Audits: A central tool for checking compliance with quality management systems

An effective quality management system (QMS) is a fundamental requirement for the success of any company. Audits are a central tool for checking compliance with normative, regulatory and internal requirements placed on the QMS. In this article we will look at ISO 19011, a general guide to auditing quality management systems, and the different types of audits.

ISO 19011: A guide to auditing quality management systems

The ISO 19011 standard is a general guide for auditing quality management systems. It not only describes instructions for auditing, but also how to manage an audit program and assess the auditor's competence. This general standard is applicable to all organizations that conduct internal and external audits of management systems or are responsible for the management of an audit program.

The definition of audits according to ISO 19011

The audit itself is defined in ISO 19011 as a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria have been met.

Types of Audits

ISO 19011 distinguishes between the following types of audits in its scope:

Internal audits (“first level audits”)

Internal audits are audits carried out by the audited organization itself. They serve to check compliance with standards and procedures as well as the effectiveness of the QMS. Internal audits are often referred to as “first level audits”.

External supplier audits (“second level audits”)

External supplier audits are audits carried out by the audited organization on its suppliers. They serve to ensure that suppliers meet the requirements of the QMS. External supplier audits are often referred to as “second level audits”.

External audits for regulatory purposes, such as a certification audit by a notified body (“third level audits”)

External audits for regulatory purposes, such as a certification audit by a notified body, are audits carried out by independent organizations to ensure that the audited organization meets the requirements of certain standards. External audits for regulatory purposes are often referred to as “third level audits”.

Carrying out audits

Conducting an audit requires careful preparation and planning. In order to plan the audit appropriately, a risk-based approach should be adopted. The risks of the audit activities regarding the processes of the audited organization are taken into account. This approach allows the auditor's resources to be used more effectively and increases the likelihood of identifying important weaknesses in the quality management system. Planning the audit includes at least the definition of audit objectives, the scope of the audit, the audit criteria, the locations, the responsibilities and the audit method. Thorough planning ensures that the audit can be carried out successfully and efficiently.

During the audit, it is important to collect an appropriate number of samples as audit evidence. This evidence is evaluated based on the audit criteria and corresponding audit findings are derived. Nonconformities can be classified depending on the context of the organization and its risks. The results of the audit are documented in an audit report. Depending on the results of the audit, follow-up measures are carried out. The audited organization decides and implements such measures within an agreed time frame.