Reviews and Audit CMMI Ltd Quality Reviews and Audits

Quality Audits is a powerful tool for any business to measure the effectiveness of the product delivery be it in-house or supplier. It is also a good management tool to review processes and identify any weaknesses, risks and areas of improvement.  Working with both the customer and project leads, the programme Quality Manager should devise an approach to ensure the effectiveness of the organisation.  Four different types of review may be undertaken.

  1. System Reviews - System Reviews will be undertaken with a functional lead to ensure the practices deployed adhere to company policies and staff within that function are applying the required practices in fulfilment of their work.  Aim to identify Improvement Opportunities to the business

  2. Product Reviews - Product reviews will be undertaken against specific projects to ensure that artefacts (hardware, software, documentation, service,) produced in aid of a contract have been produced efficiently and will meet or exceed the customers expectations.  These are traditionally undertaken as inspection and test which can be far to late to elevate financial risk.

  3. Project Reviews - By reviewing a specific project with the Project Manager an independent evaluation can be undertaken and the Business and Technical Risks identified throughout the life of a project. 

  4. Red Team Reviews - A review of a programme of work by a team with the ability to review what was done and suggest improvement opportunities.

CMMI Ltd can undertake system and product quality reviews.  Factory Acceptance Testing can be undertaken at suppliers premises.

Besides applying best practices, BOS tools used to support quality management include audit schedule and the audit results data base.


Quality Audit Documentation Normally there are three documents:  the audit plan, audit results and improvement opportunities.

  1. Audit Plan: Notification of the planed audit  is sent to the department being audited a few days prior, it should include the date of the audit, the planned time, duration, auditors names, location (if relevant) and the policies and procedures that will be used during the audit.  It should also mention any non-conformances that were found during last audit.

  2. Audit Results: The results are the response to the auditor's questions asked during the audit.  They should include references to particular policies and procedures and responses to the audit questions.  Unless a defined standard is used to audit against it is almost imperative that the areas for auditing are documented in advance of the audit.

  3. Improvement Opportunities: These are the official documents used to report each findings of the audit to the person being reviewed and management.  Improvement Opportunities shall include details of the audit, date, persons present, auditors names, policies and procedures and findings against them.  It may include a recommendation for corrective action.  The improvement opportunity should be signed by the person responsible for the area audited and a date for the rectified action to be completed identified. 

Quality System Review

Audits, both external and internal, ensure compliance with policies and procedures.  This will review policies and processes, and contractual requirements at all levels of the organisation.  Process audits can be undertaken to address compliance with the approved assessment criteria, CMMI Process Areas, and organizational elements of ISO 9001.

Auditing must be independent to an organisation chain.  The use of a consultant body helps ensure the audit will not be perceived as a personal evaluation or appraisal.  Auditing should be seen as a positive process for identification and implementation of Lessons Learned, not as a fault finding exercise.  The results of audits will be forwarded to senior management. Where a common problem exists across a number of projects the Quality Manager will take action to amend the procedures to address the issue.

Audits need to be documented, it is important to remember that auditing is against the Quality Management System and therefore audits should be constructed against requirements from the Contract, Quality Manual or Program Development Plan.  If it is not a requirement then it should not be audited.  

During an audit it is necessary to see evidence that the processes are being followed in accordance to the procedures and policies.  Evidence should be recorded against each section being audited.  Recording of evidence needs to have a description of the documentation sighted, number, date and any other information that will assist in identifying that document.  

Audit findings need to be documented and any non-conformances found should be reported for further action.  A date should be established for the correction, a follow up audit should be carried out to ensure that the non-conformance has been fixed

Internal Audits

The Quality Manager should conduct internal audits at planned intervals to determine whether the quality management system conforms to the requirements of an International Standard (see ISO Para 7.1) and to the quality management system requirements established by the organization, and is effectively implemented and maintained.

An audit programme is planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits. The audit criteria, scope, frequency and methods are defined. Selection of auditors and conduct of audits shall ensure objectivity and impartiality of the audit process.

Process Owners may be requested to complete a Preliminary Audit Checklist tailored by the Quality Manager prior to the formal audit. The responsibilities and requirements for planning and conducting audits are defined in the Quality Reviews Data Base. Results of audits are maintained in an "Audit Results Data Base" filed against the Audit Number.  The management responsible for the area being audited shall ensure that actions are undertaken without undue delay (as recorded and tracked in the Audit Results Data Base. Follow-up activities shall include the verification of the actions taken and the reporting of verification results.

Product/Project (TO) Review

The review approach may be different for each project, depending upon stakeholder needs, so it is important to agree a clear definition of reviews at the start of each program.  The BOS approach to a project quality reviews is to first agree procedures that ensure the breadth and depth of quality assurance for a programme as the program progresses in the lifecycle and at an appropriate time ensure Quality Gates have been followed. Details of features implemented to date, usually recorded primarily as acceptance tests.  This may also be in the form of Design Reviews, Engineering Review Boards, and Configuration Control Boards.

Review Schedule:

Audits should be planned on a regular basis so that each project activity is audited at least once.  High risk areas should be audited more often to ensure conformance.  An audit can also be carried out if a particular problem has arisen, to establish the source of the problem and document any corrective actions. 

Customer reviews include program design reviews, system reviews or acceptance testing held as part of a formal contract agreement with customers.  Product reviews my by contractual at predefined Quality Gate and used to driven the project schedule.