dashmen said:
Jennifer, I am studying the article. Thanks for your links.
Wallace, the situation is, one customer ask us have an audit on one of their suppliers, they give the checklist and ask that the audit must be a "performance based audit". I reviewed the checklist and feel that seems like the "process audit" . So I want some opinion and can ready for the audit.
This is as I suspected.
One of the criticisms I have read of current registration standards (both ISO and the specialty standards that resemble its structure) is that audits of systems per these standards are based on evidence that the system is being followed. How effective and with what value are not questions for the auditor--the auditee is only responsible to show the system is functioning within specified parameters.
This has invited soul searching after problems such as the Ford-Bridgestone debacle, where tires blew on Explorer vehicles under certain condisions and people asked, "Why wasn't this caught before people died from it? Why didn't the audit process catch this problem?"
The basic answer is that registrars donot have the right to demand that performance data be included. Test results, design changes that result, etc. are considered sensitive, confidential data and can be kept secret.
Industry regulators have been the standard answer for this need for oversight, but they may be too few, thus cannot provide the kind of coverage necessary for effective oversight.
Those who favor less government intervention assert that free market forces can fill the gap; let flawed suppliers be exposed by their customers, and either be forced to change or suffer from shrinking market share. In other words, let the customer's demand for quality rule over practices, not just enforcement of law.
The performance audit seems to be an attempt to meet this objective.
However, you still wouldn't have the powers of a regulatory auditor. The majority of references I found, including the second link, involves government audits. Even when done internally, government entities would likely find it much easier to exert authority in the audit process than the free market auditor could expect.
If you feel the checklist does not address performance, you may want to negotiate that because it would still be very easy to hide poor performance behind graphs and charts if you are not allowed to dig for data that supports their claims of effectiveness. Your customer may or may not know all this, and the supplier may also understand it, or not.
It may be up to you to decide how approach drawing the parameters of this audit, negotiate the extent you will be held responsible for its results, and ensure the auditee will cooperate by supplying the data that shows performance, and not just that they are following the system.
Anyone else? I am ready to hear if I am on the mark or not, or if I am missing something.