The following is an excerpt from The Complete Guide to the CQA (QA Publishing, LLC) by Steve Baysinger, which is out of print. Complete coverage of Quality Audit techniques may be found in The Handbook for Quality Management (2013, McGraw-Hill) by Paul Keller and Thomas Pyzdek
What is a quality auditor and what is the purpose of a quality audit? Is a quality audit similar to a financial audit? Is an audit the same as a surveillance or inspection? These types of questions are often asked by those unfamiliar with the quality auditing profession. As far as what a quality auditor is, Allan J. Sayle says it best:
Auditors are the most important of the quality professionals. They must have the best and most thorough knowledge of business, systems, developments, etc. They see what works, what does not work, strengths, weaknesses of standards, codes, procedures and systems.
The purpose of a quality audit is to assess or examine a product, the process used to produce a particular product or line of products or the system sup-porting the product to be produced. A quality audit is also used to determine whether or not the subject of the audit is operating in compliance with governing source documentation such as corporate directives, federal and state environmental protection laws and regulations, etc. A quality audit distinguishes itself from a financial audit in that the primary objective of the financial audit is to verify the integrity and accuracy of the accounting methods used within the organization. Yet, despite this basic difference, it is important to note that many of the present-day quality audit techniques have their traditional roots in financial audits.
System, process, product and compliance audits
The quality system audit addresses the who, what, where, when and how of the quality system used to produce its product. For example, how is the quality system defined? Who is responsible for producing the product? Who is responsible for assuring the quality of the product meets or exceeds customer requirements? What is the extent of management involvement in the daily operation of the quality system? What procedures are used to guide the organization in its production effort? How are they maintained and updated? Who performs that function? Where are the procedures located?
What type of processes are used (both directly and indirectly) to produce the product? How do current procedures support these direct and indirect processes, etc.?
A quality system audit is characterized by its emphasis on the macro nature of the quality management system. Think of the quality system audit in terms of "an inch deep but a mile wide, " i.e., broad and general in nature rather than narrow and limited in scope. A quality system audit is defined as a "systematic and independent examination used to determine whether quality activities and related results comply with planned arrangements and whether these arrangements are implemented effectively and are suitable to achieve objectives." (ISO 10011-1 (1990)) Further, it is a "documented activity performed to verify, by examination and evaluation of objective evidence, that applicable elements of the quality system are suitable and have been developed, documented and effectively implemented in accordance with specified requirements." (ANSI/ASQC A3 (1987))
Where the quality system audit is general in nature, the process audit is much more narrowly defined. Unlike the system audit, the process audit is "an inch wide but a mile deep." It revolves around verification of the manner in which: 1) people; 2) material; 3) machines, etc., mesh together to produce a product. A process audit compares and contrasts the manner in which the end product is produced to the written procedures, work instructions, workman-ship standards, etc., used to guide the manufacturing process responsible for building the product in the first place. Process audits are appraisal and analytical in nature.
The process audit is also concerned with the validity and overall reliability of the process itself. For example, is the process consistently producing accept-able results? Do non-value added steps exist in the process? Are processes current in terms of meeting the existing and future requirements of key customers?
Bear in mind the process audit has two active modes of operation—appraisal and analysis. While in the appraisal mode, keep this question in the front of your mind: are personnel involved in the production process per-forming in accordance with company manufacturing process plans, procedures, work instructions, workmanship standards, etc.? In the analysis mode, on the other hand, question the procedures, work instructions, and so forth, used in support of the process(es) being audited—are they helpful or detrimental? Thorough or sketchy? Does duplication of effort exist between sub-functions?
Are any non-value added steps apparent? Does the overall process complement the expressed or implied quality objectives of the organization: short-term customer satisfaction, long-term repeat business, continued profitability and growth?
The word "audit" in product audit is somewhat of a misnomer. Actually, a product "audit" is a detailed inspection of a finished product performed prior to delivering the product to the customer. It is a test of both attribute and vari-able data i.e., cosmetic appearance, dimension properties, electrical continuity, etc. Results of product audits often provide interesting bits of information regarding the reliability and effectiveness of the overall quality system. Product audits are usually accomplished for one or more of the following reasons:
1. to estimate the outgoing quality level of the product or group of products;
2. to ascertain if the outgoing product meets a predetermined standard level of quality for a product or product line;
3. to estimate the level of quality originally submitted for inspection;
4. to measure the ability of the quality control inspection function to make quality decisions, and;
5. to determine the suitability of internal process controls.
During a compliance audit, the auditor examines the written procedures, work instructions, contractual obligations, etc., and attempts to match them to the actions taken by the auditee to produce the product. In essence, it is a "say what you do—do what you say" type of audit. Specifically, the compliance audit centers on comparing and contrasting written source documentation (usually the contract) to objective evidence in an attempt to prove (or disprove) compliance with that source documentation.
First Party, Second Party and Third Party Audits
FIRST PARTY (INTERNAL) AUDIT
A first party audit is usually performed by the company (or a department within the company) upon itself. It is an audit of those portions of (the) quality assurance program that are "retained under its direct control and within its organizational structure." (ANSI/ASQC NQA-1 (1986)) A first party audit is usually conducted by an internal audit group. However, employees within the department itself may also conduct an assessment similar to a first party audit. In such an instance, this "audit" is generally referred to as a "self assessment."
The purpose of a self assessment is to monitor and analyze key intradepartmental processes which, if left unattended, have the potential to degenerate and negatively affect product quality, safety and overall system integrity. These monitoring and analyzing responsibilities lie directly with those most affected by departmental processes—the employees assigned to the respective departments under examination.
Although first party audit/self assessment ratings are subjective in nature, the ratings guideline shown here helps to hone overall rating precision. If performed properly, first party audits and self assessments:
· Provide feedback to management that the quality system is both implemented and effective, and;
· Are excellent tools for gauging the continuous improvement effort as well as measuring the return on investment for sustaining that effort.
SECOND PARTY (EXTERNAL) AUDIT
Unlike the first party audit, a second party audit is an audit of another organizational quality program not under the direct control or within the organizational structure of the auditing organization. (ANSI/ASQC NQA-1 (1986)) Second party audits are usually performed by the customer upon its suppliers (or potential suppliers) to ascertain whether or not the supplier can meet existing or proposed contractual requirements. Obviously, the supplier quality system is a very important part of contractual requirements since it is directly (manufacturing, engineering, purchasing, quality control, etc.) and indirectly (marketing, inside and outside sales, etc.) responsible for the design, production, control and continued supportability of the product. (See Figure 1.3 for an example of a second party audit process flow.) Although second party audits are usually conducted by customers on their suppliers, it is sometimes beneficial for the customer to contract with an independent quality auditor. This action helps to promote an image of fairness and objectivity on the part of the customer.
THIRD PARTY AUDIT
Compared to first and second party audits where auditors are not independent, the third party audit is objective. It is an assessment of a quality system conducted by an independent, outside auditor or team of auditors. When referring to a third party audit as it applies to an international quality standard such as ISO 9000, the term "third party" is synonymous with a quality system registrar whose primary responsibility is to assess a quality system for conformance to that standard and issue a certificate of conformance (upon completion of a successful assessment).