Comprehensive Guide to QMS Audit Management

Table of Contents

  1. Introduction
  2. Types of Audits
  3. Audit Planning and Scheduling
  4. Audit Execution Process
  5. Audit Checklist
  6. Managing Audit Findings
  7. Follow-up and Corrective Actions
  8. Best Practices
  9. Conclusion
  10. Appendix: Sample Audit Checklists

1. Introduction: What Are Audits? Why Do They Matter?

Quality audits are systematic, independent examinations of processes, systems, and procedures to ensure compliance with established standards and requirements. As one of the four essential elements of every Quality Management System (alongside Document Control, Business Process Management, and Training Management), audits serve as a critical tool for maintaining quality standards, identifying improvement opportunities, and ensuring regulatory compliance.

Think of audits as health checkups for your quality system. Just like regular medical checkups can catch problems early, regular audits catch quality issues before they become major problems for your customers or regulators. An effective audit program acts as both a diagnostic tool and a prevention mechanism, catching problems before they reach customers while simultaneously strengthening the overall quality management system.

Audits provide objective evidence of compliance and create a structured approach to continuous improvement. They verify that your documented processes are being followed, that employees are properly trained, and that records demonstrate compliance with requirements. This directly supports the fundamental QMS principle that your business processes must be documented, your employees must be trained on these processes, and you must keep records showing each process was followed as written.

2. Types of Audits

2.1 Internal Audits

Internal audits are conducted by your own organization to assess compliance with internal procedures and standards. Think of these as health checkups for your quality system, similar to the coffee shop example from our QMS overview where problems can occur at multiple steps from order-taking to delivery.

Most quality management systems require internal audits annually. These audits focus on process compliance and effectiveness, with results feeding directly into management review meetings and continuous improvement initiatives. For example, an internal audit might examine whether employees are following the latest revision of a work instruction (validating your Document Control system), whether calibration records are being maintained properly (checking Business Process Management), or whether employees have completed required training (verifying Training Management effectiveness).

Internal audits are your opportunity to find and fix problems before external auditors discover them. They help verify that all four essential QMS elements are working together effectively to prevent the types of defects we see in manufacturing - wrong configurations, component failures, labeling errors, shipping damage, or installation problems.

2.2 Supplier Audits

Supplier audits evaluate external suppliers' quality management systems and processes to ensure they meet your organization's requirements. These audits are essential for supply chain risk management and often determine whether a supplier relationship continues.

The frequency of supplier audits should be based on risk assessment. High-risk suppliers typically require audits every 12 months, while low-risk suppliers may only need audits every 36 months. Risk factors include the supplier's performance history, the criticality of their products to your operations, and any regulatory requirements that apply to their processes.

Consider a supplier that provides critical flight hardware components. Their audit frequency would be annual due to the safety implications, whereas a supplier of standard office supplies might be audited every three years. The key is matching audit frequency to actual risk levels rather than applying a one-size-fits-all approach.

2.3 Certifying Body Audits

External certification organizations conduct these audits to verify compliance with specific standards. Examples include ISO 9001 certification audits, AS9100 aerospace standard audits, FDA regulatory inspections, and Underwriters Laboratories assessments.

These audits are typically the most formal and consequential, as they can result in certification suspension or regulatory action. Unlike regulatory audits which may be unannounced, certification audits are scheduled in advance and focus on your QMS's conformance to specific standard requirements. Organizations should prepare extensively for certifying body audits by conducting thorough internal audits beforehand and ensuring all documentation is current and accessible.

The auditors will examine all four essential QMS elements: how well your Document Control system maintains current procedures, whether your Business Process Management creates consistent results, if your Training Management ensures employee competency, and how effectively your internal Audit program identifies and corrects problems.

2.4 Customer Audits

Customer audits are performed by your customers to evaluate your organization's ability to meet their specific requirements. These audits often focus on contract compliance, quality system effectiveness, process capability, and risk management.

Customer audits can range from simple facility tours to comprehensive multi-day assessments. A major aerospace customer, for instance, might conduct a detailed audit covering everything from your supplier qualification process to your foreign object debris prevention program. The scope usually reflects the complexity and criticality of the products or services you provide.

3. Audit Planning and Scheduling

3.1 Audit Planning Process

Effective audit planning begins with determining which suppliers or processes to audit based on risk assessment. This involves reviewing performance history, considering product criticality, and evaluating regulatory requirements. Previous audit findings and the effectiveness of corrective actions also factor into the decision.

Auto-scheduling helps ensure audits occur on time. The best practice is to schedule audits three months in advance and add them to your audit list with a "Planned" status. This advance notice allows both parties to prepare adequately and avoid scheduling conflicts.

Resource planning requires careful consideration of auditor qualifications, availability of supporting personnel, and logistics for supplier audits. An audit of a supplier's special processes facility, for example, might require an auditor with specific technical expertise in heat treatment or welding processes.

3.2 Audit Scheduling

The notification process begins by contacting the auditee with a proposed audit date. The actual date is usually negotiated to avoid schedule conflicts and ensure resource availability at both locations. For a supplier audit, this might mean avoiding their month-end production push or your auditor's vacation schedule.

Before the audit, request copies of relevant documents such as quality policies, change control procedures, work instructions, and training records. This documentation review helps auditors prepare more effectively and can identify potential issues before the on-site visit. For instance, if a supplier's change control procedure hasn't been updated in several years, that becomes a focus area during the audit.

This process directly leverages the Document Control element of their QMS. You're verifying that their documentation system maintains current, approved procedures and that version control is working effectively. Modern QMS software makes this documentation request process much simpler, as suppliers can provide instant access to current documents rather than scrambling to locate and copy paper-based procedures.

4. Audit Execution Process

4.1 Pre-Audit Activities

Document review should occur well before the on-site visit. Review submitted documentation for completeness and identify potential areas of concern. This preparation allows auditors to develop targeted questions and plan their time more effectively.

A thorough document review might reveal that a supplier's calibration procedure doesn't address measurement uncertainty, which would then become a specific line of inquiry during the audit. The goal is to arrive on-site with a clear understanding of the organization's documented processes and any apparent gaps.

4.2 On-Site Audit Activities

Documentation review during the audit focuses on verifying that procedures and work instructions are current and that quality records demonstrate compliance. This directly examines the Document Control element of their QMS. Look for evidence that document control processes are working effectively - whether outdated procedures have been removed from work areas, whether employees are using the correct revision levels, and whether the approval workflows are functioning properly.

Process observation involves watching actual work practices on the factory floor to evaluate their Business Process Management effectiveness. This is where you determine whether employees follow standard procedures and assess how well change control processes are implemented. You might observe a machining operation to verify that operators are following the work instruction sequence and using the specified measurement tools. Remember the manufacturing example from our QMS overview - you're looking for potential sources of defects like wrong configurations, component problems, or labeling errors.

Sample process audits focus on key business processes like nonconformance handling, gage calibration, and purchase order management. Rather than trying to audit every process, select representative samples that provide insight into overall Business Process Management effectiveness. For instance, reviewing how a few recent nonconformances were handled can reveal whether the corrective action process is working properly and preventing the types of systematic problems that lead to customer complaints.

Employee interviews help verify the Training Management element by assessing understanding of procedures and training effectiveness. Ask open-ended questions about how they handle specific situations. An operator might explain how they respond when a dimension is out of tolerance, revealing whether they understand the nonconformance process and have been properly trained on it.

Management interviews provide insight into leadership commitment and resource allocation. These discussions often reveal the organization's approach to continuous improvement and strategic quality objectives. A quality manager might describe how they use audit findings to prioritize improvement projects.

4.3 Post-Audit Activities

Consolidating audit observations requires careful analysis to identify patterns and classify findings by severity. The preliminary findings review with auditee management ensures there are no misunderstandings before the final report is issued.

This review meeting is crucial for maintaining relationships and ensuring corrective actions address the root causes. For example, if multiple findings relate to training deficiencies, the discussion might focus on whether the training program itself needs revision rather than just addressing individual instances.

5. Audit Checklists

Audit checklists should be organized into logical sections with clear, measurable questions. The structure varies depending on the industry and specific requirements, but all follow a logical flow that mirrors how work actually gets done. The appendix below provides four industry-specific examples (Aerospace/Aeroengines, Medical Devices, Automotive) that demonstrate how checklists are tailored to address unique sector requirements.

5.1 Question Rating System

Each audit question should be rated using a standardized system that provides clear, consistent evaluation criteria. Compliant means full compliance with requirements is demonstrated through objective evidence. Partially Compliant indicates some compliance issues were identified, but basic requirements are met. Not Applicable means the requirement doesn't apply to the auditee's operations. Noncompliant signifies significant compliance issues that require immediate attention.

This rating system helps ensure consistency between different auditors and audit cycles. A calibration system question might be rated as Partially Compliant if calibration is being performed but some records are incomplete, versus Noncompliant if calibration isn't being performed at all.

5.2 Evidence Documentation

For each question, document objective evidence through supporting documents, photos, or records. Include detailed notes describing what was observed and link findings to specific sections in applicable standards like AS9100 or ISO 9001.

Good evidence documentation tells a complete story. Rather than just noting "calibration records reviewed," document which specific records were examined, what they showed, and how they demonstrate compliance or non-compliance. This level of detail supports the audit findings and helps with corrective action development.

6. Managing Audit Findings

6.1 Finding Classification

Findings should be classified based on severity and potential impact on product quality or safety. Major findings represent significant non-compliance with requirements, systemic failures of quality system elements, or immediate risks to product quality or safety. These typically require immediate corrective action and management attention.

Minor findings involve isolated non-compliance issues, procedural deviations without significant impact, or documentation deficiencies. While less critical than major findings, they still require corrective action to prevent escalation. An example might be missing signatures on a few inspection records when the inspection was actually performed.

Opportunities for improvement are suggestions for enhancement, best practice recommendations, or efficiency improvements. These aren't compliance issues but represent ways the organization could strengthen its operations. For instance, an auditor might suggest implementing statistical process control even when it's not required.

6.2 Finding Documentation

Each finding requires comprehensive documentation including when it was identified, who is responsible for resolution, and the timeline for corrective action. The description should be clear and specific, avoiding vague language that could lead to misunderstandings.

Effective finding documentation focuses on facts and observable conditions rather than judgments or opinions. Instead of writing "housekeeping is poor," document specific observations like "metal shavings observed on inspection bench adjacent to precision measurement equipment." This approach helps ensure corrective actions address the actual issues identified.

6.3 Finding Assignment

Ownership assignment depends on the type of audit being conducted. Internal audits assign findings to internal process owners who have the authority and resources to implement corrections. Supplier audits assign findings to supplier quality personnel who coordinate corrective actions within their organization.

For customer or certifying body audits, findings are typically assigned to internal quality team members who coordinate the response and implementation of corrective actions. The key is ensuring the assigned person has both the authority to implement changes and the knowledge to address the specific finding.

7. Follow-up and Corrective Actions

7.1 Corrective Action Process

Root cause analysis is essential for effective corrective actions. Simply fixing the immediate problem without addressing underlying causes often leads to recurrence. Use appropriate problem-solving techniques like fishbone diagrams or five-why analysis to identify systemic issues beyond immediate symptoms.

Action plan development should define specific corrective actions with realistic timelines and clear assignment of responsible parties. Include verification methods to ensure actions are effective. For example, if the finding relates to inadequate training, the corrective action might include updating training materials, retraining affected personnel, and implementing a verification test.

Implementation tracking involves monitoring progress against due dates and sending reminders for approaching deadlines. Overdue actions should be escalated to management attention. Many organizations use automated systems to track corrective actions and generate alerts when due dates approach.

7.2 Effectiveness Verification

Verification methods should match the nature of the corrective action. Follow-up audits work well for systemic issues, while process monitoring might be more appropriate for operational problems. Record review can verify that documentation has been updated, and performance metrics analysis can show whether the underlying problem has been eliminated.

Closure criteria should be established upfront so everyone understands what constitutes successful completion. All corrective actions must be completed, effectiveness must be verified, documentation must be updated, and any required training must be completed. Only when all criteria are met should the finding be closed.

7.3 Process CAPA Integration

Some audit findings require formal Process Corrective and Preventive Action procedures. These typically include systemic quality issues, recurring nonconformances, regulatory compliance failures, and customer complaints related to audit findings.

The decision to initiate a Process CAPA should be based on the potential impact and complexity of the required corrective actions. A single missing calibration sticker might not warrant a formal CAPA, but a pattern of calibration deficiencies across multiple areas probably would.

8. Best Practices

8.1 Audit Preparation

Auditor qualifications are fundamental to audit effectiveness. Ensure auditors are trained and qualified for their specific assignments, maintain competency records, and provide ongoing training on standards and techniques. Industry-specific expertise is often crucial for technical audits.

Planning effectiveness depends on using risk-based audit selection, maintaining realistic audit schedules, preparing thoroughly before each audit, and communicating clearly with auditees. A well-planned audit is more likely to identify real issues and provide value to the organization.

8.2 Audit Execution

Professional conduct requires maintaining objectivity and independence while being respectful and professional. Focus on facts and evidence rather than personal opinions or judgments. Remember that the goal is improvement, not punishment.

Effective communication involves asking open-ended questions, listening actively to responses, and providing clear explanations. Document thoroughly but avoid overwhelming the auditee with excessive paperwork during the audit. The focus should be on understanding and improvement, not bureaucracy.

8.3 Continuous Improvement

Regular assessment of audit effectiveness helps ensure the program continues to provide value. Update checklists based on standards changes, incorporate lessons learned from each audit, and measure audit program performance through metrics like completion rates and finding closure rates.

Analyzing audit trends and patterns can reveal systemic issues that might not be apparent from individual audits. For example, if multiple suppliers have similar findings related to change control, it might indicate that your requirements in this area need clarification or that your supplier training program needs enhancement.

8.4 Technology Integration

Digital QMS tools can significantly improve audit efficiency and effectiveness, addressing all the challenges mentioned in our QMS overview about transitioning from paper-based systems. Electronic audit checklists reduce paperwork and enable real-time data entry. Automated reminders help ensure timely follow-up on corrective actions. Digital evidence files make it easier to maintain comprehensive audit records.

Modern QMS software provides instant audit readiness. You can quickly demonstrate that employees are trained on current procedures (Training Management), show complete revision histories (Document Control), provide evidence that processes are being followed (Business Process Management), and access historical audit records (Audit Management). What used to take days of preparation can now be handled in minutes.

Data management becomes increasingly important as audit programs mature. Centralized audit records enable easy retrieval and analysis, maintain complete audit histories, and support trend analysis. The goal is to transform audit data into actionable insights that drive continuous improvement across all four essential QMS elements.

9. Conclusion

Effective audit management requires systematic planning, thorough execution, and diligent follow-up. As one of the four essential elements of every Quality Management System, audits work in concert with Document Control, Business Process Management, and Training Management to ensure consistent delivery of quality products and services.

The processes and best practices outlined in this guide help ensure audit programs provide real value through improved compliance, enhanced quality, and reduced risk. Success depends on treating audits as opportunities for improvement rather than mere compliance exercises. When audits reveal that documents aren't current, processes aren't being followed, or training is inadequate, these findings point to specific areas where the other QMS elements need strengthening.

Regular review and continuous improvement of the audit process maintain its effectiveness and relevance to organizational objectives. Remember that the ultimate goal is not just finding problems but creating a culture of continuous improvement that prevents problems from occurring in the first place. Just as the coffee shop and manufacturing examples in our QMS overview showed how multiple processes must work together to prevent defects, effective auditing ensures all your quality system elements are functioning as an integrated whole.

Modern digital QMS platforms, such as 1factory's Quality Management Software, make this integration seamless, automatically connecting audit findings to document updates, training assignments, and process improvements. This creates a closed-loop system where audit discoveries drive systematic improvements across your entire quality management system.

10. Appendix

10.1 Sample Aerospace (Aeroengine Components) Audit Checklist

This checklist is designed for suppliers manufacturing critical aeroengine components where failure could result in catastrophic consequences. It incorporates AS9100 requirements along with specific engine manufacturer and regulatory requirements.

1. Quality Management System

  • Is an AS9100-compliant quality management system documented and implemented?
  • Are quality objectives defined, measured, and linked to engine performance requirements?
  • Is management commitment to aerospace quality standards demonstrated?
  • Are organizational roles and responsibilities clearly defined for all personnel?
  • Is there evidence of continuous improvement in aerospace-specific processes?

2. Risk Management and Safety

  • Is there a documented risk management process for identifying safety-critical characteristics?
  • Are Failure Mode and Effects Analysis (FMEA) completed for all processes?
  • Is there a process for managing safety-critical items and components?
  • Are personnel trained on the consequences of nonconforming product in aerospace applications?
  • Is there a system for tracking and reporting safety incidents?

3. Design and Development (if applicable)

  • Are engine manufacturer design requirements properly interpreted and implemented?
  • Is there a process for design verification and validation specific to engine operating conditions?
  • Are thermal, mechanical, and fatigue analyses performed and documented?
  • Is there a process for managing design changes that affect engine performance or safety?
  • Are design reviews conducted with appropriate technical expertise?

4. Special Processes Control

  • Are all special processes (heat treatment, welding, coating, etc.) identified and controlled?
  • Do special process operators hold current certifications (NADCAP, AWS, etc.)?
  • Are special process parameters monitored and recorded continuously?
  • Is there a process for qualifying new special process procedures?
  • Are special process facilities and equipment regularly audited and maintained?

5. Material Control and Traceability

  • Is there complete material traceability from raw material to finished component?
  • Are material certifications verified against specifications before use?
  • Is there a process for preventing use of counterfeit materials?
  • Are material storage conditions controlled to prevent degradation?
  • Is shelf life management implemented for time-sensitive materials?

6. Manufacturing and Process Control

  • Are all manufacturing processes validated and controlled?
  • Is there statistical process control for critical characteristics?
  • Are work instructions detailed enough to ensure repeatability?
  • Is there a process for controlling manufacturing changes?
  • Are environmental conditions monitored and controlled where required?

7. Inspection and Testing

  • Are inspection plans based on safety-critical characteristics?
  • Is non-destructive testing performed by certified personnel using qualified procedures?
  • Are measurement systems capable of measuring to required tolerances?
  • Is there a process for first article inspection and ongoing validation?
  • Are inspection records complete and traceable to specific components?

8. Calibration and Measurement Systems

  • Are all measurement devices calibrated to traceable standards?
  • Is measurement uncertainty calculated and acceptable for intended use?
  • Are Gage R&R studies performed on critical measurement systems?
  • Is there a process for handling out-of-calibration equipment?
  • Are calibration intervals based on usage and stability data?

9. Nonconforming Product Control

  • Is there a Material Review Board (MRB) process with appropriate authority levels?
  • Are nonconforming products properly identified and segregated?
  • Is root cause analysis performed for all nonconformances?
  • Are trends in nonconformances analyzed and acted upon?
  • Is there a process for dispositioning nonconforming product (scrap, rework, repair)?

10. Supplier Management

  • Are sub-tier suppliers qualified and regularly monitored?
  • Are aerospace requirements flowed down to suppliers?
  • Is there a process for supplier auditing and performance monitoring?
  • Are supplier quality agreements in place and current?
  • Is there a process for managing supplier changes?

11. Configuration Management

  • Is there a process for controlling engineering changes?
  • Are as-built configurations documented and maintained?
  • Is there traceability between design requirements and manufacturing processes?
  • Are serialized components tracked throughout their lifecycle?
  • Is configuration status readily available for all active components?

12. FOD (Foreign Object Damage) Prevention

  • Is there a documented FOD prevention program?
  • Are FOD-sensitive areas identified and controlled?
  • Are tools and hardware controlled to prevent loss?
  • Is FOD training provided to all personnel?
  • Are FOD inspections performed and documented?

13. Regulatory Compliance

  • Are all applicable airworthiness requirements identified and met?
  • Is there a process for staying current with regulatory changes?
  • Are required certifications and approvals current?
  • Is there a process for reporting service difficulties when required?
  • Are export/import requirements properly managed?

10.2 Medical Device Audit Checklist

This checklist is designed for medical device manufacturers and must address FDA Quality System Regulation (21 CFR 820), ISO 13485, and other applicable regulatory requirements.

1. Quality Management System

  • Is an ISO 13485-compliant quality management system documented and implemented?
  • Is there a designated management representative responsible for the QMS?
  • Are quality objectives defined and monitored for effectiveness?
  • Is there evidence of management commitment to regulatory compliance?
  • Are organizational roles and responsibilities clearly defined?

2. Risk Management

  • Is there a documented risk management process per ISO 14971?
  • Are risk analyses performed for all devices and processes?
  • Is there a process for risk control and residual risk evaluation?
  • Are post-market surveillance data considered in risk management?
  • Is risk management documentation maintained throughout product lifecycle?

3. Design Controls

  • Are design controls implemented per 21 CFR 820.30?
  • Is there a design and development planning process?
  • Are design inputs complete and traceable to user needs?
  • Are design outputs verified against design inputs?
  • Is design validation performed under actual or simulated use conditions?
  • Are design changes controlled and documented?
  • Is design history file maintained for each device?

4. Document and Data Controls

  • Are all quality system documents controlled per 21 CFR 820.40?
  • Is there a process for document approval before release?
  • Are obsolete documents prevented from unintended use?
  • Is there a process for controlling changes to documents?
  • Are data integrity controls implemented for electronic records?

5. Management Responsibility

  • Are adequate resources provided for the quality system?
  • Is there a process for management review of the QMS?
  • Are quality policy and objectives communicated throughout the organization?
  • Is there a designated person responsible for regulatory affairs?
  • Are corrective and preventive actions reviewed by management?

6. Human Resources

  • Are personnel qualifications documented for all positions?
  • Is training provided and documented for all personnel?
  • Are training needs evaluated based on job requirements?
  • Is there ongoing training for regulatory updates?
  • Are personnel evaluations conducted regularly?

7. Infrastructure and Work Environment

  • Are facilities adequate for device manufacturing?
  • Is equipment qualified and maintained properly?
  • Are environmental conditions controlled where required?
  • Is there a process for cleaning and maintenance of facilities?
  • Are contamination controls implemented where necessary?

8. Purchasing Controls

  • Are suppliers evaluated and approved based on their ability to meet requirements?
  • Are purchasing data complete and include quality requirements?
  • Is there a process for incoming inspection or other verification?
  • Are supplier audits conducted when appropriate?
  • Are supplier performance monitoring systems in place?

9. Product Identification and Traceability

  • Is product identification maintained throughout production?
  • Is traceability established for devices where required?
  • Are unique device identifiers (UDI) implemented where required?
  • Is there a process for tracking devices through distribution?
  • Are device history records maintained per 21 CFR 820.184?

10. Production and Process Controls

  • Are production processes validated and controlled?
  • Are process parameters monitored and documented?
  • Is there a process for production changes and process validation?
  • Are work instructions adequate and current?
  • Is there a process for controlling production environment?

11. Inspection and Testing

  • Are inspection and testing activities documented and performed?
  • Is there incoming, in-process, and final inspection?
  • Are acceptance criteria clearly defined?
  • Is there a process for handling inspection and test failures?
  • Are inspection and test records maintained?

12. Control of Monitoring and Measuring Equipment

  • Are measurement devices calibrated and controlled?
  • Is calibration traceable to national or international standards?
  • Are measurement uncertainties known and acceptable?
  • Is there a process for handling out-of-calibration equipment?
  • Are calibration records maintained?

13. Nonconforming Product

  • Is there a process for identifying and controlling nonconforming product?
  • Are nonconformance investigations conducted?
  • Is there a review and disposition process for nonconforming product?
  • Are nonconformance trends analyzed?
  • Is there a process for rework and re-inspection?

14. Corrective and Preventive Action (CAPA)

  • Is there a CAPA system per 21 CFR 820.100?
  • Are all sources of quality data considered for CAPA?
  • Is root cause analysis performed for all CAPAs?
  • Are CAPA effectiveness checks conducted?
  • Is there a process for preventive action implementation?

15. Labeling and Packaging Controls

  • Are labeling controls implemented per 21 CFR 820.120?
  • Is labeling inspection performed before release?
  • Are packaging processes validated?
  • Is there control of labeling storage and issuance?
  • Are labeling changes controlled and documented?

16. Handling, Storage, Distribution

  • Are handling procedures adequate to prevent damage?
  • Are storage conditions controlled and monitored?
  • Are distribution records maintained?
  • Is there a process for handling customer complaints about shipping damage?
  • Are expiration dating controls implemented where required?

17. Installation and Servicing

  • Are installation procedures documented where applicable?
  • Is service personnel training documented?
  • Are service records maintained?
  • Is there a process for analyzing service data?
  • Are service changes controlled and documented?

18. Statistical Techniques

  • Are statistical methods used where appropriate?
  • Is sampling plan rationale documented?
  • Are statistical methods validated for their intended use?
  • Is there statistical analysis of quality data?
  • Are control charts used where appropriate?

19. Post-Market Surveillance

  • Is there a post-market surveillance system?
  • Are adverse events reported per regulatory requirements?
  • Is complaint handling system implemented per 21 CFR 820.198?
  • Are field actions (recalls) managed appropriately?
  • Is post-market data used for risk management and CAPA?

10.3 Automotive Component Audit Checklist

This checklist is designed for automotive component suppliers and addresses IATF 16949 requirements along with customer-specific requirements from OEMs.

1. Quality Management System

  • Is an IATF 16949-compliant quality management system documented and implemented?
  • Are automotive quality objectives defined and linked to customer satisfaction?
  • Is there evidence of continuous improvement culture?
  • Are organizational roles and authorities clearly defined?
  • Is there a process for managing automotive customer-specific requirements?

2. Customer-Specific Requirements

  • Are all customer-specific requirements identified and implemented?
  • Is there a process for reviewing and updating customer requirements?
  • Are customer portals and communication systems utilized effectively?
  • Is there a process for managing customer engineering changes?
  • Are customer scorecards and performance metrics monitored?

3. Product Safety and Risk Management

  • Is there a documented product safety process?
  • Are product safety representatives designated and trained?
  • Are safety-related characteristics identified and controlled?
  • Is there a process for product safety escalation?
  • Are risk analyses (PFMEA) performed and maintained current?

4. Design and Development

  • Is there a multi-disciplinary approach to design and development?
  • Are design reviews conducted at appropriate phases?
  • Is design verification and validation performed?
  • Are design changes controlled and customer-approved?
  • Is there a process for design FMEA and design reviews?

5. Manufacturing Process Management

  • Are manufacturing processes validated and controlled?
  • Is there statistical process control implementation?
  • Are process flow diagrams and control plans maintained?
  • Is there a layered process audit program?
  • Are process changes controlled through change management?

6. Special Processes - Castings

  • Are casting processes validated and continuously monitored?
  • Is molten metal chemistry controlled and documented?
  • Are casting defects (porosity, inclusions, shrinkage) prevented and detected?
  • Is non-destructive testing performed per specifications?
  • Are casting tooling and dies maintained and controlled?
  • Is there process capability demonstration for critical casting characteristics?

7. Special Processes - Forgings

  • Are forging processes validated for grain flow and mechanical properties?
  • Is die design and maintenance controlled to prevent defects?
  • Are forging temperatures and pressures monitored and recorded?
  • Is there control of material flow and die fill?
  • Are forging defects (laps, cold shuts, underfill) prevented?
  • Is heat treatment of forgings controlled and validated?

8. Special Processes - Sheet Metal

  • Are stamping and forming processes validated and controlled?
  • Is die setup and maintenance performed per schedule?
  • Are material properties verified before processing?
  • Is springback and dimensional variation controlled?
  • Are surface defects (scratches, dents, oil canning) prevented?
  • Is there control of blank cutting and edge quality?

9. Supplier Quality Management

  • Are suppliers developed and monitored per automotive requirements?
  • Is there a supplier quality manual and agreements?
  • Are supplier audits conducted regularly?
  • Is there incoming inspection or supplier verification?
  • Are supplier performance metrics tracked and reviewed?

10. Production Part Approval Process (PPAP)

  • Is PPAP documentation complete and current for all parts?
  • Are customer approvals obtained before production?
  • Is there a process for PPAP resubmission when required?
  • Are PPAP records maintained and accessible?
  • Is there control of engineering changes affecting PPAP?

11. Statistical Process Control

  • Is SPC implemented for all critical characteristics?
  • Are control charts maintained and monitored continuously?
  • Is there a reaction plan for out-of-control conditions?
  • Are process capability studies (Cpk/Ppk) performed and documented?
  • Is there ongoing capability monitoring?

12. Measurement Systems Analysis

  • Are MSA studies performed on all measurement systems?
  • Is Gage R&R acceptable for all critical measurements?
  • Are measurement systems validated for their intended use?
  • Is there ongoing monitoring of measurement system performance?
  • Are measurement uncertainties known and acceptable?

13. Problem-Solving and CAPA

  • Is there a structured problem-solving methodology (8D, DMAIC)?
  • Are containment actions implemented immediately?
  • Is root cause analysis performed using appropriate tools?
  • Are corrective actions verified for effectiveness?
  • Is there a process for preventive actions?

14. Layered Process Audits

  • Are layered process audits conducted per schedule?
  • Do audits cover critical process characteristics?
  • Are audit findings tracked and resolved quickly?
  • Is there escalation process for repeated findings?
  • Are audit schedules risk-based?

15. Mistake-Proofing (Poka-Yoke)

  • Are mistake-proofing devices implemented where feasible?
  • Is there a systematic approach to error prevention?
  • Are poka-yoke devices validated and maintained?
  • Is there training on mistake-proofing principles?
  • Are error-proofing opportunities identified during PFMEA?

16. Maintenance and Total Productive Maintenance

  • Is there a preventive maintenance program?
  • Are maintenance records maintained and analyzed?
  • Is there total productive maintenance (TPM) implementation?
  • Are critical spare parts identified and stocked?
  • Is equipment effectiveness monitored (OEE)?

17. Traceability and Recall Management

  • Is product traceability maintained throughout production?
  • Is there a documented recall procedure?
  • Are recall exercises conducted periodically?
  • Is traceability testing performed to verify effectiveness?
  • Are serialization requirements met where applicable?

10.4 Industrial Component Audit Checklist

This checklist is designed for industrial component manufacturers serving diverse markets including construction, agriculture, mining, and general industrial applications.

1. Quality Management System

  • Is a quality management system (ISO 9001 or equivalent) documented and implemented?
  • Are quality objectives aligned with business objectives?
  • Is there evidence of continuous improvement activities?
  • Are organizational responsibilities clearly defined?
  • Is management commitment to quality demonstrated?

2. Customer Requirements Management

  • Is there a process for reviewing and accepting customer orders?
  • Are customer specifications and requirements clearly documented?
  • Is there a process for managing customer changes?
  • Are customer complaints handled systematically?
  • Is customer satisfaction measured and monitored?

3. Design and Development (if applicable)

  • Is there a structured approach to product development?
  • Are design inputs complete and documented?
  • Is design verification and validation performed?
  • Are design changes controlled and approved?
  • Is intellectual property protected appropriately?

4. Supply Chain Management

  • Are suppliers qualified and regularly evaluated?
  • Is there a supplier quality agreement process?
  • Are critical suppliers identified and monitored?
  • Is there supplier development and improvement programs?
  • Are alternative suppliers identified for critical materials?

5. Production Planning and Control

  • Is production planning integrated with customer demand?
  • Are production schedules realistic and achievable?
  • Is capacity planning performed and monitored?
  • Are material requirements planned and controlled?
  • Is work-in-process inventory managed effectively?

6. Manufacturing Processes - Castings

  • Are casting processes controlled for dimensional accuracy and material properties?
  • Is molten metal quality controlled through chemistry and temperature monitoring?
  • Are casting defects minimized through process optimization?
  • Is pattern and core maintenance performed regularly?
  • Are casting inspection methods appropriate for part requirements?
  • Is heat treatment controlled where required?

7. Manufacturing Processes - Forgings

  • Are forging processes validated for material flow and strength requirements?
  • Is die design optimized for part geometry and material utilization?
  • Are forging parameters (temperature, pressure, speed) controlled?
  • Is material preparation (heating, cleaning) controlled?
  • Are forging defects (flash, underfill, cracks) prevented?
  • Is machining allowance controlled and optimized?

8. Manufacturing Processes - Sheet Metal

  • Are forming processes capable of meeting dimensional requirements?
  • Is material handling controlled to prevent damage and contamination?
  • Are die clearances and setup procedures documented?
  • Is progressive die maintenance scheduled and performed?
  • Are surface treatments and finishes controlled?
  • Is scrap and material utilization monitored and optimized?

9. Machining and Secondary Operations

  • Are machining processes capable and controlled?
  • Is tooling management implemented systematically?
  • Are cutting parameters optimized for quality and efficiency?
  • Is coolant and lubricant management controlled?
  • Are surface finishes achieved consistently?
  • Is dimensional accuracy maintained throughout production?

10. Quality Control and Inspection

  • Are inspection plans based on risk and customer requirements?
  • Is incoming inspection performed on critical materials?
  • Are in-process controls implemented at critical operations?
  • Is final inspection comprehensive and documented?
  • Are inspection records maintained and traceable?

11. Testing and Validation

  • Are material properties verified through testing?
  • Is functional testing performed where applicable?
  • Are test methods validated and documented?
  • Is test equipment calibrated and maintained?
  • Are test records complete and traceable?

12. Calibration and Metrology

  • Are measuring instruments calibrated to traceable standards?
  • Is calibration status clearly identified?
  • Are calibration intervals appropriate for use?
  • Is measurement uncertainty considered in accept/reject decisions?
  • Are out-of-calibration incidents investigated?

13. Nonconforming Product Control

  • Is nonconforming product identified and segregated?
  • Are disposition decisions made by authorized personnel?
  • Is rework controlled and re-inspected?
  • Are nonconformance trends analyzed?
  • Is customer notification performed when required?

14. Corrective and Preventive Action

  • Is there a systematic approach to problem identification?
  • Is root cause analysis performed for significant issues?
  • Are corrective actions implemented and verified?
  • Is effectiveness of actions monitored?
  • Are preventive actions implemented proactively?

15. Material Handling and Storage

  • Are handling procedures adequate to prevent damage?
  • Are storage conditions controlled to prevent deterioration?
  • Is inventory accuracy maintained?
  • Is material identification maintained throughout processes?
  • Are shelf life requirements managed where applicable?

16. Packaging and Shipping

  • Are packaging methods adequate for product protection?
  • Is shipping documentation complete and accurate?
  • Are special handling requirements identified?
  • Is damage during shipping minimized?
  • Are delivery performance metrics monitored?

17. Equipment Maintenance

  • Is preventive maintenance scheduled and performed?
  • Are maintenance records maintained?
  • Is equipment reliability monitored?
  • Are critical spare parts available?
  • Is equipment modification controlled?

18. Environmental and Safety Management

  • Are environmental requirements identified and met?
  • Is waste management controlled and monitored?
  • Are safety procedures implemented and followed?
  • Is incident reporting and investigation performed?
  • Are regulatory compliance requirements met?