IATF 16949:2016 Clause 9.2.2.2 Quality management system audit

Please read the article of ISO 9001:2015 internal audit before reading this article. The Quality Management System audit process is covered on that article.

An audit is a systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. Audits are structured and formal evaluations. The term systematic means the company must plan and document its system for auditing. It must have management support and resources behind it. Audits must be performed in an impartial manner, which requires auditors to have freedom from bias or other influences that could affect their objectivity. For example, having responsibility for the work, or a vested interest or shares in a supplier or third party company they are assigned to audit would be conflicts of interest. Internal audits must be carried out to a process . The process must address the responsibilities for conducting the audits, ensuring independence, recording results, and reporting to management. Audits obtain objective evidence of conformity with requirements. The evidence must be based on fact and may be obtained through observation, measurement, test, or by other means. Evaluating the extent to which audit criteria are fulfilled involves an assessment of both implementation and effectiveness. The presence of nonconformities in a department or process may indicate the system is ineffective for those areas.Audit results are a major input to the management review process. Management must take appropriate actions based on the review of quality system strengths, weaknesses, and opportunities for improvement. The allocated time and for conducting internal audits demonstrates top management commitment. If the purpose of the audit is properly communicated, and employees realize that the audit is not an evaluation of personal performance, they are more likely to discuss weak areas and opportunities for improvement. This should lead to an improvement in operational performance and improved customer satisfaction. A quality management system audit in IATF 16949 involves a comprehensive evaluation of an organization’s QMS to ensure it meets the requirements of the standard and is effectively implemented to ensure consistent product quality, customer satisfaction, and continuous improvement. Here are the key aspects of a quality management system audit in IATF 16949:

1. Scope and Objectives: Define the scope and objectives of the audit, including the areas, processes, and functions that will be audited. This should cover all relevant aspects of the QMS, including design and development, production, service, and support processes.
2. Audit Planning: Develop an audit plan that outlines the audit schedule, audit team composition, audit criteria, and the methods and tools to be used during the audit.
3. Document Review: Examine the organization’s QMS documentation, including the quality manual, procedures, work instructions, records, and any other relevant documents. Verify that the documentation is complete, up-to-date, and aligned with the requirements of IATF 16949.
4. Process Auditing: Conduct process audits to evaluate how the organization’s processes are planned, implemented, and controlled. This includes assessing the effectiveness of process controls, risk management, and the use of appropriate performance indicators.
5. Compliance Assessment: Evaluate the organization’s compliance with the specific requirements of IATF 16949, which include customer-specific requirements, core tools (e.g., APQP, PPAP, FMEA), and other industry-specific standards.
6. Performance Measurement: Assess the organization’s performance measurement and monitoring mechanisms to ensure that the QMS is achieving its intended outcomes, meeting customer requirements, and driving continuous improvement.
7. Internal Audits: Review the organization’s internal audit program and records to determine if internal audits are being conducted effectively and are adding value to the QMS.
8. Management Review: Evaluate the effectiveness of the organization’s management review process in providing top management with insights into the performance of the QMS and making informed decisions.
9. Corrective Actions: Verify the organization’s process for identifying and addressing non-conformities, implementing corrective actions, and preventing recurrence.
10. Continual Improvement: Examine the organization’s efforts in pursuing continual improvement, including the use of data-driven decision-making and the promotion of a culture of excellence.
11. Reporting: Compile audit findings into a comprehensive audit report that includes strengths, weaknesses, opportunities for improvement, and non-conformities. Ensure that the report is objective, factual, and clearly communicates the audit results.
12. Follow-up and Verification: Monitor the implementation of corrective actions and verify their effectiveness in resolving identified issues.

A successful quality management system audit in IATF 16949 helps the organization identify areas for improvement, ensure compliance with industry standards, and achieve its quality objectives. It also demonstrates the organization’s commitment to delivering high-quality products and services to customers and stakeholders.

Clause 9.2.2.2 Quality management system audit

The organization shall audit all quality management system processes over each three-year calendar period, according to an annual program, using the process approach to verify compliance with this Automotive QMS Standard. Integrated with these audits, the organization shall sample customer-specific quality management system requirements for effective implementation.

Auditing all quality management system (QMS) processes over a three-year calendar period, according to an annual program, is a structured approach to ensuring the effectiveness, compliance, and continuous improvement of the organization’s QMS. This periodic audit cycle allows the organization to systematically review its processes, identify areas for improvement, and maintain alignment with quality standards and customer expectations. Here’s how the process can be implemented:

1. Audit Planning:
   • Establish an annual audit program that outlines the processes to be audited each year over the three-year cycle.
   • Identify the scope and objectives of each audit, specifying the QMS processes and areas to be covered.
2. Process Selection:
   • Determine which QMS processes will be audited in each year of the three-year cycle.
   • Consider factors such as process criticality, risk, customer impact, changes in the organization, and any recent audit findings.
3. Audit Execution:
   • Conduct audits according to the schedule defined in the annual program.
   • Assign competent auditors to each audit who are knowledgeable about the QMS processes being audited.
4. Compliance and Effectiveness:
   • Assess each audited process for compliance with relevant standards, regulations, and documented procedures.
   • Evaluate the effectiveness of each process in achieving its intended objectives and contributing to the organization’s quality goals.
5. Data Collection and Analysis:
   • Collect data and evidence during the audits to support the assessment of process compliance and effectiveness.
   • Analyze the collected data to identify trends, patterns, and areas that require improvement.
6. Corrective Actions and Improvement:
   • Document any non-conformities or opportunities for improvement identified during the audits.
   • Recommend and implement corrective actions to address non-conformities and enhance process performance.
7. Reporting:
   • Prepare audit reports for each process audit, summarizing findings, non-conformities, corrective actions, and improvement recommendations.
   • Communicate the audit results to relevant stakeholders, including process owners and management.
8. Follow-up and Verification:
   • Monitor the implementation of corrective actions to ensure their effectiveness in resolving identified issues.
   • Conduct follow-up audits or verification activities as needed to confirm the successful closure of non-conformities.
9. Continuous Improvement:
   • Use the insights gained from the process audits to drive continuous improvement efforts within the organization.
   • Update processes, procedures, and practices based on lessons learned and best practices identified during audits.

By conducting regular audits of all QMS processes over the three-year calendar period, the organization can ensure the ongoing effectiveness of its quality management system, identify areas for enhancement, and demonstrate its commitment to maintaining high standards of quality, compliance, and customer satisfaction.

Customer-specific quality management system (QMS) requirements

Integrating customer-specific quality management system (QMS) requirements into the audit process is a proactive approach to ensuring that the organization effectively implements these requirements and meets the expectations of its customers. By sampling and assessing customer-specific QMS requirements alongside regular QMS audits, the organization can demonstrate its commitment to customer satisfaction and align its processes with specific customer needs. Here’s how this integration can be achieved:

• Thoroughly review and understand the specific quality management system requirements outlined by each customer. These requirements may include contractual agreements, quality standards, industry-specific guidelines, and any additional expectations communicated by the customer.
• Integrate customer-specific QMS requirements into the organization’s audit plan. Identify which customer requirements need to be audited and determine the appropriate timing and frequency for these audits.
• Clearly define the scope of each audit to include both general QMS processes and the specific customer requirements that apply to those processes.
• Develop a sampling approach for auditing customer-specific QMS requirements. This could involve selecting relevant processes, products, or projects that are directly impacted by the customer requirements.
• Conduct audits according to the integrated plan. Auditors should assess the effective implementation of both general QMS processes and the customer-specific requirements associated with those processes.
• Collect documentation and evidence that demonstrate compliance with customer-specific requirements. This may include records, reports, communication logs, and any other relevant artifacts.
• Verify that the organization’s processes align with customer-specific requirements and that the appropriate controls and actions are in place to meet those requirements.
• Include the assessment of customer-specific QMS requirements in the audit reports. Clearly communicate the organization’s conformance to these requirements and any areas that require improvement.
• Use audit findings related to customer-specific requirements to identify opportunities for improvement. Address any gaps or non-conformities through corrective and preventive actions.
• Maintain open communication with customers regarding the audit process and the organization’s commitment to implementing their specific requirements effectively.
• Incorporate feedback from customer interactions and audits into the organization’s quality improvement initiatives. This can help refine processes and enhance customer satisfaction over time.

By integrating customer-specific QMS requirements into the audit process, the organization demonstrates its dedication to meeting customer expectations and delivering products and services that align with customer needs. This approach contributes to building strong customer relationships, enhancing customer loyalty, and positioning the organization as a reliable and customer-focused partner in quality.