The Quality Audit
Did I Catch You Unaware?
Auditing
An Open Source Document
This document is an Open Source document!
Huh?
This means it is the result of the input of may people and resources.
This means YOU can and may participate. If you want something included or have a suggestion, please let me know. You can send some slides in e-mail. Or write me and tell me about what has not been addressed but that you believe should be addressed. If your suggestion is incorporated into the document you will be given credit in the document. You will get updates for free as long as the file is undergoing updates (rumour is I may die someday or decide to do something else with my life so I cant really use the word forever).
I will accept and incorporate good patches and constructive criticism.
Telling me of spelling errors doesnt count, but will be very much appreciated.
This is how we do things in hackerland; it's a combination of individual visions and collaborative synergy that makes things work. Just as it is in the Cove forums.

Partial List Of Files In This Guide
Guide Objectives
To Develop an Understanding of What is Required of a Quality System Auditor
To Review the Guidelines for Auditing Quality Systems
To Develop Auditing Techniques
To Utilize these Concepts through Actual Audits
Understanding How to Respond to an Auditor

Related Stuff Well Be Covering
Understanding the General Structure of Quality Systems
ISO 10011-1, 2, and 3 “Guidelines for Auditing Quality Systems”
If you dont have these, you should purchase them.
Review Documentation Hierarchy
Understanding Auditing Techniques
Planning Schedules
Creating Check Lists
Audit Plan
Audit Findings/Observations
Preparing Audit Reports
Team Audits

Caution
Whilst some of you may be using this guide for internal auditing, in general it addresses auditing as a third party just as the ASQCs CQE (Certified Quality Auditor) course and exam does. This is to say much of the material is aimed at folks who will be dealing with companies they do not work in. This said, you will see I take a very formal approach at times. Most classes on auditing do. For example, we will talk about introductory meetings. Obviously these can be very formal and long (up to an hour or more), whilst for some companies doing internal audits the formality is very limited.
So - as you go through the guide, recognize that the amount of formality will be dependent upon your specific situation.

Caution II
This guide is not intended to address specific interpretation(s) of ISO 9001, QS-9000 or any other specific standard or customer requirement. It is *assumed* that anyone auditing will have the appropriate background / experience / education in that which s/he is auditing.
It is *assumed* that we all know you cannot audit anything you do or are responsible for. Conflict of Interest is the phrase.

Auditing - The Program
The Goal Of An Audit
To Collect
Objective Evidence
To Permit An
Informed Judgment
About The
Status Of The Systems or Product Being Audited

Basic Types of Audits
Internal (First Party, Self)
This type includes audits by your company employees, consultants and contractors.
External
Supplier Audit
Second Party
This is where: 1. Customer employee(s) audit your company or where 2. Your employee(s) audit a company which supplies your company with a product or service.
Independent Organization
Third Party - Registrar
A customer wants an audit of your company but wants your company to pay for it.
This type of audit is described as independent. In QS-9000 this is not really the case.

Audit Sub-Types
Compliance (do we comply with the standard)
Example: Desk audit of high level systems
System (the theory)
Example: Audit of Document Control
Process (the practice)
Example: Audit of an assembly or fabrication station (note to service industries: you DO have comparable processes)
Product (the result)
Example: Dock Audit
A breakdown of the final product. Verify paperwork trail,inspection and test results, for each item of the product. Verify key characteristics meet dimensional requirements.

Audit Types
A Typical Audit System
Definitions: “Who”
Auditor: A person who has the appropriate qualifications and performs audits.
Client: A person or organization requesting the audit. For internal audits, this is the Management Representative.
Auditee: An organization,facility or person being audited.

Definitions: “What”
Quality System: The organizational structure, responsibilities, procedures, processes and resources for implementing quality management.
Observation: A statement of fact made during an audit and substantiated by objective evidence.
Objective Evidence: Qualitative or quantitative information, records or statements of fact pertaining to the quality of an item or service or to the existence and implementation of a quality system element, which is based on observation, measurement or test and which can be verified.
Nonconformity: The nonfulfillment of specified requirements.

Phases of Auditing
Planning and Preparing for the audit
Execution of the audit plan
Reporting the audit results
Close out of corrective actions

The Standard Four Phases
The Part People See
Opening Meeting
Collection of Information
Record and Grade Nonconformances
Evaluation of Number and Significance of Nonconformances
Assessment of Compliance to Requirements
Preparation of Findings
Closing Meeting Review

Quality Audit
A systematic and independent examination to determine whether quality activities and related results comply with planned arrangements and whether these arrangements are implemented effectively and are suitable to achieve the stated objectives.
One Definition

Objective Evidence
It exists and is retrievable
Not influenced by emotion or prejudice
Based on observation
Verbal or documented
Verifiable
May be quantitative
Within the systems being audited
Take Detailed Notes!!!

Objective Evidence II
Reasons For Audits
One Purpose of Audits
Is To Remove Bear Traps

More Reasons For Audits
ISO 9001 Requires Them (QS-9000 4.17 and ISO 9001:2000 8.2.2)
A Control Mechanism Used By Management
Tool For Continuous Improvement
Correct Nonconformities In Systems
Helps Assure Ongoing Systems Operate As Intended And Required

The Audit Must Be
Open, Honest, and Constructive
 The Person or Activity Being Audited Always Gets the Benefit of the Doubt.

Validation
Random Basis
Auditor Chosen
Permission
Factual Agreement
Objectivity
Be Polite
Be Professional

Auditors Are Not….
Inquisitors
Fault Finders
Rock Throwers
Avenging Angels (Biased For or Against)
Dishonest
Overactive

Why A Formal Audit Program?
To ensure the documented systems meet specified requirements.
To ensure the documented systems are practical, understood, and followed throughout the business.
To maintain records of audit activity including areas audited, nonconformances, and corrective and preventive actions.

Internal Audits
The Internal Audit
The Systematic Investigation
of the Intent, Implementation, and Effectiveness
  of Selected Aspects of the Systems
  of an Organization
or One or More of Its Departments

IIAs Definition Of Internal Audit
Definition according to the Institute of Internal Auditors (IIA)
http://www.theiia.org
"Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations.
It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."

Internal Audit System Base Requirements
Documented system
Remember 8.2.2 in ISO 9001:2000 and 4.17 in QS-9000
You must have a Schedule
Preferably 1.5 year minimum
Effective Corrective Element
Including An Escalation Trigger
Verification of Corrective Action
You CAN NOT close an audit out until the effectiveness of the corrective action is verified and validated!
Input of results into Management Review
This must include any specific problem areas as this is the highest level in the escalation feature of your system.
Inclusion of working environment (QS-9000)

Internal Audit System Base Requirements
There are several very important features to bear in mind:
It is important to consider whether the identified nonconformance is a repeater (recurrent).
Particularly in internal auditing, disagreements arise which must be resolved by the audit program manager (or the equivalent).
Not every nonconformance identified requires a formal corrective action.
Some require a minimum corrective action.
Some require a serious, in-depth investigation following the 8-D format.

Role of the Internal Auditor
A Catalyst
An Interface Between Different Groups
An Advisor
A Reporter of Fact(s)

Internal Quality Auditing
Is NOT a Police Force
Is NOT an Inspection of Products
Is NOT an Interrogation Task Force

Slide 37
Compliance Audits
Compliance Audits
It should be noted that, in fact, broadly speaking, every audit is, in one way or another, a compliance audit. Even a product audit is assessing conformance (compliance) against something - a drawing, an inspection sheet - something. When you see the words Compliance Auditing, you should bear in mind the context.

Compliance Audit
A Compliance audit is typically an audit which compares a companys defined systems against those required by the standard being audited against.
May be extensive such as with a QS-9000 audit, or may be a customer audit which is very limited in scope.
Typically you look at the requirements of the standard or requirement and contrast them against the companys systems.
Typically a Compliance (Conformance) Audit is done as a Desk audit. This is verification of compliance.
When a registrar does a Quality Manual Review prior to the pre-assessment audit (usually at US$750 to US$1500), for all intents and purposes they are doing a Compliance Audit (does the manual address every line item of the standard being audited against).

Compliance Audit
Systems Audits
Systems Audit
A Systems Audit is an audit where high level company systems are reviewed. Typically we are talking about Level II procedures which form the backbone based upon the Quality Systems Manual.
Systems audits typically probe the interactivity (communication) of the inter-related company systems and as such often cross functional area boundaries.
Typical Systems Audits:
Document Control
Nonconformance
Control of Measuring and Test Equipment
Systems Audits are typically carried out in multiple departments. For example, if one decides to audit Document Control, one must audit a number of departments.

Systems Audit
Example Training System - A Support System
Process Audits
Process Audit
A Process Audit is where the companys procedures are validated.
Processes are sub-parts of a system. As such, they are typically a part of a system audit.
Process audits are almost always a part of a larger system(s) audit. This is not to say that process audits are only performed as a part of a larger systems or registration audit. An internal audit may indicate the need to perform a specific process audit, for example.
Almost always, one or more other process(es) will interact with any given process. One very important issue to consider is the effectiveness of communications between systems and/or processes.

A Typical Series Of Manufacturing Processes
You may choose to examine 1 or more of the processes. This should be defined within the stated scope of the audit.
Remember interacting processes. The Inspection Instruction here is a possible example. It is not typically part of the manufacturing process instructions. However, some MRP and other systems do include inspection instructions.

Process White Space Issues
Manufacturing Processes
Product Audits
Product Audit
A product audit is an assessment of the final product or service and its fitness for use evaluated against the intent of the purpose of the product or service. I.e.: Does it meet requirements?
May be performed by:
One of your customers.
Also see 7.4.3 in ISO 9001:2000, and 4.6.4 in QS-9000.
Internally as a Dock Audit (QS-9000 requirement).
Internally as Final Inspection.
External product audits are typically oriented to a specific customer.
In military manufacturing this used to be called Source Inspection.

Product Audit - A Brief Review
Product audits are most commonly done by a company on its supplier. In some product audits dimensional, electrical or other measurements may be taken. Test results may be reviewed.
Internal audits do not typically include product audits in and of themselves. More typically you will be reviewing the a product audit performed by someone as a function of auditing the Dock Audit Procedure.
QS-9000 does have a Dock Audit requirement. See the Notes below.

What Will YOU Will Be Auditing?
Basic Audit Focus?
Desk Audit: Are your systems compliant with the standard(s) (such as ISO/QS-9000) you are auditing against?
Desk Audit: Do your systems address customer requirements? Federal, state and local requirements?
Floor (Process) Audit: Do employees know what procedures affect them? Are employees following procedures?

Internal Audits - Focus
If your situation is that of internal auditor, your company should choose a method which suits your company.
Most internal auditing courses approximate a Lead Auditor course which focuses on compliance audits. As we know, compliance audits typically involve interpretation of compliance to ISO 9001:2000 [or other standard(s)] by the auditor. Make sure you want that level of expertise and depth.

Reasons To NOT Address Compliance In Internal Audits
Typically, over time, compliance is determined by high level procedures. As in the standard document pyramid, it is evident that lower level procedures - all the way to the level of work instructions and defined On-The-Job training will be compliant if they follow the higher level procedures which are supposed to be defining the parameters of the lower level documents and systems.

Reasons To NOT Address Compliance In Internal Audits
If your high level procedures are compliant, your lower level procedures must be as well. Every time your registrar visits, it chooses a sample of your systems and verifies, among other things, compliance to the standard. Theoretically, every year they should cover every compliance element at least once. And every 3 years they are supposed to (although it appears this practice is dying) they are (were?) supposed to go through - well, essentially a thorough (complete?) audit like the registration audit. It seems more and more registrars are admitting that the 3 year blowout audit isnt really much more than a money maker. It doesnt accomplish much when youre there every 6 months to a year anyway.

Reasons To NOT Address Compliance In Internal Audits
So - your registrar and your Quality Manager should be watching your systems compliance pretty closely. Your registrar will tell you any significant change to your quality manual has to be submitted to them for approval and may require a re-audit of the change. Your Quality Manager is internally typically the one who is supposed to be watching the systems.
Your secondary line if defense is in your document control system. Changes are supposed to be reviewed and approved by appropriate people. In your company, who is appropriate? In many companies its one person. In larger companies there are typically many people who can review and approve documents.

Reasons To NOT Address Compliance In Internal Audits
The question becomes: Who can review and who can approve (yes, it can be one person who does both) new and changed procedures (systems included). And the answer is not always simple in larger companies. But again to cite the famed document pyramid, in larger companies there are layers and functional areas which address issues they are responsible for. There are supposed to be suitable reviews and approvals.
The bottom line is no procedure, new or changed, should change compliance to standards, customer requirements or other such requirements such as legal, federal, state and local regulations. If this is not the case, your document control system, and probably other systems (e.g. Design) is (are) not compliant.

The Famed Document Pyramid
4.2.3 Control of Documents (4.5)
Another Document Control System
Audit Types - A Brief Review
A Quality Management System?
The following slides are meant to give you an idea of different ways to look at a company. You may be looking at it from a macro view or you may be looking at it in a micro view.
Remember that a company is a complex collection of interacting systems.
Always bear in mind the Scope of the audit.

A Quality Management System?
From ISO 9000:2000
3.1.1: Quality: Degree to which a set of inherent characteristics (3.5.1) fulfils requirements (3.1.2)
3.1.2: Requirements: Need or expectation that is stated, generally implied or obligatory.
3.2.2: Management System: System (3.2.1) to establish policy and objectives and to achieve those objectives.
3.2.3: Quality Management System: Management system (3.2.2) to direct and control and organization (3.3.1) with regard to quality (3.1.1)
3.3.1: Organization: Group of people and facilities with an arrangement of responsibilities, authorities and relationships.
3.5.1: Characteristics: Distinguishing features

ISO/QS-9000 Quality Management System
Document What You Do
Perform to Your Documentation
Record the Performance as Evidence
“Say what you do and do what you say”

Procedures & Systems
Many Requirements
QS/ISO 9001
Contract Requirements
Company System Requirements
    (Policy, Procedures, Instructions)
OSHA
EPA
Federal and State Regulatory

The ISO Standards
The QS 9000 Document Origins
Documentation Hierarchy
Slide 73
Typical Operations Flowchart
The Bottom Line
The Documented System
vs. The Requirement(s)
What the standard and/or other requirement states.
vs. Objective Evidence
What is actually happening.

The Details
Lets Start From The Top

Complex Trade Relationships
An Organization As A Collection of Systems
What is a System?
Collection of interacting parts functioning as a whole.
Collection of subsystems that support the larger system.
Collection of processes oriented toward a common goal.
The organization as a system.

System vs. Process
System
Pronunciation sI stEm
Definition A group of related things or parts that function together as a whole.
Example The school system in your city.
Process
Pronunciation pra sehs
Definition A systematic sequence of actions used to produce something or achieve an end.
Example An assembly-line process.

Systems Responsibilities
This is an example of a Responsibility Matrix. (See Responsibilities_by_Dept.xls - included with this guide).
As you can see, to audit 4.2.4 you can choose from any department because all departments have records of one kind or another which require control.

Systems Responsibilities II
This is another example of Responsibilities defined for specific high level internal procedures (systems). Note that at this point there comes the question: What is a system and what is a procedure? Dont read too much into the definitions. Procedures describe system details.

The Organization as a System, Subsystems, and Processes
Systems and Subsystems
Extending Outside the Organization
An Extended System
Measures In The Extended System
CAUTION!
As you go through an audit and you see links to other systems, you must be careful. Make sure you stay within the scope of the audit. I have seen auditors start to run to other departments to follow up on paperwork and such.
If the scope of your audit is limited, dont go running around to other departments with a “Surprise! Were here to check out some of your paperwork to see if it agrees with ….” If you do this you WILL make enemies! If that is your intent, which it sometimes will be, then give that department or person advance notice and formally include them in the scope of the audit.

What is a Process?
A series of operations or steps that results in a product or service.
A set of causes and conditions that work together to transform inputs into an output.

Examples of Processes
Quality Through Process Improvement
Significant and Critical Processes
Significant Processes
Are processes by which the mission-essential work of the organization is accomplished.
Contribute directly to meeting the needs and requirements of customers.
Can be traced from output (to external customer) back to input (to the organization).
Critical Processes
A stage within a significant process.
One that is deemed as most important for control and improvement.

Responsibilities
Clients Responsibility
Determine the need for and the purpose of the audit and initiates the process
Determine the auditing organization/department
Determine the general scope of the audit, such as what quality system standard or document to audit against
Receives the audit report
Determine what follow-up action, if any, is to be taken, and informs the auditee of it

Auditors Responsibility
Comply with applicable audit requirements
Communicate and clarify audit requirements
Plan the audit and carry out assigned responsibilities effectively and efficiently
Document the observations
Report the audit results
Verify the effectiveness of corrective actions taken as a result of the audit
Retain and safeguard documents pertaining to the audit:
Submitting documents as required
Ensuring documents remain confidential
Treating privileged information with discretion

Auditees Responsibility
Inform relevant employees about the objectives and scope of the audit
Appoint responsible members of staff to meet with members of the audit team
Provide all resources needed for the audit team in order to ensure an effective and efficient audit process
Provide access to the facilities and evidential material as requested by the auditors
Co-operate with the auditors to permit the audit objectives to be achieved
Determine and initiate corrective actions based on the audit report

Auditor Qualifications
Education
Experience
Training
Proficiency
Competence
Communication

Education, Training & Experience
Education:
Candidates should demonstrate competence in clear and fluent oral and in written concepts and ideas
Training:
Knowledge and understanding of the standards, systems and/or procedures audited
Assessment techniques of questioning, evaluating and reporting
Audit management audit skills such as planning, organizing, communicating and directing
Experience:
Candidates should have four years full-time workplace experience

Auditor Personal Qualities
Communication Skills
Tactfulness
Flexibility
Persistence
Objectivity
Integrity

Personal Attributes
Auditors should:
Be open-minded and mature
Possess sound judgement
Have analytical skills and tenacity
Have the ability to perceive situations in a realistic way
Understand complex operations from a broad perspective
Understand the role of individual units within the overall organization

Applying Auditor Attributes
Auditors should apply these attributes in order to:
Obtain and assess objective evidence fairly.
Remain true to the purpose of the audit without fear or favour.
Evaluate constantly the effects of audit observations and personal interactions during an audit.
Treat concerned personnel in a way that will best achieve the audit purpose.
Perform the audit process without deviating due to distraction
Commit full attention and support to the audit process.
React effectively in stressful situations.
Arrive at generally acceptable conclusions based on audit observations.
Remain true to a conclusion despite pressure to change that is not based on evidence.

Audit Preparation
Preparing for the Audit

Planning The Audit
Objective
Scope
Team and Leader
Audit Duration
Contact Company / Department(s)
Establish Date & Time
Check List
Team Briefing

Audit Scope
Compliance to requirements or company procedures?
Entire organization? Specific area? Depth? Duration?
The client makes the final decisions on which quality system elements, physical locations and organizational activities are to be audited within a specified time frame.  If appropriate, the auditee should be contacted when determining the scope of the audit.
The scope and depth of the audit should be designed to meet the clients specific information needs.
Standards or documents within the auditees system should be specified by the client.
Sufficient objective evidence should be available to demonstrate the operation and effectiveness of the auditees quality system.
The resources committed to the audit must be sufficient to meet its intended scope and depth.
Stay within your scope - Do NOT wander about! (e.g. Calibration)

The Audit Plan
The audit plan is approved by the client and communicated to the auditors and auditee.  Create a flexible audit plan which allows the audit team to track-down audit trails yet ridged enough to ensure on-time completion.  The plan should include:
The audit objectives and scope
Identification of the individuals having significant direct responsibilities regarding the objectives and scope
Identification of reference documents (ISO / QS standards, QM, SOPs, and WIs)
Identification of audit members
Date, expected completion time and place for the audit
Meeting schedule for department members
Confidentiality requirements
Schedule of planned future audits

Audit Failure Modes
Scope too wide for time allotted.
Plan is too specific for time allotted.
Sample sizes inappropriately large.
Inadequate or no check list.
Failure to follow check list.
Failure to adhere to schedule.

A Second Auditor
Impartial
Watcher
Listener
Timekeeper
Note Taker
Corroborator
Special Expertise
Training

Audit Team Assignments
When assigning an auditor to a team or task, the Auditors:
Need to be independent from the department or element. One cannot audit their own work.
The Auditor should have:
A general knowledge of the department.
A good knowledge of the standard requirement.
A clear knowledge of the element or section in the quality standard.

Audit Frequency
The need to perform an audit, as well as frequency, is determined by the client.
Determining frequency should take into account:
Results of previous audits.
Status & Importance of the Activity.
Specified or regulatory requirements.
Significant changes in management, organization, policy, techniques or technologies.
Changes to the system itself.
Internal audits may be organized on a regular basis for management or business purposes.

QS-9000 Requirements
Element 4.17 – Internal Quality Audits
The supplier shall establish and maintain documented procedures for planning and implementing internal quality audits to verify whether quality activities and related results comply with planned arrangement and to determine the effectiveness of the quality system.
Internal quality audits shall be scheduled on the basis of the status and importance of the activity to be audited and shall be carried out by personnel independent of those having direct responsibility in the activity being audited.
NOTE: “Activity” can refer to departments, areas, processes, functions, etc. in a company.
NOTE: There is no specified check list that MUST be used for internal auditing purposes.
The results of the audits shall be recorded (see 4.16) and brought to the attention of the personnel having responsibility in the area audited. The management personnel responsible for the area shall take timely corrective action on the deficiencies found during the audit.
Follow-up activities shall verify and record the implementation and effectiveness of the corrective action taken (see 4.16).
NOTES:
20 The results of internal audits form an integral part of the input to management review activities (see 4.l1.3.)
21 Guidance on quality system audits is given in ISO 10011.
4.17.1 – Internal Audit Schedules
Internal auditing should cover all shifts and be conducted according to an audit schedule updated annually. When internal/external nonconformances or customer complaints occur, the planned audit frequency should be increased.

ISO 9001:2000 Requirements
8.2.2 Internal Audit
NOTE: There are no new requirements in Internal Audit from the 1994 version.
The company shall conduct internal audits at planned intervals to determine whether the quality management system
a) Conforms to the planned arrangements (see 7.1), to the requirements of ISO 9001:2000 and to the quality management system requirements established by the company, and
b) Is effectively implemented and maintained.
An audit program shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods shall be defined. Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process.
Auditors shall not audit their own work.
The responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records (see 4.2.4) shall be defined in a documented procedure.
The management responsible for the area being audited shall ensure that actions are taken without undue delay to eliminate detected nonconformities and their causes. Follow-up activities shall include the verification of the actions taken and the reporting of verification results (see 8.5.2).
NOTE See ISO 10011-1, ISO 10011-2 and ISO 10011-3 for guidance.

ISO 9001:2000 Requirements Summary
Internal Quality Audits are required to ensure that the quality system is working effectively and is in conformance with the ISO 9001:2000 standard. Internal Audits are a key component of your QMS, they provide a means for measuring, analyzing and improving your management system. Audits are also a very important input to the Management Review process. The accuracy, scope and reporting of the results of your internal audits are critical in enabling your management to identify the need for corrective actions and preventive action.
The ISO 9001:2000 standard has helped to clarify the auditing requirement. ISO 9001:94 was a little vague when it called for audits to "determine the effectiveness of Quality System". The new standard now is more prescriptive, pointing to the purpose of the audit as to "determine whether the quality management system a) conforms to the requirements of this (ISO 9001:2000) International Standard, and b) has been effectively implemented and maintained." The use of check lists is still a valuable tool for auditing.

Internal Audit Schedule Example
Example Responsibilities Matrix
In the previous slide, you saw that the schedule was by department. In planning, a responsibilities matrix like this one was used to determine what, exactly, was to be audited. Take Design Engineering, for example. If you look at the column heading and follow the column down, you will see that there are quite a few maps which they are responsible for understanding and complying with.

A Sample Compliance Audit Schedule
Check Lists
Define the Sample
Must Be Representative

Check Lists
Keep It Simple
Keep to the Requirements/Facts
Look at Something
Look for Something
Approvals
Tolerances
Identification

Check List Benefits
Keeps Objective On Track
Shows Evidence of Planning
Maintains Pace and Continuity
Reduces Potential Bias
Decreases Workload and Time Requirement
Records Audit Sample
Exhibits Professionalism

Check List Preparation
Organization
Responsibility/Authority
Qualification/Training
Control of Documentation
Nonconformance Control
Calibration (if appropriate)
Records or Other Evidence

Check List Example
Check List Thoughts
Management
Philosophy
Organizational Charts
Authority of the Quality Department
Management commitment
Defined quality responsibilities

Sample Size
Sample Size
Sample Size II
If you ask your registrar what sampling plan they use to determine sample size, you will find them hemmmming and hawwwwing at best. In their opening comments to your group during the meeting before the audit starts, as well as during the exit meeting, every registrar I have ever witnessed has spoken about how they take a sample of your system and (to limit their liability) they will say that just because they did not find something that does not mean there were no nonconformities. None has ever cited a valid sampling plan, much less sample size (valid = based on something other than speculation). I guarantee they will NOT cite ANSI/ASQC Z1.4-1993 or the old standby MIL-STD-105.

Audit Strategy
Audit Strategies
There are may audit strategies. Which you use will depend upon your personal methodology as well as the scope and intent of the audit. Take for example Up Stream and Down Stream audits: Both of these audits are simply where one starts at one end and finishes at another.
Up Stream
Take a packaged product ready to ship and start working backwards. You can eventually reach the purchase order for that product.
Down Stream
Take a request for quote or other early document (such as a PO) and follow the process. For example, one might want to start by asking to see evidence of review of the RFQ or the purchase order. Next, lets see the job registered in the planning system. Etc.

Internal Audit Strategies
With internal audits there is the main issue of how your company addresses auditing. Many companies are listening to courses and folks such as The Audit Guy who believes internal audits should be a major experience and should address compliance to standards. This is one way to do it. I have, and continue to, argue against this method unless you are a very big company where auditors hold that as a primary job position.
Earlier in this presentation, in the section which starts with “What Will You Will Be Auditing?”, I try to state my case for keeping standards interpretations out of internal audits.

Available Information
Quality Manual, Procedures, & Instructions
Management Priorities
Quality Reports (Internal and External)
Previous Audits
Product/Process Information
Auditor Experience and Knowledge
Constraints

Review of Working Documents
Documents to facilitate the auditors investigation may include:
QS / ISO-9000 and other referenced standards relating to element
Quality Manual, Standard Procedures, Work Instructions relating to element
Check-lists used for evaluating ISO or QS elements (QSA);
Forms for reporting audit observations
Forms for documenting supporting evidence
Corrective Action Reports generated from previous audits
Review documentation against standards
Document nonconformances against documentation which does not conform to standards
Develop additional questions from documentation
Develop list of forms used in area

Representative Samples
What is the Departments Function?
What are Its Major and Minor Functions?
What Does the Department Do Within Its Function(s)?
What Does the Department Do When Things Go Wrong?

Pre-Audit Confirmation
Make sure you give the main auditee a heads up. Call a day or two ahead of time to confirm the audit schedule. In some cases a week might be more appropriate.
Ensure everything is on track
Are the auditee(s) aware of the need for them to be available?
Is the scope of the audit understood?
Is the expected length of the audit understood?

Executing the Audit
Changes Happen
I have never seen an audit follow a schedule rigorously. Its in the nature of doing an audit. This is an example of a re-negotiated schedule.
Remember - Take Notes!!!

Opening Meeting
The opening meeting:
Introduces the audit team to the department members
Reviews the audit plan, scope and objectives for the audit
Establishes the official communication link between department representative and audit team
Review findings from document review

A Registrars Opening Meeting Outline I
Introduce Individuals
“Registrar X is committed to providing qualified, competent, efficient, afforddable, and openly available third party registration and assessment services to various national and international standards in a timely manner with the highest of integrity. Registrar Xs emphasis shall be to provide its customers with the best registration and assessment services possible while helping its customers stay focused on achieving value from their quality systems.
Accredited to ISO/IEC Guide 62
Only approved auditors -> ISO 10011
No Consulting
Please sign attendance sheet
Verify Scope and Standard(s)

A Registrars Opening Meeting Outline II
Confidentiality and Conflict of Interest
All information and reports treated as proprietary
Accreditation body may see reports during their audit
No quality system consulting 24 months before and 12 months after
Auditor agreement for each customer
Any proprietary areas?

A Registrars Opening Meeting Outline III
Audit Process
Sampling and Objective Evidence
Requirements are found in three and only three places;
ISO or other standard
Customer requirement(s)
Internal Documentation
Use of check list
Look for compliance
Management style not dictated
Disputes, complaint, and appeal processes
Customer expected to interpret requirements
Services and auditors continually monitored

A Registrars Opening Meeting Outline IV
Audit Process Continued
Typical Audit Steps / Schedule
Opening Meeting
Introductions
Discuss scope
Review process
Review prior findings
Review of documentation
Sample quality system
Daily auditor meetings
Daily debrief
Closing meeting
Review findings
Present recommendation
Audit summary sheet

A Typical Registrars Finding Record
A Registrars Opening Meeting Outline V
Audit Process Continued
Major Nonconformance
The absence of, or the failure to implement and maintain, one or more required management system elements, or a situation which would, on the basis of available objective evidence, raise significant doubt as to the quality of what the registration customer is supplying. An assessment team may judge many minor nonconformities against a single quality system element to be a significant breakdown of a quality management system element.
Minor Nonconformance
Any other non-conformance and is normally easily corrected and verified.
Opportunity
Neither a major or minor non-conformance. It is used to document items that may help a customer improve.

A Registrars Opening Meeting Outline VI
Registration recommendation
Audit team to registration manager
To Register
No major nonconformities
Not to register
Many major nonconformities
HOLD registrtation pending corre3ctive action
Many minors major non-conformities
May require visit
Completed internal audit covering all elements of quality management system
At least one management review
QS-9000 and TE Supplement
All majors and minors must be closed before recommended to register.

Other Interpretations
MAJOR NONCONFORMITY
A Major Nonconformity is either:
The absence or total breakdown of a system to meet the ISO 9000 requirement.
A number of minor nonconformities against one requirement can represent a total breakdown of the system and thus be considered a major nonconformity.
Any noncompliance that would result in the probable shipment of nonconforming product.
A condition that may result in the failure or materially reduce the usability of the products or services for their intended purpose.
A noncompliance that judgment and experience indicate is likely either to result in the failure of the quality system or to materially reduce its ability to assure controlled processes or products.

Other Interpretations
MAJOR NONCONFORMITY
From KPMG:
A nonconformance which is of a serious nature.:
May be a long-standing minor nonconformance from previous assessments, or a collection of similar minor nonconformances indicating a widespread problem;
Established as detrimental to quality delivered to customers; or
A failure or significant deficiency in a significant part of the quality system governed by applicable standards.
From LRQA:
LRQA calls a 'major' finding a HOLD POINT. They discourage talk about 'major' and 'minor' nonconformances.

Other Interpretations
MINOR NONCONFORMITY
An ISO 9001 nonconformance to that judgment and experience indicate is not likely to result in the failure of the quality system or reduce its ability to assure controlled processes or products.
A failure in some part of the supplier's documented quality system relative to ISO 9000, or
A single observed lapse in following one item of the company's quality system.
From KPMG:
A nonconformance that is not of the severity indicated by the definition of major nonconformances, above, but which must be actioned.
From LRQA:
LRQA calls this a Continuous Improvement point. They discourage talk about 'major' and 'minor' nonconformances.

Other Interpretations
OBSERVATION
An observation is essentially an OPINION. Read this thread (http://www.16949.com/level2/m-vs-m.html) for some thoughts on what an observation is -- If you've never heard of a LOOK ( I hadn't), it's also discussed in the thread. This thread also has some oblique references. When I see an auditor write up an 'Observation' I ask myself this: "Is this person qualified through experience, etc. to be offering what is no more than their advice to me on my business and/or process(es)?" Double check with your registrar -- Ask what their expectations are when (if) they write up an Observation. Some say you can ignore it while others expect the Observation to be addressed in some manner. I have heard a registrar tell the client that they expected the observation to be addressed and action implemented by the next visit!

Conducting The Audit
Arrive and Meet the Department Manager
Explain What You Want to See/Do
Investigate to Necessary Depth
Satisfy the Sample Requirement
Dont  Over-sample
Dont Assume Wrong Exists
Dont Worry About “No Problems” Found
Move On

Registrar Audits
In the old days, an audit for compliance to ISO 9001 was relatively straight forward. There were stated requirements. While there were interpretative issues, the 2000 revision has blurred things quite a bit. The change is from “…show me where you address this and explain the system…” the task is now directed at “…auditing for performance…” I believe we all know how subjective this can be.
Acquisition and use of data has gained significantly in importance. Serious emphasis is now being placed on how you evaluate and determine what and how to continuously improve. Evaluation of system effectiveness and possible ways to reduce costs are focused on.

Registrar Audits II
I have now been through 2 registration audits to ISO 9001:2000. Each was a bit different. One was relatively focused on the stated requirements of the standard. The other was more focused upon performance.
“How many times is a quote revised?”
“Sometimes as many as 2 or 3 times.”
Is that a lot? Is there any way - shouldnt you get better or more complete information on customer needs and requirements up front so you dont have to requote so many times? Requotes cost you money, you know. I mean, if youre asking the right questions...”
This went back and forth for quite a while. The auditor eventually accepted that, with consideration to the company and its products, that everything was being considered.
This is just one example of the difference with one auditor. I have mixed feelings about the difference. With a good auditor, this should not be a serious problem. However -- it leaves open much to interpretation and is - well, its very close to consulting.

Registrar Audits III
This is not meant to scare anyone. It is meant to ensure that you understand to each registrar and each auditor is setting their own interpretation of the new ISO 9001 is about.
Some, like the last one I experienced, would better be called a business consulting visit than an audit. It was an analysis of what the company was doing and questioning whether their systems make sense. As with the quote process example, it was not so much does your system meet the requirements, it was more along the lines of whether the auditor agreed it was the best way to be doing something. The lead auditor was an ex-DCAS and his approach to the audit was evident.
The second auditor was more traditional, if you will. Followed a check list and the main interest was whether they were meeting the requirements. Secondary focus was continuous improvement.

Audit Hints
Use Your Check List As Your Guide
Audit Trails (Potential) Will Begin To Appear
You Will Make Many Observations. Make Decisions On Each:
Disregard
Note For Later Follow-Up
Follow-Up Now
Call In Team Leader or “Expert” Assistance

Questions To Ask?
Taking Notes As Reference
Please, Please! Take Notes!!!
For Investigation Now
For Investigation Later
For Use By Other Auditors
For Use On Future Audits
Legibility
Retrievable

Take Copious Notes!!!!
Taking Notes As Evidence
Statements (Admissible)
Document Numbers
Item Identifiers
Revision Information
Names
Locations / Places
Dates
Positions

Avoiding Trouble
Give Advance Notification
Please - No Surprises!
Ensure Importance is Known
This is not a drill!
Keep Information Known
Dont hide anything. If you observe a potential non-conformance, discuss it first.
Remember, Audits Cause STRESS!

Good Auditing Practices
Ask the right person!
Speak clearly and simply. Use local language.
Look at the person - in the eyes!
Rephrase your question if the auditee doesnt seem to know what youre asking.
Dont talk down to anyone.
Smile and be relaxed. Were all friends!
Be unemotional and impartial.
Dont get excited or fix blame.
Avoid interrupting an auditee.
Dont look for trouble - Find the facts
Say Thank You!

Keep People Informed
Review Findings Regularly
“Everything looks good here” is a good phrase to use.
Beat the Grapevine
Keep It Constructive
Criticism we dont need!
Show Professionalism
Be precise, attentive, responsive.
Create Rapport
Make a friend!
Include Appropriate Personnel
Talk to all the right people.

Bad Auditing Behavior
Asking too many questions
Asking leading questions
Saying you understand when you dont
Answering your own questions
Giving insufficient time to answer
Provoking an argument
Subjective opinions
Taking sides
Criticizing Individuals

Expect These Reactions / Emotions
Antagonism
Challenging
Diversionary
Authority
Enlisting Help
Volunteering Information
Internal Conflict
Open and Honest

Interview the Right People
Those Responsible
Talk to the right people. Dont ask the inspection folks how receiving does their job.
Those Doing
These are the people who should know.
Those Being Supplied By the Process
You can ask those down stream about their supplier.

Youre In The Audit Now!
Collecting evidence
Interviews with personnel in area
Examination of documents related to area
Observations of activities and conditions in area
Document audit observations
Document conformance
Document nonconformance, show objective evidence and reference the standard

Recording Nonconformances
Exact observation of facts
Where it was found
Why a nonconformance - cite the specific requirement
Who was there
Use local terminology
Make it retrievable
Make it helpful

Nonconformance Exists Because
The System Does Not Comply With the Standard, Procedure or Other Requirement(s)
Performance Does Not Comply With the System
Performance Is Not Effective

Standard Nonconformance Categories
Major
Portion of the standard not addressed
May lead to shipment of nonconforming product
Not isolated, consistently found such as a procedure consistently not being followed
Minor
Significant number of minor nonconformances indicating system weakness
3 to 5 Minors in one element or procedure *MAY* make a Major - but - this is a rule of thumb for companies under 150 folks. Larger companies will typically have more minors than smaller companies. So - this is somewhat subjective.
Finding
Very minor problem; isolated incident
Needs to be addressed
Observation
Opportunity for improvement

Establish The Facts
Get Help From the Auditee or Others
Discuss the Concern or Problem
Collect All of the Evidence Available
What Did You Observe?
Why Does It Not Conform?
Who or What Is It?
Where Is It?

Facts About Facts
Use Easily Understood Wording
Be Able To Retrieve the Fact(s)
Make It Constructive and Helpful
Make It Concise and To the Point
Be Sure It Is True and Relevant
No Surprises or Blind-Side Attacks
Make Sure Everyone Understands

Things to Consider -- Is It Serious?
What Could Go Wrong In the System if the Nonconformance Is Not Corrected?
What Is the Possibility or Likelihood of Such A Thing Going Wrong?
Is there a possibly non-conforming product could be shipped to a customer?

Assessing Nonconformances
Does what I have found represent a nonconformance?
Confidence in auditors judgement?
Sufficient facts?
Critical situation?
Isolated minor discrepancy?
Happening too frequently?
Too many nonconformances?
Formal corrective action versus immediate?

Simple Nonconformance Report Form
Sample Audit Summary Sheet
The Closing Meeting
Opening Remarks & Thanks
Attendee List - Pass around for signatures
Review Audit Objective & Scope
Restrictions/Limitations
Tell of GOOD Things You Saw
Review of of Findings
Listing of and Description of
PROBLEMS Identified
Clarifications
Agreement and Q & A
Summary (including agreements)
Closing & Thank You!
Save Audit findings as Quality Records.

Nonconformance Reports
Writing Nonconformance Reports
Be Specific
Where
What
Name
Number
Why
Per System
Per Requirement
Be Correct - Check Your Facts!

Summary Content
Number of Nonconformances
Nonconformance Location(s)
Activities Where None Detected
Most Frequent Type of Violations
Recommendations

Audit Reports
Audit Identification & Date
Auditee Information
Objective and Scope
Audited Standard(s)
Auditors Names
Audit Schedule(s)
Audit Check List
Procedure References
Personnel Interviewed
Audit Findings / Observations
Agreed Nonconformance(s)
Nonconformance Reports
Corrective Actions (If Completed)
Summary
Suggestions
Approval Sign-Off
Make Copies
File Record

The Audit Report
LEAVE OUT
Insignificant details
Any points not discussed
Ambiguous statements
Confidential information
Auditors (your) opinions

Audit Report Example
Corrective Action
The Auditee responds to nonconformaties using the Corrective Action Report
The Auditee is responsible for planning, implementing, and monitoring the corrective action plan

Corrective & Preventive Actions
Identification/Agreement of Non-conformance Detected
Root Cause Analysis
Schedule for Actions
Solve Problem
Implement Solution
Evaluate Effectiveness
Re-Audit to Verify

Audit Follow-Up
Review Corrective Action Request
Response - When, Who, Where, & How
Response Evaluation
Completion of Action(s)
Evaluation - Limited Re-Audit
Records
Review of Documentation
Ensure corrective action taken
Provide satisfactory conclusion
Verify at next audit

Re-Audit Focus
Spot check related previous conforming areas
Selected areas in greater depth
Vary re-audit to meet the needs
Target nonconformance

Audit Records
Reference and Date(s)
Department/Operation/Activity
Scope/Objective
Auditor Name(s)
Schedule & Check List
Issued Nonconformance(s)
Summary
C.A.R. Activity
Auditor Notes

Being Audited - Life on The Other Side Of The Fence
Being Audited
A positive and constructive attitude toward auditing can make the exercise enjoyable for both the auditor and the auditee. Most people enjoy telling you what they know and how good they are at their job. In addition, without an air of suspicion and distrust, auditees are likely to confide concerns or suggestions that are in the company's best interest to address and not simply lay blame.
In the course of seeking conformance, concerns or nonconformances may become evident, but it is important that everyone involved understand that the intent is to verify / validate conformance. Conclusions must be based on objective evidence, observation, interview and documents.
If auditing is understood as a staff persecution or a 'witch-hunt,' then do not be surprised when (not if, but when) the members of your company respond with suspicion, distrust and even hostility. It is extremely important that management appreciate the purpose and principles of quality system auditing and that the auditors conduct themselves accordingly.
The results of an audit should indicate whether the quality system is properly implemented and maintained. These results are considered by management for action as necessary.

What is Controlled Documentation?
A controlled document is a document which, if changed, effects some part of the process or product. These can be procedures, process documents, product or part drawings (prints) or other similar documents. Forms are typically controlled documents.
Typically there will be one or more list(s) of master documents.
If a controlled document is changed, a record of the change has to be made. This means there must be a History of All Changes.
If a document is changed, people who use it must know about the change. This means there has to be a distribution list or other effective way to let everyone who uses it know the document has changed (read Communicate the changes).
Every employee must know how to check to see if documentation they are using is the most current version.

What is an Auditor?
An auditor is a person. Really! Their job is to validate documentation. This means they look at documentation (instructions) and make sure people are following the documentation.
Auditors go from company to company validating documentation and asking people about their documentation.
Auditors are just people who ask questions about how you do your job.
Auditors ask people questions about how they do their job.

What Will The Auditors Do?
The auditors will look at written procedures and policies (verification).
The auditors will then look at how people in the company do things. They will look to make sure each person is following written procedures and policies (validation).
They will look at records to ensure everyone is properly completing paperwork (Examples would be SPC charts and check lists which need to be initialed and dated).
They will look to make sure everyone is properly trained to do their job.

Who Will Be Audited?
Absolutely Everyone whose job affects quality is subject to the audit. Which is to say Everyone!
And the farther up the corporate tree you go, the more difficult the audit is. This is because as you go up the tree (eventually to the plant manager), job duties and responsibilities increase.
Corporate Personnel
Plant Manager
Departmental managers
Supervisors
Engineers
Technical personnel
Hourly employees

The Audit Team
When you are visited by an auditor, he/she will NOT be alone. At the very minimum, there will be:
The Auditor
A Company Escort - This will be someone from within Motorola GDL who knows the area and the specification well. The escort will try to provide structure to the audit and will try to help out when he/she can.
The Area Supervisor - The area supervisor or other person directly responsible for the area will be present.
Remember - YOU ARE NOT ALONE!

Types of Audits
Internal Audit
An audit of internal systems and/or procedures. An internal audit is most often performed by people how directly work for the company. Many companies hire outside firms (see third party below) to perform the audits.
External Audit
Customer Audits
Customer audits are those where a customer (or a customer representative) performs the audit. A customer audit is not objective because the customer is intimately involved with your company (the supplier to the customer). This involvement can BIAS the audit.
Third Party Audits
Third party audits are like those you think of when you think of bank audits. Banks (and other financial institutions) must hire a company or person to audit their books and procedures. The company or person hired to do the audit cannot have an interest in the business it is auditing. This is known as an Independent Audit. This is the type of audit the registration audit is!

The Reason For Audits
Everyone is familiar with the idea of audits. One place we are all aware of audits is in the banking industry. For years, the government has required banks to submit to periodic audits by government agencies and/or external companies who specialise in auditing. Few people want to put their money in a bank where there are no controls such as periodic audits. If there are no audits, you have no way of knowing if your bank is using your money well. If the bank is not using your money well the bank could easily fail - then you could lose all of your money.
Audits in manufacturing industries are not new. Customer audits have been going on for years. But only recently has the idea of third party audits become reality. This is in large part due to the adoption in Europe of ISO 9000 and other international standards.
The intent of third party audits is to provide assurance that a company complies with a standard or specification.
Many people say that third party audits will eliminate customer audits. This has not been the case up to now in part because customers still see the need to ensure compliance to their specific requirements. Even QS 9000, specific to Ford, GM and Chrysler suppliers, does not eliminate customer audits.

What Will Happen If...
If an auditor finds a problem, s/he will let the person being audited know immediately that a possible problem may exist. In NO case will the auditor find a problem and not discuss it with the auditee on the spot. They always tell the auditee the suspected problem and they will ask the auditee (or other company official present) to sign a statement of fact of what was found (statement of objective evidence). The auditee should know that signing the statement is NOT an admission of a problem. It is an agreement of facts found. Whether or not it is a problem is discussed during end-of-day and final review meetings.
If an auditor leaves your area and says nothing about a possible problem, you can be sure no problem(s) were found. Auditors do NOT report findings to management without discussing it with the personnel involved FIRST. There are no tricks. Nothing is hidden until later.

Things Everyone Must Know
Know what documentation affects YOU!
You must know what documentation applies to your job and know how to check to make sure you are using the latest version. This should have been explained to you when you were trained to do the job. If you are not sure what documentation applies to you, ASK YOUR SUPERVISOR or TRAINER before the audit.
Know what Training you have had. If you do not know, ASK YOUR SUPERVISOR NOW! Dont wait until the audit!
You must follow all documentation that applies to you. If it says you do something a certain way, you must do it that way.
You must complete all forms. If you are supposed to initial and date when you do something, the auditors will check to ensure you complete the form the way you are supposed to.
How do you know if your equipment is in calibration? Know how to read a calibration label.

Things to Do
Be patient. Wait for the auditor to ask a question.
Listen closely before answering any question(s). If you are not sure you understand the question, ask the auditor to repeat it. If you still do not understand the question, tell the auditor you do not understand it. The auditor will try to better explain him/herself. Never answer a question you do not understand!
Never say “Sometimes I....”. When you do something differently because of different circumstances, explain exactly! “When ------ happens, I...., and when +++++ happens, I ....”. Be specific.
Always tell the Truth. Dont ever try to hide something. You may think you are helping someone - you are not. One lie can destroy confidence. Just like in a marriage, if one spouse lies to the other and the other finds out, the relationship may be in real danger. One lie could ruin the entire audit.

Things NOT to Do
If you do not know the answer to a question, tell the auditor that you do not know the answer. Dont attempt to fake it. If the auditor tries to explain again and you still do not understand the question, tell him/her again that you do not understand the question. The Escort will attempt to help if this happens.
Do NOT try to hide from the auditor. All the auditor wants is to ask you about your job and how to do it. You know your job. You can tell the auditor about as easily as you can tell anyone else.
Do NOT try to answer a question for another person. If the question is not about the job you are doing and you know who does that job, tell the auditor who they should ask if you know.
Do NOT try to answer a question about another job. The only question an auditor is supposed to ask is about YOUR job. If the auditor asks you a question about someone elses job, you should answer “That is not my job.” The GDL escort or the other GDL person with the auditor must take the lead from this point.

General Things To Know and Do
Auditors are NOT trying to test your memory. If you have to look something up in your documentation, tell the auditor. The auditor will then tell you whether to look up the information or not.
Only answer the auditors question. Do NOT volunteer information. Do NOT try to help the auditor with additional information.
Answer with the shortest, simplest answer you can think of. If you can answer with a Yes or No, thats all you should do.
Dont try to explain things unless the auditor asks you to. The auditor will ask questions to help him/her understand. Your job is to only answer questions asked.
Do not tell stories or speculate what may happen.
If there is any documentation which you are using that you think or know is not correct, contact your supervisor immediately! Before the audit!

Some Typical Questions to Expect
What is ISO 9001 (or QS 9000)?
Who is the QS Management Representative?
What is the quality policy? What does the quality policy mean to you?
Does your company do a good job meeting the quality policy objectives?
How do you know whether you are doing your job well or not?
How do you know what to do? Tell me about your job and your duties. What are your quality responsibilities? Tell me how your job affects the quality of your product.
What are controlled documents? What documentation do you follow (are you responsible for)? Where is it? How do you know you are using the most recent version? If your documentation says you should do something a specific way and someone else tells you to do it differently, what do you do?
How do you know if your equipment is in calibration? What do you do if it is not? Can you explain what this calibration label tells you?
Do you ever have problems come up? How do you handle them?
When you find nonconforming product, what do you do?

Managers Should Think About...
Work Instructions
Does Every Job Have Relevant Work Instructions?
Are Work Instructions Controlled?
Is Each Signed & Dated?
Who is the Keeper of a Master List & Where is it Kept?
Hand Revisions
Have Any Work Instructions, Visual Aids, or Other Process Documentation Been Updated By Hand?
If So, Are They Signed and Dated?
Equipment PMs
Are All Equipment PMs Up To Date and to a Schedule?
Measurement & Test Equipment
Is All Measurement and Test Equipment Calibrated and properly Labeled?
Defective Material
Is Defective Material Identified and Segregated?
Is A Defective Material HOLD Area Identified?
Is DMR Material Dispositioned in a Timely Manner?

Some Last Things to Think About
Employee Training
Do You Know the Training Requirements Of Each Job Position?
Is Each Employee Trained?
Where Are Training Records Kept?
Are Training Records Up To Date?
SPC
Are People Keeping SPC Charts Trained in SPC?
Are SPC Charts Current and Being Utilized?
Are Trends Identified and is Corrective Action Taken?
Work Areas
Are Work Areas Clean, Organized and Orderly?
Baskets, Boxes, Racks, Shelves & Other Containers
Is Each Properly Labeled (Identified)?
Are They Where They Are Supposed To Be?

Good Luck!