What Quality Management System Auditors Look For:
General Overview: Auditors seek to ensure that your business systems and processes are well-structured, have clear objectives, and include necessary controls to meet both internal and external requirements. A common weak point is the communication between different processes or departments. For example, if the contract review process identifies a requirement for materials to be purchased from a specific vendor but fails to communicate this to the purchasing department, the customer requirement may not be met. In this article we will discuss what quality management system auditors look for.
Document Control: Auditors expect that any document affecting customer service, quality, delivery, health and safety, environmental concerns, and legal or special requirements is controlled. This includes training records, procedures, forms, and work instructions. They will verify that you are following your documented procedures.
Control of Records: Auditors primarily interview personnel and review records. They check that records are retrievable, stored in planned locations, and remain legible for the required retention period.
Management Commitment and Responsibility: Auditors look for signs of management's commitment to the Quality, Environmental, Health and Safety Management system. This includes reviewing records of management reviews, confirming adequate resource provision, and ensuring management communicates the importance of the system and compliance with customer and legal requirements. Auditors also check that management assesses risks and takes actions to mitigate unacceptable risks.
Human Resources: Auditors verify that personnel competency is evaluated, training is provided and recorded, and the effectiveness of training is assessed. They also review onboarding processes, emergency drills, safety meetings, and periodic training schedules.
Maintenance & Housekeeping: Auditors inspect the facility for good housekeeping, safe conditions, environmental impacts, and maintenance of facilities and equipment. They also check environmental conditions like temperature and humidity when they can affect customer or legal requirements.
QMS Planning: This planning is a high-level risk assessment to determine any internal and external issues that may affect the Quality Management System or the organization as a whole. A common method to fulfill this requirement is by performing a SWOT Analysis and then addressing the most important items through the organization's Continual Improvement process.
Product/Service Planning: Auditors ensure that work affecting the product or service is planned under controlled conditions to meet internal, customer, and legal requirements.
Customer Communication: Auditors may review how effectively you communicate with customers, especially regarding order status, changes, and feedback. Clear and consistent communication can significantly impact customer satisfaction and trust.
Contract Review: Auditors review customer contracts or purchase orders to ensure all requirements are identified and communicated to relevant departments. They especially focus on any requirements from the customer that should be flowed down to the supply chain.
Design & Development: Auditors check that design and development efforts are planned, recorded, and verified to meet requirements. They look for records showing that the design fulfills functional and performance requirements.
Purchasing: Auditors review the purchasing process to ensure suppliers and vendors are approved and that all necessary information is communicated to them. They verify that purchased products or services meet requirements and that subcontractors/vendors comply with Quality, Environmental, Health and Safety requirements.
Supplier Management: Beyond just approving suppliers, auditors may check how you monitor and evaluate supplier performance over time. This includes periodic reviews, audits, and performance metrics to ensure suppliers continue to meet your standards.
Production/Service Control: Auditors review production or service processes to ensure they are planned and controlled to meet requirements. This includes equipment calibration, product identification and traceability, protection of customer-owned property, and operational controls to prevent injury or environmental escapes.
Inspection/Quality Control: Auditors check for evidence that products or services are inspected to meet requirements before delivery to internal or external customers.
Release of Product and/or Service Provision Auditors scrutinize the release process of products and services to ensure that all specified requirements have been met before delivery to the customer. This involves verifying that all necessary inspections, tests, and approvals have been completed and documented. The release process should include a final review to confirm that the product or service conforms to internal, customer, and legal requirements. Additionally, auditors check that any nonconformities identified during production or service provision have been addressed and resolved. An effective release process helps ensure that customers receive products and services that meet their expectations and regulatory requirements, thereby enhancing customer satisfaction and trust.
Nonconforming Product: Auditors ensure there is a process to identify and control nonconforming products to prevent delivery to customers without prior concession.
Customer Satisfaction: Auditors verify that methods are in place to obtain and act on customer perception data to improve satisfaction. They check that customer complaints and feedback are recorded and addressed.
Monitoring & Measuring of Processes: Auditors look for methods to measure the performance of core processes, set targets, and take corrective actions when objectives are not met. These metrics are often called Key Performance Indicators (KPIs).
Internal Audits: Auditors verify that complete system audits are performed for all subscribed standards and that these audits are effective and conducted by qualified personnel.
Continual Improvement: Auditors review corrective and preventive actions and improvement projects to ensure root causes are identified and addressed to prevent recurrence. They check for actions taken to prevent issues and improve system effectiveness and efficiency.
Risk Management: Auditors often look for a formal risk management process. This includes identifying potential risks, assessing their impact, and implementing measures to mitigate them. Effective risk management demonstrates proactive planning and preparedness.
Ethical Practices: Auditors may assess your organization's commitment to ethical practices, including anti-bribery, anti-corruption policies, and adherence to labor laws. Demonstrating ethical behavior can enhance your organization's reputation and compliance.
Technology and Cybersecurity: With increasing reliance on technology, auditors may evaluate your cybersecurity measures. This includes data protection, access controls, and measures to prevent cyber threats. Ensuring the security of your information systems is crucial for maintaining trust and compliance.
Summary: Auditors look to see that you "Say what you do," "Do what you say," and that you can prove it. Records and interviews provide the objective evidence needed to verify conformity to internal, customer, and legal requirements.
