SupplierAudit_SupplierAuditingMechanics

Proper preparations must be made to successfully plan, execute, and follow-up on a supplier audit. Preparations guidelines as defined by NASA2 are as follows:

  1. Identification of an Audit Opportunity

    A driver or specified reason exists to perform an audit. The identified need starts the quality audit process. Identification of high risk(s) from the supplier is usually a driving factor for performing an audit.

    Next is the selection of the type of audit to conduct. This part of the planning stage gives direction and path forward to proceed, and is broken into these components:

    • Identify auditor and auditee
    • Identify type (pre-award, post-award or maintenance)

  2. Audit Planning and Scheduling
    1. After selection of the type of audit, the audit checklist should be chosen/developed. (Sample checklists are available on the Examples page)
    2. Select an audit team.
    3. Notify the supplier. This should be accomplished through a formal written letter. As part of the notification letter, attach a questionnaire to gain detailed information on the processes, procedures and operations of the supplier.

  3. Conducting the Audit and Communication
    1. Perform an in-brief meeting on-site to ensure common understanding of the purpose and scope of the audit.
    2. Conduct the audit.
    3. If the audit lasts more than one day, then conduct daily progress meetings.
    4. Perform an out-brief to discuss all findings and the supplier questionnaire that was sent during the notification of the audit. Findings can be positive or negative.
    5. Gather feedback.

  4. Reporting the Audit Results

    After the out-brief, formally document and send the supplier the results as discussed in the out-brief. There should be no surprise to the supplier upon receipt of the formal findings documentation.

    NASA uses the following methodology for audit results:

    • Select the Supplier's overall Audit Result Status:
      • Green: The supplier has no open nonconformances.
      • Yellow: The supplier has nonconformances identified that are not likely to reduce the usability of the product or service for its intended purpose, or a departure from procedures having no immediate impact on the product or service.
      • Red: The supplier has nonconformances identified that potentially could result in failure of the products or services, or to materially reduce the usability of the products or services for their intended purpose.
    • Select the corresponding Supplier Status:
      • for Green "Approved" Supplier
      • for Yellow "Approved with Deficiencies" Supplier
      • for Red "Withheld" or "Follow-up Audit Required" (See NASA Audit and Assessment Tools.)
    • Ensure the audit report is concise and in-line with the scope of the audit.
    • On-site verification of results should be performed for “high impact” NCs.

  5. Tracking Supplier’s Corrective Action Report

    There are four possibilities that allow the change in the supplier’s status in the event that NCs have been written. They are as follows:

    1. “The Supplier submits completed Corrective Action Responses that are evaluated as acceptable for closure of nonconformance(s). The Supplier's Status is changed to Approved."
    2. The Supplier submits Corrective Action Responses that are evaluated as unacceptable or incomplete for closure of nonconformance(s). The supplier status remains the same. Either "APPROVED WITH DEFICIENCIES" or "WITHHELD" and receives a Finding/Response Tracking Record Continuation Form with a new Response Due Date.
    3. The Supplier submits Corrective Action Plan(s) with an Estimated Completion Date (ECD) and requests an extension. The supplier status remains the same, either "APPROVED WITH DEFICIENCIES" or "WITHHELD" and receives a Finding/Response Tracking Record Continuation Form with a new Response Due Date.
    4. The Supplier fails to respond by the Response Due Date.
    • The supplier submits all NC corrective action responses back to the auditor with estimated completion dates (ECDs).
    • The auditor reviews the report to determine if the corrective action for each NC is acceptable.
    • The supplier submits all NC corrective action reports back to the auditor.
    • The auditor reviews the report to determine if the corrective action for each NC is acceptable. A path forward shall be established for all NC responses that are deemed unacceptable.
    • If the supplier fails to respond:
      • A courtesy reminder after 30 days is sent out.
      • A second reminder is sent out after 60 days.
      • Failure to respond within 90 days results in a status change to "WITHHELD" and the audit will be closed with no further business until a response is received.

  6. Audit Closure
    • “Audit Report indicates the audit is closed due to no nonconformances being identified during the audit. The Supplier's Status is "APPROVED."
    • Supplier had nonconformances but provided an acceptable Corrective Action Response or Auditor conducts On-Site verification and deems nonconformances closed. The Supplier's Status is "APPROVED."
    • The supplier did not respond in the allotted time and was provided with reminders to submit corrective action responses, but chose not to respond to the subject audit. The Supplier status is "WITHHELD."
    • Properly review and bring closure to all outstanding actions, documentation and communication with the supplier.

    Summary Process for Supplier Audits

    In summary, as stated in the IASS Quality Assurance Course, supplier audits will follow the following process:

    1. Pre-audit questionnaire and visit
    2. Audit team selection
    3. Audit notification
    4. Opening (in-brief) meeting
    5. Audit performance
    6. Debriefing (out-brief) meeting
    7. Report and follow-up

    The Appendix contains sample checklists that if found useful can be downloaded.