Table Of ContentThe
J.P. Russell, editor
h a n d b o o k
Fourth Edition
aUdITInG
aSQ
The ASQ Auditing
Handbook
H1435_Russell_pi-378.indd 1
11/2/12 10:19 AM
Also available from ASQ Quality Press:
Quality Audits for Improved Performance, Third Edition
Dennis R. Arter
The Internal Auditing Pocket Guide: Preparing, Performing, Reporting and Follow-up,
Second Edition
J. P. Russell
Auditing Beyond Compliance: Using the Portable Universal Quality Lean Audit Model
Janet Bautista Smith
Process Driven Comprehensive Auditing: A New Way to Conduct ISO 9001:2008 Internal
Audits, Second Edition
Paul C. Palmes
AS9101D Auditing for Process Performance: Combining Conformance and Effectiveness to
Meet Customer Satisfaction
Chad Kymal
Lean Acres: A Tale of Strategic Innovation and Improvement in a Farm-iliar Setting
Jim Bowie
Lean ISO 9001: Adding Spark to your ISO 9001 QMS and Sustainability to your Lean Efforts
Mike Micklewright
The Quality Toolbox, Second Edition
Nancy R. Tague
Mapping Work Processes, Second Edition
Bjørn Andersen, Tom Fagerhaug, Bjørnar Henriksen, and Lars E. Onsøyen
Root Cause Analysis: Simplified Tools and Techniques, Second Edition
Bjørn Andersen and Tom Fagerhaug
The Certified Manager of Quality/Organizational Excellence Handbook, Third Edition
Russell T. Westcott, editor
To request a complimentary catalog of ASQ Quality Press publications, call
800-248-1946, or visit our website at http://www.asq.org/quality-press.
H1435_Russell_pi-378.indd 2
11/2/12 10:19 AM
The ASQ Auditing
Handbook
PrinciPles, imPlementation, and Use
Fourth Edition
ASQ Audit Division
J. P. Russell, Editor
ASQ Quality Press
Milwaukee, Wisconsin
H1435_Russell_pi-378.indd 3
11/2/12 10:19 AM
American Society for Quality, Quality Press, Milwaukee 53203
© 2013 by ASQ
All rights reserved. Published 2012
Printed in the United States of America
18 17 16 15 14 13 5 4 3 2 1
Library of Congress Cataloging-in-Publication Data
The ASQ auditing handbook : principles, implementation, and use / ASQ
Quality Audit Division ; J.P. Russell, editor.—4th ed.
p. cm.
Rev. ed. of: The quality audit handbook. 3rd ed. c2005.
Includes bibliographical references and index.
ISBN 978-0-87389-847-8 (alk. paper)
1. Auditing—Handbooks, manuals, etc. I. Russell, J. P. (James P.),
1945– II. ASQ Quality Audit Division. III. Quality audit handbook.
HF5667.Q35 2013
657′.45—dc23
2012039493
No part of this book may be reproduced in any form or by any means, electronic, mechanical,
photocopying, recording, or otherwise, without the prior written permission of the publisher.
Publisher: William A. Tony
Acquisitions Editor: Matt Meinholz
Project Editor: Paul Daniel O’Mara
Production Administrator: Randall Benson
ASQ Mission: The American Society for Quality advances individual, organizational, and
community excellence worldwide through learning, quality improvement, and knowledge
exchange.
Attention Bookstores, Wholesalers, Schools, and Corporations: ASQ Quality Press books, video,
audio, and software are available at quantity discounts with bulk purchases for business,
educational, or instructional use. For information, please contact ASQ Quality Press at
800-248-1946, or write to ASQ Quality Press, P.O. Box 3005, Milwaukee, WI 53201-3005.
To place orders or to request a free copy of the ASQ Quality Press Publications Catalog, visit our
website at http://www.asq.org/quality-press.
Printed on acid-free paper
H1435_Russell_pi-378.indd 4
11/2/12 10:19 AM
v
Contents
List of Figures and Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
x
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xiii
Notes to the Reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xiv
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xvii
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xviii
Part I Auditing Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
Chapter 1 Types of Quality Audits/Part IA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2
1. Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2
2. Auditor- Auditee Relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4
3. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6
4. Common Elements with Other Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8
Chapter 2 Purpose and Scope of Audits/Part IB . . . . . . . . . . . . . . . . . . . . . . . . .
11
Audit Reason . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11
1. Elements of Purpose and Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
13
2. Benefits of Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16
Chapter 3 Criteria to Audit Against/Part IC . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
18
Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
18
Audit Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
18
Chapter 4 Roles and Responsibilities of Audit Participants/Part ID . . . . . . .
21
Audit Participants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
21
Roles and Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
22
Chapter 5 Professional Conduct and Consequences for Auditors/Part IE . . .
26
1. Professional Conduct and Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
2. Legal Consequences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
38
3. Audit Credibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
41
Part II Audit Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
47
Chapter 6 Audit Preparation and Planning/Part IIA . . . . . . . . . . . . . . . . . . . . . .
49
1. Elements of the Audit Planning Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
51
2. Auditor Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
59
3. Audit- Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
63
H1435_Russell_pi-378.indd 5
11/2/12 10:19 AM
vi
Contents
4. Logistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
67
5. Auditing Tools and Working Papers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
70
6. Auditing Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
75
7. Communication and Distribution of the Audit Plan . . . . . . . . . . . . . . . . . . .
79
Chapter 7 Audit Performance/Part IIB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
82
1. On- Site Audit Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
82
2. Opening Meeting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
85
3. Audit Data Collection and Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
89
4. Establishment of Objective Evidence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
97
5. Organization of Objective Evidence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
98
6. Exit and Closing Meetings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
101
Chapter 8 Audit Reporting/Part IIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
107
1. Report Development and Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
107
2. Effective Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
116
3. Final Audit Report Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
118
Chapter 9 Audit Follow- up and Closure/Part IID . . . . . . . . . . . . . . . . . . . . . . . .
121
1. Elements of the Corrective Action Process . . . . . . . . . . . . . . . . . . . . . . . . . . .
121
2. Review of Corrective Action Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
123
3. Verification of Corrective Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
126
4. Follow- up on Ineffective Corrective Action . . . . . . . . . . . . . . . . . . . . . . . . . . .
128
5. Audit Closure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
129
Part III Auditor Competencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
133
Chapter 10 Auditor Characteristics/Part IIIA . . . . . . . . . . . . . . . . . . . . . . . . . . . .
134
Education and Experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
134
Interpersonal Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
136
Personal Traits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
138
Chapter 11 On-Site Audit Resource Management/Part IIIB . . . . . . . . . . . . . . .
139
Time-Management Skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
139
Chapter 12 Conflict Resolution/Part IIIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
141
Causes of Conflict . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
141
Managing Difficult Situations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
142
Team Conflict . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
144
Chapter 13 Communication and Presentation Techniques/Part IIID . . . . . . .
145
Basic Rules for Effective Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
145
Communication Technology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
146
Presentation Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
150
Chapter 14 Interviewing Techniques/Part IIIE . . . . . . . . . . . . . . . . . . . . . . . . . . .
151
Conversational Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
151
Avoid Asking Leading Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
152
Interviewing a Group of People . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
153
Using a Translator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
153
Corroborating Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
153
Potential Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
154
H1435_Russell_pi-378.indd 6
11/2/12 10:19 AM
Contents
vii
Chapter 15 Team Dynamics/Part IIIF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
157
1. Team Building . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
157
2. Team Facilitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
159
3. Stages of Team Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
160
Part IV Audit Program Management and
Business Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
163
Chapter 16 Audit Program Management/Part IVA . . . . . . . . . . . . . . . . . . . . . . .
164
1. Senior Management Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
164
2. Staffing and Resource Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
165
3. Auditor Training and Development . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
166
4. Audit Program Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
170
5. Internal Audit Program Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
174
6. External Audit Program Management (Supplier Audits) . . . . . . . . . . . . . . .
181
7. Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
186
8. Organizational Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
188
9. Management Review Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
194
Management Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
195
Chapter 17 Business and Financial Impact/Part IVB . . . . . . . . . . . . . . . . . . . . .
196
1. Auditing as a Management Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
196
2. Interrelationships of Business Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
199
3. Cost of Quality (COQ) Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
200
4. Emerging Roles of the Auditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
205
Part V Quality Tools and Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . .
207
Chapter 18 Basic Quality and Problem- Solving Tools/Part VA . . . . . . . . . . . .
208
Pareto Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
208
Cause-and-Effect Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
209
Flowcharts and Process Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
210
Statistical Process Control (SPC) Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
215
Checklists, Check Sheets, Guidelines, and Log Sheets . . . . . . . . . . . . . . . . . . . .
220
Scatter Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
224
Histograms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
225
Root Cause Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
227
Plan-Do-Check-Act (PDCA/PDSA) Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
230
Chapter 19 Process Improvement Techniques/Part VB . . . . . . . . . . . . . . . . . . .
232
1. Six Sigma and the DMAIC Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
232
2. Lean . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
234
Chapter 20 Basic Statistics/Part VC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
250
1. Measures of Central Tendency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
250
2. Measures of Dispersion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
251
3. Qualitative and Quantitative Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
253
Patterns and Trends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
255
Chapter 21 Process Variation/Part VD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
260
1. Common and Special Causes (Theory of Variation) . . . . . . . . . . . . . . . . . . . .
260
H1435_Russell_pi-378.indd 7
11/2/12 10:19 AM
viii Contents
2. Process Performance Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
264
3. Outliers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
265
Chapter 22 Sampling Methods/Part VE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
266
Types of Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
266
Statistical Sampling (Random and Systematic) . . . . . . . . . . . . . . . . . . . . . . . . . .
268
Sampling Standards (Acceptance Sampling). . . . . . . . . . . . . . . . . . . . . . . . . . . .
269
Proportional Stratified Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
272
Risks in Sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
273
Sampling Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
275
Chapter 23 Change Control and Configuration Management/Part VF . . . . . .
278
Document Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
278
Configuration Management Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
279
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
280
Chapter 24 Verification and Validation/Part VG . . . . . . . . . . . . . . . . . . . . . . . . .
281
Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
281
Process Auditing and Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
282
Chapter 25 Risk Management Tools/Part VH . . . . . . . . . . . . . . . . . . . . . . . . . . . .
283
Quantification of Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
283
Failure Mode and Effects Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
284
Critical to Quality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
285
HACCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
287
HHA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
288
Appendix A ASQ Code of Ethics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
291
Appendix B Notes on Compliance, Conformance, and Conformity . . . . . . . .
292
Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
292
Conformance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
292
Conformity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
292
Appendix C Example Guide for Technical Specialists
(or Subject Matter Experts) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
294
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
294
Contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
294
Job Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
294
The Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
295
Appendix D The Institute of Internal Auditors Code of Ethics . . . . . . . . . . . .
296
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
296
Applicability and Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
296
Principles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
297
Rules of Conduct . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
297
Appendix E History of Quality Assurance and Auditing . . . . . . . . . . . . . . . . .
299
Quality Assurance and Audit Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
299
Theories and Practices in Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
301
Environmental, Safety, and Health Programs and Audit Functions . . . . . . . .
304
H1435_Russell_pi-378.indd 8
11/2/12 10:19 AM
Contents
ix
Appendix F Certified Quality Auditor Body of Knowledge . . . . . . . . . . . . . . .
306
Six Levels of Cognition based on Bloom’s Taxonomy (Revised) . . . . . . . . . . .
315
Appendix G Example Audit Program Schedule . . . . . . . . . . . . . . . . . . . . . . . . .
317
Appendix H Example Third- Party Audit Organization Forms . . . . . . . . . . . . .
323
Appendix I Example Audit Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
333
Appendix J Product Line Audit Flowchart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
343
Appendix K First, Second, and Third Edition Contributors and
Reviewers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
345
Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
351
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
358
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
363
H1435_Russell_pi-378.indd 9
11/2/12 10:19 AM
x
List of Figures and Tables
Figure I.1
Types of audits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xix
Part I
Figure 1.1
Classifications of audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
Figure 5.1
ASQ code of ethics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
27
Figure 5.2
The Institute of Internal Auditors code of ethics (selected sections) . . . . . . .
28
Figure 5.3
Whistle-blower statutes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
34
Figure 5.4
Example of other whistle-blower laws . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
34
Figure 5.5
Illegal auditor activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
39
Part II
Figure 6.1
Audit plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
50
Figure 6.2
Process audit scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
55
Figure 6.3
Assignment considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
60
Figure 6.4
Evaluation considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
61
Table 6.1
Summary of auditing strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
78
Figure 6.5
Notification letter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
80
Figure 7.1
Detailed audit schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
88
Figure 8.1
Typical audit report format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
111
Table 8.1
Report issues and concerns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
115
Table 8.2
Report attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
117
Table 8.3
Suggestions for improving reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
117
Figure 9.1
Sample request for corrective action form for first-party audits . . . . . . . . . .
124
Part III
Table 10.1
Auditor certification requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
135
Table 10.2
Tools and programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
136
Table 10.3
Communication skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
137
Table 10.4
Auditing skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
137
Table 10.5
Auditor personal traits and attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
138
Figure 12.1
Common time-wasting ploys and possible solutions . . . . . . . . . . . . . . . . . . .
143
H1435_Russell_pi-378.indd 10
11/2/12 10:19 AM
List of Figures and Tables
xi
Figure 14.1
Open-ended questions contrasted with closed-ended questions . . . . . . . . .
152
Figure 15.1
Team developmental stage progression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
160
Part IV
Figure 16.1
Audit program measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
171
Figure 16.2
Audit result linkages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
173
Figure 16.3
Charting results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
174
Figure 16.4
Sample audit program contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
177
Figure 16.5
Open-ended questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
178
Figure 16.6
Areas requiring procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
179
Figure 16.7
Best Practices Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
187
Figure 16.8
Auditor or lead auditor risk management duties . . . . . . . . . . . . . . . . . . . . . .
192
Figure 16.9
Audit manager risk management duties. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
192
Figure 17.1
Production viewed as a system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
200
Part V
Figure 18.1
SQM software example of a frequency Pareto analysis . . . . . . . . . . . . . . . . .
208
Figure 18.2
Cause-and-effect diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
210
Figure 18.3
Common flowchart symbols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
211
Figure 18.4
Activity sequence flowchart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
212
Figure 18.5
Top-down flowchart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
213
Figure 18.6
Matrix flowchart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
213
Figure 18.7
Flow process worksheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
214
Figure 18.8
A process map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
214
Figure 18.9
Control chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
215
Figure 18.10 X
_
and R chart example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
217
Figure 18.11 u chart for the average errors per truck for 20 days of production . . . . . . . .
218
Figure 18.12 WECO rules for signaling “out of control.” . . . . . . . . . . . . . . . . . . . . . . . . . . .
219
Figure 18.13 Any point above +3 sigma control limit (a point above 3 sigma, C line) . . .
219
Figure 18.14 Consecutive points above the average (trend: 8 points in a row but
within 3 sigma, C line) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
220
Figure 18.15 Four out of the last five points above +1 sigma . . . . . . . . . . . . . . . . . . . . . . . .
220
Figure 18.16 Sample checklist, ISO 9001, clause 8.2.2, Internal auditing . . . . . . . . . . . . . .
221
Figure 18.17 Sample quality system checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
222
Figure 18.18 Calibration area checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
222
Figure 18.19 Check sheet for documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
223
Figure 18.20 Data correlation patterns for scatter analysis . . . . . . . . . . . . . . . . . . . . . . . . . .
224
Figure 18.21 Histogram with normal distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
225
Figure 18.22 Common histogram patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
226
Figure 18.23 Five whys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
229
Figure 18.24 PDCA/PDSA cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
230
H1435_Russell_pi-378.indd 11
11/2/12 10:19 AM
xii
List of Figures and Tables
Figure 18.25 SIPOC diagram . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
231
Figure 19.1
Value stream map—macro level (partial) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
237
Figure 19.2
Value stream map—plant level (partial) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
237
Figure 19.3
Takt time analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
247
Figure 19.4
Typical U-shape cell layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
249
Table 20.1
Frequency distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
252
Figure 20.1
Histogram data dispersion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
253
Figure 20.2
Line graph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
255
Figure 20.3
Bar graph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
256
Figure 20.4
Pie chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
257
Table 20.2
Area of responsibilities matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
257
Table 20.3
Audit planning matrix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
258
Table 20.4
Lost-time accident monthly summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
258
Figure 20.5
Lost work this month . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
259
Figure 22.1
Producer risk or Type I error (note: sample taken from shaded area) . . . . .
274
Figure 22.2
Consumer risk or Type II error (note: sample taken from shaded area). . . .
274
Table 22.1
Sampling methods summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
276
Figure 25.1
Consumer risk or Type II error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
286
Figure 25.2
Causal relationship in developing key process measurements . . . . . . . . . . .
287
H1435_Russell_pi-378.indd 12
11/2/12 10:19 AM
xiii
Foreword
C
hange is the only constant, and changes to the audit profession continue
in order to improve effectiveness and efficiency and to adjust to changes
in technology. We are no longer just process and system auditors—rather,
members of our profession are valued teammates, adding fresh eyes and organi-
zational expertise to the wealth of tools available to management. Management
system standards such as ISO 9000–based management systems are now viewed
as starting points for organizational excellence. ASQ Audit Division members are
no longer considered compliance police. Rather, our membership has evolved
to meet the challenges of the new millennium, just as Norm Frank predicted
in his foreword to the second edition of this handbook. We are no longer just
auditors—we are assessors, and our chosen discipline has grown to include advis-
ing management on best practices. We are teachers in the true sense of the word.
This edition of The ASQ Auditing Handbook reflects those changes. Subject- matter
experts skilled in the audit profession have grown the Body of Knowledge (BoK),
working in tandem with the ASQ Certification Department, and this book reflects
the latest revision. Teams of ASQ Certified Quality Auditors (CQAs), working on
your behalf, met at ASQ headquarters and volunteered long hours to ensure that
the BoK, reflected herein, represents generally accepted, world- class audit prac-
tices. Contributors to this book, also subject- matter experts, volunteered their time
to ensure that the excellence of the new BoK is scholastically available to audit
professionals the world over.
The words thank you don’t begin to express my appreciation to the ASQ Certifi-
cation staff, the CQAs involved in updating the BoK, the Audit Division members
who volunteer to manage the certification program, the CQAs who meet every
year to write test questions, and the fine authors who contributed to the latest
edition of this book. This book has become the text of choice for candidates sitting
for the CQA examination. The exam is written such that the handbook is a major
source of information needed to attain the CQA credential.
Enjoy our latest edition, and use the information to grow your expertise. The
path leading from compliance auditing to system assessing is great, but the rewards
are worth the effort. I think you’ll find this book to be an invaluable resource to
help you along that path.
George Callender
Chair, ASQ Audit Division
H1435_Russell_pi-378.indd 13
11/2/12 10:19 AM
xiv
T
his handbook supports the quality auditor BoK, developed for the ASQ
CQA program. The quality audit BoK was revised in 2012. The fourth edi-
tion addresses new and expanded BoK topics, common auditing (quality,
environmental, safety, and so on) methods, and process auditing. The handbook
is designed to provide practical guidance for system and process auditors. Practi-
tioners in the field provided content, example audit situations, stories, and review
comments as the handbook evolved.
New to the fourth edition are the topics of common and special causes, outli-
ers, and risk management tools. Besides the new topics, many current topics have
been expanded to reflect changes in auditing practices since 2004 and ISO 19011
guidance, and they have been rewritten to promote the common elements of all
types of system and process audits (quality, environmental, safety, and health).
The text is aligned with the BoK for easy cross- referencing. We hope that use of
this handbook will increase your understanding of the auditing BoK.
The Use
The handbook can be used by new auditors to gain an understanding of audit-
ing. Experienced auditors will find it to be a useful reference. Audit managers
and quality managers will use the handbook as a guide for leading their auditing
programs.
The handbook will also be used by trainers and educators as source material
for teaching the fundamentals of auditing. It is not designed as a stand- alone text
to prepare for the ASQ CQA exam. As with all ASQ certification activities, you
are encouraged to work with your local section or the Quality Audit Division for
preparation. The ASQ Auditing Handbook, when used in conjunction with other
published materials, is appropriate for refresher courses, and we hope that train-
ers will use it in that manner.
The handbook contains information to support all aspects of the CQA BoK
and is not limited to what new auditors need to know. Hence, the amount of mate-
rial in each part of the handbook is not directly proportional to exam emphasis.
The CQA exam is designed to test a candidate’s basic knowledge of quality audit-
ing. All the information in the handbook is important, but those preparing for the
CQA exam should spend more time on their weakest areas and on those parts of
the BoK receiving more emphasis on the exam. The number of questions and the
Notes to the Reader
H1435_Russell_pi-378.indd 14
11/2/12 10:19 AM
