Adequately Defining Which Suppliers to Audit and Frequency

GStough

Staff member
Super Moderator
#1
When there are over 200 suppliers that need to be evaluated, how does the company determine which ones need to be audited? Is it expected that all 200+ suppliers must be audited? How is this adequately defined so that the audit schedule remains manageable and yet still achieves compliance to procedures and external requirements?

Any input is welcome. TIA....:thanx:
 
Elsmar Forum Sponsor
P

PaulJSmith

#2
I would think that two factors would drive that decision:
1) Importance of their product or service to your product or service, and
2) History of the supplier's performance

Clearly, there's likely no need to audit your toilet paper supplier. Probably not a COTS fastener supplier who always sends the right parts on-time, either.

Obviously, you are in the driver's seat regarding compliance to your internal procedures. You write them.
External requirements (customer?) may be a different matter, though.
 

Bev D

Heretical Statistician
Staff member
Super Moderator
#3
Unless you have a customer specific requirement there is no need to audit any of your suppliers. In fact, one of the main reasons for adoption of a universal - then some industry specific - standards was to eliminate the need to audit suppliers that were registered to the applicable standard. The general requirement is to assess them. How do you assess their performance?

:2cents:
I would recommend a technical audit of any new supplier or supplier location to ensure that there equipment is adequate and capable of meeting your quality requirements. *I* have found that QMS audits of suppliers are usually not predictive of supplier performance. A simple visit with a technical assessment can tell you if the supplier will be collaborative or combative. Those are probably the two most critical items to 'audit' personally.
 

gunnyshore

Starting to get Involved
#4
My recommendation is to identify a level associated with each supplier based on risk. Use categories such as :critical, major and "non-QS related" and associate one level for each supplier.

Once that is done, you can state in your procedure that critical and major suppliers are covered within the scope of the audits and non-QS related suppliers do not require an audit.

Then, take the performance profile of the first two category suppliers and look to see which suppliers are not performing to your expectations. Using the same approach as a FMEA, determine a level of performance that requires an audit to be performed.
 
S

Scott A. Bednar

#5
Hi GStough,

There is not a requirement in the regulation or standards that you perform supplier audits. The requirement is that you:

1. Evaluate and select based on ability to comply
2. Define the extent of control/criteria
3. Establish and maintain records

When you set up a supplier auditing program, your decisions should be based on risk. I tell my clients to think of an audit as more of an exception rather than the rule. I have seen many systems that do not accurately determine risk because many companies incorrectly assume that their product has more end user impact than it actually does.
You will also need to consider the amount of resources which will be required to maintain the program. Although this shouldn't matter in the perfect quality-centric world, you need to stay on budget unless the level of risk is unacceptable.
Start with a rating system that will identify the most critical suppliers. Make sure that you include service organizations. From there take another swipe from a performance standpoint. You could also consider industry certifications, but more importantly who provided the company with the certificate.
Hopefully by this time you have a manageable set of suppliers that need to be audited. Next you can set up criteria that allow the suppliers to be audited less frequently, like a performance or responsiveness metric.

Hope this helps.

Best,
Scott
 

dsanabria

Quite Involved in Discussions
#6
When there are over 200 suppliers that need to be evaluated, how does the company determine which ones need to be audited? Is it expected that all 200+ suppliers must be audited? How is this adequately defined so that the audit schedule remains manageable and yet still achieves compliance to procedures and external requirements?

Any input is welcome. TIA....:thanx:
Look at you list of supplier and eliminates those that are mandated by your customers.

Then, use the 80/20 rules to reduce the suppliers that you want to work with. - this should reduce the list even further. Bottom line - don't bother that small suppliers that you use every 2 or 3 years.

Now your supplier list has been reduced to those that you primarily do most of your business with. So the next step is to make a Pareto chart and identify the suppliers with the most issues - that should reduce the list even further and you have identified suppliers that

a) you might want to find an alternative.
b) you could monitor and work with
c) increase communication with those suppliers that will work with you.

Bottom line - there is no requirement to audit suppliers and personally - don't see what you get from it - versus the invested time and resources :2cents:
 

Michael_M

Trusted Information Resource
#7
Hi GStough,

There is not a requirement in the regulation or standards that you perform supplier audits.
This is not true depending on what standard you are following. AS9100 (Aerospace) requires periodically review supplier performance and this review will be used as a basis for establishing the level of controls to be implemented. In addition, AS9100 requires a register of suppliers that includes approval status and scope of approval.

It depends on what standard is being followed.
 

GStough

Staff member
Super Moderator
#9
Thank you, everyone, for the replies. I have taken the advice given here and used it to create an audit schedule based on risk for our critical suppliers.

Yes, I work in the medical device/IVD industry and while the regs/standards don't specifically state that we MUST do audits, it is one of the methods that our customers expect us to use in exercising purchasing controls.

I think that we have something in place that meets the expectations of our customers, as well as being compliant with the applicable regs/standards.

Thanks again for your help! :bigwave::agree1::agree:
 
Thread starter Similar threads Forum Replies Date
R Procedure does not adequately identify quality records - Audit Minor NC - Why? General Auditing Discussions 8
L Feasibility Evaluation - Product Adequately Defined? IATF 16949 - Automotive Quality Systems Standard 8
D Question regarding ECO process, specifically for Life Science products and defining form fit and function ISO 13485:2016 - Medical Device Quality Management Systems 1
T Defining sampling plan for different AQL AQL - Acceptable Quality Level 1
M Defining frequency of measurement tools callibration Calibration and Metrology Software and Hardware 3
M Defining and Documenting Record Retention CE Marking (Conformité Européene) / CB Scheme 5
G Defining performance metrics for DFMA implementation Design and Development of Products and Processes 2
S Defining a Quality System from scratch - Preferred system and documentation names Document Control Systems, Procedures, Forms and Templates 4
A Defining Expected Service Life in Risk Management File Reliability Analysis - Predictions, Testing and Standards 5
C Defining Approvals Required for Design Control Documents ISO 13485:2016 - Medical Device Quality Management Systems 6
khotchandrakant Defining Acceptance Quality Level, I need clarity on AQL 1.5, 2.5, 4.0 AQL - Acceptable Quality Level 5
M Defining the lifetime of orthopedic implants joints Other Medical Device and Orthopedic Related Topics 2
C AS9100 rev D 8.5.1 c 2 - Defining the Machine in-process frequency per ANSI/ASQ Inspection, Prints (Drawings), Testing, Sampling and Related Topics 8
V Defining Safety Precautions for Category 4,5 Molecules Occupational Health & Safety Management Standards 2
E European Regulations defining the terms Repair and Refurbish EU Medical Device Regulations 5
T Defining Major vs. Minor Changes to Procedures ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
E Quality Techucuan (Technician) in Electronics - Defining Postion Requirements Career and Occupation Discussions 4
moritz Defining a good Scope for Critical SOPs ISO 13485:2016 - Medical Device Quality Management Systems 7
T Standards for defining audible alarms/warnings for OR instruments IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
M Defining Critical Vs. Non-Critical Suppliers/Service Providers (API Q1, 9th. Ed.) Oil and Gas Industry Standards and Regulations 2
B IEC 60601-2-24 - Defining Storage Volume IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
E Defining Sub-Disciplines for Chemical Testing Laboratory Employee Proficiency Testing General Measurement Device and Calibration Topics 1
T Defining Nonconformances in a Service Organization ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
M Defining Reliability and Confidence Levels Reliability Analysis - Predictions, Testing and Standards 3
J Defining Martial Arts and Gymnastics Statistical Techniques Statistical Analysis Tools, Techniques and SPC 4
V Defining the criteria for equipment to be qualified or requalified Qualification and Validation (including 21 CFR Part 11) 2
R Need help on defining scope for Design Verification File for Class III IVD 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 8
J Defining CCP (Critical Control Points) in a Rice Mill Plant Food Safety - ISO 22000, HACCP (21 CFR 120) 9
S Process Map and defining KPIs Misc. Quality Assurance and Business Systems Related Topics 5
5 Major Nonconformance for not "clearly" defining the "device lifetime" ISO 13485:2016 - Medical Device Quality Management Systems 2
E Defining the lifetime of an Implantable Medical Device Other Medical Device and Orthopedic Related Topics 5
B Defining Expected Oxygen Leakage for Safety Testing IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
G Defining Post Mold Cure Ramp-Down Temperature Manufacturing and Related Processes 2
K Audit Nonconformity on Defining 'Outsourced' Infrastructure Maintenance Quality Manager and Management Related Issues 21
G Points to consider while defining the Quality Policy AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
G Defining Quality Objectives for Product Realization and Design and Development AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
S Developing Documentation and Defining Processes as Subcontractor IATF 16949 - Automotive Quality Systems Standard 6
C Defining ISO 9001:2008 Scope for a Sterilization Company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
S Defining Skilled vs. Semi-Skilled vs. Unskilled Labor Manufacturing and Related Processes 1
I Defining the scope for ISO 9001 Registration - Software, Hardware and Customer Care ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
M Product Specification vs. Information Defining Product - The differences? 7.3.3.1 IATF 16949 - Automotive Quality Systems Standard 6
R Defining Interaction of Processes in a Software Company Software Quality Assurance 3
N Where to begin defining and monitoring Quality Metrics in a Machine Shop Manufacturing and Related Processes 9
A Testing Process Audit - Defining a Process Compliance Mechanism Software Quality Assurance 2
R Defining the type of Applied Part - Metal Probe (Applied Part) employs Water Cooling IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
N Defining Security Interfaces for Scope for ISMS - Need help IEC 27001 - Information Security Management Systems (ISMS) 10
A Defining the differences between Prototype vs. Production Guidelines? Contract Review Process 5
R Help defining Eyewear Customer Complaint Categories Customer Complaints 5
G Quality Objectives - Where to start defining Quality Objectives? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
R Criteria for defining FMEA & Control Plan Critical and Significant Characteristics FMEA and Control Plans 10

Similar threads

Top Bottom