Important Information: Processing Delays for mailed orders in July due to the

RNC convention and heightened security procedures in Milwaukee. To ensure

faster service, we encourage you to submit your order online via our secure
payment portal or over the phone by calling 800-248-1946 or 414-272-8575. We
apologize for any inconvenience and appreciate your patience.

 Hello, Guest

 Login

 Register
 

 CONTACT US

| Cart Total:
CHECKOUT
DISMISS
MENU


o
o
o

o
o
o
o

o

o
o








o
 LEARN ABOUT QUALITY
SEARCH
Magazines and Journals search
 ABOUT AUDITING
 RESOURCES
 RELATED TOPICS

 /
 Quality Resources /
 Auditing

WHAT IS AUDITING?
Auditing on ASQTV

Purchase ASQ/ANSI/ISO 19011:2018: Guidelines For Auditing

Management Systems
Quality Glossary Definition: Audit

Auditing is defined as the on-site verification activity, such as inspection or examination, of

a process or quality system, to ensure compliance to requirements. An audit can apply to an entire organization
or might be specific to a function, process, or production step. Some audits have special administrative
purposes, such as auditing documents, risk, or performance, or following up on completed corrective actions.

 The three different types of auditing

 What are first-party, second-party, and third-party audits?
 What are the four phases of an audit cycle?
 Auditing resources
 Become a certified auditor

THE THREE DIFFERENT TYPES OF

AUDITS
ISO 19011:2018 defines an audit as a "systematic, independent and documented process for obtaining audit
evidence [records, statements of fact or other information which are relevant and verifiable] and evaluating it
objectively to determine the extent to which the audit criteria [a set of policies, procedures or requirements] are
fulfilled." There are three main types of audits:
 Process audit: This type of audit verifies that processes are working within established limits. It evaluates an
operation or method against predetermined instructions or standards to measure conformance to these standards
and the effectiveness of the instructions. A process audit may:
o Check conformance to defined requirements such as time, accuracy, temperature, pressure, composition,
responsiveness, amperage, and component mixture.
o Examine the resources (equipment, materials, people) applied to transform the inputs into outputs, the
environment, the methods (procedures, instructions) followed, and the measures collected to determine process
performance.
o Check the adequacy and effectiveness of the process controls established by procedures, work
instructions, flowcharts, and training and process specifications.
 Product audit: This type of audit is an examination of a particular product or service, such as hardware,
processed material, or software, to evaluate whether it conforms to requirements (i.e., specifications,
performance standards, and customer requirements).
 System audit: An audit conducted on a management system. It can be described as a documented activity
performed to verify, by examination and evaluation of objective evidence, that applicable elements of the system
are appropriate and effective and have been developed, documented, and implemented in accordance and in
conjunction with specified requirements.
o A quality management system audit evaluates an existing quality management program to determine its
conformance to company policies, contract commitments, and regulatory requirements.
o Similarly, an environmental system audit examines an environmental management system, a food safety system
audit examines a food safety management system, and safety system audits examine the safety management
system.

Audit Considerations
Other methods, such as a desk or document review audit, may be employed independently or in support of the
three general types of audits.

Some audits are named according to their purpose or scope. The scope of a department or function audit is a
particular department or function. The purpose of a management audit relates to management interests, such as
assessment of area performance or efficiency.

An audit may also be classified as internal or external, depending on the interrelationships among participants.
Internal audits are performed by employees of your organization. External audits are performed by an outside
agent. Internal audits are often referred to as first-party audits, while external audits can be either second-party
or third-party.

WHAT ARE FIRST-PARTY, SECOND-

PARTY, AND THIRD-PARTY
AUDITS?
 A first-party audit is performed within an organization to measure its strengths and weaknesses against its own
procedures or methods and/or against external standards adopted by (voluntary) or imposed on (mandatory) the
organization. A first-party audit is an internal audit conducted by auditors who are employed by the organization
being audited but who have no vested interest in the audit results of the area being audited.
 A second-party audit is an external audit performed on a supplier by a customer or by a contracted organization
on behalf of a customer. A contract is in place, and the goods or services are being, or will be, delivered. Second-
 party audits are subject to the rules of contract law, as they are providing contractual direction from the customer
to the supplier. Second-party audits tend to be more formal than first-party audits because audit results could
influence the customer’s purchasing decisions.
 A third-party audit is performed by an audit organization independent of the customer-supplier relationship and
is free of any conflict of interest. Independence of the audit organization is a key component of a third-party
audit. Third-party audits may result in certification, registration, recognition, an award, license approval, a
citation, a fine, or a penalty issued by the third-party organization or an interested party.

Industry Certification Through Auditing

Companies in certain high-risk categories—such as toys, pressure vessels, elevators, gas appliances, and
electrical and medical devices—wanting to do business in Europe must comply with Conformité Europeënne
Mark (CE Mark) requirements. One way for organizations to comply is to have their management system
certified by a third-party audit organization to management system requirement criteria (such as ISO 9001).

Customers may suggest or require that their suppliers conform to ISO 9001, ISO 14001, or safety criteria, and
federal regulations and requirements may also apply. A third-party audit normally results in the issuance of a
certificate stating that the auditee organization management system complies with the requirements of a
pertinent standard or regulation.

Third-party audits for system certification should be performed by organizations that have been evaluated and
accredited by an established accreditation board, such as the ANSI-ASQ National Accreditation Board
(ANAB).

Performance Audits vs. Compliance and Conformance Audits

Value-added assessments, management audits, added value auditing, and continual improvement
assessment are terms used to describe an audit purpose beyond compliance and conformance. The purpose of
these audits relates to organization performance. Audits that determine compliance and conformance are not
focused on good or poor performance, yet. Performance is an important concern for most organizations.

A key difference between compliance audits, conformance audits, and improvement audits is the collection of
evidence related to organization performance versus evidence to verify conformance or compliance to a
standard or procedure. An organization may conform to its procedures for taking orders, but if every order is
subsequently changed two or three times, management may have cause for concern and want to rectify the
inefficiency.

Follow-Up Audits
A product, process, or system audit may have findings that require correction and corrective action. Since most
corrective actions cannot be performed at the time of the audit, the audit program manager may require a
follow-up audit to verify that corrections were made and corrective actions were taken. Due to the high cost of
a single-purpose follow-up audit, it is normally combined with the next scheduled audit of the area. However,
this decision should be based on the importance and risk of the finding.

An organization may also conduct follow-up audits to verify preventive actions were taken as a result of
performance issues that may be reported as opportunities for improvement. Other times organizations may
forward identified performance issues to management for follow-up.
 WHAT ARE THE FOUR PHASES OF
AN AUDIT CYCLE?
1. Audit planning and preparation: Audit preparation consists of planning everything that is done in advance
by interested parties, such as the auditor, the lead auditor, the client, and the audit program manager, to ensure
that the audit complies with the client’s objective. This stage of an audit begins with the decision to conduct
the audit and ends when the audit itself begins.
2. Audit execution: The execution phase of an audit is often called the fieldwork. It is the data-gathering portion
of the audit and covers the time period from arrival at the audit location up to the exit meeting. It consists of
multiple activities including on-site audit management, meeting with the auditee, understanding the process
and system controls and verifying that these controls work, communicating among team members, and
communicating with the auditee.
3. Audit reporting: The purpose of the audit report is to communicate the results of the investigation. The report
should provide correct and clear data that will be effective as a management aid in addressing important
organizational issues. The audit process may end when the report is issued by the lead auditor or after follow-
up actions are completed.
4. Audit follow-up and closure: According to ISO 19011, clause 6.6, "The audit is completed when all the
planned audit activities have been carried out, or otherwise agreed with the audit client." Clause 6.7 of ISO
19011 continues by stating that verification of follow-up actions may be part of a subsequent audit.

The Four Phases of an Audit Cycle

Note: Requests for correcting nonconformities or findings within audits are very common.

 Corrective action is action taken to eliminate the causes of an existing nonconformity, defect, or other
undesirable situation in order to prevent recurrence (reactive). Corrective action is about eliminating the causes
of problems and not just following a series of problem-solving steps.
 Preventive action is action taken to eliminate the causes of a potential nonconformity, defect, or other
undesirable situation in order to prevent occurrence (proactive).

AUDITING RESOURCES
You can also search articles, case studies, and publications for auditing resources.

Books
The ASQ Certified Quality Auditor Handbook

Internal Quality Auditing

Advanced Quality Auditing

Articles
Auditing: It's All in the Approach (Quality Progress) To effectively use the process approach, organizations
and auditors alike must understand the difference between a department and the QMS processes employed in
that department, and auditors must be competent in the processes they’re auditing.

Starfish and Turtles (Quality Progress) Regardless of industry, a typical quality program consists of multiple
elements, including internal audits. The process grid walk model is an internal audit initiative that features a
self-sustainable self-check method with verifiable deliverables at minimum operating cost.

Auditing Strategy For ISO 9001:2015 (Journal for Quality and Participation) Auditing an organization for
compliance with ISO standards has two parts: conformance audits and performance audits.

Relating Evidence To Conclusions (PDF) Standards experts and members of U.S. TAG 176 explain that if
the intent of an audit is to assess the effectiveness of processes in relation to requirements, auditors must be
open to audit a process in relation to the inputs, outputs, and other contributing factors, such as objectives or
the infrastructure involved.

Videos
ISO 9000 and Audits

The Changing Role of Remote Audits

BECOME A CERTIFIED AUDITOR

WITH ASQ
ASQ certification is a formal recognition that you have demonstrated a proficiency within, and comprehension
of, a specific body of knowledge. In 2016, ASQ Certification exams changed from paper and pencil to
computer-based testing via computer at one of the 8,000 Prometric testing facilities, which allows for
 additional annual exam administrations, greater availability of exam days, faster retesting, and faster test
results. Learn more about computer-based testing.

CERTIFICATION

Quality Improvement Associate (CQIA)

Understands quality tools and their uses and participates in quality improvement projects.

Quality Technician (CQT)

Prepares inspection plans and instructions, selects sampling plan applications, analyzes and solves problems, pr
inspectors, performs audits, analyzes quality costs and other data, and applies statistical methods for process con

Quality Process Analyst (CQPA)

Analyzes and solves quality problems and participates in quality improvement projects.

Pharmaceutical GMP Professional (CPGP)

Understands the GMP (good manufacturing practices) principles as regulated and guided by national and intern
pharmaceutical industry.

Biomedical Auditor (CBA)

Understands the principles of standards, regulations, directives, and guidance for auditing a biomedical system.

HACCP (Food Safety) Auditor (CHA)

Examines, questions, evaluates, and reports on the adequacy and deficiencies of a HACCP-based or process-saf

Quality Auditor (CQA)

Analyzes all elements of a quality system and judges its degree of adherence to the criteria of industrial manage
control systems.

ASQ members save $100 on auditing certifications

See the Difference Certification Makes
Obtaining your auditing certification is proven to increase your earning potential.

Results from the 2019 Quality Progress Salary Survey showed that U.S. respondents who completed any level
of auditor training earned salaries on average of:

 Quality Improvement Associates (CQIA) – $82,892

 Quality Engineers (CQE) – $101,482
 Pharmaceutical GMP Professionals (CPGP) – $105,346
 Manager of quality/organizational excellence – $108,511
 HACCP Auditors (CHA) – $99,150
 Quality Auditors (CQA) earned almost $10,000 more

See the full results of ASQ’s annual Salary Survey.

 Adapted from The ASQ Auditing Handbook, ASQ Quality Press.
Featured Advertisers

 About ASQ
 Career Center
 Community Guidelines
 Contact Us
 Advertisers & Sponsors
 Newsroom
 Privacy & Legal
 Publish with ASQ
 Book/Publications Returns
 Course Cancellations/Refunds
 Site Map

With members and customers in over 130 countries, ASQ brings together the people, ideas and
tools that make our world work better.

ASQ celebrates the unique perspectives of our community of members, staff and those served by
our society. Collectively, we are the voice of quality, and we increase the use and impact of
quality in response to the diverse needs in the world.

© 2024 American Society for Quality. All rights reserved.