The new audit approach (risk-based) helps assess risk throughout an organization. To avoid fallout from quality issues, a company must have a complete understanding of what's happening at all locations. By using this new internal audit approach (first-party), with the help of an industry-specific/sector, hands-on consultant (second-party), it's possible to locate areas of weakness, regardless of where they occur, and fix them before they become bigger problems.
An internal or first-party audit is conducted by personnel from within an organization, either by department or quality function. It examines the system and records the results for internal eyes only. To avoid potential conflict of interest, the person performing the audit usually is independent of the department or process he is auditing.
An external or second-party audit is conducted by a customer or for the purpose of evaluating a supplier. Companies with limited resources will hire an industry-specific consultant. Most external audits are performed to see if a company complies with a specific standard guideline or regulation, and can be subjective or directive in nature.
For example, a directive audit would be for a company that needs to comply with good manufacturing practice (cGMP) requirements from the Food and Drug Administration (FDA). It would be informed of any findings by using the FDA's Form 483, which is part of the public record. A subjective audit would involve an ISO standard or guideline, in which findings and write-ups are given in an audit report at the end of the inspection.
An external audit may also be conducted by an auditing agency, making it a third-party audit. In this case, results are forwarded to the company's top management. The data will show how the operational controls affect the financials.
The role of ISO 9001 is to provide a set of good business practices that are known to either contribute to the quality of product and service, or, in their absence, invite quality failure. ISO 9001 contributes comprehensively, covering activities in four general categories: Management, Resources, Operations and Improvement. Within these categories, each requirement serves as an instruction, teaching management and the employees the elements necessary to achieve the requirement.
For the plastics processing industry, for example, my experience is that it helps develop the framework for a Quality System by combining Standard Operating Procedures (SOPs), reports for evidence of GMP compliance, and log books to track compliance histories. The SOPs provide a foundation for compliance with FDA Quality System Regulations and the ISO standards for industrial, medical, automotive and aerospace suppliers, and serve as a prototype or template for you to customize to your individual situation. I welcome any questions regarding additional information on a well-defined maturity model that can be effective for corporate self-assessment.
About the author: Lewis Yasenchak works as a consultant with small-to-mid sized processors, moldmakers and other precision manufacturers to help them "implement quality at the source" rather than catch mistakes once made, and also to minimize waste by meeting and exceeding ISO Quality Management Systems. He invites you to contact him to help demonstrate the impact quality can have on your operations. Contact him at T: 706-694-2977 or [email protected].