Transition Support

A flexible approach to business improvement

Quality audits

What is an audit?

ISO 9000 defines an audit as a systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled or put simply; an audit is a means to establish the extent to which performance meets the objectives for that performance.

What is a quality audit?

A quality audit is an audit which determines the extent to which quality requirements are fulfilled. A quality audit will therefore independently examine processes, products and services to determine if they fulfil requirements specified for their inherent characteristics e.g. dimensions, functionality, safety and responsiveness. Quality audits may therefore be referred to as process audits, product audits, service audits or quality management system audits.

Quality management system audit

System audits may take as the audit criteria, the requirements of standards such as ISO 9001, ISO 14001 or may take the intended results of the management system and establish:

• the planned arrangements will, if implemented enable the organization to deliver results consistent with its purpose and strategic direction;
• the planned arrangements are being implemented effectively;
• the results being achieved are consistent with those intended.

However, over the last 25 years management system audits have been focused simply on verifying that procedures were being followed or standards complied with. If you are running a business it is not helpful if an auditor tells you that you have not complied with certain requirements unless he can also tell you what effect such non-compliance will have on your business. Clearly audits focused on legislation and regulations where failure to comply may lead to prosecution under the laws of the land may reveal non-compliance where your choice of action is limited. You either comply or face the prospect of prosecution. With quality management system audits the situation is quite different. Correcting many non-conformities that in the past, ISO 9000 auditors have revealed will not necessarily add value to your organization. There is often such an oblique link with performance that any added value is impossible to imagine. 

With the emergence of ISO 9001:2000 the style and approach to quality management system auditing should have changed but even after 17 years it is not uncommon to find procedure auditing being conducted as management system audits. The new standard focuses on performance rather than conformity for the sake of it. A quality management system is deemed effective if it enables your organization to achieve the results you and your stakeholders expect. The auditors should therefore be addressing performance issues. If ISO 9000 is to be a tool which can help organizations achieve their objectives it follows that the measure of its success is the extent to which it does enable organizations to achieve their objectives.

The first place for the auditor to start is therefore to ascertain what the organization's objectives are and whether they are relevant to the needs and expectations their stakeholders. Secondly before moving on the auditor would be very wise to ascertain what results the organization is currently achieving and whether there is a match with the objectives. If the results are not being achieved, the auditor can then ascertain whether there is an improvement process in place that will drive the organization towards it goals. The auditor's next task is to establish how the organization achieves these results (the effect). As results are achieved through processes (the cause), it follows that the auditor should proceed to examine the key processes and establish that these are being managed effectively.  

This is a new approach. It is not based on deriving questions from a standard and pursuing an audit trail until evidence of compliance or non-compliance is discovered. The auditor is not trying to put a tick in every box on a check list. What the auditor should be trying to do is quite simple. Establish that the organization is managing its processes effectively. If it is not, then requirements may be found in ISO 9001:2015 to demonstrate what is causing the gap in performance.

More information about quality audits can be found in Chapters 55 of the ISO 9000 Quality Systems Handbook 7E