Gain in-depth knowledge for passing your exam with Exam-Labs CQA: Certified Quality Auditor certification video training course. The most trusted and reliable name for studying and passing with VCE files which include ASQ CQA practice test questions and answers, study guide and exam practice test questions. Unlike any other CQA: Certified Quality Auditor video training course for your certification exam.

Auditing Fundamentals

7. 1A3 Purpose - For cause, Risk based, Compliance, Surveillance, and CAPA

In a previous lecture, we talked about certification and accreditation audits. Now look at the next five purposes of audit, which are compliance for cause, risk-based audit, verification of corrective and preventive action, and surveillance. Let's quickly look at these five purposes of auditing. One purpose of an audit could be compliance, which is called a compliance audit. In a compliance audit, the purpose is to assess the organization's compliance with certain rules and standards. These rules could be guidelines and laws set by the regulatory authority for that particular industry. Or these could be internal guidelines as well. Internal guidelines could consist of controls, policies, and procedures. So here the purpose is compliance, either compliance with external rules or compliance with internal rules. Here the focus is on compliance. And earlier also I talked the focus ofan audit could be improvement, or the focusof an audit could be compliance. So in compliance, we are not focusing on improvement. What we are interested in is whether we are complying with certain rules and standards of a particular industry or not. So this is a compliance audit. The next purpose of auditing could be for cause. So here, an audit is done for a specific cause, a specific failure, or a specific quality problem. So if you have a quality problem related to some specific issue and you do an audit to identify the root cause of that, that will be a cause audit. The next purpose of auditing could be risk-based based audit.Based on the risk, you look at the risk associated with whatever product or process you are doing. If you do some auditing to mitigate that risk, that will be a risk-based audit. So, when we talk of risk-based audits, ISO 9001:2015, which is the latest edition of 9001, introduced a term that was "risk-based," thinking that whatever you do, you need to keep the risk in mind. Whatever processes, whatever work an organisation is doing, that should be done based on the risk associated with that work. So, in a risk-based audit, when we plan audits, our focus is on those areas that provide high risk for our objective and the purpose for which we are doing them. So this is another type of audit. The next step is verification of Kappa. Kappa is both corrective and preventive action. Before we go further into this, let's understand the definition of corrective action and preventive action. So, here is the definition of corrective action. Corrective action is action taken to eliminate the cause of a nonconformity and prevent its recurrence. So what we do in corrective action is that if you have a problem, you identify the cause of that and take whatever action you need to eliminate the cause so that that problem is not repeated. That is called a corrective action. And what is preventive action? Preventive action is an action to eliminate the cause of a potential nonconformity. And when I say potential nonconformity, that means that problem has not yet occurred. This could be based on the risk assessment or based on any other analysis. But here, the actual problem has not occurred yet. So if the problem has not yet occurred, and whatever action your organisation takes to prevent the occurrence of that potential problem, that will be called "preventive action." So, in Kappa, we are considering both corrective and preventive action. So whatever corrective or preventive actions were identified by the organization, if you want to audit them here, you want to check the effectiveness of your copy, corrective action, or preventive action to see how effective they are. So that will be one type of audit. The next type of audit could be a surveillance audit. So when an organisation goes for ISO 9001 certification, the certification body audits the organisation every three years before reissuing the certificate. But then the certification bodies audit the organisation every year or every six months to do the surveillance audit. So the surveillance audit is conducted to monitor conformity with the requirement to assess the continued validity of the certificate. So if the certificate has been issued forthree years, but still a surveillance audit isdone by certification bodies to make sure thatthe organisation is still following those rules orrequirements of ISO 9001 standard. So these were the five types of audits, or the five purposes of audits.

8. 1A4 Common Elements with other Audits

of types of quality audits. So far we have talked about methods, audits, audit relationships, and the purpose of audits. Now the next topic is "common elements with other audits." And when I say "other audits," "other audits" means other than quality audits. So before we talk about the elements that are common to other audits, let's understand what other audits are. When we talk of quality, the most common quality audit is ISO 9001 compliance. That's a quality audit. When we talk of environmental audit, theenvironmental management system audit, then we useISO 14,001 as the standard for auditing. We previously had OHSAS 18001 for health and safety. That was the standard for health and safety, which was recently replaced by ISO 45,000 and 121 eight.And then there are a number of sector-specific audit standards, for example in aerospace, nuclear, telecommunications, and automobiles. We will talk about these standards when we talk aboutaudit criteria as we go further into this course. But at this stage, let's understand that when it comes to audit, audit is not just related to the quality management system. This could be environmental, this could be health andsafety, or this could be any sector specific audit. So whatever audit you are doingthat will have a purpose. The purpose of this audit could be compliance to make sure that you comply with the requirements, or the purpose of the audit could be improvement. So whatever audit you are doing, whether it be for the quality management system, environmental management system, health and safety, or any other sector-specific audit, you need to define the purpose of that audit. And what we are looking at here are the common elements with regards to different types of audits. So purpose is something that is common amongst all these audits. You need to define the purpose of the audit. Then, whatever audit you are doing, you will be collecting data, and data collection could be through interviews, through observations, or through document review. When you do an audit, your auditor-auditor relationship could be first party, second party, or third party. So we talked about this earlier. What is first party audit, what's secondparty audit, what's third party audit? So whatever audit you do, you need to understand what type of audit you are doing and what the relationship between an auditor and auditing is. When we go further into this course, we will be talking about tracing methods, tracing forward, tracing backward, or discovery methods. So these are the approaches or strategies for doing an audit. So whatever audit you do, you will be using one of these techniques or one of these strategies to do the audit. Any audit has steps. So auditing starts with planning. So once you have done the planning, then you go to the site and have an opening meeting with the audit. Then you conduct the audit, interview people, and gather information. Then once you have done that, you have a closing meeting where you tell auditing what the findings are, and then you issue a formal report and follow up. These steps are followed irrespective of the typeof audit you are doing, either the qualitymanagement, environmental health or safety, or any otheraudit, you follow these steps. So the purpose of this lecture was to tell you that whatever type of audit we do, there is a commonality. So even though we are talking about quality audits here, these steps will be followed in any other audit as well. ISO 19,011 is an auditing standard. So that standard is followed, irrespective of the type of audit that you are doing.

9. 1B1 Elements of purpose and scope

Purpose and scope of auditing We will be talking about elements of purpose and scope, and then we will talk about the benefits of audit. Let's start with elements of purpose and scope here. So when it comes to the purpose of audit,there are two main purposes purpose of audits. One is compliance; the second is improvement. In compliance, we check whether we are complying with a specific rule, specific legislation, or a specific standard. That's compliance, and improvement is where we want to improve our work processes. So broadly, these are the two purposes of an audit: compliance or improvement. Now, when it comes to audit scope, if you look at the definition of audit scope, the definition of audit scope is the extent and boundaries of an audit. What does this basically mean? What is included in the audit, and what is not included in the audit? That's the audit scope. You need to have a defined scope for the audit. You really cannot have an unlimited audit, and you just start doing something without knowing what is included in the scope and what is not included in the scope. So this is something that you need to define well before the planning stage of the audit. What is the scope of the audit? When we talk of the scope of the audit, this basically includes what is included and what's not included. And that includes the physical and virtual locations. Which locations are included in this audit and which locations are not included? Plant A, Plant B, and Plant C are included. And let's say plants D, E, and F are not included in this audit. So we are just doing the audit on three of these plants. Out of six plants which this company has, thenwe have to define what are the functions whichare included in the scope of audit. Let's say materials management is included, production is included, but design is not included. So whatever is included or not included, you needto define that in the audit scope, organisational units,activities and processes and the time period covered. So sometimes you have to even define the time period that is covered in this audit. Let's say whatever activities have happened in the last year are included in this audit scope. As a result, you must define the scope of the audit before beginning it during the planning stage. Returning to the previous slide, we stated that the goal of auditing could be compliance or improvement. Let's look at it in the context of first-party, second-party, and third-party party audit.Let's say if you are doing a first-party audit, the first-party audit is your internal audit. In internal audit, the purpose of your internal audit could be compliance or improvement. You may want to conduct an internal audit to determine whether you are in compliance with a specific standard or requirement. Or you could do an internal audit to check whether there is room for improvement in the organisation or not. So you can have any of these two purposes when it comes to a second-party audit. A second-party audit is done by your client. so the client does an audit on you. The purpose of that generally would not be improvement. Your client will not be auditing you to tell you what could be improved. The client audit is usually focused on compliance, compliance with the standard, compliance with the requirement, the contractual requirement that you are supposed to follow. A client audit could be done before placing an order, and if that is done, it will be done to make sure that you are complying with, let's say, some international standard requirements or not. All clients could do an audit after avoiding the contract, just to make sure whether they are complying with the contractual requirements or not. So this was secondparty audit, the purposes relatedto second party audit, the purposes related tothird party audit could be and third partyaudit is done by an external party. And most of the time, these audits are, let's say, ISO 9001 registration audits. So the purpose would be compliance, whether your company is complying with the requirements of ISO 9001 or not. Third party audit could also be done by alegislation authority, FDA or any other authority, the governmentauthority, which does a third party audit. There also the purpose ofthat audit would be compliance. So depending on the type of audit, such as a first-party, second-party, or third-party audit, you could have a specific purpose for the audit. And depending on the purpose, you could have a defined audit scope. The audit scope will include all these items that I have listed here: the physical location, the function, the units that are included, the activities or processes that are included but not included in the audit, and the time period. So this was about the audit scope.

10. 1B2 Benefits of audits

Now on to the benefits of audits. So here on this slide, I have the benefits of external audits. The benefit of an external audit could be compliance. This ensures whether the organisation complies with industry or statutory requirements or not. The second benefit of an audit is improvement. Here, whether your client is doing this audit or a third party is doing this audit, they want to check whether there is any possibility of improvement in the organisation or not. Then the third benefit of an external audit could be managing risks: how the risks are managed, what things could go wrong, and how those need to be attended to.And the fourth item listed here is "provide confidence to stakeholders." And this is the most important item here. Whatever we are doing, it basically gives some confidence to the stakeholders. And stakeholders could be your client, your shareholders, or whomever has a stake in the company or the organization. The audit gives them confidence to them.Now let's focus on internal auditing. What are the benefits of internal audits? In internal auditing, you identify risks—the things that could go wrong—and take action on them. You identify opportunities for improvement where things could be improved, and you verify whether the product which you are making or the service which you are providing is fit for use or not. In the internal audit, you find out the problem before your customer finds it, and you take the necessary action to remove that problem. Internal audit checks whether you have the required procedures in place or not, and if you do have the required procedures in place, whether those are effective or not is also identified by internal audits. and you take remedial action if you find any problems. And in the audit, you check whether those remedial actions are effective in eliminating the problem or not. So these are some of the benefits of internal auditing, and I have listed a few more on the next slide. So let's look at those as well. So here we have the benefits of internal auditing, such as reducing rework and rejection. Because here you find out the problem well in advance and take the necessary action to remove the cause of that problem. By having internal audit, you can reduce rework and rejection in the organization. You make sure that you are complying with the rules or regulations. So that way, you avoid the lawsuit for not meeting the legal or regulatory requirements. Internal audits help in reducing costs as well. They reduce cost by eliminating the problem at its source. And this builds the customer's confidence because the product or service that you are providing will meet the customer's standard or requirement. So once you have customer confidence, you maintain your market standing, your market share, and your reputation in the market, which helps increase the sale.So these are some of the benefits of an audit.

11. 1C Criteria to audit against

So, before we go any further, let's take a fresh look at the definition of audit criteria. Audit criteria are a set of policies, procedures, or requirements used as a reference against which the objective evidence is compared. So when we say audit criteria, this is the rule; this is the requirement; this is the policy against which we check whether we comply with those rules, requirements, and policies or not. So what are the different types of audit criteria? Let's look at those here. The first set of audit criteria are industry standards. So we could do an audit against industry standards. And there are different industry standards. Here I have a short list ofindustry standards such as IEEE, which isInstitute of Electrical and Electronic Engineers. So they have a number of standards that they have issued for different products. Similarly, I have API, the American Petroleum Institute, ASMI, which is the American Society of Mechanical Engineers, ASTM, the American Society for Testing and Materials, NFPA, the National Fire Protection Association, and so many others. So the industry standards that are listed here are just an example of the many industry standards available. Each of these institutions listed here has a number of standards related to the products in that particular industry. So when we think of doing a product audit, that product audit will generally be against one of these industry standards. So let's say you are auditing the valves that are being used in the petroleum industry. That valve would have been made to a specific standard issued by API. So we added that particular valve orthe product against the API standard. So these were industry standards. In addition to that, we have management system standards; we could do audits against these as well. So earlier when we were talking about types of audits, we said that an audit could be a product audit, a process audit, or a system audit. So when we think of system audits, those system audits are conducted based on one or many of these management system standards. So, here is a list of commonly used management system standards: ISO 9001, which you should be very familiar with by now, is for quality management system; 14,001 is for environmental management system; and 22,000 is for food safety. And then for Business Continuity Management Systems, we have 22,301. And then for occupational health and safety we have 35,001, and for energy management systems we have 50,001, and so on. So there are a number of management system standards against which you can audit an organization. When we talk of management system standards, there are some industry-specific management system standards as well. So previously, the list that you saw was the list of generic management standards. Those management system standards could be applied to any organization; let's say 9001 is one you could apply to any type of organization, but then there are some industry-specific management system standards as well. For example, let's look at the list here for medical devices. There is an ISO 13 485 that isused for organisations which are making medical devices. And many of these standards are in many ways similar to the 9001 standard, but they have some industry-specific requirements built into them. So let's look at two more here. Another one is 17 00:25, which is for testing and calibration laboratories. And then we have 29,001, which is the management system standard for the petroleum, petrochemical, and natural gas industries. Then we have TL 9000 for telecommunications, AS 9100 for aerospace, and IATF 69 49 for the automotive industry. So these are some of the commonly used industry-specific management standards. In addition to that, we have a few other industry-specific management standards, which you probably have not heard of because they are not very common. And this includes, let's say, educational organisations (we have 21,001); railway applications (we have 22,163); road traffic we have 39,001); and so on. There are many of these industry-specific standards against which you can audit an organization. So this is basically a list of auditcriteria against which you can do an audit. In addition to these standards, you could audit against a few other things as well. Let's say against contract. So a client might want to audit you against a contract. So they are not auditing you against a management system or industry-specific standard; they just want to audit you against the contractual requirements that you agreed to. The audit could be against client specifications. The client would have given a specification for a particular product, whether that particular product or the project meets the requirements of that client specification or not. So an audit could be against client specifications. Audits could be against the internal quality management system. Some organisations might not be implementing a generic management system standard such as 9001, but they might be implementing some internal quality management system, so an audit could be against that as well. And in addition, the audit could be done against the quality award criteria. So there are a number of quality awards that are globally recognized. They have a list of requirements which thisparticular organisation need to prove whether they havethat particular thing in place or not. So there are criteria listed for each of these awards. So here I have listed the three top-level quality awards. These are Malcolm Belgrade National Quality Awards, which are given to organisations in the United States. And then we have Deming Price and the European Quality Award by EFQM. So each of these awards has its own set of requirements. So the organisation could be audited against those requirements in the award criteria.

Pay a fraction of the cost to study with Exam-Labs CQA: Certified Quality Auditor certification video training course. Passing the certification exams have never been easier. With the complete self-paced exam prep solution including CQA: Certified Quality Auditor certification video training course, practice test questions and answers, exam practice test questions and study guide, you have nothing to worry about for your next certification exam.

Hide