What is Audit?

 

 - Audit is on-site verification activity like inspection / examination of process to ensure compliance to requirements.

 - Audit can apply to entire organization or specific process or production step. 

 - Some special purpose of audits are documents audit, risks / performance or following up on completed corrective actions.

Types of Audits

As per ISO 19011 audit is a systematic, independent and documented process to obtain the audit evidence (Records or other relevant information) & evaluate it objectively to determine the extent to which the audit criteria (procedures or requirements, policies) are fulfilled.

There are 3 types of Audit.

1)Product Audit

 - Product audit is an examination of particular product to evaluate whether it conforms to requirements or not( Specification, customer requirement).

 - The products need to be audited using CSR (customer-specific requirements) at appropriate stages of production and delivery. This allows an organization to verify conformity to their specified requirements. Where not defined by the customers, the organization itself needs to define an approach to be used during the product audit.

2)Process Audit

 - This audit verifies that processes are working within specified limits. 

 - Examine the resources (equipment, materials, people) applied to transform the inputs into outputs, the environment, the methods (procedures, instructions) followed, and the measures collected to determine process performance.

 - The organization needs to define the Audit Plan that refers to key processes.

 - The auditors should use the checklist to make sure the audit is thoroughly conducted and have checked all of the required items.

- The manufacturing process audit includes a check to ensure effective implementation of process wise risk analysis (such as FMEA), control plan and associated documents.

3) System Audit (QMS)

 - It can be described as a documented activity performed to verify, by examination and evaluation of objective evidence that are appropriate and effective, documented and implemented in accordance and in conjunction with specified requirements.

 - The entire scope of the QMS (Quality Management System) must be covered within a three-year calendar period and an annual internal audit program should be developed.

An audit may also be classified as internal or external, depending on the interrelationships among participants. Internal audits are performed by employees of your organization. External audits are performed by an outside agent. Internal audits are known as first-party audits, while external audits can be either second-party or third-party.

A. First Party Audit

 - This audit performed within organization to measure strength and weakness against its own  procedure or methods. 

 - A first-party audit is an internal audit conducted by auditors who are employed by the organization being audited but who have no vested interest in the audit results of the area being audited.

B. Second Party Audit

 - This is an external audit performed on supplier by a customer or by a contracted organization on behalf of a customer.

 - Second party audits are subject to the rules of contract law as they are providing contractual direction to supplier from customer.

 - Second-party audits tend to be more formal than first-party audits because audit results could influence the customer’s purchasing decisions.

C. Third Party Audit

 - This audit performed by an audit organization independent of the customer - supplier relationship.

 - Third-party audits may result in certification, registration, recognition, an award, license approval, a citation, a fine, or a penalty issued by the third-party organization or an interested party.

Phases of Audit Cycle

1. Audit Planning & Preparation

 - Developing an audit program, or audit schedule, and sharing it with the process owners.

 - Audit preparation consists of planning everything that is done in advance by interested parties, such as the auditor, the lead auditor, the client, and the audit program manager, to ensure that the audit complies with the client’s objective

2. Plan the Process Audit

 - In this phase auditor need to discuss with process owners and confirm the best time to review each process.

 - The auditor should look back at past audits to determine if he needs to follow up on any concerns or issues, and the process owner can point out any areas he would like the auditor to focus on.

3. Audit Execution

 - It is a data collecting section which covers the time period from arrival at audit location to the exit meeting.

- It consists of multiple activities including on-site audit management, meeting with the auditee, understanding the process and system controls and verifying that these controls work, communicating among team members, and communicating with the auditee.

4. Audit Reporting

 - Purpose of audit report is to communicate the result of investigations to auditee.

 - The report should provide correct and clear data that will be effective in addressing important organizational issues.

5. Audit follow-up and Closure

 - The audit is completed when all the planned audit activities have been carried out, or agreed with the audit client.

 - The audit process end when the report is issued by the lead auditor or after follow-up actions are completed.