Quality Audit Documentation
Normally there are three documents: the audit
plan, audit results and improvement opportunities.
Notification of the planed audit is sent to the
department being audited a few days prior, it should
include the date of the audit, the planned time, duration,
auditors names, location (if relevant) and the policies
and procedures that will be used during the audit.
It should also mention any non-conformances that were
found during last audit.
Audit Results: The
results are the response to the auditor's questions asked
during the audit. They should include references to
particular policies and procedures and responses to the
audit questions. Unless a defined standard is used
to audit against it is almost imperative that the areas
for auditing are documented in advance of the audit.
These are the official documents used to report
each findings of the audit to the person being reviewed
and management. Improvement Opportunities shall
include details of the audit, date, persons present, auditors names,
policies and procedures and findings against them.
It may include a recommendation for corrective action. The
improvement opportunity should be signed by the person
responsible for the area audited and a date for the
rectified action to be completed identified.
Quality System Review
Audits, both external and internal, ensure
compliance with policies and procedures. This will
review policies and processes, and contractual requirements at
all levels of the organisation. Process audits can be
undertaken to address compliance with the approved assessment
criteria, CMMI Process Areas, and organizational elements of
Auditing must be independent to an
organisation chain. The use of a consultant body helps
audit will not be perceived as a personal evaluation or
appraisal. Auditing should be seen as a positive process
for identification and implementation of Lessons Learned, not
as a fault finding exercise. The results of audits will
be forwarded to senior management. Where a common problem
exists across a number of projects the Quality Manager will
take action to amend the procedures to address the issue.
Audits need to be documented, it is
important to remember that auditing is against the Quality
Management System and therefore audits should be constructed
against requirements from the Contract, Quality Manual or
Program Development Plan. If it is not a requirement
then it should not be audited.
During an audit it is necessary to see
evidence that the processes are being followed in accordance
to the procedures and policies. Evidence should be
recorded against each section being audited. Recording
of evidence needs to have a description of the documentation
sighted, number, date and any other information that will
assist in identifying that document.
Audit findings need to be documented and
any non-conformances found should be reported for further
action. A date should be established for the correction,
a follow up audit should be carried out to ensure that the
non-conformance has been fixed
The Quality Manager should conduct internal
audits at planned intervals to determine whether the quality
management system conforms to the requirements of an
International Standard (see ISO Para
7.1) and to the quality management system requirements
established by the organization, and is effectively
implemented and maintained.
An audit programme is planned, taking into
consideration the status and importance of the processes and
areas to be audited, as well as the results of previous
audits. The audit criteria, scope, frequency and methods are
defined. Selection of auditors and conduct of audits shall
ensure objectivity and impartiality of the audit process.
Process Owners may be requested to complete
a Preliminary Audit Checklist tailored by the Quality Manager
prior to the formal audit. The responsibilities
and requirements for planning and conducting audits are
defined in the Quality Reviews Data
Base. Results of audits are maintained in an "Audit
Results Data Base" filed against the Audit Number.
The management responsible for the area being audited shall
ensure that actions are undertaken without undue delay (as
recorded and tracked in the Audit Results Data Base. Follow-up
activities shall include the verification of the actions taken
and the reporting of verification results.
The review approach may be different for
each project, depending upon stakeholder needs, so it is
important to agree a clear definition of reviews at the start
of each program. The BOS approach to a project
quality reviews is to first agree procedures that
ensure the breadth and depth of quality assurance for a
programme as the program progresses in the
lifecycle and at an
appropriate time ensure
Quality Gates have been followed. Details of features implemented to date, usually
recorded primarily as acceptance tests. This may
also be in
the form of Design Reviews, Engineering Review Boards, and Configuration Control Boards.
Audits should be planned on a regular basis
so that each project activity is audited at least once. High risk areas should be audited more often to
ensure conformance. An audit can also be carried out if
a particular problem has arisen, to establish the source of
the problem and document any corrective actions.
Customer reviews include program design
reviews, system reviews or acceptance testing held as part of
a formal contract agreement with customers. Product reviews
my by contractual at predefined Quality
Gate and used to driven the project