Introduction to Supplier Audit

Primary tabs

Step 1 of 1

Introduction

What is an Audit?

An audit is a third party or independent assessment to verify that the organization being audited is performing a specific objective (process, function, policy, etc) in accordance with (IAW) that objective's fulfillment/measurement criteria (procedure, law, contract, etc.). Audits are independent measures of how well an entity is performing an objective against that objective's measurement criteria. Audits are meant to be unbiased and meant to find facts, not fault.[1] They are part of the quality assurance function and help ensure high-quality products/services and increased communications with suppliers. The terminology for the organization being audited is the auditee. Two common and important aspects of a quality audit are as follows:

  • A quality audit is a management tool used to evaluate, confirm, or verify activities related to quality.  A properly conducted quality audit is a positive and constructive process.  It helps prevent problems in the organization being audited through the identification of activities liable to create future problems.
  • The quality audit has negative connotations for some people. These feelings develop through the abuse of the audit process such as using the results as a means of assigning blame or determining punitive actions.

Audits can be internal or external. Internal audits are required per section 8.2.2 of Aerospace Standard AS9100, Quality Management Systems.

This course will focus on performing external audits on suppliers. Supplier Audits should be written as part of the contract(s) with each supplier. Analysis of supplier audits will provide additional information that will provide critical information in the supplier selection process.  While many SmallSat and CubeSat projects will not audit external organizations, internal audits of different facets or teams of the project can be very useful and appropriate.

An audit can be viewed as "The Bee Watcher Watcher"

NSC Audits & Assessments Supplier Symposium

Supplier Auditing

Supplier auditing is the quality assurance audit function that focuses on external suppliers.
The four types of audits are as follows:

  1. System Audit addresses the who, what, where, when, and how of the quality system used to produce its product. They are "documented activity performed to verify, by examination and evaluation of objective evidence, that applicable elements of the quality system are suitable and have been developed, documented, and effectively implemented in accordance with specified requirements.”[1] ​​​​​System audits are performed before activity reports. A good rule of thumb is to perform system audits prior to each gate throughout the system life cycle. (See the AAQ System Engineering course for explanations of gates and life cycles.) System audits are performed prior to readiness (gate) reviews.
  2. Compliance Audit centers on comparing and contrasting written source documentation (usually the contract) to objective evidence in an attempt to prove (or disprove) compliance with that source documentation. During a compliance audit, the auditor examines the written procedures, work instructions, contractual obligations, etc., and attempts to match them to the actions taken by the auditee to produce the product. In essence, it is a "say what you do—do what you say" type of audit. It determines if the supplier is following the accepted and established QA procedures.
  3. Process Audit is much more narrowly defined. Unlike the system audit, the process audit is "an inch wide but a mile deep." It revolves around verification of the manner in which: 1) people; 2) material; 3) machines mesh together to produce a product. A process audit compares and contrasts the manner in which the end product is produced to the written procedures, work instructions, workmanship standards, etc., used to guide the manufacturing process responsible for building the product. Process audits are an appraisal and analytical in nature. It determines completeness, correctness, applicability, and conformity of accepted and established processes
  4. ​​​​​​Product Audit is a detailed inspection of a finished product performed prior to delivering the product to the customer. It is a test of both attribute and variable data such as cosmetic appearance, dimension properties, and electrical continuity. Results of product audit often provide interesting bits of information regarding the reliability and effectiveness of the overall quality system. It determines conformance to product specifications and requirements.[1]

Managing the Quality Audit

There are three different viewpoints involved in managing a quality audit, resulting from the three parties concerned: the client (COR, CO, PM), the auditee (supplier), and the auditing organization (auditors). There are relationships among them and each of these parties has responsibilities that must be addressed.  These include planning, implementation, measurement, and correction.

The Supplier Audit Process

Supplier audits will follow the following process:

  1. Pre-audit Questionnaire and visit
    • Collect information (including processes and procedures) and determine purpose and objectives.[1]
  2. Audit team selection
    • Select team based on audit type, availability, and expertise of potential audit team members.
  3. Audit notification
    • Notification (usually months in advance) in writing and including:
      • "scope/baseline of audit
      • schedule
      • name of the lead auditor
      • draft agenda"1
  4. Opening (in-brief) meeting
    • Finalize agenda and restate purpose and scope.
  5. Audit performance
    • Use of checklist and objective evidence
  6. Debriefing (out-brief) meeting
    • Review all observation sheets (OS)
  7. Report and follow-up
    • Formally summarize the following:
      • purpose
      • requirements
      • team members
      • agenda
      • personnel contacted
      • summary of results
      • Observation Sheets (OS)
      • recommendations on each OS[1] ​​​​​​​
    • Obtain and evaluate responses
    • Close audit

For further reading, view the Supplier Risk and Evaluation Control document from the Mission Assurance Improvement Workshop. The Mission Assurance Improvement Workshop's (MAIW's) purpose is to enhance the government/industry mission assurance processes, supporting disciplines, and associate products collaboratively with industry and government teams.

Supplier information is important to gather as analysis of this information results in overall supplier ratings. These supplier ratings assist an organization in choosing the best suppliers based on their requirements such as cost, schedule, quality, etc.

A central database, known as an SMS, allows for a consistent performance rating system for suppliers.

For further reading, refer to the IAQG section on Supplier Audit Management Basics.