Audits are a common practice in business, but they’re often ineffective at identifying and addressing actual compliance-related issues. The focus of quality audits is often based upon conformity to a predeveloped quality management system (QMS) checklist rather than identifying compliance with product, technical, regulatory, customer and/or industry standards.

Audit results typically identify “perceived” nonconformities, and the implementation of corrective actions rarely identify and address the underlying cause.

Routine QMS questioning tends to result in a “checklist mentality” that ends up repeating the same questions in each subsequent audit, all of which have similar results, whereas a focus on actual compliance-related issues combined with QMS requirements helps drive continuous improvement of processes and outcomes.

Overall, while audits can be useful in identifying issues, they’re often insufficient as a standalone solution and should be used in conjunction with other proactive measures to effectively address problems and improve operations.  In our series, we’ll review topics such as required documents and records, objective evidence, auditor competencies and more.

Auditing Basics: Required Documents and Records

One of the reasons audits are ineffective is because the audited organization and the auditor don’t know which required documented procedures and records are required. How do you know which procedures and records should be implemented? Let’s explore the steps to get started on the right path to a more effective audit.

Step 1: Consider Management System Standards

Start with the management system standards you’re either seeking to be registered to or have already registered. Common registrations include:

  • ISO 9001
  • ISO 14001
  • ISO 45001
  • ISO 27001
  • ISO 17025
  • ISO 16949
  • AS9100
  • API Spec Q1
  • API Spec Q2

Step 2: Determine Your Scope

Next, determine the scope of your quality management system, note any listed exclusions and identify the terms used within the standard.

Procedures terms may include:

  • Documented Procedure
  • Documented Information
  • Documented Policies
  • Documented Instructions
  • Documented Program
  • Quality Objectives

Records terms may include:

  • Record
  • Retain

Step 3: Create a Worksheet

Now, create a list for each section of the management system standard(s), showing which documented procedures and records are required.

Using API Spec. Q1 9th Edition as an example, we can generate matrices similar to the following:

Note: ISO 9001:2015’s required information is similar.

Sample of Required Documents Documentation
Sample of Required Records Documentation

Step 4: Compare Records to Standards

Lastly, compare the written procedures and completed records to those required by the standard(s).

In the audit report, the auditor will record each of your documented procedures and record numbers, names, revision levels and dates in the appropriate section.

Unless an exclusion is claimed, you must have each required procedure and/or record for each section of the standard(s). For example, if a standard states that a documented procedure is required for customer property, but the audited organization has an exclusion for customer property, then the requirement for a documented procedure does not apply. If the audited organization doesn’t have a documented procedure or record where specified by the applicable standard(s), and they have not claimed an exclusion, then an audit nonconformance would apply.

Previous Posts

Q1, 10th Edition Update

Q1, 10th Edition Update

Last week, the API announced the publication of Q1, 10th Edition. QSI will provide periodic updates discussing some of the changes, but for starters, let’s talk about title changes to the 10th Edition: Q1, 9th Edition title: Specification for Quality Management System...

read more

Need assistance ensuring an effective audit for your organization?