AGATA LEWKOWSKA PH.D.

Requirements
for audits
From Quality
Management
System
point of view

BASED ON
ISO 9001:2015
AND
IATF 16949:2016
 Hello!
Let me thank you for
downloading this e-book.

My name is Agata Lewkowska.

Since 2007 I have been working with "quality" in

organizations with a production profile in the automotive
supply chain.

I decided to share with you my knowledge and experience

which I gained during:
implementation and maintenance of quality
management systems in accordance with the
requirements of ISO 9001 and IATF 16949,
supplier management,
auditing according to ISO 9001, IATF 16949, VDA 6.3,
as a quality engineer on the production line.

I am a very well-educated practicioner. Next to my

professional career I did my Ph.D. at the Warsaw School
of Economics (SGH), Poland.
Four years of study led to the creation of a doctoral thesis
in the field of economic sciences from the discipline of
management and quality sciences.

I hope this e-book will help you to gain mandatory basic

knowledge needed for understanding quality management
systems.
Best regards,
 Introduction

Have you ever felt a feeling of insecurity and stress hearing that an
audit is coming and you must take part in it as an auditee?
Unfortunately, an audit is not well remarked because it means a
verification/control and, consequently, it may reveal a non-
compliance with the requirements against which it is carried out.

But is it really to be feared? To answer this question one has to

realize what it is and what its role is. Only then it can be appreciated
as an effective tool to prevent any nonconformity and to help top
management achieve the organisation's goals.
 Audit - what is it?

The word audit comes from the Latin verb

"audire" and means to hear, to listen.

In ISO 9000:2015 You will find a basis for understanding the

definitions related to such concepts as quality or quality
management system.
Therefore, I will refer to the definition contained in this standard:

“Audit is a systematic, independent and documented process of

obtaining objective evidence and evaluating it objectively to
determine the extent to which audit criteria are met. "
 Audit - what is it?

Therefore, an audit shall be scheduled at planned intervals.

It is performed by an auditor who shall be independent from the

audited area so that he/she does not audit his/her work. In other
word the auditor cannot be responsible for /coming from the
audited area. At the same time the audit requires documenting i.e.
an audit report.

Thus audit shall confirm that all the requirements constituting the
audit criteria are met.

So the auditor shall not look for nonconformity!

 The purpose

The organization shall conduct internal audits to

provide information on its quality management

system.

That is to say if it conforms to

the organization’s own requirements for QMS
and to the requirements of the standard.

In fact organization gets an information

if quality management system is effectively

implemented and maintained.
 Audit program

Audits in the organization are conducted in accordance with the

audit program.

An audit program is one or more audits planned for a

specific time frame and with a specific purpose.
ISO 9001: 2015 in clause 9.2.2 a) requires the organization to plan,
establish, implement and maintain the audit program(s) including
the frequency, methods, responsibilities, planning requirements
and reporting taking into account the importance of processes,
changes affecting the organization and the results of previous
audits.
In contrast, IATF 16949 in clause 9.2.2.1 requires the organization to
have a documented internal audit process. The process shall
include the development and implementation of an internal audit
program that covers the entire quality management system
including quality management system audits, manufacturing
process audits and product audits (I'll talk about it in a moment).
Audit program priorities shall be based on risks, internal and
external performance trends, and process criticality.
 Audit categories

There are the following categories of audits:

Internal audits are called first party audits and are carried out by or
on behalf of the organization itself. Such audits serve as input data
for a management review or for other internal purposes, e.g. gap
analysis, management decision making, etc.
External audits are for second and third party audits. In the case of
the other party, such audits are carried out by customers or at
suppliers. In IATF 16949, 8.4.2.4.1, you can find the requirements
for these audits as part of supplier monitoring. Third party audits,
on the other hand, are carried out by independent auditing
organizations such as certification / compliance bodies or
government agencies. Such audits may be used for certification,
granting a license or award, verification of claims, etc.
Combined audits concern the auditing of two or more management
systems carried out simultaneously at one auditee.
Joint audits are in turn carried out on one auditee by two or more
audit organizations.
 Types of audits

The following types of audits are also distinguished in the quality

management system:
system audit,
process audit,
product audit.
 Types of audits -
system audit

System audit is an audit of the system implemented in the

organization e.g. quality, environment, health and safety, IT security
etc.

It checks its suitability, adequacy and effectiveness of all activities in

the area of ​the entire system.

IATF 16949 in clause 9.2.2.2 requires the management system audit

to be performed over a three-year audit cycle and during the audits
the organization shall take into account the customer-specific
requirements for the quality management system to verify their
effective implementation.
 Types of audits -
process audit

Process audit is to verify whether it is carried out in accordance with

its design. Usually, it is performed in accordance with process flow
description.

IATF 16949 in 9.2.2.3 requires the organization to audit all

manufacturing processes over a period of three calendar years to
determine their effectiveness and efficiency using customer-specific
required approaches for process audits i.e. VDA 6.3 approach. If not
specified by the customer, the organization shall define the
approach to be used.

Additionally, each production process shall be audited on all

working shifts it occur taking into account the shift handover.
The manufacturing process audit shall include an audit of the
effective implementation of the process risk analysis such as
(PFMEA), control plan and related documents.
 Types of audits -
product audit

Product audit focuses only on monitoring products ready for

shipment against the requirements set out in technical
specifications, drawings, standards and statutory regulations.

IATF 16949 in Clause 9.2.2.4 requires a product audit, using a

customer-specific required approach, at the appropriate stages of
production and delivery to verify conformity to specified
requirements.

Again, where not defined by the customer, the organization shall

define the approach to be used i.e. VW requires VDA 6.5 approach.
 At the end...

Audit as an independent verification of activities in the organization in

terms of audit criteria. It leads to an assessment of the organization
condition and (if nonconformity occurs) to the corrective actions. The
results of the audits are the input data for the management review in
accordance with ISO 9001: 2015 point 9.3.2. Therefore, internal audit
may be helpful in achieving organizational goals, as it is a systematic and
methodical approach to assessing the suitability, adequacy and
effectiveness of organization management.
Therefore, it can be treated as a tool to improve the organization and
bring it value added.

All content in this e-book is a private interpretation of publicaly available information.

Any convergence of the described situations with people, organizations, companies is
accidental. The content presented in this e-book does not represent the views of any
companies or institutions.
Let me invite you to my SOCIAL MEDIA!

And...

Facebook group:

ISO 9001 & IATF 16949

QualityWise Group
where you will have great opportunity to:
exchange your knowledge
share your experience
raise questions on quality issues.
HOW I CAN HELP YOU:
TRAININGS
• ISO 9001 and IATF 16949 standard requirements,
• How to audit the automotive quality management
system,
• Coretools: APQP / VDA MLA, PPAP / VDA PPA, SPC /
VDA 4, MSA / VDA 5, FMEA AIAG-VDA
• VDA 6.3 audit.
AUDITING
Do you need an experienced auditor who will confirm
the compliance of your quality management system?
I will do for you:
·internal audits according to ISO 9001 and IATF
16949,
·supplier audits according to ISO 9001 and IATF
16949,
·VDA 6.3 audits,
·ISO 9001 and IATF 16949 certification readiness
audits before 3rd party audit.
CONSULTING
Implementing, maintaining and improving quality
management systems according to ISO 9001 and IATF
16949.
In addition to the implementation of the quality
management system, I specialize in:
• internal audit program management,
• process mapping and monitoring,
• supplier sourcing/ evaluation / development.
I tutor.
You learn.

Visit official website at

www.qualitywise.pl for the
complete details.

For inquiries or concerns

regarding quality management
please call +48 603 880 578
or e-mail
agata.lewkowska@qualitywise.pl.