION AND OBJECTiViTY OF EVIDENCE tion- and lnspeclion ts more reliable than interview comments. Evidence
An auditor measures compliance with and conformance to specified denved from records is likewise more reliable than oral evidence. Any evl-
dence should be suffnent. complete. and relevant, to be useful as a sound
requirements by gathering and analyztns O b j e ~ t l ~
evldence,
e "information
which can be proved true, based on facts obtained through observation, bass for audit findings and recommendations. .4 rational relationship
measurement. test. or other m~ans."~'Objective evldence is uninfluenced should exist between the cost of obtauung evldence and the usefulness of
by prejudice. emotlon. or bias. I t is anything that can be proved or dis- the eviden~e.'~For example, the costs involved in shutnng down a manu-
facturing piant to obtaln data or in traveling to 100 service centers to ver-
proved when requ~redactlvitles are t&ng place. Records, wimessmg an
ify that employees know the quality policy may not be justifiable.
event, and discussions with personnel could all be sources of 0bjectlve
ev~dence.Sampling different sources 1s a means to verify the observation
as objective ev~dence.Two auditors examining the same objective evl- 2. DATA PAlTERNS AND TRENDS
dence should be able to reach ihe same conclus~on. At its final gathenng before the exll meeung, audit team members evalu-
An auditee presents evidence to an auditor to prove that the audited sys- ate the accumulated data; they sort 11, see what supports it and what 11sup-
tem works as the auditee has explaned it and that wntten documentation ports, and look at it away from the sltuatlon to see what it means. Any
exists to support the system. If something cannot be observed, then it must finding should be clear to a reasonable person. The auditor has to look at
the evidence found, its reiution to the purpose of the audit, and its impor- to the importance of an observation. If there is significant opportunity for
tance to the entire scheme that lias been audited. project failure or a safety concern, a cntical activity or item should be
The lead auditor must make every effort to resolve contradictory evi- reported after one occurrence as opposed to multiple occurrences for an
dencc or open issues prior to reporting the results of the audit. However, Item of lesser importance.
if contradictory evidence lias been gathered and the audit team cannot Additionally, observations may be classified as nnprovement points or
obtain additional data, rile contradiction should he included in the audit positive practices (not a violation of a requirement). An observation of a
rcport as 3 finding or observation. and clarification should be requested. A process or system that is very effective may warrant reportins the obser-
supplemcntal report can be generated if needed to clarify the onginal audit vation as a positive practice.
ircport. Depending on the client, <he industry, and audit procedure requ11-e-
Througli unnlys~sol':i~iditdata. he uudit team can distinguish between ments. auditors may define and rcport other clussifications ior obssrv:i-
systcrnlc and isolated incidents. An auditor who detects a possible prob- [ions. The other classifications include concern. -0bservauon. issue, and
lem looks for a recurrence. If subsequent data show recurrence of the inci- continuous improvement point. They are not violations o i a requirement;
dent in several placcs. it is a systemic incident. Data that reveai a trend and hut based on the auditor's experience. thcy are noteworthy and in some
pattern may also support a conclusion that an incident is systemic rather cases they could develop into a problem if not corrected. A11 classifica-
than isolated. For example. if one piece of equipment is overdue for cali- tions of observations should be identified along with expected follotv-up
bratioii by about n month. but all other equipment is in calibration. the actions. *r.
audiree may havc a good calibrar~onprogram and the one piece of equip-
incnr IS an isolated case. However. if a high percenmge of equipment has
4. CLASSIFICATION OF NONCONFORMANCES
~iotbecn czlibratcd on scheduie, thc probleni is systemic.
Thus. an auditor needs to look at things from a system standpoint and An auditor must sort and classify facts based on the seventy of the prob-
try to assess how the overall system is worktng. If, after preliminary eval- lem. the frequency of occurrence, and the nsks associated with the prob-
uation of data. a problem appears to be systemic, the auditor may need to lem. The terms no~?co~npiiance and 1101icot1fort7lnr1ceare frequently used
draw another sample. Once i t has been determined whether a problem is to report the results of the audit. In common practice, these terms are
a systemic or isolaled event, it can be classified for reporting purposes. used interchangeably. The most cntical problems are often called major
nonconformances. Reporting problems found during the audit as non-
conformances is one of the most popular reporting techn~ques.A non-
3. CLASSIFICATION OF OBSERVATIONS
conformity is nonfulfillment of a specified requirement fANSIIISOIASQ
An auditor uses several techniques to classify and prioritize observations AS402-1994,2.21) or alternatively a failure to meet a requirement. Most
before the exit meeting. In any audit, nsk is associated with reporting a quality system registrar auditors are taught to report nonconformances,
finding on the basis of available data. An auditor may fail to identify a sig- and consequently many auditors of registered organizations adopt t'he
nificant problem or may Identify a problem that is not significant. Evalu- same method of reporttng. A nonconformance may be systemic or iso-
ation is often based on a relatively small sample and, therefore, mvoives a lated and major or mnor, depending on its effect on the product, service,
large sampling nsk. A problem or noncompliance may be classified as a or system.
nonconformity, noncompliance, or finding. The auditor should also group Some audit organtzations report problems found dunng the audit as
"like" observations under similar findings or nonconformances. findings. In general, tbe repomng of findings is c technique m whlch only
The risk-benefit ratlo is a method of analyzing the risk of reporting systermc issues or conciusions regarding individual processes or systems
(based on the sample) or not reporting compared to the benefit to be are reported. S o m e h d i n g s are more mportant than other findings-all
gained by reporting or not reporting an area of concern. Criticality refers findings don't have the same importance to the organizauon being audited.
The methods used to classify audit results vary from organization to Employee awareness, and dissem~nationof established quality
organtzation. Some organizations classify findings as major or as category --.:I policy
i findings, whilc observations are classified as minor or category 2 find- -- Teamwork and employee involvement with management
rngs. Others simply report the tindings in the order of their importance. .& parucipation. and demonhlmted resource conlmtrncnt
Sorting and classifying nonconfomties and findings is a method to a s s e s s 7
their significancc. Auditee organization's business and strategic pians, culture, and
klinor nonconlorrnlties usually do not denote a system breakdown, --- values
but they could ~ ~ s uini tone in the future if not properly corrected or con- Cntlcui system issues. rather thdn nitpicking trrvi a I'itics
taincd. Whatcvcr tcrnls arc uscd to report the results 01 thc audit. they
should be clearly defined by the audit organizauan. - ., . ~
Opportunit~esfor improveiileilts, without acting as a consultunt
-
-
-
---
Positives
5. CONCLUSIONS An auditor can get an indication of the effectiveness of controls by the
For audits that x e meaunng conlpiiance. or fuUillment or requirements. the nature and number of nonconfomlances observed.
lead auditor should report the overall d e r e e to which those requirement; are The final audit team meeting is held after improvement areas have
hein: mct. The audit conclusion sliould m:ttch thc :iudit purpose. For exam- been identified 2nd just pnor to the exit meeting. The team collects all
K.
ple. 11 the purpose vl11ie :iuilit is to detemline if the extsting controls comply intormution and identifies signiticdiit areas to be mentioned at the exit
\\pithinternatioixil ~rdiillurdsand x e being m3intained. then the audit conclu- meeting. The team:
sion should state the degree to which this has been accomplished. Decides on the content and emphasis of the report
son^ audits measure not only compliance. but aiso the efliciency and
e#ectiveness of the controls that arc in place. If a control IS attempting to
. Sumiiiarizes all nonconfonnities- and/or findings
achieve a certain result. an auditor can determine if the des~redoutcome is Finalizes a list of opportunities for improvement
being achieved by analyzing observat~onssuch as: "the presence ot dam-
aged material in a warehouse indicates that matenal handling procedures
- Decides on a list of posltlve practices or noteworthy achievements
may be ineffective", "the use of nonconform~ngmaterial in finished prod- Based on the conclusions formed at this meeung, the lead auditor
uct indicates poor control of nonconforming material", and "obsolete prepares a preliminary draft of the audit report. The draft report can be
drawmgs and procedures in a manufactunng area ~ndicatethat the docu- handwntten or typed on a computer. Part IV of the handbook presents
ment control system is ineffective." additional information about audit conclusions and reporting the results
The lead auditor's overall assessment of results plays a cntical role in of the investigation.
meaningful audits for improvement. The following items should be con-
sidered in the iead.auditor's assessment:
Quality management system matunty --
- I
-
-.. I
--
.
Overall system effecttveness, rather than segmental ineffectweness %I..
=I
-*
Implementation of corrective and preventlve actions and theu
effect~veness ---
-
5
'.
Internal quality audits and their effectiveness related to continuous -
improvement mechanisms in place -
:..=
% .-,
-1
The exlt meeting, sometlines called a post-audit conference or closure
meeting. ends the pertonancc stage ot an audit. At the exlt meetins. the
lead auditor presents a draft or preliminary audit report to the auditee.
KI
The purpose ot the quality audit report 1s to communrcate the results of the
Investlgatton. The report ~Ilouidprov~drcorrect and clear data that will be
effective .as a management a ~ din addressing lmponant orpizatlonai
~ssues.? The audit ends when the report 1s Issued by the lead auditor.
However. follow-up and closure actlons may be necessary, as will be dis-
cussed in Pan V.
After audit results have been reported at the exit meeting. the lead auditor
formally communicates the audit resuits in a wntten audit report. While
the audit team may have prepared a handwritten or typed report to present
to the auhitee at the exlt rneetlng, that report should have been clearly
marked "draft" or "prelimtnary..' The exlt meeting shouid include discus-
slon of all significant findings so that <he auditee is not surprised by infor-
matlon m the final audit report. The final audit report formaiiy cornmuni-
cates the audit results to the ciient and the auditee. The audit report is
prepared, signed, and dated by the lead auditor. It should be reviewed and
approved by the management of the auditing organlzatlon as we11 as by
the ciient before it is sent to the auditee.
The audit report should be sent to the auditee in accordance wrth a
mutually understood time frame. Short tlmelines between performing and
reporring about the audit are highly des~rable.When a significant amount
of time passes between the end of an audit and the Issuance of che audit
report, the urgency of the corrective action is d-shed, misunderstand-
ings or miscommunicahons are more likely to occur, the auditee may be
less motivated to resolve problems, and the audit program may be viewed
as inefficient.
An audit report serves the following functions:
It supplies information that verifies adherence to requuements or
that initiates correcttve actlon and system improvement.
luo Purr !s . h d t c, , c , ~ , ~ ~ ~ r ~ ~ d :
uvc lrcnus. This same type of analysis 1s valuable to the auditor, auditing
w p i ~ z i u i o n and
. miicei. crntern:ii deparirnmt. supplier. or costomcrj." I1
i
1. AUDIT DETAILS
While the format of the written audi: report can vary w~deiyfrom com-
pany to company or industry to industry. cenzin intomation alwdys -.
should be included. Most audit reports contain an introduction. n sum-
mary. ;Ilisting of the findin~s/noncontormiries.2nd requests for corrective
3CtlOIl.
An audit report should not normally name mdivlduai employees of the -
auditee in connection with specific findings. observations, or nonconfor-
mantes; a report should refer to posinons, titles, or systems when identi-
fying deficiencies. However, an auditor may encounter a situation where
nammg an mdividual is appropriate and essennal for effective corrective
action-if the mdiv~dualhas speclal or unlque knowiedge of a sltuatton,
product or process.
There is no standard length for audit repons. However, repons should
be conctse and should conram prescribed information. The content may
depend on the size and compleslty of the audiree organization and the
number of findings/nonconfomances identified, as well as client or audit
organizauon report procedures and guidelines.
Repom may or may not conratn attachmenrs. Attachments (or exhibits
or examples) may ~ncludeminutes from the exdopening meetm,,0 atten-
dance roster of exitlopening meetktg, requesls for correctwe action issued
at the exit meeting, nonconformance forms Issued at the exit meeting, and
charts. calculations. documents. records, or other matenal required by sions. The most common terminoiogy used to repon the results of an audit
audit procedure or that add value to the report. are nonconfbr-niiryandfildi~~g. The termnology used should be defined to
The audir repon starts off with an introductton or background. Much of ensure the auditee's understanding. Observations made dunng the audit
the introductory matennl included in an aud~treport can be completed from that vtolate a requirement should be reported and theu importance s'hould
the audit plan betore the audit is pertormed. The audit repon introduction: be taken Into account. Withln rach category, further classifications of cnt-
States the purpose and scope of the audit ical. major, and minor may exist.
Each problem area should be listed in one or two sentences. The
Identifies the auditee. client. and audittng organtzation report should include facts or examples that suppon or explain each find-
- presents
ldsntifics the audit ream members and the lead auditor, and
thetr quniitications -. .
ins or posmve practice. The results of the audit may be listed in order of
importance. in sequence of the procedure or performance standard
clauses. or in no p;trticular order. Noieworthy accomplishments, positive
Specifies the audir dates and locations
practices. or processes Chat work exceptionally well may he mcluded and
Specifies the stmdards (manuals. procedures, memationti1 can be lisled at the front or back of the report, depending on the auditor's
standards, etc.) used for the audit preference. The auditor should note that the findings are symptoms, the
Addrebses confidenttality issues causes of which remain to be identified.
The results section of a formal report should include the follow in^
May list auditee personnel involved in or contdcted dunng tlie audit information:
Lists report distribut~on . Audit findin~s/nonconfomiriesand number
Nomyally. an audit report identifies an area of noncontonnance in the . Specific requirement
auditee s system and does not contain derailed techcal informauon about a
Details or specifications of the nonconformity or finding
propnetary process or matend. Any confidenud informauon rhat may appear
in an auditor's notes or m the completed checklist must etther be protected to Provisions for auditee's response
prevent disclosing a confidence or destroyed. The official records contan a Provisions for recording corrective acuon and follow-up activities
copy of a blank checklist, whch does not c o n m propnetary informauon.
Additionally, the inroducnon may mention the auditee's audit history, Recommendations (if required by client) for correcting
discuss the methods used dunng the audit, and mention the records or deficiencies, or suggestions for improving the quality program
documents that were examined as part of the audit. Each report should be When the client requests recommendations from the auditor, the recom-
uniquely identified by title, number. letters, or a combination so that the mendations should be clearly marked or placed in an appendix or separate
report can be properly referenced and retrieved. report. In most cases, the auditee is under no obligation to implement
auditor recommendauons. Some auditors use the term sitggesrlon for
rrnproventer~ras a less formal term with a lesser chance of being msinter-
2. COMPUANCE preted as directive in nature.
The audit report should explain how the results of the audit are
The results of the audir may be Indicated as findings, nonconforrmues, classified and prioritized. For an example of an audit report format, see
deficiencies, adverse conclusions, or significant observations and conclu- Figure 12.
To: Auditee responsible for rcpiy
From: Lead audit01 ~ c t r o naddressee: Finding ::
Subject: Audit of iprocedure. rirle. md number or sub~rct) Director of engineering I.C. 1
Director of operations I.C.2.3. 61 7
Reference: List of procedures audited and to which ret'erence is made in Director of quality wurance I.C.&. 5 , S: 6
rhe list ot bindings. 1.r.. quality tmnual dated XS-XX-SX.
MIL-STD-SSSS. ere. B. Follow-up
Reference matertai pertaming to this audit IS avnilatlle from (the
I. Present audit auditor)at estens~onXYXX/XS>;S. Replies will be toilowed up ;inti
.A- General . correcuve action wtll be confined.
Slate 111e purpose and objectives of the audit, where and when it was - .
performed. and what was rncluded or excluded: be specific on quanttties
audited. Lead auditor
B. Summa?
Provide a synopsis oS thc inost srgniticant audit findings. Figure 12. Coimi~rred.
C. Findings
For each discrepancy stare the requiremeni. document the observatrons. 3. SYSTEM EFFECTIVENESS
shnw rhe effect. 2nd idenrify rhe rcsponsiblr. supervisor conlacred
rslallve to r3ch tinding. A sjsreiit is a coilect~onof processes supported by an mfrastructure to
manage and coordinate its function.lh TyptcaI systems are document con-
- trol systems and training systenls. In a system. processes lnteracr and
A. Audit hrstor?.
work together to achieve a common g o d or objective.
State previous audit results and comecttve acrtons iaken.
It has become increasing popular to tdentify an audit as either 2 com-
B. Analysis and evaluation pliance audit or management audit. Compiiarlce aildirs d e t e m n e if there
Provrde auditors anaiysrs and conciusron. rncludinf an evaluation of are rules and if they are being followed, not the effectiveness or surtabil-
correcttve acttons [&en.
ity of the rules. Managemerit audits seek to d e t e m n e both compliance
111. Required action and effectlveness of controls. Management audits are also called "perfor-
A. Response mance improvement audits" and "value-added audits." A product, process,
The persons listed heloiv are requested to review and respond to this or system audit can be either a management audit or a compliance audit,
audit wrthin I5 woriclng days trom the dm of this report. The response depending on the wtshes of the client.
should include the tollowing: Effectiveness of a process or system is d e t e m n e d by its ability to
1. Colrecuve acuon taken and reason finding existed. achleve its objectives or intended purpose. Assessment of effectlveness
2. ActLon taken to correct the cause. goes beyond d e t e m n i n g the degree of conformance to requirements and
3. Date by wtuch the conecttve acuon will be complete. maintenance of procedures. When discussing e f f e c ~ e n e s sof corrective
(conrirrued) actlon, Russell and Regel state that system effectlveness has two compo-
nents: whether it is achteving the cteslred result and whether the process 1s
Figure 12. Typical audit repon format capable, efficient, and consistent with ob~ectives?' One measurement of
Source: From How ro Plan an Audit, ASQC Quality Audii Tcchntcd Comrmtlee. Chvlcs B. effectweness is the degree to which objectives are acflleved in an efficient
Robinson. Ediror. ASQC Qualily Press. 1987, pp. 33-39. andeconomcal manner.
-
~iuarua~oldmr lo3
can: uc SCM p w slcoZ ~euoricz~ueZ~o Z u ~ ~ a aIOU
w WM SIW 1eq1 paa&
auohahg 'sqluoru a u ~ u01 dn 103 uoysods!p 1noq11m plaq Zuraq alam
siuauodruos a ~ ~ s u a d xiaL a 'lsos pmdes Z u r y ~ oampa1~ 01 sem uorl
-ezrw%o a q l ~ anpsalqo
o u v .sq~uoruauru 103 auo VIM ' s h p 0s laho
103 ean: ploq ayl ur uaaq peq srua11 aW jo l s o 'can ~ ploy ayl ur uaaq
pay small Zunrrro~uosuoua q Zuol ~ o $no y pug 01 payse aJaM sluap
-nls a q ~uaqL wal[asxa sen\ ZuyiCiang .paJols p m p q m m Llladold
alan\ sluauodmos Zuruuo~uo~uou aqI puc :leualcru Su~uuo~uosuou
SCM a ~ a q: ~~~ U I C I U I ~ a1aM
UL L a q ~'~olluo:, lsnpo~dSuruuo~uosuou
JOJ sanpa301d pcq e a n Surnrasa~a q -~p a ~ p n nsem c a n uousnpoid
l e n m aql 'ssauahtisa~jaJOJ npne 01 M O uo ~ ssep ZUIU~CJI e JO m d sv
correctlve actlon. They should be asked to respond to the report in wnung.
The response should dearly state the root cause, corrective action pianned or
taken to prevent recurrence and the scheduled compleuon date for the cor-
rectlve action. If corrective actlon is not appropnate, the response should
specify the reason for no acuon.i1
All requests for corrective actlon should ask the auditee to detemne:
Short-tern1 (remediaVcouta~nment)actlor1 planned. if appropnate
The root cause ol the probiem
Long-term corrective action planned for the cause
Schedules and responsibiliues for these act~on?'
To prevent a nonconformity or problem from recurring, an auditor
will ask thc auditcc to glve attentlon to and take actlon on certain items.
Depending on the audit's purpose and scope and the delegated responsi- 1. OBTAIN APPROVALS
bility of the ~iuditlngorganization, the client may assums t h s function. In The audit report should be remewed and approved in accordance wltll the
some cases. the auditor may not have any responsibility tor the correctlve audit organizations procedures and gu~deiines.Normally. tile lead auditor
actlon phases of the audit process. Espec~allyin many th~rd-partyaudits,
I 'A.
prcpares and signs approval of the audit report. The iead auditor approves
h e auditor may collect and interpret mfomation and provlde this infor- i any inputs to the audit report by audit team members. In many organlza-
I tions the 'client andlor audit program manager revlew and approve the
marlon to the client. who in turn manages the correctwe action phase. I
!
Therelore, it may be appropnate to substitute "client" for "auditor" here audit report before final release. Procedures may require other appro\,ers
and cn other follow-up acttvitles. due to nsk or communication Issues wthm the organlzanon.
Adverse findings may be recorded on a separate sheet called a "cor- There is no limlt to the number of people who can review the audit
rective action request" or "discrepancy notice." A corrective action request report. The lead auditor may ask audit team members to review the report.
is a statement of what the condition should be and what it is, and it Auditee management could review the report to ldentify factudl errors and
includes several examples of what occurred. Senous problems are nor-
1 mrsunderstanding. Allowing auditee management to review a d n h audit
mally supported by many inc~dences,but an auditor can also record single /
-- t
report has inherent risks: revlew may be construed as negotiation unless
instances of major problems, such as the lack of or total breakdown of a i very clear instructions have been provided to auditee management. Addi-
system. An auditor issues reports or corrective action requests for areas in ! tlonally, too many reviewers and approvers could create lengthy delays in
I
whlcl~[he auditee needs to take action. The auditee needs to Identify and 1 lssu~ngthe final report.
correct the root cause of the problem.
On receipt of the formal audit report, an auditee may employ the same 2. DISTRIBUTE REPORT
or similar techniques to determine which problems the organization should
concentrate on correcting &st, based on the significance or cost of the inef- The distribution list for an audit report should be noted on the report. Dis-
ficiency. After m&ng this determinailon, an auditee can focus on prepar- tribuuon is at the discreuon of the client unless Uus task has been delegated
ing a comective action plan that addresses the remediai acuon or other to the lead auditor or auditing orgaruzatlon. An internal audit report is nor-
action to eliminate the problem. mally distributed to the supervisor of the audited area as well as to some-
one in higher management. An external audit report typically goes to a
div~sionmanager or CEO. In addinon, the auditlng orgmzation maintams
117
a copy of the report in its official files, and each member of the audit team
also retains a copy.
The lead auditor should not automatically send a report directly to the ....
auditce unless approved to do so by (he client. The client is given the
option o l receiving the audit report first and of attach~nga cover letter
-
=
:. ..
before the report is distributed to the auditee. T h ~ sprocedure promotes -...
accountability of the auditing function.
Responses by the auditee to requests for corrective action should be
sent ro the same distribution.
The lead auditor and audit team members must follow organizational
procedures concemlng the retentlon of audit records. Audit records
should be reasonably secure to prevent madvertent access by outside par-'--+.
ties. All audit records should b? considered confidznt~al.For high-nsk
arcas, there may be elaborate procedures for securlng or destroying audit
records ...
Under normal clrcumsmnces, auditors keep records until the nest
scheduled audit. If an auditor is certified, the auditor may need to keep
records for three years or the specified renewal penod.
Audit records may include:
Notice of the audit
open in^ and exlt meeang attendance and mlnutes
. Completed worlting papers
Draft and final copy of audit report
Correctwe action responses and relevant feedback
. Final close-out note to the auditee
Part VI, chapter B discusses audit retentlon pracnces.
[ I 2 of the CQA exam questions or 8%]
"The audit is completed upon submlsslon of the audit report to the client"
iANSL/ISO/ASQ QI00ll-i-1994, clause 6.0). Some audit orpuzatlons
interpret the gu~danceof the international audit standard to mean that the
audcor should not be mvolved in audit follow-up activ~tles.However, many
organizations lnvolve the auditor or iead auditor in follow-up audirs and
some aspects of the corrective act~onhmprovementprocess. Someone-
whether the client, lead auditor, auditor, audit program manager, manage-
ment sponsor, or correctwe acuon team leader-must be asst,oned the
nonauditee duties discussed in this secuon.
The auditee is responsible for tahng corrective acuon and keeping the
client lnfomed of its progress. Sometimes, an auditee will lool; to the
auditor for a solution or recommendation, but the auditor should proceed fis
with caution. While not preciuded from prov~dinga solunon, the auditor
nuy not have the technical knowledge to address an0 solve the problem.
In addition, an auditor who advances r, solution takes ownersh~pof the
problem. An auditor who has studied a process may have an excellent
understanding of it and nlay be able to offer assislance to an auditee who
seems genuinely confused about What is expected in the way of corrective
action. It is important, however, that the auditee take responsibility for the
soiution. An auditor who panicipates in implementing or modiymg a
quaiity system compromises objectivity in regard to iater audits of that
area. For these reasons, many company auditors and most third-party
auditors are prohibited from recommending corrective action.
Both internal and external audit results can be input to the corrective
action process. The correctwe artron process can result in significant ben-
efits to an organization. The purpose of t h s part of the handbook is to
make suggestions on how auditors can most effectively c a n ' out theu
responsibiliaes relative to correcting the deficiencies found during the
audit. It is not a discussion about the organization's correchve acaon
process.
that the auditee IS doing what has been promised and is meeting the Follow-up action may be accomplished through written communica-
requirements of the corrective action. The auditor often follows up with a tion, review of revised documents, reaudit after the reported implementa-
vkit 10 the work area to check that corrective action has been imple- tion date. or other appropnate m e a n ~ . ~ V hauditee's
e pian should be
mented, to asscss its effectiveness, and to confirm that i t prevents recur- accepted if there is a reasonable chance that i t will correct the problem and
rence of the problem. preclude a recurrence?'
When attempting to evaluate a proposed corrective action plan, an
auditor shouid make sure that the auditee is treatins the problem and not
a syniptom of the problcm. Thc proposed solut~onmight address the issue 3. NEGOTIATION OF CORRECTIVE ACTION PLANS
on the surfiice but may not prevent the problems from recurring so the Findings should be ciearly stated by the auditor. and the audiree shouid
auditor ~110uidaskwhether the-corrective action piail is specific enough to indicate that they x e understood. However, the auditor anu the auditee ~nuy
ensure that changes will be permanent. Another questlon is whether the not agree on the proposed action plan or the timing of the corrective actlon.
proposed solution will cause another problem. In most cases. additional explanation of the requirements andlor the condi-
Corrective action must he timeiy. It is pemssiblc tor an auditee to tions that ied to the identification of the finding may be sufficient iur the
request reasonable estensions. slnce some problems take longer to solve. auditee to develop an effective corrective action plan. Some situations are
However. the auditee may be asked to provide penodic status reports w t h complex and require senous evaluation by both the auditor and the audiiee. L
supporting ev~dcnccon the corrective action. The auditor should nor assume that the auditee is automatically wrong
Correct~veaction must prevent reoccurrence. It must identify and because there is a difference of opinion. Forcing one". will on the auditee IS
address a root cause in order to prevent the same problem in the future. unacceptable and may lead to disasuous results for the audit function. instead.
The principle of corrective action is that conditions adverse to qual- the auditor might attempt to understand the auditee's interpretation of the
lty must be identified and corrected. The root cause must be deter- requuement and the underlying reasomng for the proposed corrective action.
mined. Steps must be taken to preclude repetition, including the report- Theauditor may lean that the auditee's proposed acuon plan addresses sys-
ins of these actions to management. True corrective action is difficult tem issues that were not identified dunng the course of the audit. If the audi-
to implement, since the real causes of problems are seldom easy to tee's reasoning is valid, the auditor should accept the proposed action plan. On
identify? the other hand, if the auditor has identified specific weaknesses in the acuon
4 five-step process is recommended for corrective action: plan, these should be presented to the auditee so that they may be understood
1. Document what <he problem is, and "stop the bleeding" (that is, and addressed. Because of the diiculties of being involved in a team
implement immediate remedial or containment action). approach to correctwe action but not recommendmg soluoons, many audit
organizauons have chosen not to parucipate in any follow-up activiues.
2. Conduct an investigation to identify root causes. The review of the corrective acuon plan may indicate that the auditee 1s
3. Des~gnand implement the corrective action, and verify its not responsive or is evasive or that the proposed acuon is madequate. When a
effectiveness. response is questionable or unacceptable, the auditor should immediately con-
4. Ensure that the noncompliance is managed and controlled to tact the auditee to resolve the auditor's perception. A sunpie telephone call
avoid the potential of recurrence. could alleviate the auditor's concern by clarifying the corrective acuon plan.
5 . Analyze the effects of the findings on the product being
manufactured. For example, what, if anything, does the 4. METHODS FOR VERIFYING CORRECTIVE ACTION
organization need to do (remediaYcontainment action) about A revlew of the correctwe actlon response and its timeliness is, m some
products sllipped or actrve systems while it was in instances, all the follow-up actton that 1s required by the client or the orga-
noncompliance? nizational procedures. O n e method of verification is for the auditor to
return to the work area. observe the new process, ensure that the paper-
work has been done, and ensure that enipioyees have been trailed in the Request for Corrective Action
iiew method. Pertormance records niay also be used by auditors to verify 3A REQUEST NO: :: INTERNAL :: EXTERNAL AUDITnVNPO:
corrective actlon.
..
The auditor's evaluatton should be documented io emure ihat all find-
I----
ings on the corrective action request have been addressed. The auditor -, ISSUED TO:
records actions taken to verify the corrective action and the resuits of that
\wific;illon. The auditor may record the verification on ;I conectlve action PART SO.:
REQUESTED BY:
Ibrni. an audit report. or both. The auditee's action must be traceable to
f x i l i ~ t everiticatlon.
~..
All the audit findings in one report do not have to &-closed at The ~~~
same time. but may instead be dosed out individually. Verification for
such correctwe actions does no1 have to be done immediately Vrrificmon
may be combined wlth aiiother v~sit.if possible, or another auditor may CIA REQUESTED FOR:
be asked to verify the corrective action and bnng supponmz infomiation
to the icad auditor. .A linding may be dosed pending final veriticat~on.
CIA REOUIRED DATC RETURN TO A l T S John Doc
- -
objsct~vcsrcquires evidence that i t consistently achieves the For a third-party and some second-party audits, failure to imp'lement K.
desired results in a cost-effective manner. a corrective action could result in suspension. beins taken off thc
approved list, or loss of registration.
Tlie auditor does not determine effecttveness by verifying that a
change occurrcd. Effectiveness is verified when the auditor has deter-
mined that a change has occurred and that the product and process
acli~evedthe desired r e ~ u l t . ~ '
Rather than assume that the auditee is at fault, the auditor should ig
.*.."
.-=
reevaluate the corrective action and follow-up process with an open mind.
*
Perhaps an incorrect conclusion was reached due to a lack of tlme to ver- g
ify evidence. Available evidence may indicate an error in judgment on the ,s
part of the corrective action team, or there may be inadequate resources. tg
The lack of resources may be due to a change in business conditions ~5
beyond the auditee's control. Lack of success when attempting to imple- 3
?&
@
-%
After verification of corrective action implernentation. the auditing orga:
nization may prepare a follow-up report and distribute i t 111 a manner sim-"-
ilar to the onginal audit r e p o ~ . ~ ~ l o srequlres
u r e verification that correc-
tive acuons have been implemented as planned. The auditor notifies the
auditeerby letter that the audit is closed. The auditor may then discard cer-
tain papers accumulated dunng the audit, but 1s senerally required to
-
retain other records for specific time penods.
ce on Retaining Records
One auditor divides records into two categones. The first are defined
as q'uality records and are retained for evidential purposes. The second
type of retamed paper is personal auditor records that may be needed
as objective evldence for auditor certification purposes, or infonna-
tion that may help in future audit preparation. Examples may be hand-
wntten notes and completed checlciists. All other records and papers
can be destroyed.
onginal checklist, the audit report, and auditee-auditor correspon- time pmod. The specitied time should be based on the lmponance and the
dence related to the lindings and response. availability of resources. Some corrective actions may be completed in a
few mlnutes. while others may take weeks or months. The auditor is linuted
to reaching agreement with the auditee on the date for completion tor each
correctlve action plan. If these are completed on schedule, then correctlve
1. CRITERIA FOR CLOSURE action is timely. There are times. ho\r,ever, when delays occur that are 'k.
beyond the control of the auditee. The auditor should accept these when
A letter ot ciosure assessing the auditee's corrective action plan implemen- there is suffic~entevidence that <he auditee has lnltiated actions and
tation and effectiveness iisay be submitted to the client andtor auditee as recordedthe reasons for the delay in comp1e:ing <he action plan.
applicable. The audit is formally closed when the auditor issues the letter.@
When the client is not the auditee, communication between an audi-
tor and auditee will usually go through the client, since the client is the
pnmary link with the audited organization. For an external audit, the con- Problems Conlmonly Encountered During
tract may specify a contact person. Internally, ciose-out reports go to the the Audit Reporting and Closure Stage
anginal distribution of the audit report, such as the audit manager and ihe The following are examples of the types of problems commonly
audited organizat~on.A summary repon of all audits performed m d their encountered during the audit reporting and closure stage.
ciosure status goes to upper-level managers.
Lack of Response o r Inadequate Response. Sometimes an auditee
Sometimes each corrective action request is individually Uacked. Track-
will fail to take the action specified on the correctlve action plan. The
ing each mdividual corrective actlon and ciosing out a ponion of an audit is
acceptable. On resolution of each finding, wnnen notification should be sent auditee may fail to notify the auditing organlzatlon when action is
to those who received a copy of the uutial repon. This wnnen notification not taken, or the action taken may not be sufficient to warrant closing out
only satisfies the audiung department's records; it aiso iets the auditee h o w the finding. The auditee may lose sight of the original intent of the
hat the corrective actions have been accepted. If a satisfactory resolution corrective acuon request and address a d i e r e n t issue. At times, an
!
cannot be reached with the auditee, the finding should be forwarded to upper auditee may not understand what a standard says or means and may
management for resolution and then ciosed out if so directed. argue the issue's importance or relevance. As a result, an auditee may
try lo fix a problem haphazardly without understanding the need for
act~ono r tra~nmg.Sometimes the person involved in fixing a probiem . .-
was not involved in the audit and may not haw all the needed infor-
mation. An auditee may try to pit one audit team apinst another and +i
q u e h i t the other audit team had no findings in a certain area. ..--
On-the-Spot Corrective Actions. Sonle orgnlzations may ask for a
lisr ol findings prtor to the exit meeting so that correctwe actton can
bc ~mpkmentedbctore the auditors leave the building. The immedi-
ate management response should be recognized by the audit team, but
In must cases the underlying cause ot the problem is nor eliminated. ~- -
Continual Requests for Extensions. Sometimes an auditor and ~-=
.
iludiree ma). no1 agree on the s~gnificmceof a problem. When vested [I0 of the CQA exam questions or ?%I
merest IS not the same, agreement on the irnponance or pnonty of
s:,lv~nza problcm ma). be difticul~to a c h w e . An auditee may request
cont~nualcstcnsrons tor fixing the probiem. Excuses can range from
"We're worhng on a b ~ orderg and don't have tnne to fix 11nght now:'
to "We for~ot." The purpose of t h ~ spart ot the body ot knowledge IS to understand the
manapement controls needed for an effectwe quality audit program. Audi-
tors conduct audits under a prescnbed set of rules that are controlled by
management. Recognition of audit program manaxement responsibilities
will result in an effective auditor program that meets customer needs and
requirements.
An audit program is the organrzauonai strucrure, commitment, and docu-
mented methods used to plan and perform audits. Operat~onaleffecttve-
ness of the audit program depends on clearly defined object~ves.
"..
A well-managed audit program:
PIaw and performs the audit
Stnves to stanuardize and improve its performance
Produces audit results that are meanlngfui
. Verities compliance
Promotes continual improvement within the organization
Some audit orgamzations may chose to limit the objective of their
audit p r o g u n to verificauon of compliance to standards while others also
evaluate management controls.
All management systems, including quality auditing, conslst of four
fundamental activities: pianning, performance, measurement, and
improvement. Often referred to as the PDCA cycle (Plan-Do-Check-Act),
these activities are basic to any total quality management approach.6s
PDCA is commonly known as the Shewhart Cycle, named after Wal-
ter A. Shewhart, a pioneer in statistical quality conhol, who created it. The
Japanese call it the Deming Cycle, after W. Edwards D e m g , who first
described the cycle to them.66
The plan stage, or preparation phase, starts with the decision to con-
duct an audit. It includes all actmities from audit team selection to the
~ of intormation. Pan 11 of this handbook discusses the
O I I - S I ~ gathering realized from the performance of an audit are welghed against the cost of
audit preparation phnse. performmg the audit. "Such costs tnclude:
The do stage IS the performance phase. It beglns with the on-slte
openin: meeting, continues wlth the gathering and analysts of data, and
. The auditor s tlme spent preparing, performmg, follow~ngup and
completmg an audit.
concludes w t h the extt meeung. Pan 111 of this handbook discusses the
performance phase of auditing. The auditee's ttme spent pmtclpatrng in and followmg up the
The check s t a g . or reportrng phase, of the PDCA cycle covers the audit results.
translatron ot the audit team's conclusions into a tangible product. It
~ncluclc.~publica~ionul the formal audit report.
. Overhead costs assoctated w ~ t han audit."""
The ~icisrazc. or closure phnse. of the PDCA cycle conslsts of reactions Audit program object~vesshould address the reporter's qusstlons:
to [he report and thc recordin: of the entire ~ S ~ O I ?For
. nu_ditsresulungm the who. what, where, when. why, and how. Rudyard Kipling provlaed the
tdentification of we;li;lless. the closure phase rnciudes tracbng and evduat- following rhyme that sums up the reporter's role: "I keep six honest serv-
in? the follow-up : x t m taken by others to fix the problem and prevent recur- tng men. (They taught me all I knew.) Thex names were What, and Why,
rcnce. Corrective actlon tlo\vs from this p m of the closure phase?' Parts IV and When. and How. and Where and Who."""
and V ot Ch~shandbook discuss the reporttng md closure phases ot audittn~. . Who pertornx and who pmlcipates in the audits'?
What act~vttyor system 1s bems audited?
1. AUDIT PROGRAM OB1ECTIVES Where are the audits performed'!
The first step in successtully impiementlng an audit prosram is to define
When are the audits performed?
I & objectives. While objectwes v a q from one orsantzatlon to another,
they often include the tollowm~statements: . Why are the audits performed'? What is the dnvlns force behtnd
the audit'? -
Perform and present audits meantngfully (in terms that appeal to
the custonlers of the audit process) . How is the audit performed?
Ensure reguiar pertormance ot required audits. and ensure
frequent audits of cntlcal functions
Ensure that audits are performed only by tralned, qualified, and wed lots of complimentary feedback from an auditee who was
tndependent auditors very close to the process he managed. The staff auditor coached
Promote a strong alliance between the audit function and the the new internal auditor to ask the reporter's questtons. I had coached
auditee the new internal auditor that the wl~yquestlon was not philosoph~cai.
Standardize the audittng process, and form a basts aganst whtch The answer to why glves the reason or mver for an activity. After the
to measure conunuous improvement of the audit pro,o r m audit, the manager s a d that he had learned more from attempting to
- Support the objectives/strategies/goals of the orgumation answer and document the driver for the activity than from any previ-
ous audit experience. It reinforced the actlons needed for an activity.
Audits are valuable tools for evaluating a company's ongomg compli- It also Identified acilons he did not have to take.
ance and performance when they meet management's needs. Benefits
2. IDENTIFICATION AND JUSTIFICATION The justification for resources is based on the audit pro,omm schedule.
OF RESOURCE REQUIREMENTS The audit program schedule should be based on internal orgmzat~onai
needs and external requirements, such as regulatoq and I S 0 require-
A group responsible for performing audits should have a documented, lor-
ments. The audi~program manager should ensure there will be sufficient
malized program. The program that tncludes selecting and training audi-
resources to conduct the quantity and type of quality audits required. If
tors and monitonng their performance is robust.'O
there are objections to the amount of resources needed, then mana,oement
Some companies have a separate audit group to petiorm lnternai
should reassess organizational needs and external requuements.
audits. This group may consist of a few profess~onals.It reports to either
an audit manaser or the quality manager. Other companies use part-t~me
or subcontract auditors. Sometimes an audit program coordinator or qual- 3. MANAGEMENT'S RELATIONSHIP
ity nianger recruits and t r a m individuals to perl'orm audits part-time, in -
addition to their regular assignments. Either arrangement or a combina-
TO THE AUDIT FUNCTION
tion of both is acceptable as long as thc auditors are well-qualified, tech- A n audit program is an extension of the management function. An audit
nically compet?nt people who know [he audit system arid can perfom should identify wlth systems. not with people. Support by senior manage-
internal audits. ment heips the rest of the organlzatlon keep a positive attltude about the
audit. When management emphas~zesthe importance of the audit function h
and its usriulnsss to ths organization. that attltude permeates the entlre
An external auditor relayed the experience of one company that des- orgmization. If management fears or resents the Intrusion of the auditing
~gnatedthe tooi-room attendant to be the internal auditor. T h ~ person
s function. th~sattitude will liliew~seinfiltrate the organization. An audit
program set up to collect worthwhile information provides management
reported directly to the president 01 the company. The person was
with two primary benefits: -
knowledgeable about the processes but had no direct mtluence on the
quality of the process. All the plant personnel knew the tooi-room i . Verificat~onof on-~olngsystem compiiance to requirements
attendant. The company president asked the tool room attendant to 2. Identificat~onof improvement opportumtles within the
observe operations, interview operanons and support personnel, and organtzatlon
wnte up findings based on the observations. These observattons went Management's responses to audit results are also important. If obtaned
directly to the president of the company. Personnel responded well to data Improves the management system, the employees will see the bene-
- the situation. fits. T~IEis especially uue in an internal audit program, whlch helps a com-
pany Identify its own weaknesses before customers or others do.
On the other hand, if an auditor or management focuses on the people
being audited rather than on the processes or systems, the value of the
audit program can rap~dlydeciine. Rarely is n o n e mdivtdual's fault when
I manage our Internal audit program m addit~onto other related dut~es. there are many audit findings or when system implernentaoon is poor.
My arrangement is to have 80 to 100 engineers, operators, buyers, System structure is often the cause of such problems.
matenal planners, and so on perform one audit per year ~naddit~onto
their other dutles. T h ~ leaves
s a great deal of p l m n g , evaluatmg, and
so forth in my hands, but it provides a w ~ d range
e of perspectives from e audiilng a company that I had visited many tlmes ln the past,
the auditors. . I noticed coldness and unwil~mgnessto cooperate on the part of
many of the employees. I had found these same employees to be very
i
t
friendly and cooperative during pnor audits. Finally, somconc con- A good auditor does not have to be an expert In the area being
fided to me that results from the prevlous audit I had performed pro-
v~deda basis for employees' performance appraisals. Although I tried
i4
7
audited. The auditor does need to be knowledgeable in the discipline of
quality auditmg. The auditor needs to have an understanding of what is
lo discuss the situation wtth the manager of that area. he Insisted that e being observed. At times, an auditor must be able to grasp that under-
1
pertormance apprxsal was a proper use of audit results. 4 standing in minutes. If the auditor needs help, helshe should ask another
~..Z
member of the audit team to verify an observation or to assist in other
One auditor's reaction to i h ~ sdilemma was to state in the audit
rcport that this was an inappropnate use of the audit results and that 4! ways.
Auditors need to be able to cormnunicate effectively, both orally and
corrective actlon elimmating the practice ot using audit results in
cinployee pertormmce appraisals was required. in another cllse. the 1 In wnting. A large pan of the job consists of interviewmg. A good auditor
must ask intelligent. proper questions and listen attentively. Part 111 of this
4f!
auditor d e c l i ~ l ~fuiiire
d audit assignments in that p3rt1cuI~irdepdrtinent. handbook discusses interviewing techniques.
.-.-3
~..
An auditor nerds To-be tactful-and offer feedback in a positive, nonin-
-5-5 tim~datingmanner. An auditor needs to be especially considerate of an
auditee's employees. The audit process IS disruptive to daily operations
4. CREDIBILITY OF AUDIT FUNCTION -
j
and can cause inconvenience for employees. The auditor shows sensiti\'-
A credibie audit 1s a meaningful audit. Competent indiv~duaiswho gather ity to those being audited by st~ckingto the proposed audit schedule and
?i
and handle all intormation pertaming to the audit 111 an unbiased and eth- not retaining employees ihroueh the~rcoffee or lunch breaks. If people see 'K.
ic~! manner provide a credible audit. An audit group should be structured j ihc audit process as a nuisance. they are less likely to cooperate. and the
so that i t does not report directly to the manager ot the funcuon being auditor runs the nsk of being unable to complete the assignment well or
t
audited. blanaeement !nust use the audit results appropnarely to establish !
and malnrain the credibiiity of the program. The misuse of audit results or
l';~ilurcto inltlate corrective actions will erode the credibility of the audit
program regardless of the performance of the auditors.
Using a knowledgeable, experienced, skilled, capable, and well-
I / As an auditee, I had recaved an audit agenda for a third-party audit
trained auditor is the most effective way to enhance the credibility of the
4 The first Item on the agenda was a quick plant tour. However, as we
audit function. Becoming an ASQ Certified Quality Auditor 1s one way for
4 started the tour, the audttor requested to see a c e r t m area of the plant
for its Internal audit group. Rather than selecting its best employees An auditor i m s to keep the credibility of the audit funchon on a hlgh
and training them as auditors, this company uses the audit group as a plane. The auditor does thls by loohng at information ob~ecUvelyand
means of relieving its worst employees. These people are exactly the avoiding eUucal conflicts. An auditee must vust that an auditor will not
wrong ones to be in that position. divulge proprietary mformation to competttors or other outsiders who can
...,%. use it to their benefit. Even ~ntemally,auditors must be careful to m a n t a n
=;<.I
confidences. This is especially true when the locations or departments Audit-Related Cost Savings''
report to different management.
The credibility of the audit function is enhanced if the role of the audit Audit Program Yearly
function is communicated and understood by a11 stalicholders. Fear of the Expense Cost' 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Net
audit I'uncuon will reduce its credibility. The credibility of the audit func- Saianss $57 ($60)
tion is enhanced if the auditors act professionally and the program is pro- lnduect
fessionally managed. The audit function should be managed arid nude Overtime
accountable the same as other functions withtn the or~anlzation. Frmga
Subtotal
5. LINKAGE TO BUSINESS PERFORMANCE Oumde Ssrvrceb
Ma~ntenance
Just as an audit program's mission should be linked to the organizat~on's Supplies
mission. thc audit p r o p i n ' s results should be linked to the or~anization's Genemi Supplrcs
nceds. L m h g rcsuits to needs dcmonstratcs that the audit program rec- Travel
ognizes and is committed to the organization's success. It aligns itself with Office Supplieb
thc business pu~poses.One method of linking audit results to Issues that
Subtotal
affect tile organization 1s to group benefits in terms ot cost savings. nsk
reduction. and increased opporrunity." Depreclauon
Rent
Cost Savings ~ubt&ai
Audit-related correcilve action may produce savings by:- Gross Operating
Lowenng cost per unit. per servtce, or per entry Exoenses
'* In thousands of dollars
Lowenng daily expenses
Reducing working capita! requirements Figure 13. Sample auto program contributions.
Continuous Improvement in t h e Audit Program The audit also provides an unproveinent support network. An or,oaiuza-
When management looks at the data collected in audits, they can begin to non may welcome corrective acuon and fully intend to complete it, but it may
analyze the data and act on the conclusions. Thts anaiys~sof causes, cor- fail to unpiement Ule action. By provtdig support throughout the correcnve
rective actions. and preventive actions provides direcr~onfor audit pro- acuon process, the audit pro,- can promote process completion while
gram improvements. In Afler- the Qiinlin. Audit, Russell and Regel provide -
z m g msight i r o how correcuve action helps or htnders the orFuzanon.
some concrete techniques to integrate continuous improvement into the
audit process, including:
In a semce orgmzation, day to day fire-fighung ieft little time for
Estabiishmg teams to lmpiement opportumnes for mproved audit
focus& on corrective action. After experiencing significant numbers
service performance
of nonconfonnances, management started to see a pattern of common
Providing tratnmg and resources to aswst introduction and cause. Then management directed that a root cause anaiysis be used.
implement indicated changes The actions determined and impiemented significantly reduced cus-
Deveioplng an audit program saucture that supports future tomer complaints. The comment by several managers after the
anticipated demands from tile customer, market, regulatory actions were complete was: "We should have done Uus years ago."
agency, and other external and mternal requ~rements'~
7. EVALUATION OF AUDIT
PROGRAM EFFECTIVENESS
Penodic evaluatlons of all audit programs and audit teams causes
improvement opportunltles to surface. Audit programs are evaluated
through periodic management revlews. Management can review records, Audit Service Value-Added
Pertormance Pertormance Contributtons
annlyze performance, or appom an Independent audit team to review
audit results. In the case of a rnultlsite company. auditors from another
iocntion can come in ~nnuallyto audit the audit team. This evaluation
could mcludc:
Observing audit trams periorm an audit' - -
i ~ ~ t ~ h i i.Acconipnn~ing
ig.
q 1s one of many that
conipews lor iii:in:igcnietiL n1ten[ion. It inlust bc conctse. accurate. and eye-
graphs. matnses. and clam summanes must cap-
-
-8-
Audit-related cost savings
.
Long-term audit plannmg completes the loop in audit admin~stratlon.The
process begms with defining a mission statement and establishing ObjeC-
tives. From the mission and objectives flow the audit program and its
boundmes (scope). policies, and high-level procedures. These documents
guide daily actwlry. The process ends w ~ t hionpterm planning. The pro-
gram patrols the boundmes and ensures that the policles and procedures
still make sense before the process proceeds.
The itlalcoi~rtBaldrfge Narionni Qualiiy Award 1998 Critenafor Per-
fonnarlce Excellence states that the role of long-term or strategic plannmg
is "to align the work processes w ~ t hthe company's strategic directions, First Second Third Fourth
thereby ensuring that improvement ZUId learning remforce company pnor- Qtr Qtr Qtr Qtr
it~es."~OThe cntena outline the steps involved in strategic planning, wlth / O Number of Internal Audit Findings
I
three steps especially important for the audit program.
Step i: Ide,zrfi cnfomnt~ontlzatarniiglrt afect rlzeprogron~Sjirhrre oppor-
rimiries and directtor~s.Arret~~pt
lo rake a s iortg a view a s ispraclicable. This
'.%.
:.
I
....,~
I3 Number of External Audit Findings
Auditor-Related
-- f-low a1.doewcthedoing
\V~;II
Wlial
.. .;ire
they
auditors needs and concerns'?
need to do a g r ~job?
~n tlicir eyes'!
~t
lines. new hus~nessrisks. new manqement structure^? resldes. 11 must bc ( 1 ) independent ot the audited areas. i l ) supported by
1-low can we niak better usc of rnanngrnlent experience and support'? management. and (3) deployed pos~t~vely.
How cm we help management improve'? >lanagemen[ of the audit function includes the foiiowlng actlvltles:
Figure 17. Open-ended questions. - Establishing a reporting relationship for the audit functlon
Establishing audit authonty, operational freedom. constraints, and
boundaries
first step provides the realistic content for strategy deveiopment. Figure 17
provtdes a focus list of open-ended questions to help with the identification Ensunng the avaiiability of adequate resources for all audits
process. Detemuning whether to use n slngle auditor or an audit team
Step 2: Define n srrorcglc direcrion. Based on lnformatlon gathered in
step 1; the audit program devises a long-term strategy to gulde ongoing Staffing and training auditors
declston rnakng. resource allocation. and program management. Establishmg procedures, processes, and cntena for an effecnve
Step 3: Pur rlie srrnregy 11:operarrorr. The audit program deveiops and and efficient audit program
deploys an action plan to make the strategy operational. Thls process
Establishing methods for evaluatmg an audit program
includes:
Establistung audit schedules
Defining new processes to accommodate strategx change
C o n f i m g audit dates and any requested changes of audit dates
Defining key measures, indicators, or both to track progress
-d Settlng pnonues for audit subjects
Communicating new strategic direction and new processes to the :
-.:
...:
...
audit team and the organization .- Reviewmg audit performance
.- -
..,.
Providing resources to support the new strategic direction, -.
Providing penodic reports to management on the status of the
including procedures, training, and incentives. .....
?.>)
quality audit program
.~.
157
A n audit manager or audit coordinator is rcsponsibic for:
Prepanng an overall audit schedule
r'?Procedures
Budgeting resources
Assistrng with or overseerng other adm~nistrativedutles related to
Audit Auditor Audit
the auditing function
Additionally. the audit manager staffs and trams the audit department and
monitors and evaluates auditors in the performance ot their dutles. f: Figure 18. Areas requiring procedures.
8
1. DEVELOPMENT AND lMPLEMENTATlON
OF AUDIT PROGRAM PROCEDURES --
/ . Pmcess for training new m d existing auditors
Process for assessing auditor performance
Documcntcd procedures arc cnticai to thc succcss of a11mditee's quality sys- 7.3
~-
tern A procedure answers the reporter's questrons: who. what. where. when, Procedures for audit esecutron should include:
why. and how. "Documentalion of procedures is objectwe evidence that: i
I
. Process tor planning audits
A process rs defined Process for conducting xudits. to include
i
The procedures are approved - Recording and reporting audit resuits
The procedures are under change coi~trol.'.~' ! - Providing corrective action tollow-up
Procedures also allow for distribution control. ensunng that those who
need information have access to it.
- Process for rctainlng and handling audit records
-
The same ideas apply to the audit program. Procedures are cnrlcal to Process for billing audit customers, such as
I
the program's success. They promote constancy wittun the audit execu- I
- Invoicing and collcct~ngpayment from thud-party audit
!
tion. Procedures also provide a means to define and enforce intangible customers
i
standards and expectations. such as ethical behavior. - Conductrng internal money transfers for first- ana second.
!
I party audit customers
Procedure Development
Three areas typically require procedures, as shown in Figure IS. Overall, audit procedure development 1s a collaborative effort. Indi-
Procedures for audit scheduling should Include: vidual auditors should take advantage of practical knowledge and expen-
ence to develop functional, streamlined procedures. Audit program man-
Gurding pnnc~plesfor developing audit schedules agers should use their strategic perspective to direct the audit program and
Focus areas for auditing
Process for creatmg an overall penodic audit schedule
Procedures for auditor mmtenance should include:
-q
.**<
..- 7
.
,,
-
.-.
ensure that appropnate procedures are established and maintained.
Procedure Implementation
General auditor qualificat~ons
21
--. .
For successful procedure implementation, the audit program must com-
municate w ~ t hthe auditors and the organization. Each auditor must
Standards for e t h m l conduct
.-..~
-.
understand the ~mportanceand proper use of procedures. Members of the
-- 1
organization should also have a general understanding of audit proce-
Process for selecung and approvmg new auditors ... j
-.:
dures to avo~dconfusion.
.-
:
:
.:1
~ . .
. .. '
sonal skills will not be able to conduct an effechve audit. Good commumca-
tion skills, both oraland written, are essential, as are excellent listening skills.
Auditing methods include listening, questtoning, evaluating, judging, An auditor must be able to present a case clearly and concisely. Audi-
recording. plannlng and controlling an audit, administering, leading, tors do not make assumptions; they verify evidence. An auditor should be
supervlsmg, and dcc~sionmaklng. Interpersonal communication skills unbiased, never going Into an audit loo'hng for something specific ( h ~ d -
such as tact, adaptabiiity, and the ability to analyze evidence and draw den agenda) and trying to prove it. An auditor also needs to realize how
concius~onsfrom i t are especially important in auditing.Y"Anauditor often far 3 team's authonty extends and should not exceed that authority. Audi-
must cnticlze other people's work or at least question the validity of soine- tors develop most of the necessary lnteipersonai and other skills through
one else's actions. Tact helps. Furthermore, an auditor must be able to experience and training.
hmdle situations where conllict 1s immrnent. These skills. taught to peo-
ple. necd considc.ruDle exercise.
- - An auditorn~ustbe able to understand the technical materials presented
during an audit. Depending on the compleslty of an audit, the auditor must Based on dearly deiined quaiificanons. the audlt p r o p m mana,oer musr
be able ro ask problny clucslions and get to the heart of the problem. select competent auditors. Russell and Regel's .43er rlie Qrtnliry ~rrdit
AnaIyt1~31skills are essential to gathering and syntheslz~ngaudit stresses that rhe people selected to perform quality audits should be the o r p
~nfonnation.According to ANSUISOIASQC Q10011-2-1994: 7.0 Per- nlzatlon 5 best people.Y1Who the "best" people are, however. may differ from
sonal Atrributes. food a n a i y t ~ c skills
~ i inciudr: 0112 audit w o k assignment to another depending on theu backgrounds.
Vr
Perccwmg siruattons reaiistlcally
- Understanding complex operatlons trom a broad perspective epmment of Energy nuclear facility, the contractmg operatlons
Understanding the rolc of individual units within an organization* company used senlor managers from other nuclear facilities as man-
agement self-assessment auditors. These senlor operations manazers
Personal Traits were extremely skilled at tdentifying the significant safety Issues facing
Auditors require certain personal tram to complement a strong skill base. the operatton managers of the faciliues. The self-assessments identified
Specifically, an auditor should be: s~gnificancissues, and company management addressed them in a very
Independent timely manner. The operations managers perfornung the management
self-assessment were on temporary assignment from thelr normal oper-
Systemat~c
ationai dutles.
Trustworthy
Perststent
- Positive
Audit management musr consider a variety of factors for a particular
audit assignment to secure an auditor with the most appropriate skills.
Figure 20 summarizes some of the key factors.
Cunous
Even with well-defined auditor criteria and a well-defined work
Open-mhded assignment, selection of individuals to be auditors may become arbitrary
Mature without additional structure. Figure 21 outlines features w i h n sample
- Tenacious procedures that may be used to evaluate pparClcuiar auditor qualifications.
The results of the evaluation & selechon shouid be recorded and com-
Patient municated to auditor candidates as quickly as possible.
Work Assignment-Related 3. TRAINING AND RECERTIFICATION
Conducting audits against quality system standards, lor hudwarc. An auditor must have training to ensure competence in audittng skills,
softwtlre, process or s e n x e industries. related standards and regulations, general structure of quality assurance
Servrce or product type and its associated reguiatory requirements ce.g., programs, auditlng techniques, and other work specilk skills. Compe-
health care. bod. or nuclear devices) tence can be developed throuxh the following methods:
Audit Team-Reiated
- Audit team stze
Audit te~rnskill uolnposuron
Orientatton on relaied standards
Inlplementat~onprocedures
- .
Audit tcatn leadersl~~~~re~~urrem~e~ts Trainmg programs on subjects related to auditing
Auditor-Related On-the-job trainlngy2
Profcsslonai cjualiticarions or technical espertrse requlred in a pxttcular Auditors should maintain therr technical competence through contlnu-
discipline
Ing educatton and current relevant audit~ngexpenence. ANSLrISOIASQC
Personal skills rcqulred to deal wlth n specrtic auditee
L:lngua:e skills requrred Q 100 1 1-2- IC)% sussests traintnz wtth subsequent esamnatlon in staih
Redl or pcrce~vedcontlict of interest d u d s used wlthtn the audits and audittns techniques. In additton, audit0r.i
and irad auditors need management siiills."'
Figure 20. .Assrgnrnerlt consrdemtrons. Compan~escan oEer an organtzation-wtde c e d i c a t i o n prosram for
all auditors that ~ncludestrainins. Recognition and certificates lo tdentify
auditors approved according to the company's standards prov~desposttlve
feedback to the auditors. An auditor needs tratning in:
The standard to be applied
To evaluate education
Objective evidence-gathering
Review the candrdate s written work.
Obtatn evldence (such as an exam administered by a natlonal certification Interpersonal relations
body) that the candidate has the required knowledge and skills. Auditlng methodology
Admlnrster a separate competency exam uslng a company scenario.
Auditors should be trained to wnte audit obser\,atlons on the check-
To evaluate experience lists and notes used by audit teams as well as to gather evidence. At least
See&Outslde confirmatron of the candidate s expenence level one team member should be Familiar with the department operation or the
Interview the candidate to assess expenence in detail. scope of audited activities.
To evaluate personal skiIIs and traits A lead auditor usually has more expenence, may be more highly
If available, cons~derinformauon from prevlous employers and colleagues. trained in the applicable audit standards, and may have more training in
Interview the candidate to assess work style and personal styie. conducting audits. Policies and procedures defining the qualifications for
Perform role plays. lead auditors often require a certain number of years of expenence or per-
Observe the candidate worhng under actual audit condiuons. formance of a specific number of audits before promotion to this level.
Admlolster a personality test. Auditors should be recertified. Continuing thwr Gii~lmghelps auditors
maintain skills and. howiedge. Training may lnciude a refresher course
Figure 21. Eva1u:irion considerations. periodically. The refresher course, coupled with experience in performing
audits. is a reasonable expectation. Such requirements help an auditor keep passing an examination. An auditor must collect a specified number of
up ~ t t changes
h in standards. points in a three-year penod to remain certified. Points accumulate by
Training ensures that auditors keep current on the organization's pol- attending regular ASQ section meetings. Points are also awarded for:
~ c and
y procedures in auditmg tcchniqucs. Audits provide a learnmg oppor-
Completing additional course work
tunity lo help an organization improve its operations continuously. Audi-
tors should likewtsc strive to improve their perfonnancc continuously. Being employed in the field
Wnting about top~csincluded in the Body of Knowledge
Continuing Education Resources f o r Auditors Attending or leading seminars or training sessions
The field of quality auditing changes. Auditors must stnve to keep abreast - Recertification encourages auditors to remam in touch with ihe audit
of changes and trends. Quality auditors must embrace current technology cumculum and maintain a professional level of expertise. Some compa-
lo avoid beconmg Iiabilitrcs rather ihan assets. Committed quality pro- nies have additional tralning anci qualification requirements for members
tessionais Increase their knowledge and Improve their skills throu:R con- of their internal audit functions.
Linurng education. The ~ollowingare contlnuin: education resources: Many opportunities exist for auditors to learn about the technical
Rc.ading tcchnicul literature taudiiing-rclated books. newsletters. aspects of quality. Pnvate consultants teach auditing courses and do on-site
and periodicals) auditor tramin:. More colleges are teaching statistical process control h.
courses. and courses related to auditins are part of the cumculum at some
Reading case studies technical schools.
Readins research papers Audirors may benefit from staying abreast of technology outside the
field of auditmg, as specified in the Certified Quality Auditor's Body of
Attending seminars and classes
Knowledge. For example, auditors may take courses in-leadership or com-
Participating in professional oganizations puter training classes. They may brush up on their facilitation and presen-
Consulting with peersv' tation skills, public speaking techniques, and time management tech-
niques. All enhance auditors' performance and professionalism.
Attending the ASQ Quality Audit Division annual conference Auditors are better qualified and better trained than ever before. Con-
More colleges and univers~tiesare prov~dingnetwork courses over the tinuing education opportunities for auditors, once scarce or unheard of,
Internet. This technology provides easy access to courses in remote loca- are abundant and diverse. In the twenty-fxst century, management can
t~ons.Near-realtme communmtions can be arranged?' expect to reap the benefits of properly performed audits by exceptionally
Many continuing educationopportunitles are available through the well-trained personnel.
ASQ. The Quality Audit Divlsion offers annual tutorials to reflect current An informal type of internal continuing education is networ'litng with
events and trends in auditing and holds a quality audit conference to other auditors. Team interactions can play a vital role in ensunng that
expand auditorsi knowledge in quality and related fields. Many other auditors follow unified policies and perform s~milady.Auditor discussion
orgamzations offer correspondence courses in standards and quality man- groups can review unusual situations, findings, or problems encountered
agement. Continuing education requires attending conferences or taking dunng an audit. The entire team can benefit from the experience and gain
formal courses. Books and magazines are also available to expand an new skills and insights. Such discussion promotes:
auditor's knowledge. Team spint within a department
The ASQ requires an auditor who has passed the CQA examination
and has been certified by the ASQ to recertify within three years. This can : Open eommunicatlon
be accomplished by earning recertification units (points) and retaking and Unifomty of auditing practices
Some auditing departments plan weekly meetings to accomplish this 4. PERFORMANCE EVALUATION
growth. They may even keep minutes of the meetlngs for future reference. According to ANSIIISOIASQ Q10011-3-1994: 4.5.1 Performance Evalu-
AII such discuss~onsiilust remain witiun h e department. Outsde discus- atlons. 'Xudit program management should contmuallv evaluate the per-
sion is uncih~caland comproinlses a department's mtegnty. formance of its auditors . to improve auditor seiectlon and perfos-
Auditing is not a stagnant process; it is a continuous learning expen- mance and to Identify unsuitable perf~rmance."'~ Three steps are requlred
encc. Thc aim of the auditor should be to: for an effective performance evaluat~on.
Stay currenr with product processes Step I : Con~rit~rrtrcnte
rspecrortor~s.A meaninghi pertormance evalu-
- Cuiilosm LU chanprs in grneral auditing standards ation IS one that measures perl'ormance against cieai-I!. defined standards.
Audit manazement must provide consistent explanat~onof these standards
ivlcct the ever-changing necds of manazement. dunnz the initial- tralnlng sesslon. Proper training provldes auditors with -.
day-to-day performance expectations as well as inslght Into the bas~sfor
Internationalization of Businesses performance evaluation.
As nudiung h:is become lncrenslngly global. many auditors are findirig the Step 2: El,nlnnre rite arrdiror's perforri~cr~tce.
Performance evniuat~on
ability to speak :I second language to be essential. The auditor shoi.11d be should assess the competency of indiv~dualauditors. 2s well as the con-
ztble to use tactics that easc cuiturai differences. such as: sistency between them. against established standards. 4 s mentioned ear-+
lirr. audit management measures petiom~anceby:
Employing an interpreter to tacilitate an audit
- Fmili;mz~ngh~in/herselfw ~ t hculturai differences that could
affect relations with the auditee
Observing auditor performance dunng an audit
Revle\ving customer performance evaluations
Prevent~ngseriousm~sunderstandingsby becoming acquainted Reviewing audit deiiverables
w ~ t hiocai customs Employmg an independent auditor to evaluate auditor techniques
These tactics avo~dcultural differences that mterfere wlth the audit process. Appra~singgeneral auditor credentials
Step 3. Corm~~rizrcote
rlte atrdiror s perfornzartce. Audit management
should report performance evaluatlon results to the auditor. To improve
performing an audit of a supplier in Japan, I worked late one performance, an auditor must understand h ~ or s her strengths and weak-
cvenlng, as was often my custom at home. When I opened the door to nesses. Audit management should review evaluation results with the audl-
eslt the ofice provided formy use. I notlced that all employees of the tor and they can work together on a tramlng plan to Improve performance.
company were still at ther workstaaons. The Japanese culture appar- Thls completes the evaluation loop. The performance evaluatlon pro-
entiy dictated that every employee r e m m until I had left for the night. vides a monltonng funct~onfor competency. The evaluar~onfeeds back
I became embarrassed that my conduct had detained so many people ways to Improve the aud~torselect~onprocess.
unnecessarily. Of course, I left promptly at 5:00 the following evening.
[49 of the CQA exam questions or 33%]
.-
-
i
3 mauon to management. T h ~ srnformatlon ~dentifiesopportunities and
34 reduces the risk of decisrons made by management. It is management's
A system of qlmlin: iimizrr$nnotr lncludes ail activlnes of the overall
! responsibility to r a h appropnate actrons based on the audit lnformat~on
management funct~onthat determine the quality policy. object~ves,2nd
responsibilities and the~r~~iipleitlc~ttation."~ The qiality i~iana~einent sys- 1 provtded.
tcm IS t i i t m a n s o f i.srablishmg a c!u;~iitypolicy and objcctlves and of i ..The audit 1s a long-established and well-respected activity ~n the
achrevlns those objectives. - . - .. I accounung professmn. . Because of many sunil~ntres in the acuv~t~es
Quality assurance and quality control are two aspects of quality man-
agement. Qiralit~omrrcrricr conslsts of "all the planned and systematic
~ -
-I
9
1
of the accounting and quality fields, quality professionals have adopted
the same word 'audit,' complete w11h some of the same modifier^:"^'
acrrv1t1es ~mplemenredwrtlrrit the quality system. and demonstrated as Quality audits emerged shortly after \Vorld War I1 and gamed
needed. ro provlde adequate cor~jide~~ce that an entlty (item) will fulfill momentum when the military began issuing standards and specifications
rcqurrements for quality.""" The confidence provrded hy quality assurance for products. Quality auditing originally resembled an lnspectron activity
is twoi'oid-inrcmaii): to mruia_u_einentand externally to customers. gov- and was developed primarily in large manuhcturing Industries, such a h .
ernment agencres. regulators. certificrs. and third parrlrs. While some quai- electronics, and in high-nsk fields, such as the nuclear and aerospace
lty assurance and quaiiry control act~vttlesare interrelated, polin. cotrrwi ~ndustrres.
IS defined as "operational techniques and actlvmes that are used tofidfill Audits are planned, objective, and tndependent investlgatlons of prod-
,z.c~u~reizr~.r~rsfor quality.~'"" While quality assurance relates to hour a ucts, processes. or systems. By examining documentatlon. implementa-
process is pertornled or how a product 1s made. quality control. 1s more the tion. and effectiveness. quality auditlng 1s used to evaiunte, confirm, or
rnspectlon aspect of quality management. Inspcrrorr 1s the process of mea- verify actlvttles related to quality. "The quality audit may be a srngle
sunng, exarnrnrng. and resting to gauge one or more charactenstlcs of a occurrence or a repetttlve actlvity, depending on the purpose and the
product or servlce and the companson of these wlth specified requuements results of both the audit and the productkerv~ce,process, or quality sys-
i
to detemilne coniormlty. Products, processes, and vanous other results can tem concerned."'" A properly conducted quality audit IS a posltlve and
be Inspected to make sure that the Object comlng off a producuon line, or / consuuct~veprocess. It helps prevent problems through the identification
the servlce berng provided, 1s correct and meets specifications. ! of acttvmes likely to create problems. Problems generally anse from the
Quality auditmg is part of the quality assurance function. It is lmponant ., i ~neffic~encyor inadequacy of the concerned activity.
to ensunng quality because 11'1sused to compare actual conditions with
requirements and to repon those results to management. "A quality audit is "All companies and enterprises, regardless of me, can benefit by exam-
inlng theu actlvit'ies and management systems. Ths applies to local gov-
not an alternat~veto an tnspectlon operauon. . . The quality auditor may I
I
~.
..
.,-
-,.
j
.,-!,
- The pnncipies of quality auditing apply to any type of management
assessment. No valid reason exists for separating management auditing
the producuon and verificahon ac~vlties."'~~ Auditors make observations and . into subcomponents. Management controls the resources. The goals of
-
....
e-
report their findings. An observnrron is an item of objective evidence found quality, safety, environmental stewardship, and efficiency are all driven
.>..-. by the same set of ruies: define requirements, produce to requirements.
during an audit. Afizdinp is a conclusion of importance based on observa-
tion(~).(Refer to the ANSIXSOfASQC A8402-1994 glossary for additional ..- monitor achievement of requuements, and continuousiy improve on
terms and definitions.) -
->
.*..:. requirements.i05
..
What Do Audits Measure? it is activated or placed Into service. The audit checks inspection records,
Quality audits examine products, processes, Sr systems with respect to craft qualification records, destgn review records, and other forms of
predeternltned standards. Within thts context. quality audits evaluate one proof.""
or more of the following: the adequacy of the documentation, compliance A rnanageniettr nirdit assesses compliance and whether procedures
lo the documented procedures, implementation and maintenance of the and instructions-and the tmplementation of those procedures and
procedures, and the effectiveness of the procedures to accomplish instructions-meet pre-established goals and objectives. Compliance ver-
intended objectives. Audit methods and techntques used to verify these ifies the accomplishment of a set of rules, and adequacy verifies the proper
measurcs arc discussed i n Part I11 of this ha~~Jbook. tmnslatton of those rules into procedures, whereas effecttveness measures
:\&yitnc~ is dclined as "the stnte of being suffictent for n specified the achievemznt ol those rules and procedures. The goals verified as part
requirement." Quality audit evaluation for adequacy usually consists of of dfecuveness are usually related to overall quality objecttves or contin-
reviews to verify the sufhiency of documentation for defining work and uous improvement of the or,urnration.
of records as evidcncc of satisfactory work completro~~. This typically
includus sucll irems as legibility, undrrstlu,dability. and implementability.
How Do Audits Measure Results?
Adequacy alone. however. does not veriry whether work was performed
Quality auditing IS an tnkormation-intenstve acttvity. Therefore. auditors
correctly unless i t is evaiuated in conjunction wtth compliance. or the
nerd clcar. uscfui information to make efiecttve auditing j u d p e n t s an&-
implriiientatioi~and maintenance of the documented system.
decistons. Information musr be based on data, but merely obtatning data
Conr/)limce refers to the affinndttve indication or judgment that the
does not guarantee that the information will be useful. To collect data
audirce has met the requirements of the relevant specificattons, contract,
succes$ully. an auditor must know what questtons to ask and collect,
or regulatton. In auditing. the terms cotlforrnnrice and cot~~pliniiceare used
process, analyze. and present the specific data needed to answer that
-interchangeably to report the results. However, many regulated indusrnes
questton. In additton. an auditor must ensure that the data they collect
tend to iavor the use of the terms cornplimzcr and tzoncotnplinrtce. In the
represent objecttve evidence, "informatton which can be proved true,
IS0 quality management system assessment process, the terms corfor-
based on facts obtained through observatton, measurement, test, or other
niance and r~otzcotfortnarzce are normally used. The term iompliarzce
means."to7
nit& is also used to indicate that the purpose of a quality audit is to deter-
Data must be prectse and accurate so that an auditor can form reliable
mine the degree of compliance to rules.
conclusions. When using measurement and test devices, the auditor needs
Compliance looks for strtct adherence to a set of rules, wh~chmay
to verify that data-generattng equipment has been properly mamtained
include requirements and standards. The compliance audit is not the
and calibrated. If an auditor is relying on auditee's data, the auditor needs
arena for questiontng these rules; they are set and tdentified for the
to ensure that the audited company has an effective calibration system for
audit. Examples of audits involving compliance include regulatory and
measunng and testing equipment. The objective of the system is to ensure
high-nsk.
Regulatory audits are used in cases where acttvities are regulated by that inspect~onand test equipment is adjusted, replaced, or repared before
it becomes inaccurate. The system should constst of:
government. Among these regulated acttvities are production of energy,
stewardship of the envuonment, production of food, protectton of work- Labels, tags, color codes, or other means of tracing the
ers, and use of medical products. Auditors verify that the applicable laws measurement devtce to the tndividual calibration record
and regulations tn these areas are being ~mp'lementedto ensure the health
and safety of consumers. A requirement for calibration practices
High-rtsk audiu arc used when the consequences of failure are unac- Certified pnmary company or reference standards traceable to
ceptable, such as in the launching of airplanes, submarines, and rockets. industry or to national, or internat~onalstandards, such as the
A complete and thorough audit of the fimshed product is necessary before Nat~onalInsutute of Standards and Technology (NIST)
Listmgs by department of calibration status and delinquents benefits of a first-party audit include the assurance that procedures are
tinstruments that are out of calibration cannot be used to cenify adequate and utilized and the early detection of a problem, which gives
product and must be removed i'rurn service until calibrated) mailagement the opportuntty to tnvestigate and identiiy root causes. take
All personally owned tools that are used. wii~chshould be in the ~mmediatecorrectwe acuons, and ult~mateiyprevent problems from hap-
system and calibrated pening again.
Inspection check of calibration by at1 inspection department before Second-party audits benefit the supplier as well as the customer
signing off on items.1us because they help eliminate rhe shlpping of nonconforming products and
reduce costs and waste. Tliis in rum builds confidence between the sup-
I n addition to deiining accuracy of inspection equipment. an auditee's plier and customer. promotes a better understanding of customer expecta-
calibration procedures must address the issue of remedial action if equip- lions, and provtdes an avenue tor quality technology tranzfer between the
ment is found to be out of calibration. In other words. how did the out-of- customer and supplier. Second-party audits also heip ensure a better final
calibration equtpment affect the products that were manufactured or tested product by verifying that there are appropriate controls for inputs into the
with that piece ufequipment'? I f necesswy. production should be halted or system.
;I product recall issued.
Third-party audits typically verify compliance to specified regula-
tions or standards. The regulations and standards may be required by
3. BENEFITS AND CONSEQUENCES OF AUDITS law. such as FAA or FDA regulations. or may be voluntary. such as IS0 rr
The performance of a quality audit provtdes management with unbiased 9001. The benefits of passtng a th~rd-partyaudit may be permission to
hots thai can be used to: continue to operate, recognition in the form of a certificate or repstni-
tion. or an award.
Provtde input for management decisions, so that quality problems
and costs can be prevented 07 rectitied '.The usual purposes of quality audits are to provtde independent assur-
ance of the followmg condiiions:
inform management of actual or poientin1 nsks
Identify areas of opportunity for continuous improvement
. Plans for attaining quality are such that, if followed, the mended qual-
tty will. in fact, be attained
Products are tit for use and sate tor the user
Assess personnel training effectiveness and equipment capability
Laws and reguiattons are being adhered to
Provide visible management support of the quality program There is conformance io specifications
Procedures are adequate and are bemg followed
Verify compliance to regulations
The data system provides accurate and adequate infomauon on qual-
ity to all concerned
"The task of management inciude: ( I ) identifj.ing possible sources of
problems. ( 2 ) planning prevenuve action to forestall problems, and (3) . Deficiencies are tdent~fiedand corrective actton is talien
Oppomnities for unprovement are tdentified and the appropnate per-
solving problems, should they arise. . . .Most problems are quality prob-
lems related to the quality of work being performed, the quality of items sonnel alerted.""'
bemg received, the quality of informauon being commumcated, Ule qual-
ity of available equtpment, the quality of decistons made. . . Since all 4. ROLES AND RESPONSIBILITIES OF CLIENT,
quality problems have a cost associated with them, avoiding, preventing, AUDITOR, AND AUDITEE
and soivtng these problems prevents and reduces unnecessary costs?'0g
A quality audit involves three key participants who may interrelate in a
The benefits that a quality audit provides vary depending on whether
number of ways. Described by function, these participants are the client,
the audit is a first- second-, or third-party audit. For example, possible
the auditor, and the auditee.
The diellr is the person or organization who has requested or com- 5. CHARACTERISTICS OF SYSTEM, PROCESS,
intssioned an audit. The ciient usually is senior management. and the audit AND PRODUCF AUDITS
is typically of an orpntzational untt under the client's junsdictlon. of
independent suppliers, or an application for third-party registratton."' A qlmlie nrrdii IS '.a systematic and independent examination and evalua-
is the person who plans and cames out an audit. An audit-
The t~r~rlitor- tton to determine whether quality activities and related results coillply
ing organtzation employs auditors to carry out audits. The auditing orga- with planned arrangements and whether these arrangements are tmple-
ntzation may be tntemai to a company or an independent organization, mented effectivei)f and are suitable to ach~e\~ing objectives."11i There are
sucli as thc auditlii: p o u p of a quality prozram re,~lstrilror consulting three distinct types of quality audits: product [which includes services).
orgaliizlltion. process, and quality system.
The orrrliier is the or:anizatron to be audited. The auditee may be a i . - . .. - .
divts~onof the client's organization or an entirely separate entity, such as .--- . ! Product Quality Audit
3 supplier. At times. and often in internal audits. the client and auditee are
.-*
A.-.
q.. A prorirrct qrtniin. airdit 1s nn esnmination of a panicuiar product (hard-
the s:uw pcrsoil or department. ware. processed material. software or service) to evaluate whether i t con-
Follow~ngat-e examples of esiernal audits:"' forms lo requlrements (i.e. specificattons, performance smndards, and
Siri~urw~i: Or!puzat~on desiring recognition or approval or its ~a~)abilily customer requirements). IS an audit is being perfomled on a servtce
to ~iieeta piilrt~cularstandard SUCII as IS0 9001 instead of a product. then it is called 3 s e n w e r l i f n l i ~tiitdir. Elementsh
Cli'vrr: The orgiinmtton deslnng registration or cenificat~odreg~strarion examined inay mcltlde packagtng. shipment preparation and protection:
.-Lrrrlirer: The organrzatlon desiring cenificat~odreg~suarion user instructions, product characteristics. product perforn~mce.and other
- I ~ I I I ,oymr:rrrroIr: The organization granting rhs certification1 customer requtrenlents.
reg~strat~un usmg an auditor employed by . the audiring organization or Product audits are conducted when a product is in a completed stage
Illred to conduct ilir audit. of productton and has passed the final inspectton. The product auditor
uses inspection techniques to evaluate the entire product and ali aspects
Sirrrorrotl: Customer organization deslres to evaluate a supplier
of the product charactensttcs. A product quality audit is the exantnation
Clirtlr: The interested purchasing agent
Arrditce: The potential or exlsting supplier o r test of a product that has been previously accepted or rejected for the
Alrdimg o ~ g r r ~ ~ ~ ~ ivlemberls)
n f r o r ~ : of the customer organizallon staff or charactenstics bemg audited. Such an audit is a reinspection or retest of
auditors under contract to the customer organization the product to measure the effecttveness of the system for product
acceptance. It includes performing operational tests Lo the same require-
~.
Sin~rrnoll:Regulatory organlzatlon verifies that supplier or operator 1s in ments used by manufactunng, uslng the same production test procedure.
compliance with requlrements methods, and equipment. The product quality audit verifies confor-
Clie~rr:The regulatory agency mance to specified standards of workmanship and performance. Thls
Airditee: The potentla1 supplier or operator audit can also provzde a measure of the quaiity of the product going to
Audirmg orgmuiatiotl: Employee(s)of the regulatory agency or auditors the customer. The product quality audit frequently includes an evalua-
under contract to the agency tion of packagmg, examination for cosmetics, and a check for proper
An example of an internal audit is:"' documentation and accessories, such as proper tags, stamps, shipment
preparation, and protechon.
Situotiotz: Organization desires to determme the degree of conforrmty of ~~
. .
its own organlzatlon elements to a predefined quality program ..
Client: Upper management team desmng to use the lechmque .. Process Quality Audit
Audiree: The element(s) of the organizatton to be evaluated . The process quality. audit is performed to verify that processes are work-
Airdiror: Ernploycc(s) of the organization ing within established limits. A process qrtaliry audit examines an act~vity
-. \ 1
to verify that the inputs, actions, and outputs are in accordance with be done. The .'how" IS left up to the organlzatlon being audited. An audi-
defined requirements. A process quality audit covers only a portion of the tor looks at the management systems that control all activities from the
toral system and usually tllkes much less time than a system audit. The time an order comes Into a company (i.e. how that order IS handled,
bouildary oS a process audit should be a singie process, such as marking, processed, passed on to operations, what operations does in response to
stamping, cooking, cutting, coating, setting up, starting up, or installing. that order') t'hrough delivery of the goods, sometimes mciuding trans-
4 process audit is very focused and usually involves only one auditor or portation to the site.
work crew."' A system audit looks at everything withln the quality system: the
4 process audit is a verification by cvaiuat~onof an opcration or processes. products. senlices. and supporttng sroups. such as purchasing.
method against documented instructtons and standards. to measure con- customer service, design engtneenng. order entry, and traming. It encom-
lormnncr to these staildards and the effectiveness of the instructions. passes all ihr systems ot the facility that assisr in prowding an acceptable
Such ;In audit is a check of conformance of pr6cesS perso%& and product or servtce. .~
equipment to defined requtrements such as time, temperature, pressure,
c o r n p ~ s t ~ o;niiper:~:e,
n, and component mixture. It may invoive special
processes. such ;is heat treating, soldering, plating, encapsulation, weid-
6. CHARACTERISTICS OF INTERNAL
in?. and nondesiructive examination. A process audit checks the ade- AND EXTERNAL AUDITS
L I U X ~ ;~nde f f c ' c t ~ \ ~ c ~
ot'~ ~
the
' s sprocess c011trois over tlic equipment and .An audit mas be classifird ;ts lntemal or external dependin, on the inter%.
operams as established by procedures. work Instructions, and process
-
. the pmmpants. 1tzrertm1 nrldifs are first-
rslatlonshlDs t11at exist am0115
specifications."" pan? audits. while e.~lsrc.mrrlnimdiis can be either second- or third-party
audits.;Figure 22 illustrates the classificauons commonly used to differ-
Quality System Audit entlate between types of internal and external quality audits. The figure is
A quality audit conducted on a quality management system would be provided us a p d e to classiticat~ons~but there is no absolute rule because
callid a q i d i n . syreni uirdir. It can be described as a documented activlty there are exceptions.
performed to verity. by examination and evaluation of objective evidence,
that applicable elements of the quality system are appropnate and effec-
twe and have been developed, documented, and implemented in accor-
dance and in conjunction wtth specified requirements.
A quahty system audit evaluates an existing quaIity program to
determine tts conformance to company policies, contract commit-
ments, and regulatory requirements. It ~nciudesthe preparation of for-
I Internal audits
Classification of quality audits
, Exteryl audits ,
mal plans and checklists on the basis of established requirements, the
evaluatton of implementation of detailed activities within the quality
I
First-party Second-parw Third-party
program, and the issuance of formal requests for corrective action audits audits audits
where necessary."'
Cntena contained in the American Society of Mechamcal Eng~neers i----i--l
Quality audits Qualiry surveys
(ASME) codes, nuclear regulations, good manufacturing practices, or
I S 0 standards, for example, may describe a quality system. Normally
these descripttons state what must be done but do not specify how it must Figure 21. Classific~tionsof quality audits.
7. CHARACTERISTICS OF FIRST; SECOND-, Third-party Audit
AND THIRD-PARW AUDITS A third-party audit is performed by an audit orgmzation independent of
First-party Audit the customer-supplier relationship and is free of any conflict of interest.
A first-pany audit is pcrformcd within an organization to measure is Independence of the audit organizatlon is a key component of a third-party
strengths and weaknesses agarnst its own procedures or methods andlor audit. Third-party audits may result in certification, registratton, recogni-
against external standards adopted by (voluntary) or imposed on (manda- tion, an award, license approval, a citation. a fine, or a penaity Issued by
ton.) thc orpuznrion. A first-party audir is nn intemai audit conducted by the third-party organization or an tnterested party. Third-party audits may
auditors who are rmploycd by the organizauon berng audited. b u t who have be performed on behalf of an auditees potential customers. who either
no vestcll intcrest in the audit results ot the area being audited. Compmes cannot afford to survey or audit external organizations themselves or who
may have a separate audit group cons~sungof full-trm~auditors.orihe audi- consider a third-pany audit to be a more cost-effective alternative. For
tors may bc trained employees from other areas of the company who per- example, government representattves perform mandatory audits on regu-
torin audits as needed on a part-time basis in addition to tbetr ocher duties. lated industries, such as nuclear power stations, airlines, and medical
A multisite coi1lpany.s audit of another of irs divisions or subsrdianes, dev~cemanufacturers, to provide assurances of safety to the public.
whether iocall~.nationally. or rntemat~onally.is often considered an inter-
nal audit. If. however. the other locxrons function pnmwily as suppliers Recognition Purposes. Companies applytng for the Malcolm Baldnge
to thc inain operation Or location. audits of those sites would be consid- National Quality Award. which recognizes worid-class companies and-
ered sccond-party audits. establishes the cnrona necessary to compete ~nternationally,must submit
to an examination. More than thirty-five states have programs modeied
after the h.lalcolm Baldnge National Quality Award program. and some
Second-party Audit
muntcipalities present similar awards. Japan's Deming pnze is another
4 sccond-party audit is an external audit perfomled on a supplier by a cus-
example of such an award. The United States and Japan are not unique:
tomer or by a contracted organizatlon on behalf of a customer. A contract
many countries have established similar cntena.
is in place. and the goods or service are berng, or will be, deli~ered."~
A q d i n sirrvqv, sometimes called n qrialiy nssessme~iror qualit)) Registration Purposes. Companies in certm high-nsk categones-such as
E . ~ ~ I I I I I I ~ N1s
I Ia
O comprehensive
I~, evaluation that analyzes such things as toys, pressure vessels, elevators, gas appliances, and elecrncal and medical
facilities, resources, economic stability, technical capability, personnel, devices-wanting to do business in Europe must have their management sys-
production capabilities. and past performance, as well as the entire qual- tem registered by audit to either ANSUISOIASQC Q9001-1994 or
ity system. In general, a survey is performed pnor to the award of a con- ANSIIISOIASQC Q9002-1994 requirement cntena. Contractors to federal
tract to a prospective supplier to ensure that the proper capabilities and agencies are recognized as regtstered suppliers by auditing agmst standards.
quality systems are rn place."Y Customers suggest or demand that their suppliers conform to
ANSIIISOIASQC Q9001-1994 or ANSUISOIASQC Q9002-1994 cntena.
The U S . Federal Acqu~siuonRegulations ( F ' ) currently state that gov-
An auditor told of one case in whch an o r g u a t i o n actually went out ernment contractors who comply with the I S 0 9000 requirement standards
to give a supplier an award for the perfect product they bad been receiv- are not requued to comply with other quality standards. Many national
ing. However, during the award process it was discovered that the sup- standards have been canceled, and users have been referred to the U.S.-
adopted ANSYISOlASQC Q9001-1994 or ANSMSOIASQC 49002-1994
plier had absolutely no quality system in place! The supplier was able to
requirement standards. A thxd-party audit normally resuits in the issuance
ship acceptable product simply because its employees were good sorters.
of a certificate staung that the auditee complies with the requirements of a
perunent standard or regulation.
Thlrd-party audits for quality system registration should be performed
late: the paycheck was wrong; the Injectton needle was contaminated: the
by organizations that have been evaluated and accredited by an established
wrong reference standard was used; the purcflase order specification gave
accreditation board. such as the Registrar Accreditation Board In the U.S.,
the wrong activity level; computer equipment was missing from the
as being competent to perlorm audits of coinpanles desinng to achieve
clerk's office; regulatory violation. Whether the evidence is quaiitallve or
quality system registration.
quantitative, i t shouid be objective, unbtased and proven true.
The auditor must analyze data to d e t e n n e reievancy. Some data are
8. CHARACTERISTICS OF QUALITATIVE imponant and should be reported due to frequency or level. Other data are
AND QUANTITATIVE ANALYSIS lrnportant due to the nature or kind of the inforinat~one\.en t h o ~ _ an ~h
During audit. an auditor must analyze many different r y e s of infor- event occurred only once.
mation to determine its acceptability w t h the overall audit scope and the With quaniltative intormarlon. $: deiermlnanon 01 licceprabiliiy Is
charactcnstics, goals, and objectives of the product. process, or system f a r & straghtfonvard for two reasons. First, a &rect comp<nson can be
being evalu:~ted. This intormailon may be documented or undocumented made between the ~nformaoonand the requirements or cntena tor the
iliid I I I C I U ~ ~procedures.
S draw in:^. work in~lruct~o~ls.
inanunls. trainlng audit. For Instnnce. suppose the measure of system effectiveness used in
records. electron~cdata on a computer disk. observation. :ind Interview an audit is found to have less than a predetermined number of customer
results. The ;~uditormust determine i f thc informarlon is rclevant 10 the complaints about product quality in a three-month penod. Analysis would
:~udirpurpose and scopc. consist of compannz customer cornpiaint records agaiilsi the criterla to "
Qirrir~rrrorii.edata means elther that measurements were taken or that determine if the system is effective. Secondly. most qunntltative informa-
il L'OUIII was niade. such as couiltin~the number ot defective pieces tlon 1s considered reliable due to the !act that by nature i r should be tree
removed [Inspected out). the number of customer complaints. or number ot emotlon and blas.
of cycles of a molding press observed during a t m e period. In short the Qualitative data must be unbtased and traceable. just like any observa-
data IS expressed as a measurement or amount. IIA's Iilterrtnl rlrldirir~g: tion that is used as objecnve ev~denceby the auditor. Addittonally, the audi-
Prir~czplesarld TL.cl~r~rq~rrs, suggests that there are many sources of quan- tor should determine the usefulness or relevance of the lnformatlon. For
titative data, such as: Instance, the auditor may be d o m e d that one customer complant turned
into a $10 million lawsult. In this case, the data must be verified, and the
Test reports Chi square tests auditor will seek to determrne if the data have any beanng on the quality
Product scrap rates Risk analyses system. Once the information has been detemned to have a real effect on
Trend analyses the system, the auditor may use the data to draw conclusions about system
Variance analyses effectiveness. Or the auditor may determne that the data represented once-
Histograms Budget compansons in-a-lifetime event and are not relevant to Current OpertItlOnS.
Regression analyses Mean, mode, median
Ratio anaiyses Profitability
Lost-time accidents Costlbenefit s t u d i e ~ " ~
Frequency distributions
In contrast, qrralitatrve data relates to the nature, hnd, or attribute of
an observat~on.Qualitative data may include single observat~onsor data
points. E s m p l c s x c : labt month's w~thholdingt u dcposit was three days
1. TIME-MANAGEMENT TECHNIQUES
Proper preparation in the audit piannin_r s t a g can eliminate many delay?
in <he audit pertormancc stage. To make the most efficient use of time.
the auditor must plan an audit on ssveral levels. First. the audit manaser
must scheduie each individual audit in relation to other audits being per-
formed so that ihe availability of audit team members and other resources
can be assessed. Next, the lead auditor must prepare the audit pian for the
~ndivldualaudit. The steps involved in this audit phase were discussed in
Part I1 of t h ~ shandbook. Once a lead auditor establishes the auditing
strategy, a detailed schedule must be prepared that specifies which areas
are to be visited at various times throughour the day. The detailed sched-
uie may be revlsed constantly during the audit, but the auditor must
inform auditec management about planned activities. An auditor who
makes no attempt to stick to the proposed schedule may anta,nonlze mem-
bers of the auditec's organization who have made arrangements to be
availabie as requested.
The auditor's notification letter to the auditee shouid specify special
arrangements, such as transportauon from one audit site to another, the
need for an escort, the use of special safety equpment, or the need for a
conference room. At this time, the auditor should list required equipment
or supplies, such as access to copy machines, printers, overhead projec-
tors, and extension cords. By anucipating needs and m h g them known
to the auditee in advance, an auditor communicates preparedness and a
strong desire to focus on the important task of gathering information at the
audit site.
--
To ensure the efficient use of time dunng the audit performance stage, '~y In these sltuatlons, the best course of action 1s for the. auditor to repest the
Lhe audit team should amve promptly at the audit site at the agreed-upon z- informarlon that was not fully understood before proceeding. Also, the
time tor the opening meetlng. - The lead auditor should retain control of the --=' auditor must be an active listener, meanlng that heishe must not only hear
opening meetin: and should not allow the audttee to take control with what 1s bemg said but must also r e c o g ~ z ewhen the message is clouded
extended plant tours or lengthy presentations, uniess such tlme has been --
--
-.= by a possible contradictory meanlng. Finally, the auditor must always
--
-
scheduled into the audit. assume that the auditee is acting in good faith. Do not assume that a mis-
Throughoul an audit, the audit team meets daily to assess audit understanding 1s on the part of the auditee. Rephrase the question in a dif-
pro!pss. ..\ddirionally. auditors should allow several minutes at the end of ferent way. Be careful lo a s o ~ dtenmnology that has confus~ngmeanings.
e;ich intervtew to rcvlcw notes. present conciuslons. and rench a consen- Don't assume that the auditee is familiar wtth specific industry jargon.
sus with :in audilee representntivr. such as yhe area supervtsor or escort. If ..During an audit, the auditor must remain open-rntnded and tlesible.
data ~ndicateLhat certain areas need additional attention, the auditors' Auditors must bear in nund chat when they conduct an audit, for whatever
assignments mav need to be chan~ed.Findings that Indicate severe rami- reason or from whatever source of authority. they are disrupting the daily
lications lbi- the quality program should be investtgated thoroughly as routine of the auditee. The auditor should conslder the effect of specla1
soon as possiblc attcr they nre uncovered. requests on the audited orsanizatlon and ensure that the audit takes into
Audit teams ottcn ask to have lunch carered so that a working lunch consideration the work norms and culture of the auditee. CI
cai takc place. Schrdulint._:I small amount ot t m e tor an audit team meet- Unnecessary and unrensonnblc demands are often a source of conflict
iiig during the lunch break may aid the auditors in gathenng additional dunng the audit. T ~ Ibecomes
S especially true when the auditee is r n t m i -
nilormalion. i t needed. An audit tram should allow sufficient tlme to pre- dated by the audit [?am and as a result is unwilling to say anything ahead
pare for the r s ~ mcetlng.
t especially when an audit lasts several days, in ot time. These kinds of issues can manifest themselves later in the form of
case additional nil'orni~ilionneeds to be gathered. uncooperatlvencss, avoidance, belligerence, or even sabotage.
An auditor should be able to recognize and overcome delay tactlcs. A sure way tocreate contlict dunng an audit IS to w~thholdImportant
Comnion time-wastmg techniques empioyed by auditees and possible informauon about the audit's status or results and surprise the auditee at
solutions by auditors are discussed in Part I. chapter B.2 of thls handbook. or after the ealt meeting. It IS therefore imponant that the auditor share
When an auditee's repeated time-wasting tactics hinder the progress of an mformation with the auditee on a regular basis. This 1s usually done dur-
audit and threaten Lo compromse the audit schedule severely, the lead ing informal daily meetmgs or dunng actual audit performance. In addi-
auditor is responsible for notifymg auditee management and the client. tion, the auditor has an obiigatlon to inform auditee personnel of the
nature of the informauon they are recording, how it will be used, and so
on. Being upfront with auditees not only helps answer some of their con-
2. CONFLICT RESOLUTION
cerns about the audit process but also puts them at ease, thus reducing the
The most effective method of resolving conflict is to take steps to reduce likelihood of conflict.
conflict occumnce. Ways to reduce conflict include eliminattng msun- If conflict should develop d u ~ an g audif the best course of acuon is for
derstandings, remainmg open-mded and flexible, and avoiding surprises the auditor to temporarily stop the audit and allow a cool-down period before
during the audit process. proceeding. If auditors don't take this action, they run the ns'k of getting
Misunderstandings are the most common cause of conflict during an overly involved and losmg control of the audit process. The ultimate result of
audit. Sources of msunderstanding are poor communication, poor listen- losing contlol is the premature termination of the audit or the disallowance
mg, and auditor bias. The auditor must always be on the lookout for signs by the auditee for the auditor to proceed. Netther of these situations is accept-
of msunderstanding. Indicators include a less than cooperawe attitude on able to the auditor's organization or the client. Once the conflict has d&used,
the pan of an intervlewee, repeated questlons about the audit scope and the auditor can meet with the auditee to determine the source of the misun-
purpose, and the provision of inadequate or incorrect records for review. derstanding. Auditors must reman open to the possibility that they may be a
-
. ..
~
-2 I
direct cause of the contlict. To resolve the conflict and allow the audit to pro- In l n ~ t ~ meetings,
al the auditor has a lot of wor'k to do to establish
cced. auditors must I-emainopen-nunded and listen to the auditee.
.. -
...-
orpnizatlon. the auditor's organization. and within the audit team itself. .-::-=
-.
. -
-
effective communlcauons. Possible communication techniques the auditor
can use during the preaudit phase include:"'
Building rapport by exchmgmg small talk, perhaps over a cup of
coffee
Establishing trust by assunng confidentiality
This communlcarton can take many forms, Including wntten memos, noti-
licamos. and verbal conversattons before and dunng au audit perfor- f.1 Showing empathy for the disrupttons that will be inev~tabie.and
assunns the auditee that distract~onswill be kept to a minimum
4~ .
mance. Basic rules for effective communicating Include ( I ) ensuring that
the mess;ige IS clcru. i?)verifYlng that themessage is received and under- Demonstrating professionalism, and workng hard to be organlzeci
stood. and (3) utilizlny the appropriate medium for transmittai. -. ..- - Esplatnlng the process by reviewing the audit plan, and showlng
To eilsurc the mcssage is ciear. the auditor siiouid: how the auditee will he kept ~nformed
Use appropnatc tcrnlinology and avoid terms that are hard to
I
. -
Ensuring that the auditee "buys-in" by asking: Does this seem
understmd i reasonable? Do you recommend any changes to make the process
!
Avorcl Icngrlry chplanations that dilute h e point ot the message run more smoothly') r-
Ensure the accuracy of the ~nlormatlon 1 . Matntaining flexibility by considering all options. yet never
relinquishing authority to conduct the audit (be firm. but flexible).
Adapt the level and approach of the communications to the
audience ccg. CEO, technmans. all engineers. etc.) Effective cornmumcation dunns the performance phase of an audit
i
involves a vanety of factors, including:"'
To verify that the message is received and understood, the auditor
should: Actlve listening
Verify that the auditee recelved all messages sent (e.g. via Worhng wlth auditee escorts
telephone. fax, e-mail, or other) . Facilitating audit teamwork
Look for slgns of understanding, such as nods of the head and f Holding daily auditee briefings
words iike "I see"
I . Accommodating auditee language requirements
Seek feedback by aslclng clarifying questions, and listen to the
responses I
I
Incorporating technology that improves effectlveness
Accommodating changes In the audit schedule, if asked
Detemne.when a wntten record of the communication is needed --
To determine the appropriate medium for transnuttal, the auditor should:
- Take into account the formaiity of the message
.&-
N e w Communication Technology
With the growing popularity and Increased affordability of computers,
Determine the technology in use by the receiver -
zv
..- ~ technology can reduce audit cycle tlme, conserve paper, and lmprove
Use the appropriate format for transmission (e.g. notification .-.
. ;I
4
.
$$$]
.<z- audit effecttveness. For example, e-rnail and faxing can reduce turnaround
letters, memos, electronic mail, cell phones, ete.) -,
.=- times and costs associated wlth conventional or express mailings. Digital
7
--
.&-..
~ ,..~
cameras are becorntng a valuable tool for auditors. A digttal camera takes appropnate aids and handouts, the lead auditor ensures that the auditee is
ptctures on a disk: tliis disk can then be tnserted into a computer to show in agreement with the details outlined in the audit plan and understands
plctures of problems uncovered dunng an audit. The pictures can be dis- the auditing methods to be used. In addition, the auditor should ensure that
played 31 the c l o s q tneeting or can be pnnted and included in the audit the auditee IS able to Interpret data correctly, is in accord with the infor-
report. matton presented on the audit report, and destres to itnpiement the needed
An auditor can use a notebook computer in conjunctton with the corrective action.
appropnate sottware dunng the audit preparation stage to customtze The iead auditor is responsible for ensunng that a location has been
checklists orcreate tlowchans. for esampie. Dunng the audit performance set asrde for presentattons. The location may be a training room, confer-
s t q c . computers c m be used to cotisolidate observattoos in tlie audit ence room. or wen a break area. The lead auditor should snsur? that there
tcruii~sdaily tiiwungs and to prepare the pl-elimtnary audit report. A com- 1s adequale space lor expected tiirsttn: attendzes. Thts may tnclude dcter-
puter also can be used to create the final audit report, which can be sent minatlon-of searing iirrangements, such :is classroom-style, ar a conter-
vta e-mail if the client agrees. Additionally, it' tIte audit is being scored, ence table, or at a U-shaped table. The lead auditor must secure equipment
spreadsheet programs can format thc checksheets and automattcally com- that will be needed to make the presentation. such as flip charts. overhead
pute tlie audit ~ c o r c s . " ~ projectors, data projectors. pointers. and associated support equipment
Cellular phones t~laybe useful when tm auditor needs to contact a and supplies (plugs. markers. pointersj. Finally. the lead auditor must
clictit or uudii mlnafer qu~ckly.A n auditor may also prefer to bring a cel- ensure that \.tsual aid materials will be prepared and available at the m&et-
iular piionc when auditing a larfe or remote tacility where a telephone mg. Such tiiatertals tilay include copies of pnnted reports, copies oi corn-
may not be accessed easily. Cellular phones can also increase productiv- pleted handwrttten fornis. ti.?. correcttve action requests), overhead
tty of those who spend large amounts ot ttme in cars or at airports. slides. and prepared charts.
Video conterenctng 1s used routtnely by some audittng organtzattons. Some audit~ng organizations prefer audit team members to stt
It 1s a valuable.method for brtnging groups of people face-to-face w~thout together dunng meettngs. wtth auditee represenrattves likewtse grouped.
lncumng travel espenses. In the future. vtdeo conferencing may prove to They beiieve that such an arrangement shows coneston and support for
be especially important tn audinng by eliminattng preaudit vtsits and even one another. Other audittng organizations favor a less fornial atmosphere,
follow-up audits in some situattons. wtth auditors and auditees tntemungled.
The use of electronic media requtres that other issues be addressed. The lead auditor should be certain to communtcate the data analysts
such as secunty, contidenttality (espec~allyfor networks), and document to the auditee both orally and visually. Usmg simple stattstical techniques
controls (vlewing and changing documents, changtng code, and baclclng to recognize patterns and trends and evduate theu significance enables an
up data). auditor to prepare an audit repon. These results must be communicated to
the auditee in a timely and effecttve manner, and the inclusion of slmple
4. PRESENTATION METHODS AND TECHNIQUES charts or graphs in the audit repon or their dispiay on an overhead pro-
jecror can asstst the auditee in gainmg the necessary understanding of a
Members of an audit team must create a favorable tmpression to auditee
problem.
management, both in appearance and ability. Audit team members should
dress appropriately for the opening meetmg. Credentials of the audit team
members are also presented at this ttme to instill coni5dence that the audit
IS being performed by competent, well-qualified individuals.
The lead auditor conducts the opening and e m meettngs, as well as
separate daily meettngs wtth the auditee and the audit team. By using
Chapter C ~.
An auditor uses many types of tools to plan and perform an audit, as well
as to analyze and report the resulrs. An understanding of these tools aitd
their application is essential for the performance ot an effective quality
audit. The auditor m d auditee use many quality tools and techniques to
define processes, Identify and charactenze problems, and report results.
An auditor must have s u f ~ c ~ eknowledge
nt of these quality tools in order
to evaluate whether the auditee is using these toois correctly and effec-
tively. This chapter provides basic information on these tools, the~ruse,
and their limtations. For more in-depth informat~onon the application of
tools, readers should consult an appropriate textbook. Some general refer-
ences are provided in the Recommended Readings section at the end of
the book.
I
3~
y
d
l
Resolve with Lead.
Complete work.
-
Ger supplies.
pa-, etc...
,.
i. . ~
available?
-
1
Realrlgnment of job.
208
(dl Flow process worksheet . ~
this way, matnces heip determine what actlons andlor personnel have the
I I
Prwm
devciopmenr
1
Ddicienc~
rracking
1
1
11IVock
~ m n m g control
11 Documents
and S C C W ~ S
rerenoon hsessmenr
S X
greatest effect on an orgamzation's mission. Matnces can be used by audi- Director
tors as a way to focus auditing time and to organize auditing conduct. In
Table 2, the matnx is used to heip the auditor by identifying orgmzational
responsibilities for the different audit areas. Thls particuiar matnx is used
O P ~
x - - X X
O P ~
to maximize use of tlme dunng the site visit. Table 3, a much broader support X S
matnx, allows the auditor to do the long-range planning necessary for Tech
X X X X
suppon
ensuring proper application of the audit program. In this example, the var- X x I
Admm.
ious audited areas on the Y axls are applied aganst the different organiza-
tlons to be audited. Sorrrce: Rudolph C. Hirzel, "Audits M&ng a Difference" (presnted nl me ASQC Fiflh
Annual Quality Audit Confcrence. 22-23 Fcbruw 1996. Kansas City, Missouri).
Building
..-;--&
---r Work Work Days
A d m ~ n ~ s r r m o nChemistry Biology M a r e r d s rervres Engineering -~=-- crew lost
1 Dm Type Area
,"4..~..1..1 I I I I
C.Q-101
Spmn ~ I d g12 ~Cch 4
5
515 Spr~iil Bldg 5 MAP-2-12 Elcs
Xech 2
5/12 Burn Area S PXIP-1-4
5/15 Abrasion Arca 10 PMP-3-7 Grnds 3
prorccrion 4 Eirc I
C C 5/23 Burn Bid& 12 CAP-103
lndusrrial ii 5/25 Sorxn Admm bldg Xl.4 Xl.4
ratciv i\ A j-i - . .A Eiec 1
.I ~
5/29 Cut Bldg 5 MAP-2-17
Envmxmenral C C C C .d
t
-
Personnel
ciatnmg
Conduct
B A B C 1- i
z
of opr
Quditv
C C !
I
C : Number of days lost
zsSUra"CC A C A C 6 1
A = Firs: assessment B = Second arscssmenr C = Third asrerrmenr
R u d o l ~ hC. Mirrel. 'Uudits Making a Difference" (prcrsnrcd thc ASQC Fifth
Sr,o,r.c.:
Annual Qualily Audii Cunfercnce. 22-23 F e b r u o 1996. tians:ta Cii\.. Missouri). !
Darn svsrems exist in a wide ranze of forms and formats. They may
~ncludeweekly and monthly reports of laboratory or organizational per- I
7
Properly Pertormed
1 DEFECTS
~. -
Histograms should indicate sample size to conmiunicate the degree of ---
confidence in thc concius~ons.Once a histogram has been completed, it
bhould be analyzed by identifying and classifying the pattern of vanation,
and developing a plausible and relevant explanation for the pattem. For a . ~
On
3.
one side 2nd tails off gentiy on the other. Truncated distributions a, phase of statistics that seeks only to describe and analyze a given group
smooth, bell-shaped distributions with a pan of the distribution draw,ng any conclusions or inferences about a larger
(sample)
removed. or truncated. by some estema~force. Croup ~populatlon)Is referred to as deducrilte or rlescrfPr1"e srflrrsrlcs.
Z. Isultrred-peakcd: A small, separate group of data
kerdistribution. Similar to the double-peaked distribution: iiowever, me
to Geasures of tendency and dispersion are the two most fundamen-
tal concepts statistical analysis.
short bell shape indicates something that doesn't hzlppen very often, .
E":W~eaked: .A 1arF Peal; 1s appended to an othenstse smooth dis- - -4- Measuresof ~~~d~~~~
tributlon. Similar to the comb distributloll tllat error lvas I1 ..Most frequency distributions eshib~ta .central tendency' ( a shape such
imde in the darn. All r e x i i n y oust a certatn point tnlly ~lasrbeen grouped that tile bull; of [he observations pilc LIP 111 the area between thc lwo
lnto one value."' - - . ..
estremes),.v~~ central tendency IS one of the most fundmental concepts
No rules exist to esphin pattern variation in every s l t u a ~ o n . ~h~ three .. ten-
in all statlstlcal analysis. There are three pnnclpal m%sures
most important chmcteristtcs are centering (central tendency), ,+,idth -.
1 dency: mean. median. and mode.
(spread. vanauon, scatter. dispersion). 2nd s]litpe ~f no dis-
f
''mihie Pattern appears to esist. the distribut~onmay not be normal, and 1 A~~~~~~~~~i\/iean. neo,.,r/lt,lerrcrllerrn,or nienn ~mlrle,IS the sum totJi of
[he data may actually he distributed according to some other distriburlon, divldi.d by the number of data values. It is the merase lhs
!i ail n.
"lch as esPOnentlal. gamma. or uniform. Analysts of distribuuons of these of saillple Mrun the most commonly used m?mn'e ofcrn-
FPcs 1s beyond the scope of tills text. 2nd further tntormarlonshould be
s o u ~ h from
t specialized statlstlcs texts, I [rul tendency
and is [he only such measure that incluaes even' value i n the
data set, ~h~ mrhn1etic mean is used for symmetncai or near s ~ m e t n c a '
peak.
I distributions,or for distributions that lack a slngie clearly
9. DESCRIPTIVE STATISTICS
~ ~ ~ ~ is , the middle value imldpoint) of a data set
d~h~i r,lrdia,r
"Descn~tWstatlstlcs fumlsh a stmpie method of extractlngInfo,,,,a1lon ! numerical order, either in ascending Or descending order. The
f manzed
from what often seems at first glance to be a mass of random numbers.
These chamctensucs of the data ma" relate to: ,i median used for
but
reducing
are not
the effects of extreme values, or for data that
econormcally measurable, such as shades of cO1-
can be
-
1. Typrcat. Or central. value (mean. medim.
ors, odors, or appearances.
2. A m ~ s u r eof how much vanability is present (variance. standlvd
dev~ation) -
~ ~ ~h~ d,no& ~is the .value or number that Occurs most frequently In a
3. A measure of frequency (percentiles)"l?" data set, jf all the values are different, no mode exists. If two values have the
S t a t i ~ t l1s~concerned
~ with sclentific methods for organlz- / most and same frequency of occurrence, then the data set or disuibuUon has
In& summanzing, Presenting, and analyzing data, as well as drawing valid j two modes and is referred to as bimodal. The mode 1s used for
cOnciusions and m*ng reasonable decisions on the basis of such analy- j slcewed disuibutlons, for describing an l r r e g u l ~slumon when two pealts
. . are found, or for eliinating the observed effects of ememe
sls. In a narrower sense, the term srarisircs is used to denote the data them-
..
,.
*.,.
a..-
.
selves or numbers denved from the data, such as averages, -.-.,
--
-..: 8
.~,- *,
An auditor must look at how an auditee defines the process and nec- -.,. . , Measures of Dispersion
essary and must establish some type of measurement system to Dispersion is he vanahon m the spread of data about the mean. Disper-
.+
ensure that the meaWr~mentsor the process were properly defined. ne sion is also referred to as spread, and scatter. A measure dis-
b the results of what other people have done, and if heyuse ...... ,,
a u d i t O r ~ o oat -.. .
...~- persion the second of the two most fundamental measures of all stat1s-
stattstrcal tools. he orishe must be knowledgable enough to decide tic.h analyses, ~h~ dispersion wltihin a central tendency 1s norma%'
.=. i
whether (he information they are gathering from the data is valid, ~h~ : measured by one or more of several measuring pnnciples.
Data arc always scattered around the zone of central tendency, and the z .-
extent of lhis scatter is called dispersion or vanation. There are several meaL--z
-
sures of disperston: range. standard deviatton, and coefficient of variation.z-=
~.
Range.
-
.
The range ts the srmplest measure of dispers~on.It is the differen*=.
-
.. .
between the maximum and mntmum values in an observed data set. Sincei-c
is based on oniy two values troni a data set. the measurement of range is most-- -
,
.
i
.- ...
i.L
,.,.<-.c
2%~ -
1
The u chart is used for average number of nonconformihes per some
unit of measure. Sample size can be either variable or constant since it 1s
charting an average. A classic example is the number of nonconfomties
m a square yard of fabric in the textile mdustry. Boits of cioth may vary
which might then be analyzed for improvement of the process. For this in slze, but an average can be calculated. Figure 38 is an example of plot-
chart, the salnpie size must be constant from or unit to unit. tingattribute data using air chart.
L i m t (LCL) almost all the ume (such as 99.73 percent) and the data do
not display a particular form that would indicate an out-of-control condi-
tion (such as 7 successive data points below or above the center line of the
control chart). A process is capable when the distribution of individuai
piece data is within or equal to the Upper Specificauon Limit (USL) and
Lower Specification Limit (LSL). Histograms can be used to graphically
show capability when upper and lower control limits and specification
limits are added to the histogram data.
A process capability indcs expresses a numencai relationship
.. betwcen the process vanability and the specification iimits. The most
Januari February -common indices currently in us? are Cpand Cpi If the upper control limil
and lower control limit are superimposed on the upper specification limit
I'igurc 35. 11 c h r r tor tlie average errors per truck lor 20 d;ays ot production. ... and lower specification limit. the Cl, would equal 1. This assumes that the
Sorwc.: J l , l ~ aT.Burr. SPC 7im1.%I r w Eve!so,ie IMilwaukce: ASQC Qunlitv Press. 1993). p. 5s. ~2 mean of the process IS exactly centered wlth the specificatlon limtts. If the
GscLI Wtl, ~cnT,ss,o,,. -3 control limits fall outstde the specification iimlts, the value of Cpw,ouid be
---3 less than I . Cpi is n method of measunng process capability when the
11. PROCESS CAPABILITY INTERPRETATION I
inean of the process is not centered with regard to the specification limits.
A Cp, of i or greater means that the process 1s capable at a levei of at least
"OIWof tile thuor~ermost widely encountered is: 'The process can't
99.73 percent conlormtng. wh~chIS the limit assoctated with an X and R
liold [lie toler:inces.' To lest tlils theory. mmsurements from the process
chart. It IS extremely imponant when using these capability tndices [hat
nlust be taken and anaiyzed to detcrmlne the amount of vanability inher-
the process be in-control because the theory IS based entlrcly on a normal
uii-ii~the process. Ths var~ilbilityIS Glen compared to the specificatlon
iim~ts.These steps are performed i n a process-capability study."'35
Process capability provides a quantified prediction of the adequacy of
a process: and it measures the capability of a process to produce products
----A
- -
i
disuibut~on.If the distribution IS not normal. the indices arc meaningless.
'.A staustlcal control chm can be used to ldentify visible trends In the
performance data measured dunng the audit of a qudity system. It can
that meet speciticatrons by measuring the inherent uniformity of the show this informauon in terns of both the average enor rate and the
acceptable performance levei."""
process. Generally, tt is not feasible to d e t e m n e process capability by
direct measurement of a process under operating conditions, so capabiliiy -
is determtned ~ndirectlyby measunng the uniformity of the product. -
Process capability can be used to measure process performance, monitor
processes ustng control charts, evaluate process equipment, revtew toler-
ances based on common variation of a process, d e t e m n e the effect of
changes or adjustments to processes, and audit process performance.
Process capability can be detemined when a predictable pattern of
statistically stable behavior constsung of common causes of variation are
compared to specification limits. Process capability indices numerically
express the relation between the distribution and the specification limits.
A process is in a stole of stotisticat control when the plotted data points
are withm the calculated Upper Control Limit (UCL) and Lower Control
Appendix A
Sampling has always been a s t m n g point for discussion among auditors.
Some say that statistical sampling is the only way 10 perform an audit that
means anything to management. Others contend tl~atwe don't need to .%
look at a statistical sampie to determine whether there is a problem. There
are times when staristical sampiing is a must; and there are rrmes when
judgmental sampling gives the results needed.
There are many ways of choosing the samples to be evaluated during
an audit. T h ~ ssectlon explores the many ways and provides some gu~d-
ance about their application.
Kx
The last section talked about nonstatistical types of sampling for audits: hap-
hazard, block. and judgmentai. This section esanunes these in more detail to
try to understand the pros and cons of using each. The goal is to provide man-
agement with supportable information about the company, with the expecta-
tion that management will W e action based on the results presented.
Hnphnzard sErnplirzg is used b y auditors to try to gather information
from a representative sample of a population. Items are selected without
intentional bias and with the goai of representing the population as a
whole. The auditor might ask to see the deficiency reports on the coordi-
nator's desk. The deficiency reoorts on the coordinator's desk when the !
ture of what is happening, although the results are not statistically valid. In i
The results do not reflect all departments, lines, items, people, problems,z-z the first approach, the auditor selects samples based on hlsher best judg-
or a myriad oi other cons~derations.The results are not statist~callyvalid . ~
tions. Auditors want to be able to provtde management with supportable to focus on areas where problems were found previo~siy.It is a fact that
statements about the entue population. For thk reason, block sampling is an auditor focusing on an area will probably find problems <hat get
.1.
normally not used dunng the audit to identify problems. recorded and reported. An unwritten law of auditing is that "if we look for
9;
it. we will find it." If we continue to focus only on areas where
are found, l o g would
~ talic us to the extreme where we always audit the
same thing over and over. Tlius. certain areas would be seen as pristine,:_-
while others wouid be seen as consistently incompetent. Stat~st~cal sm- - 3. Chapter C
piing 1s needed to provide a baseline from wll~chfurther auditing using-
judgmental sampling may proceed. -..
,,2-
Nonstatisticai samoling has 11s place in audit~ngand in the invesnga-
rron OF identified problems. Haphazard sampling should be avoided if m
all possible. Block sampling 1s effective in pinpointing problems, and sta-
tistically valid conclus~oilscan be made about the block evaluated, but
3 for
conclusions about the total population require more work.
sampling is effective in focusing the auditor's efforts and in
areas of improvement in a relativeiy mature quality program. The job of
the quality auditor IS to know when each method 1s best for d e t e n n i n s =i
the ~nf'ornlationneeded. It's not difficult to plug numbers into a formula and calculate the
results. Management likes to work with numbers that have meanlng and
that put boundaries around a question or an error rate. This is where sta-
ttstical sampling comes in. With stat~sticalsampling, we can state in
our audit reports that W e have 95 percent confidence that the purchase
orders are being correctly processed." Sample size depends on confi-
dence level and what we want to determine.
Naturally, the larger the sample slze, the more accurate the estimate.-
For small populations, we correct the sample stze for the popuiation.
Auditing by statistical sampling is best suited for single-attribute auditing.
However, once the item to be audited has been selected, many attributes
can be checked dunng the audit. A purchase order has many attributes that
can be checked simultaneously. In this way, one calculation for sample
scze can be used to report on many attributes.
Sample size is calculated uslng two formulas. The first formuia is the
"first estimate of the sampie size" based on the binormal distribution. This
formula is:
where: This works out to:
I Z , ~ ,= first estimate of sample size 11(P = 238
= standard devlatlon tactor (1.96 for 95 percent Using this sample size and finding an error rate of 5 percent, we will
confidence) be able to report to management that we have 95 percent confidence that
P = estimated error mte the itemslprocesses in the population of 500 contans 475 error-free items,
A = des~redprecision
plus or minus 2 percent of 500 (10 items or processes).
This is a Ixge sample size for quality auditing, but it does Zive the
ii
The sccond ibrnu11:i uscs the tirst estimate of sample size and adjusts
lo fir the population:
-4 precision necessary to report ~ o o dnumbers to management. A littie work
with the formulas
. . . will
- . show that as the population gets iarzer. the reiative
sample size gets smal1er:Thus. the formulas-work best with larger popu-
lat~ons.Large populations can be found in purchasing and production and
lead to better applicanon of sratistical sampling. Other ways to reduce the
sample sxze is to reduce the precision ilarger A) or the confidence (larger
whcrc:
p and smaller 2).
I!,,, = linal sample s m Pertorming the calculations using a popuiation (NJ of 2000. the
deslred precision ( A ) IS 4 percent. the desired confidence level (ZJ IS
I ! , , , ~= firs1 esirnlate of sanlple size 90 percent. and the estimated error rate (p) is not to exceed 5 percent.
Plugging the numbers into the first equatlon gives:
-lo use these formulas: we plug in the numbers we h o w or expect. :
:
and determine thc sample szze. Consider a known population ( N ) of 500.
We decide that the desired precision (A) 1s 2 percent, the des~redconfi- f
4
dence level ( Z ) is 95 percent, and the estimated error rate (p) 1s not to 2 This works Out to:
exceed 5 percent. Plugging the numbers into the first equation gtves:
1
Although this is fairly reasonable, we will still use the formula to correct
i
for popuiarion. This gives:
This works out to:
..
This obviously won't work with a total population of 500, so we This works out to:
to adjust the sample size using the second equation. With I * , , = 456 and .*-:
.-A:@ = 142
..
the population (N)of 500, the formula becomes: .&.3
As you can see from the example, large popuianons make the first for-
mula accurate for determimg sample slze. Also note that wlth less preci-
sion and confidence, the sample slze is reduced to a more workable number.
Zreater bin or equal to 1011,where 11 is the sampie sze. This condition is process and sampled separately. The process Acceptailce Quality Level
not required when the standards are used. as the s m p l e size is corrected for .... .
~
Q3-!99S standard. Yes, there are cases when we will work with truly is
~.I-:s 7-
Iated lots. in which casc Tdble A would be used, but this is the exceptio
and tlie easier to use. Chapter E
ASQC Q3-1995 is fairly simple to understand. Let's assume that f r o m a -
the DR lug, we counted 739 DRs written during the period being audited-
4
Our client isn't overly concerned w ~ t hdetailed compliance with the pro~-
cedures. but does want each dcticrency corrected. For compliance, we - :- 3
scicct ;lii LQ 01' 17.5 pcrcent. ~IiicliIS hirly IOOSC. Table BS shows our
sitniple s a c to be 37. hx deliciency correction. wc select an LQ of 2 per-
ccnt. \\.hich 1s h r l y tisht. Table B4 silows .our sample size to be 200. . - .
Please note that this 1s aimost a 100 percent sample because our p o p. . u l c
tion is row. From Tablc C3, we find that in both cases we acceDt the loii-f-.'
~ -
'1.
-i
Then we solve for Xu,:
i
allow the quality auditor to speak with authority to management about the 1
results of the audit. There is a iot to learn about applying the standards to 3
7
quality audits, but many peopie who have previousiy applied the standards 4
3
to product acceptance will quickly be able to apply the standards to their
auditing. Give these a try the next time you find yourself auditing a iarge
4
popuiation. You may be glad you did.
1
.i
J
Similar proportions ,
-1ve us:
3
Chapter F
The saniples are chosen liom each stratum usmg the random sampling
te~hn~~!ues. 11' the samples are not chosen uslng a random sampling tech-
niquc. the results \\'ill not be stat~stlcnllyi'alid. 4!
Wirn t h ~ sknowiedge. we can accept the total popularton withoneor- .-:$.
zero defic~enctesand reject the totai population wlth two or more defi-,,.-2 3
-
ciencws. Althoulrh wc cannot make staust~caiulferences on each stratum. - - 1
\vc zun some ~ntormat~on
--2
that we can use to Lurther mvestlgate the stn- IS appendix has looked at vanous methods of' sampling [hat are com-
turn. it' all thc defictcnc~csarc found in a part~cuiarstratum, the auditor rnoniy used in the pertormauce of quality audits. Tabie S summmzes the
c:ui rc\.w tile locus of the :rudit to further investgate that part~cularstra- methods. thc~radwntages and disadvmtages. and their applicability. .v
.
~ u m .11 all the d e i i c ~ c n ~ ;ire
~ e slound 111 a p;~rt~cuIar
str~uml.the auditee Simst~ca1ly.random sampling must ensure that each Item in the pop-
could justifiably tocus correcuve act~onon that stratum. ulat~onhas an equal chance ot bein2 sekcted. A sampling scheme 1s
Th15 method piaces emphas~son the populat~onof the strata within a developed lor selection ot the samples. This scheme can use a strlctly ran-
populnr~on.T h ~ may s nor be desirable to management. For example, man- dom select~on~based on rmdom number tables or computerized random
agemcnt may \wnt the auditor to lbcus on thc high-cost items. whlch 1s number !perators. or u systematic sampling scheme- based on the num-
where lhclr p a t e s 1 nsk lies. ber of samples selected and the total population.
Proport~onal.'Stratified" Sampling is deceptive in that the auditor and Nonstatisttcal sampling, aithough very easy and quick to perfom. has
;ruditee could be m~siedinto draw~ngconcluslons about each stratum many disadvantages. wh~chmclude potential blas in the sample, lnabiiity
insteud of the totai populanon. The method, sample size, and resuits allow to make generalizations about the total populanon, and indefensibility as
the auditor to draw conclus~onsabout the total popuiat~ononly. The objectlve sampling.
results can be used by the auditor to detemlne where to focus further Statlstlcally valid auditing must have random selection of items to be
tnvestigation. The results can be used by the auditee as a gu~defor where evaiuated and use probability theory to quantitatively evaluate the results.
to focus correctwe actions. Two methods can be applied to quality auditing to provlde the ability to
make statistically valid concluslons for use by management: starisrical
snmpling for attributes and snnzplirig with standards. These methods
allow confidence levels and error estmahon based on the results of the
evaluation of the samples. . .
Auditors are encouraged to begin usmg statistically valid sampling
when it adds value and improves the effectiveness of the audit report.
When using statistical sampling techniques for the first time you may
apply a single method during an audit to learn the various methods. This
has the additional advantage of allowing you to educate management on
a,\!l>a!l[<, <I! q q
.!sl,>pp 1011 ! l l c ~ ~ l ~ ! ~ n l l ~ l d
[l!l,,l aq1 InUq,! S ~ i ~ ~ ! l l ? ~ ! ~ l !
-~auaS~~I!III IIMIIII::) :a[<[ y s ! ~qB!q
-LII~!S ><[I it! SI!!~ ~ ~ L I ! S S I I ~ 10 wale put! s m i c iualqold
s,~ol.ta :pa.m!nai am n:w+tadxa So!uut:ld oh\ouy uo s n ~ !a~oa!.iadxa
o ~
,\jar a,,i!q QI p a a ! [ x l ~III! ~UI:UIJDII~II i s ~ dI! a I IL C 10 a8prr[n\ouy isi!d uo pasoq uo!l?a[as
ulals~s al,ll:Lu I I I .y>!tih .,<s~:as! LIO!ISJ~S sa[dutl:s S J S O O ~m ! p w pwau18pnr
A round robm audit team must be handled the same way as a thud- ..
~4
for quality management and general requirements for quality assurance.
party regrstrar. Confidentiality agreements may have lo be signed, and .. ~ The I S 0 9001 standard and I S 0 9004 gu~deiinedocuments are be~ngstg-
auditors should not audit :I competitor or supplier. So the makeup of the , ~ - . nificantly reorganized for Issuing In 2000 or 2001.
audit !cam must be carelully contemplated. An auditee does not pay for a~.r-::- In August 1994, the Automotive Industq Actlon Group (AIAG) pub-
round robrn audit. unlike a th~rd-partyreg~strationaudit. Since each orga-~"---
~7 lished QS-9000, a set of requirements for the automotive industry. QS~9000
1
n1%i1110111s iudiiins tlie others. [he cost ol'contributing the time of an audi- -=:
is ident~calto the I S 0 9000 senes, w ~ t baddit~onalmdustly requirements
tor is ~~wolved: but the cost is aosorbed by a11 companies that contribute geared specifically toward automotwe quality unprovement programs.
:n) :lu~Iitor~ >ilscr rhc .s?rvrcc. However. wtlile IS0 9001, 9002, and 9003 are stnctiy compliance-type
Ti113 conccpi u n p a t e d because companies had difficult~esgetting documents. the addition of 1;TQM philosophy in QS-9000 moves the result-
~ s p c ~ n c ~ l czudi~ors.
cd Thy cornpanles !nvoived in :I round robm consor- Ing document in the diiectlon of continuous improvement. The AIAG has - .
ttum do not have to belong to the same tndusrry; for example, a textile. also published Interpretations of QS-9000 requirements. While the docu-
manufacturer and a metals manufacturer may have auditors b e l o n g ~ n < i o ~ ~ment is criticized by some as too restricttve. ~t IS considered by many others
[he hame tc:im. .A> 11 result. a syner:); or cross-fertilizntion of ideas from -43 to be a breakthrough and ;forerunner of thrngs to come.
diil'crent ~ndusinrsoccurs. The next version of ANSUISOIASQ 9001 is scheduled to be pub-
i
Round rob111consortturns provlde many benetits: a company gets an x
i Lished In late 2000. The new version is expected to contain changes that
i
indepeiidmt audit. :ind tlie rwditors get ths traning and expenence neces- emphasize customer satistact~onand conttnuous tmprovemeni.
h
~ a h o n aQuality
i Award or ANSI/ISO/ASQ Q9004.
.. ,
to another. All intemat~onalstandards in the I S 0 9000 senes are indepen-
ilcnt ol' any spccilic cconoinic sector. Collect~vely,they provide guidance
-. -.
-
1
.- As companies uy to achieve conhnuous improvement and reach world- ;I
3 ciass levels, they focus notjust on complying with a part~cularstmdard,but . ..
.. .-
# ,k.: ~ .
:r,;a;
,.. :,
,.:..A,
262 r\,rpef~i/i.uC
4
3
4
ralher ask. "How far can we reach, What are our goals to get there, and how
do ire go about that p r n c e ~ As
s ~ a~ result.
~ a luge percemaee of fie appfi----
-.....-
cations handed out for the Malcoim Baldnge Nationai Quality Award every
3
--"-;-
year are used for self-assessments wltiirn a company and are never used to,_..--
apply tor the award. The comprehensive criteria are based on how a system12z3
needs to be structured to attain totai customer satisfact~on.Benchmarlung,
one of the toois used dunng that process. 1s defined by the Amencan Pro- --
duct~v~ty and Quality Center as "the process of identifyme. understanding,
and adnptln: outsranding practtces and processes from orgmizatlons any-
where in the world to heip your organization lrnprove its performance." - - ... ...
Winners ok fie Malcoim Baldnge National Quality Award are required
share w~thother conipmies what they have ieamed from the process, resuli--
ing i n nn open lnvitatlon for.others to ! e m from [hem. -. 1. ASQ Cerrificat~onDepartment. CQA Brochure, irem B0020,
rewsed April 1999, p. 4.
2. Charles A. Mills, The Qtmlit?~.4rrdit: A Matzagenre~zt
Et',~lir'monTool (New York: h1cGraw-Hill, 19S9), p. S 7 ~
3. \Valter Willborn, Audit Standards: A Comparatrve A r ~ a l p s
(&lilwaukee,WI: XSQC Quality Press, 1993), p. 15.
4. ~ro?&-Cfs tor the Pro,kssmral Practtce of internal Atrditlttg
(Xitamonte Springs, FL: The Institute of Incernal Auditors,
-
1978).
5. ANSVISOIASQC Q10011-2-1994, Gnldelines for Arrditrng
-Otrality
. Systenzs (Milwaukee, WI: ASQC Q u a l i ~Press,
19941, p. 10, clause 10.0.
6. James W. Kolka, I S 0 9000: Legal Perspectrue (Milwaukee,
7tW: ilSQ Quality Press; Montclair, VA: Inrernarional Forum
for Ivlanagement Systems, Inc., 1998), p. 57.
7. American Society for Quality, ASQk Fozrndatrons in Qtmlity:
Certified Qtinlity Atiditor, Modtrie 1: Ethcs, Professzo~zal
Conduct, and L~abilityIssltes. (Milwaukee, WI: ASQ Quality
Press, 1998), p. 1-19.
S. Harold L. Federow, Quality Practices and the Law (New
York: Quality Resources, 1997), p. 179.
9. Henry Campbell Black, Black's Law Dictionan (St. Paul,
MN: West Publishing Co., 1990), p. 466.
10. Dennls R. Arrer, Q~ridityAudits for I~?iprovedPerfortmmce, 32. Certified Qtrality Auditor: ASQ's Fo~tndatlo~zs
III Qrraiity,
2d ed. (Milwaultee, WI: ASQC Quality Press, 1994), p. 18. Module 3: Azrdit Perforimmce (Milwaukee, WI: ASQ Qualiry
li. h e r , p. 12. Press, 199S), p. 3-20.
12. ASQC Energy Divis~on,Nuclear Qrlolity Systems Atrditor 33. Certified Q ~ a l i t yAtrditot.: Modzrle 3, p. 3-21.
Trarrrmg Handbook, 2d ed. (Milwaukee, WI: ASQC Quality 34. Arrer, pp. 39-40.
Press, 19S6), p. 26. 35. Arrer, p. 41.
3 ASQC Energy Division, p. 26. 36. Arrer, p. 43.
14. ASQC Energy Division, p. 40. -
37. Arrer, p. 42.
- .
i5. ASQC Energy Divlslon, p. 25. 33. Arrer, pp. 57-38.
16. J. &I. Juran and Frank M. Grvna. eds., Jrrrar~sQrmlit?, 39. ANSIlISOlASQ AS402-1994, Q r d i ~ Mnlzngement
l mtd
Corrtroi Hmdbook. 4rh ed. (New York, McGraw-Hill, Qtraiity Asszrra~tce-VocnbriIary (Milwaukee, WI: ASQC
19S9), p. 9.6. Qualiry Press, 1994), p. 5.
17, Arrer, pp. i 9-20.
40. Willborn, pp. 52-53.
1s. i\Iills, p. 89. 4 . ASQC Energy Divisron, p. 45.
i9. B. Scotr Parsowitil, Frtrrdarne~~t~ds
of Q~ralityArtditrrtg 42. Parsow~th,p. 30.
(blilwaukee, '271: ASQC Qualiry Press, 1993), p. 24.
43. Arrer, p. 62.
20. Arrer, p. 4 1.
44. J. P. Russell and Terry Regel, After tile QuoiitY Audit:
21. Parsowith, p. 23. Clostrzg the Loop or1 the Audit Process (Milwaukee, WI:
22. Certified Quality Auditor: ASQ's Fo~rrzdatrons111 Quality, ASQC Quality Press, 1996), p. 22.
Module 2: Airdir Preparattott, (Milwaukee, WI: ASQ Quality 45. Charles B. Robrnson, Hotu to Make the Most of Every
l'ress, 199S), pp. 2-45, 2-49. Audit, (Milwaukee, WI: ASQC Qualiry Press, 1992), p. 94.
23. J. P. Russell, Quality Atrditor Revtew 1 no. 4 (1997): 3.
46. Russell and Regei, p. 11.
24. Arrer, p. 35.
47. Russell and Regel, p. 104.
25. ASQC Energy Division, p. 26.
48. Lawrence B. Sawyer, Sawyer? Intental Atrdit~ng,4th edir~on
26. ASQC Energy Divis~on,p. 26. (Airamonre Spnngs, FL: Insurute of Inrernal Auditors, 1996),
27. Arrer, p. 23. p. 166.
28. Arrer, p. 26. 49. Richard L. Ratliff, Internal Atrditmg: Principles and
techniques, 2nd edition (Altamonte Springs, FL: Insrirute of
29. Arter, p. 37.
Internal Auditors! 1996), p. 758.
30. ASQC Energy Division, p. 42.
50. Arter, p. 66.
31. Mils, p. 185.
51. ASQC Energy Division, p. 47.
52. Arter, p. 69.
4 --
53. Charles B. Robinson, Aziditing 0 Qzinlity System for t17e Defeme
lirdiistiy (ivlilwaukec, WI: ASQC Qualiry Press, 1990), p. 66.
~ 4 74. Russell and Regei, p. 127. ,
~.
. .
75. Russell and Regel, p. 127-146.
54. Certified Quality Auditor, ASQC Foundnt~omti!
-
Oiislit~~, itlodrde 5: Connectiue Action Folloru-Up
. .-
~.
-4
.=A
76. Russell and Regel, pp. 135-139-
77. ANSIASOIASQ 49004-1-1994.
,.
. --.
..-
s
4
. ...,
m d Cioszrrc (>lilwaukee, \VI: ASQC Qualiry Press, 199S), --==-, -.., -
p. 5-% .- 78. Russell and Regel, p. 146.
-. . .
7 . Arccr, p. i ~ . 79. Theodore Levlrt, in Quality Qrtotes, p. 77.
.ii,. XSQC Energy Div~slon,p. 49. SO. Unired Scares Department of Commerce, Technology
-- Robmson, ;\lrd;t;iig
. ,
5s.
lntilrsti~p. 66.
~7 Qzri~lit!. S?stciil for t / ~ e
- -..
..
f
3 Admmisrrarion, Nac~onalInsticuce of Standards and
Technology, Narionai Quality Program, Mdco11i1Bizidriye -
Notional Qiiality Award, 1998 Criteria tor Perfortnaizce
Excellence, p. 23.
. -.
.
.
~,
.
.
,
cT . i
Ii
ASQ Qztality Progress, July 1998, pp. 43-45.
~. fj
71. Russell and Regel, p. 128. -.a.
-zi
96. ANSI/ISO/ASQC Q10011-3-1994, p. 3.
-.:>A
72. J. M. Juran, Jztran on Leadership for Quality: An Executive .~< 97. J. P. Russell, The Qttality Master Phn: A Quality Strategy for
Handbook (New York: The Free Press, 19S9), p. 7. - Bztsiness Leadership (Milwaukee: ASQC Quality Press, 1990; I I'
-
.~*
J. P. Russell & Associates), p. 7.
73. David Hutton, Tbe C/7mzge Agents' Handbook (Milwaukee, ..
W: ASQC Quaiicy Press, 1994).
:
F.:
--
.-
4
!a
>:
1 - 2
dz i
93. ANSUISOIASQ A3402-1994, p. 5. 123. Russell and Regel, pp. 157-167. 4
3 =i
*j
99. Ihd. 3 124. Mills, p. 205. -
100. Ibld. f 2 5 Gerald F. Srnlth, Qrtality Problem Solvztzg, (hlilwaukee WI: 2
..-2.
-
'
:
xi
*=*,
104. Sayie, p. 1-7. Rcprotiucru w t h permlsslon of Allan J. Sayle. 4 117. Juran Inst~tute,"The Tools of Quality- Part IV: Hisrograms," -. :
.~..,
1 ASQC Qualit? Progress (September 1990) pp. 77-73.
105. Arter. p. 5 .
-
: 12s. Juran and Gryna, p. 23.15.
106. Arter, pp. ~1-2:
107, ANSIlISOlASQ AS402-1994. p. 5.
-.-.
'?"= -4
,
119, Juran and Gryna, p. 23.16.
130. Parsowith, p. xiii. ' -'?
-
-
.'
.
i
j
Product quality audit See Qitniity nrtdit ' Qualiy improvement ActIons taken throughout the organization to
Producnon permit See Deviai~o;~ pem~it.A producrlon permit is for a increase the effectiveness and efficiency of activities and processes
i
in order to provide added benefits to both the organization and its
limited quannty or period and for a specified use
Purchaser Customer in a conuactual situation
--.
2
customers
i
I Quality loop Conceptuai model of inreranmg activities that influence
Qualification See Qlralificnt~onprocess
quality at <he various stages ranging from the idenrificat~onof
Qualification process Process of demonstranng whether an entity is needs to the assessment of wherher these needs have been satisfied
capable of fulfilling <he specified requirement
Quality losses Losses caused bv nor realiz~ngthe potentla1 of resources
Qualified Status given to an entity when the capability o t fulfilling- - In processes and activ~ties
specified requuements has been demonstrated -
2 Quality management All activities of the overall management func-
Quality Totality of characterlsacs of an entity that bear on its ability tion that determine the quality policy, objectwes, and responsibili-
to sat~sfvstated and Implied needs ties, and implement them by means such as quality planiuny,
Quality appraisal See Qrralih evairmzoit quality control, quality assurance, and quality improvement
within the quaiiry system
Quality assessment See Qllnlity e~vlrratioir
Quality assurance All the planned and sysrematlc acrivtt~esimple- Quality management manual See &iiv i7101rtlfl/
mented wi<hln the quality system, and demonstrated as needed, to Quality management plan See Q ~ t n lpint?
i~
provide adequate confidence that an enriqr will fulfill requirements Quality manual Document stating the quality policv and describing
.for quality the quality system of an organization
Quality assurance manual See Quality m n m a i Quality plan Document setting o u t the specific quality practices,
Quaiitv assurance plan See Qtlality pian resources, and sequence of activities relevant to a partic~liarproduct,
prolect, or conuact
Quality audit Systematic and independent examination to determme
whether quality activities and reiated results comply with pianned Quality planning AcnvInes that establish the objectives and require-
arrangements and whether these arrangements are implemented ments for quality and for the application of quality system elements
effectwely and are suitabie to achieve objecrives Quality policy Overall intent~onsand direction of an organizat~on
Quality audit observation Statement of fact made during a quality with regard to quality, as formally expressed by top management
audit and substantiated by oblectwe ewdence Quality record Document which provides objective evidence of the
Quality auditor Person qualified to perform quality audits extent of fhe fulfillment of the requirements for quality o r the
Quality control Operatlonai techniques and activities that are used to effectiveness of the operation of a quality system eiement
fulfill requirements for quality Quality-related costs Those costs incurred in ensuring and assuring
Quality evaluation Systematic examination of the exrent to w h c h an satisfactory quality, as well as the iosses incurred when sarisfac-
entity is capable of fulfilling specified requirements tory quality is not achieved
i
4
Quality spiral See Quality loop Subcontractor Organization that provides a product to the supplier
j
Quality surveillance Continual monitoring and verification of the sta- :
3
Subsupplier See Sttbcontrflctor
tus of an enrirv and analysis of records to ensure rhat specified
:
Supplier Organization that provtdes a product ro the customer
requirements are being fulfilled 7
i
Total quality See Total quality inntmge~nelzt(TQM)
Quality survey See @flifhl eunlrtatron
Total quality control (TQC) See Total quality ~?m~magc?m?tt
(TQJV)
Qualitv svstem Organizarionai structure. procedures, processes, and
resources needed to implement qualin management Total quality management (TQM) hlanagement approach of :In
organization, centered on qualir): based on the participation of all
Quality system record See Q~ialrtyrecord - - -
- ~ t smembers and atming a t long-term success through customer
Record Document which furnishes objective evtdence of activities a
sansfaction, and benefits to all members of tile organization and
performed or resuits achieved to sociew
Repair Action taken on a nonconibrming product so rhat it will fui- Traceability Ability to trace the history, applicmon, o r iocation o t an
fill the intended usage requirements although it rnav nor conform entitv by means of recorded idenrificat~ons
to the originally specified requirements
Validation Confirmation by examination and provision of oblectiw
Requtrements for quality Espression of the needs or <heir translation evldence that the particular requirements tor a specified intended
into 2 set of auantitativeiy or qualitativelv stated requirements for use are fulfilled
the characteristics of an entity to enable its realization and esami-
Verification Confirmation by examinarton and provision of objecrtve
nation
IU evidence rhat specified riquiremenrs have been fulfilled
Requuements of society Obligations resulting from jaws, regulations,
Waiver See Concession. A waiver is limited to the shipment of a prod-
ruies, codes, statutes, and other considerations
uct that has specific nonconforming characteristics wtthin specific
Rework Action taken on a nonconforming product so that it will ful- deviations, for a limited time or quantity
fill the specified requirements
Safety State in whlch the risk of harm (to persons) or damage is lim-
ited to an acceptable level
Self-inspection Inspection of the work by the performer of that
work, according to specified rules
Service Result generated by activities at the interface between the sup-
plier and the customer and by supplier internai activities t o meet
the customer needs
Service delivery Those supplier activities necessary to provide the
service
Service quality audit See Quality aridit
Specification Document stating requirements
ZL 'saSucq2 u q d i!pnc
952 ' ~ L - I L 'luawa5rucw l!pnc
9SZ 't6-$6
' s p a n ~ U uCa m d C I E ~
9SZ 'E6-:6 '22UapiAa
40 . u s n ~ ~ ! qpur
o uollcloqolloJ
95; 'Lb-96 'SUOISIIPUOJ
9SZ 'S6+6
%mnraiasqo lo u o r ~ c q s s c [ J
qc;
~- '<)b-C(r 'SJJUCUllOlU03UOU
,a uollcJ~J~ssc~2
95; ;L6-[6 ' S ~ S A I C U C,!pnc
957 '501-69 ' a x c w ~ o , ~ a?pny d
,
.iSac.us 5u$1!pny aay ' y c d ?pn?
>-h+ '.iSalclls
Sr-Zr 'urld Suqdwes
t)-:r '5Ut""'~" sxlsl5ol
log~sncsplanning, 53-54,255
sampling plan. 52-53,255
- deveiopmenr and implementation
ot audit program schcduie.
Auditees, 273
communicar~onwith, 14-15,72
strategy, 49-51,255 I 160-162,257 discursron oi concerns, 7S
expectanon o t auditors, audirees. bxkground, 31-32 i sample audir schedule, 161 performance history rrvtervs, 57-58
and client. 101-102.756 communication and distribution of Audit program measures, 141-152 responsible for corrective actions, 123
presenmtlon of audit results,
99-100.256
audit pian, 63-67,256
document rewew and picpaiatlon,
-
-: Audir record disclosure, 29,255
Audit repomng, 105-119,256
role in e m meetings. 102
roies and responsibiliries of,75-76,
openmg meeting. 73-79.256 55-62.256 - approval and disrriburjon of wntten 183-184,258
confirmar~onot w d i t iogi~tics, audir-related document review, report, 117-118 .Auditmg methods. 166
--!-78,156
! 55-57,256 nudit records retention, 119.257 Auditing strategy, 49-51. 79
discussion ot liudiree concerns, ;iudiree's pertotmmce hlsrorv issue wrliten report, i 17-118,257 department method, 5l
is.256 rcvmv. 57-58.256 distribute report, 117-1IS,257 discoverv merhod. 50
prescnraiton and rcvlrw ot rile prcparaimn ot audit chrcklisrs, o b m n approvals, 117.157 element merhod. 50-5I
.. . .- guidelines, log sheers,
;ludiiolan. 73-76.256 . . and tuncrions, 105. 107-108
purpose tracing techniques. 49-50 -.
problems encountered in, 102-103 SS-62,256 -~. retentson ot audit records, 119 Auditors
Audit oroeram manazemenr. revrerv and finalize audir results, as agents, 25,27-78
~