What is quality auditing?
Quality auditing is the systematic examination of an organization’s quality management system (QMS). A quality audit is typically carried out by an internal or external quality auditor or audit team. It is a key component of the ISO 9001 quality system standard.
Audits are usually conducted at agreed time intervals, ensuring that an organization has a clearly defined system for quality monitoring. They can also help determine whether an organization is compliant with the requirements of a specific quality system.
Why are audits important?
As well as being an integral part of compliance and regulatory requirements, audits are essential for assessing the success of processes, products and systems—whether existing or newly-implemented. They are also a vital tool for verifying objective evidence of processes, and providing evidence for the reduction and elimination of any problem areas.
To ensure maximum benefit for an organization, quality auditing should highlight examples of good practice, rather than simply identifying non-conformance, process issues, and corrective actions. This will allow other departments to share information and adjust their working practices, delivering continuous improvement as a result.
What is the role of the auditor?
The auditor can either be an employee who understands but isn’t directly involved in the process, product, or system being audited, or somebody from outside the organization who understands the business and industry standards. In essence, they are the individual (or individuals) who perform the audit on behalf of an organization, customer, or supplier.
The three types of quality audit
There are various types of quality audit, but they can be broadly categorized as follows:
A process audit determines whether an organization’s processes are working within established limits. It measures conformance to any predetermined or industry standards, as well as the effectiveness of any instructions.
This type of audit will check various aspects of a process, including:
Conformance to defined requirements such as temperature, accuracy, time, responsiveness, pressure and composition.
The resources (materials, equipment, people) used to transform inputs into outputs, the methods that are followed, the environment in which the process takes place, and the measurements taken to determine process performance.
Effectiveness and adequacy of the process controls, as established by work instructions, procedures, training, and process specifications.
This type of audit examines whether a particular product or services conforms to the necessary requirement—whether that’s specifications, customer requirements, or performance standards.
A system audit verifies that all elements of a management system are effective and appropriate, and have been developed, documented, and implemented in accordance with the specified requirements.
A quality management system audit evaluates an organization’s existing quality management system (QMS) to ascertain its conformance with company policies, contract commitments, and regulatory requirements.
Process and product audits are commonplace in the manufacturing industry, with various types of audit performed on hospitals and pharmaceutical firms. Other types of system audit include environmental system audits, safety system audits, and food safety system audits for food processing organizations.
First-party, second-party, and third-party audits
A first-party audit is an internal audit designed to measure an organization’s strengths and weaknesses against its own methods or procedures and/or against external standards voluntarily adopted by–or imposed upon–the organization. The audit is conducted by auditors who are employed by the organization being audited but who don’t have a vested interest in the audit results.
This is an external audit performed on a supplier by a customer or contracted organization on the customer’s behalf. Second-party audits are typically more formal than a first-party audit because the audit results could influence the purchasing decisions of the customer.
A third-party audit is performed by an independent organization with no conflict of interest. This independence is a key part of a third-party audit, as it may result in certification, recognition, license approval, a fine, or a penalty being issued by the third-party organization or another interested party.
The quality audit process
1. Determining the scope of the audit
Before appointing an auditor, it’s important to establish the criteria and scope of an internal audit—this is usually best placed with a quality manager, or somebody in an equivalent role. The criteria should focus on risk areas in the business or process lifecycle, and remain consistent over time wherever possible. This makes it easier to analyse performance and gives employees clear goals to work towards between audits.
2. Planning and preparation
A fair amount of preparation is required ahead of an audit. The first priority for the organization being audited is to appoint an auditor, whether from inside or outside the company. Together with the auditor, the organization will then establish the format of the audit, ensuring it aligns with its objectives and that all employees have time to prepare.
3. Audit execution
The audit consists of various activities including interviews with employees, on-site audit management, assessing process and system controls, and regular communication with other relevant parties within the organization. This phase of an audit is often called the ‘fieldwork’ and tends to conclude with an exit meeting between the auditor and auditee.
The audit report outlines the results of an auditor’s investigation, providing accurate data to management along with recommendations on any corrective actions that need to be taken. It should also enable an organization to effectively track quality and performance over time, identify areas for improvement, and highlight any successes or achievements.
5. Corrective action
If the audit has uncovered any areas of non-compliance with industry or company standards, an organization will need to ensure they act on the findings promptly. It can be beneficial to focus on one or two areas at a time and monitor their impact regularly, thus following the kaizen methodology of continuous improvement. Involving all employees in this process is a key part of complying with quality standards over the long term.