Reference Guide of Audit Terms and Definitions to Know for Any QMS Audit
Quality Management Audit Terms and Definitions
Take the confusion out of audit terms and verbiage when preparing for your internal audit or external quality management system audit. Review this helpful and comprehensive list of common audit terminology with definitions.
LIST OF AUDIT TERMS AND TYPES OF AUDITS
What is an Audit?
An audit is a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. An audit can be performed by trained internal employees or an external auditor to verity conformance to one or more ISO standards and the organization’s own requirements.
Internal Audit Types:
Routine: Audits included as part of a planned audit schedule.
Follow-up: Audits performed to verify that corrective actions have been completed and were effective in preventing recurrence.
Special: Audits conducted in addition to routine audits which are limited in scope to specific objectives.
Automotive Internal Audit Types:
Quality Management System (QMS) Audit: An audit to review and ensure that the QMS has addressed all applicable requirements (regulatory, customer, internal procedures) within the audited area and provides evidence of compliance to the QMS standard.
Manufacturing Process Audit: An audit of a production operation and its work instruction against the control plan (control plan audit).
Product Audit: Validates that the finished product conforms to the customer requirements through an independent assessment of the part. This includes packaging and labeling.
Process Audit: An approach to auditing that takes into account the risks (customer rejects, scrap, internal yield, quality performance, past audit nonconformances from both internal and external audits, changes to resources/staff, changes to processes, changes to suppliers, etc.) to establish audit focus and prioritization to determine where QMS deficiencies or weaknesses may be contributing to escapes or inefficiencies.
Special Process Audit: Makes an evaluation of the controls associated with special processes and their compliance. Special processes require additional rigor to ensure that the process controls are adhered to and that the process provides the intended results and capable of producing conforming parts. The AIAG has CQI audit criteria and checklists for automotive defined special processes.
Layered Process Audit (LPA): The idea behind LPA is to perform audits at various stages of production, with each layer of audit providing a more detailed and comprehensive examination of the process. The layers of audit can be categorized based on the level of detail and frequency of the audits. Each layer typically involves a different team or individual who performs the audit, from floor operator (possibly daily) to executive management (possibly semi-annually).
Aerospace Internal Audit Types:
Quality Management System (QMS) Audits: An audit to review and ensure that the QMS has addressed all applicable requirements (regulatory, customer, internal procedures) within the audited area and provides evidence of compliance to the QMS standard.
Production Process Audits: An audit to evaluate the method of manufacture of parts and to assure that the method is consistent with customers and applicable requirements and defined work instructions.
Product Audits: Validates that the finished product conforms to the customer requirements through an independent assessment of the part.
Special Process Audits: Makes an evaluation of the controls associated with special processes and their compliance. Special processes require additional rigor to ensure that the process controls are adhered to and that the process provides the intended results and capable of producing conforming parts. Customers and Nadcap define special processes for the aerospace industry.
External Audit Types:
Second-Party: Audits performed by another party:
- Internal audits outsourced to an outside organization, usually by an independent, qualified and competent auditor who is contracted by the company, or
- audits performed by a customer to ensure that the requirements are met (customer audits); or
- audits of a supplier performed by the customer or contracted to an outside organization (supplier audits).
Third-Party: Audits conducted by a Certification Body (CB) to ensure conformance of all criteria to the specific Management System Standard to achieve or maintain certification. For some standards (i.e. Nadcap, ISO 17025) an Accreditation Body is the third-party, who often times are mistaken as Certification Bodies.
Stage 1 Audit : An initial certification audit to confirm that an organization is ready for the full Certification Audit by a CB. Typically 30-60 days prior to the Stage 2 Audit.
Stage 2 Audit : A full ISO QMS audit by a CB to confirm that the management system conforms to the requirements of the standard. Certification is issued upon successful completion of the assessment and closure of any findings.
Surveillance Audit: Certification is maintained through this partial system audit conducted by a CB the two years between Recertification Audits.
Recertification Audit: After an organization achieves ISO certification, a recertification audit of the entire management system is performed by the Certification Body every three years to ensure that the organization continues to meet all of the standard’s requirements so a new certificate can be issued.
Knowledge. Expertise. Experience.
Outsource Your Internal Audits
More Audit Terms to Know:
Audit Customer/Audit Client: Organization or person requesting an audit.
Auditee: Organization or person being audited.
Auditor: Person who conducts an audit.
Lead Auditor: When an audit contains more than one auditor, then one person is typically designated as the lead, who will coordinate and schedule the audit, and ultimately complete the audit report and document findings.
Audit Program: Defines arrangements for a set of one or more audits planned for a specific time frame and directed towards a specific purpose.
Audit Scope: Defines extent and boundaries of an audit. The audit scope generally includes a description of the physical locations, organizational units, activities and processes, as well as the time period covered.
Audit Objective: Defines the result to be achieved by the audit. Audit objectives include the following, as applicable: 1) determination of the extent of conformity of the auditee’s management system, or parts thereof, with audit criteria; 2) evaluation of the capability of the management system to ensure compliance with statutory, regulatory and contractual requirements; 3) evaluation of the effectiveness of the management system in meeting its specified objectives; 4) identification of areas for potential improvement of the management system.
Audit Criteria: Defines the set of policies, procedures or requirements (such as ISO 9001) used as a reference against which objective evidence (data supporting the existence or validity of something) is compared.
Audit Plan: The audit program defining the overall activities and arrangements for an audit. The audit plan demonstrates how the company intends to cover all the QMS requirements and processes. Risk assessments are a crucial component of the audit plan. By identifying potential risks and their impact on the QMS, the audit customer can determine the frequency and extent of the audit activities. The audit plan should also be reviewed and updated regularly to reflect changes in the QMS or external factors that may impact the audit program.
Audit Plan (Schedule): A description of the activities and arrangements for an audit, completed by the auditor and agreed upon with the auditee. It outlines the scope, objectives, and activities to be performed during an audit. It provides a roadmap for the audit team to follow and ensures that planned areas of the quality management system (QMS) are covered.
Objective Evidence: Data supporting the existence or reality of something, usually obtained through observation, measurement, test or other means. Objective evidence may be qualitative or quantitative.
Audit Evidence: The records, statements of fact or other information, which are relevant to the audit criteria and verifiable. Audit evidence may be qualitative or quantitative.
Audit Findings: The results of the evaluation of the collected audit evidence against the audit criteria. Audit findings can indicate either conformity or nonconformity with audit criteria. If the audit criteria are selected from statutory requirements or regulatory requirements, such audit findings are called compliance or non-compliance.
Audit Finding Types:
- Nonconformance: The non-fulfillment of a requirement. If necessary, internal audit nonconformances might be categorized as major or minor. (Major referring to the absence or complete breakdown of a management system requirement or nonconforming product/service escaping to a customer, while minor refers to an isolated management system breakdown usually random in nature.)
- Opportunity for Improvement (OFI): There is no objective evidence for a finding, but the auditor identifies areas that have a potential for a breakdown or weakness in the process, system or procedure. The auditor may identify development possibilities that when addressed, may prove beneficial toward making a QMS more effective.
- Exemplary Practice/Positive Finding: Effective and positive implementation of a process, system, or procedure. There are various terms used, such as Noteworthy, Positives, etc.
Audit Conclusion: The outcome of an audit after consideration of the audit objectives and all audit findings. Audit conclusions should address 1) the extent of management system conformity with the audit criteria, and 2) the effectiveness of the management system implementation.
Requirement: The need or expectation that is stated, generally implied or obligatory.
Quality Requirement: A requirement related to quality.
Statutory Requirement: An obligatory requirement specified by a legislative body. Statutory requirements should be considered and evaluated during internal audits.
Regulatory Requirement: An obligatory requirement specified by an authority mandated by a legislative body. Regulatory requirements should be considered and evaluated during internal audits.
Customer Specific Requirements (CSR): Contractual and supplemental customer requirements in addition to the QMS standard requirements. CSR’s should be considered and evaluated during internal audits.
Conformity: The fulfillment of an internally imposed requirement, such as an ISO standard.
Nonconformity: The non-fulfillment of requirement.
Noncompliance: The non-fulfillment of an externally imposed requirement.
Continual Improvement: The activities of a business that aim for the constant improvement or betterment of their internal systems and processes.
Correction: Action to eliminate a detected nonconformity. A correction can be made in advance of, in conjunction with or after a corrective action.
Corrective Action: Action taken to eliminate the cause of a nonconformity and to prevent reoccurrence. Preventive action is taken to prevent recurrence whereas preventive action is taken to prevent occurrence.
Preventive Action: Action taken to eliminate the cause of a potential nonconformity or other potential undesirable situation. Preventive action is taken to prevent occurrence whereas corrective action is taken to prevent recurrence.
Effectiveness: The extent to which planned activities are realized and planned results are achieved.
We hope these audit related terms will prove useful and provide some clarity as you approach your next audit. A well-planned, conducted, and reported audit would allow the QMS to continually improve and provide evidence of compliance to all of the ISO, AS (Aerospace) and/or IATF (Automotive) components, as well as provide verification of the effectiveness of your company’s processes and practices.
Our internal quality audit experts have also compiled a range of valuable internal auditing resources, tools and checklists, training courses, and insightful guidance on planning and conducting an ISO 9001 internal audit in-house and showcasing the benefits and savings of outsourcing your internal audits.
SimpleQuE can provide a comprehensive internal audit prior to a certification, surveillance or recertification audit by a Certification Body. A thorough internal audit can identify deficiencies so they can be addressed before non-conformities are found by the ISO Certification Auditor.
Learn More About The simpleQuE Advantage