 | This article needs additional citations for verification .(July 2007) |
Quality audit is the process of systematic examination of a quality system carried out by an internal or external quality auditor or an audit team. It is an important part of an organization's quality management system and is a key element in the ISO quality system standard, ISO 9001.
Quality audits are typically performed at predefined time intervals and ensure that the institution has clearly defined internal system monitoring procedures linked to effective action. This can help determine if the organization complies with the defined quality system processes and can involve procedural or results-based assessment criteria.
With the upgrade of the ISO9000 series of standards from the 1994 to 2008 series, the focus of the audits has shifted from purely procedural adherence towards measurement of the actual effectiveness of the Quality Management System (QMS) and the results that have been achieved through the implementation of a QMS.
Audits can also be used for safety purposes. Evans & Parker (2008) describe auditing as one of the most powerful safety monitoring techniques and 'an effective way to avoid complacency and highlight slowly deteriorating conditions', especially when the auditing focuses not just on compliance but effectiveness. [1]
Audits are an essential management tool to be used for verifying objective evidence of processes, to assess how successfully processes have been implemented, for judging the effectiveness of achieving any defined target levels, to provide evidence concerning reduction and elimination of problem areas. For the benefit of the organization, quality auditing should not only report non-conformances and corrective actions, but also highlight areas of good practice. In this way other departments may share information and amend their working practices as a result, also contributing to continual improvement.
Quality audits can be an integral part of compliance or regulatory requirements. One example is the US Food and Drug Administration, which requires quality auditing to be performed as part of its Quality System Regulation (QSR) for medical devices (Title 21 of the US Code of Federal Regulations part 820 [2] ).
Several countries have adopted quality audits in their higher education system (New Zealand, Australia, Sweden, Finland, Norway [3] and USA) [4] Initiated in the UK, the process of quality audit in the education system focused primarily on procedural issues rather than on the results or the efficiency of a quality system implementation.
The processes and tasks that a quality audit involves can be managed using a wide variety of software and self-assessment tools. Some of these relate specifically to quality in terms of fitness for purpose and conformance to standards, while others relate to Quality costs or, more accurately, to the Cost of poor quality. In analyzing quality costs, a cost of quality audit can be applied across any organization rather than just to conventional production or assembly processes [5]
A quality management system (QMS) is a collection of business processes focused on consistently meeting customer requirements and enhancing their satisfaction. It is aligned with an organization's purpose and strategic direction. It is expressed as the organizational goals and aspirations, policies, processes, documented information, and resources needed to implement and maintain it. Early quality management systems emphasized predictable outcomes of an industrial product production line, using simple statistics and random sampling. By the 20th century, labor inputs were typically the most costly inputs in most industrialized societies, so focus shifted to team cooperation and dynamics, especially the early signaling of problems via a continual improvement cycle. In the 21st century, QMS has tended to converge with sustainability and transparency initiatives, as both investor and customer satisfaction and perceived quality are increasingly tied to these factors. Of QMS regimes, the ISO 9000 family of standards is probably the most widely implemented worldwide – the ISO 19011 audit regime applies to both and deals with quality and sustainability and their integration.
Conformance testing — an element of conformity assessment, and also known as compliance testing, or type testing — is testing or other activities that determine whether a process, product, or service complies with the requirements of a specification, technical standard, contract, or regulation. Testing is often either logical testing or physical testing. The test procedures may involve other criteria from mathematical testing or chemical testing. Beyond simple conformance, other requirements for efficiency, interoperability or compliance may apply. Conformance testing may be undertaken by the producer of the product or service being assessed, by a user, or by an accredited independent organization, which can sometimes be the author of the standard being used. When testing is accompanied by certification, the products or services may then be advertised as being certified in compliance with the referred technical standard. Manufacturers and suppliers of products and services rely on such certification including listing on the certification body's website, to assure quality to the end user and that competing suppliers are on the same level.
The ISO 9000 family of quality management systems (QMS) is a set of standards that helps organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill.
ISO 14000 is a family of standards related to environmental management that exists to help organizations (a) minimize how their operations negatively affect the environment ; (b) comply with applicable laws, regulations, and other environmentally oriented requirements; and (c) continually improve in the above.
A management system is a set of policies, processes and procedures used by an organization to ensure that it can fulfill the tasks required to achieve its objectives. These objectives cover many aspects of the organization's operations. For instance, an environmental management system enables organizations to improve their environmental performance, and an occupational safety and health management system enables an organization to control its occupational health and safety risks.
An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, and evaluate the propositions in their auditing report.
Quality management ensures that an organization, product or service is consistent. It has four main components: quality planning, quality assurance, quality control and quality improvement. Quality management is focused not only on product and service quality, but also on the means to achieve it. Quality management, therefore, uses quality assurance and control of processes as well as products to achieve more consistent quality. Quality control is also part of Quality Management. What a customer wants and is willing to pay for it, determines quality. It is a written or unwritten commitment to a known or unknown consumer in the market. Thus, quality can be defined as fitness for intended use or, in other words, how well the product performs its intended function.
AS9100 is a widely adopted and standardized quality management system for the aerospace industry. It was released in October, 1999, by the Society of Automotive Engineers and the European Association of Aerospace Industries.
ISO 22000 is a Food safety management system which is outcome focused, providing requirements for any organization in the food industry with objective to help to improve overall performance in food safety.
ISO 13485Medical devices -- Quality management systems -- Requirements for regulatory purposes is a voluntary standard, published by International Organization for Standardization (ISO) for the first time in 1996, and contains a comprehensive quality management system for the design and manufacture of medical devices. This standard supersedes earlier documents such as EN 46001 and EN 46002 (1996), the previously published ISO 13485, and ISO 13488.
Governance, risk management and compliance (GRC) is the term covering an organization's approach across these three practices: governance, risk management, and compliance. The first scholarly research on GRC was published in 2007 by Scott L. Mitchell, Founder and Chair of OCEG where GRC was formally defined as "the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity." The research referred to common "keep the company on track" activities conducted in departments such as internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite and the board itself.
Corrective and preventive action consists of improvements to an organization's processes taken to eliminate causes of non-conformities or other undesirable situations. It is usually a set of actions, laws or regulations required by an organization to take in manufacturing, documentation, procedures, or systems to rectify and eliminate recurring non-conformance. Non-conformance is identified after systematic evaluation and analysis of the root cause of the non-conformance. Non-conformance may be a market complaint or customer complaint or failure of machinery or a quality management system, or misinterpretation of written instructions to carry out work. The corrective and preventive action is designed by a team that includes quality assurance personnel and personnel involved in the actual observation point of non-conformance. It must be systematically implemented and observed for its ability to eliminate further recurrence of such non-conformation. The Eight disciplines problem solving method, or 8D framework, can be used as an effective method of structuring a CAPA.
An environmental audit is a type of evaluation intended to identify environmental compliance and management system implementation gaps, along with related corrective actions. In this way they perform an analogous (similar) function to financial audits. There are generally two different types of environmental audits: compliance audits and management systems audits. Compliance audits tend to be the primary type in the US or within US-based multinationals.
In business, engineering, and manufacturing, quality – or high quality – has a pragmatic interpretation as the non-inferiority or superiority of something ; it is also defined as being suitable for the intended purpose while satisfying customer expectations. Quality is a perceptual, conditional, and somewhat subjective attribute and may be understood differently by different people. Consumers may focus on the specification quality of a product/service, or how it compares to competitors in the marketplace. Producers might measure the conformance quality, or degree to which the product/service was produced correctly. Support personnel may measure quality in the degree that a product is reliable, maintainable, or sustainable. In such ways, the subjectivity of quality is rendered objective via operational definitions and measured with metrics such as proxy measures.
A safety management system (SMS) is designed to manage safety risk in the workplace, occupational safety being defined as the reduction of risk to a level that is as low as is reasonably practicable or ALARP to prevent people getting hurt.
ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. ISO 31000:2018 provides principles and generic guidelines on managing risks faced by organizations.
The Global Food Safety Initiative (GFSI) is a private organization working as a "Coalition of Action" from The Consumer Goods Forum (CGF) bringing together retailers and brand owners (manufacturers) from across the CGF membership operating as multistakeholder governance with objective to create "an extended food safety community to oversee food safety standards for businesses and help provide access to safe food for people everywhere". GFSI's work in benchmarking and harmonization aims to foster mutual acceptance of GFSI-recognized certification programmes across the industry with the ambition to enable a “once certified, accepted everywhere” approach.
ISO 50001Energy management systems - Requirements with guidance for use, is an international standard created by the International Organization for Standardization (ISO). The standard specifies the requirements for establishing, implementing, maintaining and improving an energy management system, whose purpose is to enable an organization to follow a systematic approach in achieving continual improvement of energy performance, including energy efficiency, energy security, energy use and consumption.
Environmental certification is a form of environmental regulation and development where a company can voluntarily choose to comply with predefined processes or objectives set forth by the certification service. Most certification services have a logo which can be applied to products certified under their standards. This is seen as a form of corporate social responsibility allowing companies to address their obligation to minimise the harmful impacts to the environment by voluntarily following a set of externally set and measured objectives.
ISO/IEC 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005 and then revised in 2013. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. A European update of the standard was published in 2017. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a recent large-scale study.