In audit management, a desk audit or desk review is a document review of an organization's documents. [1] These reviews which do not require interviews or activity observation, can be conducted at a remote desk. [1] Desk audits are conducted ahead of more costly thorough onsite process audits and system audits. [1]
Internal desk audits are conducted by the organization, typically in preparation for an external desk audits that are conducted by an outside organization, such as a registrar. [2]
A quality management system (QMS) is a collection of business processes focused on consistently meeting customer requirements and enhancing their satisfaction. It is aligned with an organization's purpose and strategic direction. It is expressed as the organizational goals and aspirations, policies, processes, documented information, and resources needed to implement and maintain it. Early quality management systems emphasized predictable outcomes of an industrial product production line, using simple statistics and random sampling. By the 20th century, labor inputs were typically the most costly inputs in most industrialized societies, so focus shifted to team cooperation and dynamics, especially the early signaling of problems via a continual improvement cycle. In the 21st century, QMS has tended to converge with sustainability and transparency initiatives, as both investor and customer satisfaction and perceived quality are increasingly tied to these factors. Of QMS regimes, the ISO 9000 family of standards is probably the most widely implemented worldwide – the ISO 19011 audit regime applies to both and deals with quality and sustainability and their integration.
Quality control (QC) is a process by which entities review the quality of all factors involved in production. ISO 9000 defines quality control as "a part of quality management focused on fulfilling quality requirements".
The ISO 9000 family is a set of international standards for quality management systems. It was developed in March 1987 by International Organization for Standardization. The goal of these standards is to help organizations ensure that they meet customer and other stakeholder needs within the statutory and regulatory requirements related to a product or service. The standards were designed to fit into an integrated management system. The ISO refers to the set of standards as a "family", bringing together the standard for quality management systems and a set of "supporting standards", and their presentation as a family facilitates their integrated application within an organisation. ISO 9000 deals with the fundamentals and vocabulary of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. A companion document, ISO/TS 9002, provides guidelines for the application of ISO 9001. ISO 9004 gives guidance on achieving sustained organizational success.
The ISO 14000 family is a set of international standards for environment management systems. It was developed in March 1996 by International Organization for Standardization. The goal of these standards is to help organizations (a) minimize how their operations negatively affect the environment ; (b) comply with applicable laws, regulations, and other environmentally oriented requirements; and (c) continually improve in the above. The standards were designed to fit into an integrated management system.
An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, roll forward prior year working papers, and evaluate the propositions in their auditing report.
Quality assurance (QA) is the term used in both manufacturing and service industries to describe the systematic efforts taken to assure that the product(s) delivered to customer(s) meet with the contractual and other agreed upon performance, design, reliability, and maintainability expectations of that customer. The core purpose of Quality Assurance is to prevent mistakes and defects in the development and production of both manufactured products, such as automobiles and shoes, and delivered services, such as automotive repair and athletic shoe design. Assuring quality and therefore avoiding problems and delays when delivering products or services to customers is what ISO 9000 defines as that "part of quality management focused on providing confidence that quality requirements will be fulfilled". This defect prevention aspect of quality assurance differs from the defect detection aspect of quality control and has been referred to as a shift left since it focuses on quality efforts earlier in product development and production and on avoiding defects in the first place rather than correcting them after the fact.
Information technology service management (ITSM) are the activities performed by an organization to design, build, deliver, operate and control IT services offered to customers.
Quality management ensures that an organization, product or service consistently functions well. It has four main components: quality planning, quality assurance, quality control, and quality improvement. Quality management is focused both on product and service quality and the means to achieve it. Quality management, therefore, uses quality assurance and control of processes as well as products to achieve more consistent quality. What a customer wants and is willing to pay for it, determines quality. It is a written or unwritten commitment to a known or unknown consumer in the market. Quality can be defined as how well the product performs its intended function.
Software quality assurance (SQA) is a means and practice of monitoring all software engineering processes, methods, and work products to ensure compliance against defined standards. It may include ensuring conformance to standards or models, such as ISO/IEC 9126, SPICE or CMMI.
ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.
Aero Space 9100 is an international standard for aerospace management systems that is a widely adopted and standardized quality management system for the aerospace sector. It was developed in March 1999 by Society of Automotive Engineers. The goal of the standard is to provide for continual improvement, emphasizing defect prevention and the reduction of variation and waste in the aerospace industry supply chain and assembly process. The standard was designed to fit into an integrated management system.
ISO 22000 is a food safety management system by the International Organization for Standardization (ISO) which is outcome focused, providing requirements for any organization in the food industry with objective to help to improve overall performance in food safety. These standards are intended to ensure safety in the global food supply chain. The standards involve the overall guidelines for food safety management and also focuses on traceability in the feed and food chain.
Corrective and preventive action consists of improvements to an organization's processes taken to eliminate causes of non-conformities or other undesirable situations. It is usually a set of actions, laws or regulations required by an organization to take in manufacturing, documentation, procedures, or systems to rectify and eliminate recurring non-conformance. Non-conformance is identified after systematic evaluation and analysis of the root cause of the non-conformance. Non-conformance may be a market complaint or customer complaint or failure of machinery or a quality management system, or misinterpretation of written instructions to carry out work. The corrective and preventive action is designed by a team that includes quality assurance personnel and personnel involved in the actual observation point of non-conformance. It must be systematically implemented and observed for its ability to eliminate further recurrence of such non-conformation. The Eight disciplines problem solving method, or 8D framework, can be used as an effective method of structuring a CAPA.
An environmental audit is a type of evaluation intended to identify environmental compliance and management system implementation gaps, along with related corrective actions. In this way they perform an analogous (similar) function to financial audits. There are generally two different types of environmental audits: compliance audits and management systems audits. Compliance audits tend to be the primary type in the US or within US-based multinationals.
In business, engineering, and manufacturing, quality – or high quality – has a pragmatic interpretation as the non-inferiority or superiority of something ; it is also defined as being suitable for the intended purpose while satisfying customer expectations. Quality is a perceptual, conditional, and somewhat subjective attribute and may be understood differently by different people. Consumers may focus on the specification quality of a product/service, or how it compares to competitors in the marketplace. Producers might measure the conformance quality, or degree to which the product/service was produced correctly. Support personnel may measure quality in the degree that a product is reliable, maintainable, or sustainable. In such ways, the subjectivity of quality is rendered objective via operational definitions and measured with metrics such as proxy measures.
CSA CAN3-Z299 is a series of quality assurance standards developed by the Canadian Standards Association in the 1970s. It is an alternative to the ISO 9000 series of standards. The stated objectives of the Z299 series of standards are:
In process improvement efforts, quality costs tite or cost of quality is a means to quantify the total cost of quality-related efforts and deficiencies. It was first described by Armand V. Feigenbaum in a 1956 Harvard Business Review article.
ISO 10007 "Quality management — Guidelines for configuration management" is the ISO standard that gives guidance on the use of configuration management within an organization. "It is applicable to the support of products from concept to disposal." The standard was originally published in 1995, and was updated in 2003 and 2017. Its guidance is specifically recommended for meeting "the product identification and traceability requirements" introduced in ISO 9001:2015 and AS9100 Rev D.
ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit.
ISO/IEC 5230 is an international standard on the key requirements for a high-quality open source license compliance program. The standard was published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in late 2020. The standard is based on the Linux Foundation OpenChain Specification 2.1. It focuses on software supply chains, easier procurement and license compliance. Organizations that meet the requirements of the standard can self-certify to ISO/IEC 17021, from an accredited certification body or after successfully completing an audit.