Quality management system audit is systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled (ISO 19011:2018 Guidelines for auditing management systems).
Quality management system audit
It is necessary to give some explanations according to this definition:
Firstly, an audit is a systematic process, therefore, it should be carried out in an organization with a certain, planned frequency. The frequency of the audit will depend on whether the audit is - internal or external. If an internal audit is carried out (i.e., the organization checks itself), then the organization determines the frequency of audit independently. If an external audit is carried out, than the frequency of audit is established by the rules of the certification body or the customer.
Secondly, independent means that the specialists conducting the audit should not be responsible for the results of the work that they are checking. Such independence is ensured in different ways. The independence of internal audit is ensured by the selection of auditors from various departments of the organization. The independence of external audit is ensured by the non-involvement of auditors in the development and implementation of a quality system of the organization. External auditors cannot be consultants on the implementation of the quality management system for the organization, which they will check in the future.
Third, an audit is a documented process - all stages of the audit, the procedure for its conduct, audit requirements and audit results must be documented. Audit evidence may include records, documents, or the facts of the work performed.
Fourth, the audit should be conducted according to the agreed audit criteria. The requirements of regulatory documents (external standards, for example ISO 9001:2015 or internal standards – procedures, work schemes, regulations, etc.) are understood as the agreed audit criteria. Thus, any regulatory documents that present the requirements can be as audit criteria. The consistency of the audit criteria is ensured by the acceptance of these criteria by the audit parties. For example, an organization undertakes to comply with the requirements of the ISO 9001:2015 standard, and the certification body undertakes to audit its quality system for compliance with the requirements of ISO 9001:2015.
Audit goals and objectives
Quality audit is focused on identifying the causes of nonconformance in the quality system, processes or products (services) of the organization. Hence the main purpose of the audit is appeared – it is necessary to collect objective evidence that will identify nonconformance in processes, products (services) or the quality system.
The audit tasks are determined based on the main purpose:
It is necessary to determine the action and effectiveness of the quality management system during the audit. The degree of implementation of the quality system in the organization is determined, whether it works, and whether the quality system helps to achieve results in the main activity of the organization.
The audit should provide information about the effectiveness of the quality system. The audit should show whether the quality system works exactly as a system. Not only individual elements work from this system. All requirements are implemented not formally.
It is necessary to determine the level of compliance with QMS standards and procedures. The audit shows whether the work in the organization is carried out to accordance with the rules established in the procedures of the quality system. It shows whether any differences between the actual work and documentation of the quality system are.
The next task will be to check the quality of work. The compliance of the results of the work with the requirements established in the contracts or technical specifications can be checked during the audit.
The organization is changed permanently. The audit should allow assessing the impact of changes in the organization on the quality management system. Any changes are taking place in any organization. These changes can affect the quality system to one degree or another. An audit of the quality system can show how these changes have affected the quality system. It can show whether changes in the quality system are adequate to the changes of the organization.
The main result that an audit should lead to is the identification of opportunities for improvement in the work of the organization. Objective evidence that auditors discover during the audit is essential in any audit. Such evidence can be obtained only if the audit criteria and the rules for assessing nonconformance are clear and do not allow for different interpretations.
Audit participants
Audit is a process that always involves a lot of participants. Several main roles can be distinguished depending on tasks are solved by the participants in this process.
There are the following roles of audit participants regardless of whether it is an external audit or an internal one:
Audit client - the ISO 19011:2018 standard defines an audit client as an organization or person who requested an audit. The audit client is the party most interested in conducting it and obtaining the audit results. The audit client, as a rule, is the top management of the audited organization. If an internal audit is conducted, then the top management of the organization is interested in the objectively and accurately results of the work of auditors. It is necessary that auditors can provide data on all nonconformances in the work of organization and show opportunities for optimizing the work. The top management of the organization is interested in ensuring that the quality system is recognized as meeting the requirements when an external audit is conducted. This must be documented (by issuing a certificate - in the case of a certification audit, or by concluding a contract - in the case of verification by a potential customer of the organization's products, works or services).
Auditors - these are persons with the competence to conduct an audit (ISO 19011:2018). The quality and effectiveness of the audit depends on the qualifications and training of auditors. In this regard, special attention is paid to the qualifications of auditors. The ISO 19011:2018 standard presents the general requirements for the qualification of auditors. As a rule, these requirements are applied to professional auditors working in certification bodies. The requirements for the qualifications of internal auditors can be set by the organization itself, but this does not mean that any employee of the organization can be appointed as an auditor. The employee must be trained in audit methods and techniques, know the requirements of the quality system, know how the quality system of the organization works and be well versed in the subject area of the activity that he will check in order to conduct internal audits effectively and efficiently.
Technical experts are persons who provide auditors with special knowledge or experience. There are some questions during the audit for which the knowledge and qualifications of auditors are insufficient to verify. Technical experts may be involved in the audit in such cases. The involvement of technical experts is possible both in internal and external audits. In the case of internal audit, technical experts may be employees of departments that perform similar work. But they should not check their work or the work of their department. For example, if there are two project departments in an organization, then a specialist from one department can be a technical expert during the audit of the second department and vice versa. In the case of an external audit, technical experts are engaged by external auditors from third-party organizations.
Auditee are employees of the audited organization. The auditee can be any employee of the organization, including the top management of the organization and internal auditors in the case of both internal and external audits.
Audit status of quality management systems
Audit of quality management systems refers to the types of audit that are not regulated by national or international legislation. There are no mandatory legislative norms for determining the procedure and rules for auditing quality systems, determining the requirements for auditors and the necessary reporting. Certification of quality systems refers to the voluntary field of certification and all work related to the creation and implementation of a quality system is a voluntary initiative of the organization. There is no need to obtain licenses or other permits to conduct this activity for organizations engaged in auditing quality systems. Also, no legislation documents are required for internal audits.
Despite of absence of legislative norms, there are certain rules governing the conduct of audits of quality management systems. An example of such rules is the international standard ISO 19011:2018. This standard can be used both for the case of internal audit and for external audit. Certain rules for conducting audits by certification bodies have been developed in order to regulate the work of certification bodies. These rules set the requirements for auditors work. The rules are established by the certification system in which the organization that certifies quality systems is accredited. The organization itself develops its own rules for conducting an audit of the QMS for the purposes of internal audit. These rules are established in one of the mandatory procedures of the quality system – the "Procedure for conducting internal audits".
