To provide the
requirements for performing effective System Audits of
supplier Quality Management Systems (QMS) including
principles of auditing, planning, execution, and follow-up.
Process
1. The System Audit shall be
performed using the requirements contained in this
instruction which are written with consideration to the
general guidelines contained in ISO 19011 Guidelines for quality and/or environment management
systems auditing.
1.1. System Audits shall be conducted on the QMS
standard identified in existing contracts or letters of delegation (LOD).
When a supplier has adopted a QMS standard different than
specified in the contract, the supplier may be audited to
the adopted standard, but can only be contractually held
accountable to the requirement specified in the contract.
1.2.
A System Audit can be conducted either on the entire QMS or
through audits of individual QMS elements. Process
reviews also may be conducted in accordance with the Process
Review instruction on various processes within the QMS and
may be considered as accomplishment of the requirement to
audit that portion of the QMS. When
multiple QMS processes of the same QMS clause are reviewed
(e.g., Purchase Documentation and Verification of Purchased
Items are part of ISO 9001, clause 7.4 Purchasing), the
System Audit method should be used.
1.3. The
entire QMS shall be reviewed every three years, as stated in
the GCQA Surveillance Planning Instruction, unless the results of the risk assessment or
customer direction warrants more frequent audits. When
the contract contains the requirement for QMS, e.g. FAR 52.246-11, the Risk Statement Generator question for a "Higher Level Quality Requirement" shall be
answered as "yes" and a System Audit shall be identified in
the GCQA Surveillance plan. The System Audit shall be
performed in accordance with this instruction.
The maximum audit frequency of three years is only
applicable to suppliers with contracts that have duration of
greater than three years or who continuously receive
contracts with higher-level quality requirements. This
provides for the performance of ongoing GCQA activities
which form a basis of confidence that supplies and services
accepted from the supplier conform to contract requirements. When a contract is received with a performance
duration of less than three years and there are no
continuing higher-level quality requirements imposed on the
supplier, a System Audit shall be scheduled and conducted
commensurate with the likelihood risk rating. QMS or
QMS elements with high or moderate likelihood risk ratings
shall be prioritized for a System Audit early in contract
performance, but under no circumstances should the contract
expire prior to the System Audit being performed.
DCMA System Audit is considered a second party audit of the
QMS and as such is more thorough than what will be
accomplished during a third party audit.
1.4. If an
Operations Directorate Quality Systems Review (QSR) or a
customer systems audit is accomplished on the supplier's
Quality Management System, the extent
to which the system is audited and confidence in the
conformity of the system is established may be used to
satisfy all or some of the requirements of paragraph 1.2 and
1.3. Records of audits performed by Operations or
Customer representatives that are used for this purpose
shall be maintained by the assigned quality assurance
personnel.
2. When the entire QMS or a
significant portion of the QMS (partial) is to be reviewed,
a formal audit team shall be established to conduct the
System Audit. When only a single element or a
small number of elements is to be reviewed, the assigned QA
personnel, if properly qualified, may conduct the audit
alone or with a few other QA personnel. The audit team leader or assigned QA personnel (for
partial audits) shall notify the supplier, in writing of the
pending audit and scope. When a full System
Audit is to be conducted, the assigned QA personnel or QA
organization should consider notifying major customers.
2.1. When a
team is to perform the System Audit, an audit team lead and
audit team members shall be identified by the CMO.
2.2. The
team composition should include the appropriate functional
specialists as necessary to assure the adequate skills for
the scope of the supplier’s operation, type and complexity
of the weapons system or space based systems produced. Members can include other disciplines, such as
Software Specialists and Engineers, as needed. The audit team leader is responsible to ensure the
team has all the needed competencies to achieve audit
objectives.
2.3. The audit
team leader or assigned QA personnel (for partial audits)
shall prepare an audit plan defining the conduct of the
audit. The plan should facilitate scheduling
and coordination of the audit activities. The audit
team leader or assigned QA personnel (for partial audits)
shall coordinate the plan with the supplier.
The amount of detail provided in the audit plan should
reflect the scope and complexity of the audit. The
audit plan should be sufficiently flexible to permit
changes, such as changes in the audit scope, which can
become necessary as the on-site audit activities progress.
The audit plan should cover the following, as appropriate:
· The audit objectives
· The contract number(s) containing the
higher-level Quality Requirement (FAR 52.246-11) and cited
quality standard(s)
· The audit criteria and any supplier’s
reference documents
· The audit scope, including
identification of the organizational and functional units
and processes to be audited
· The dates and places where the on-site
audit activities are to be conducted
· The expected time and duration of
on-site audit activities
· The roles and responsibilities of the
audit team members and accompanying persons (may not be
necessary for partial audits)
· The allocation of appropriate resources
to critical areas of the audit (may not be necessary for
partial audits)
· Identification of the supplier’s
representative for the audit (may not be necessary for
partial audits)
2.4 After the
audit plan has been coordinated with the supplier, any audit
plan revisions should be discussed with the supplier before
continuing the audit.
3. The audit team leader, in
consultation with the audit team, should assign each team
member specific processes, functions, sites, areas or
activities to be audited. Such assignments should take
into account the experience and background of the auditors,
the effective use of resources, and the different roles and
responsibilities of auditors, auditors-in-training and
technical experts. Changes to the work assignments may
be made as the audit progresses to ensure the achievement of
the audit objectives.
4. The audit team members should
review the information relevant to their audit assignments
and prepare work documents as necessary for reference and
for recording audit proceedings. Such work documents
may include:
Checklists
Audit
sampling plans
Forms
for recording information, such as supporting evidence,
audit findings and records of meetings
4.1. The use of
checklists and forms should not restrict the extent of audit
activities, which can change as a result of information
collected during the audit. However, the audit
checklist shall be appropriate for and shall not exceed the
contractual requirements.
4.2. Work
documents, including records resulting from their use,
should be retained at least until audit completion. Those documents involving confidential or
proprietary information shall be suitably marked and
safeguarded at all times by the audit team members.
5. Regardless of the scope
of the System Audit (full or partial), an opening meeting
shall be held with the audit members and the supplier’s
management or, where appropriate, those responsible for the
functions or processes to be audited. The purpose of
an opening meeting is to:
Confirm
the audit plan
Provide
a short summary of how the audit activities will be
undertaken
Review the audit schedule
Confirm
communication channels
Provide
an opportunity for the supplier to ask questions
5.1. Depending
upon the scope and complexity of the audit, it can be
necessary to make formal arrangements for communication
within the audit team and with the supplier during the
audit. The audit team should confer daily to exchange
information, assess audit progress, and to reassign work
between the audit team members as needed.
5.2. During the
audit, the audit team leader should periodically (may be
done daily or every other day) communicate the progress of
the audit and any concerns to the supplier, as appropriate. Evidence collected during the audit that suggests an
immediate and significant risk (e.g. safety, environmental
or quality) shall be reported without delay to the supplier
and, as appropriate, to CMO QA management. Any
concern about an issue outside the audit scope should be
noted by the audit member and reported to the audit team
leader, for possible communication to the supplier and CMO
QA management.
5.2.1. Where the available audit evidence indicates
that the audit objectives are unattainable, the audit team
leader shall report the reasons to the CMO QA management and
the supplier to determine appropriate action. Such
action may include reconfirmation or modification of the
audit plan, changes to the audit objectives or audit scope,
or termination of the audit.
5.2.2. Any need for changes to the audit scope which
can become apparent as on-site auditing activities progress
should be reviewed with and approved by the CMO QA
management, and, as appropriate, the supplier.
6. Supplier guides and observers
(government or supplier) may accompany the audit team but
are not a part of it. They should not influence or
interfere with the conduct of the audit. Guides
appointed by the supplier should assist the audit team and
only act on the requests of the audit team leader. Their
responsibilities may include the following:
Establishing
contacts and timing for interviews
Arranging
visits to specific parts of the site or organization
Ensuring
that rules concerning site safety and security
procedures are known and respected by the audit team
members
Witnessing
the audit on behalf of the supplier
Providing
clarification or assisting in collecting information
7. During the audit, information
relevant to the audit objectives, scope and criteria should
be collected and verified by appropriate sampling.
Only verified information can be audit evidence and shall be
recorded. The audit evidence is based on samples of
the available information and therefore there is an element
of uncertainty. Those acting upon the audit
conclusions should be aware of this uncertainty.
8. Audit evidence shall be
evaluated against the audit criteria to generate the audit
findings. Audit findings address nonconformity with
audit criteria. Nonconformities and their supporting audit
evidence shall be recorded.
8.1. The audit
team should meet as needed to review the audit findings at
appropriate stages during the audit.
8.2. Nonconformities
should be reviewed with the supplier to obtain
acknowledgement that the audit evidence is accurate, and
that the nonconformities are understood. Every attempt
should be made to resolve any diverging opinions concerning
the audit evidence and/or findings, and unresolved points
shall be recorded.
9. The audit team should confer
prior to the closing meeting to:
Review
the audit findings, and any other appropriate
information collected during the audit, against the
audit objectives
Prepare
recommendations to the CMO, if specified by the audit
objectives
Discuss
audit follow-up, if included in the audit plan
Agree
on the audit conclusions and resolve any diverging opinions regarding the audit findings and/or
conclusions (Team Leader decision whether or not to
include a finding)
10. A closing meeting with
the supplier, chaired by the audit team leader, shall be
held to present the audit findings and conclusions in such a
manner that they are understood and acknowledged by the
supplier, and to agree, if appropriate, on the timeframe for
the supplier to present a corrective and preventive action
plan. Participants in the closing meeting should
include audit team members and may also include the customer
and other parties. In a small organization, the
closing meeting may consist of just communicating the audit
findings and conclusions. For other audit situations,
the meeting should be formal and minutes, including records
of attendance, should be kept.
11. The audit team leader
with assistance from the audit team shall prepare the audit
report. If the audit results require the supplier to
take corrective action, the appropriate level Corrective
Action Request (CAR) shall be issued in accordance with the Corrective Action Process instruction with responsibility for follow up and closure
assigned to the assigned QA personnel.
Nonconformities detected during a System Audit, should not
be issued as individual CARs. The CAR issued
shall include all nonconformities found during System Audit.
Any nonconformities found during a System Audit that require
root cause analysis and action to prevent recurrence shall
result in the issuance of a level II CAR, as a minimum.
Multiple nonconformities associated with a single clause or
indicative of a system wide breakdown of the QMS should
result in a level III CAR. This decision of the CAR
level should be made by the audit team leader. The audit report shall provide a complete, accurate, concise
and clear record of the audit, and as applicable shall
include the:
Audit
objectives
Audit
scope, particularly identification of the organizational
and functional units or processes audited and the time
period covered
Identification
of audit team leader and members
Dates
and places where the on-site audit activities were
conducted
Audit
criteria
Audit
findings
Audit
conclusions
Audit
CAR
Reference
to the audit plan
Confirmation
the audit objectives as defined in the audit plan were
or were not accomplished
Any
areas within the audit scope not covered
Agreed-to
follow-up action plans
Distribution
for the audit report
11.1. The audit
is considered complete when all activities described in the
audit plan have been carried out and the audit report has
been distributed. The audit report shall be
distributed, as a minimum, to all parties notified of the
audit within 10 working days of the closing meeting.
11.2. The
audit plan and audit report shall be maintained in
accordance with the DCMA Records Management instruction.
If necessary to support the audit report, copies of
supplier’s documentation shall also be retained in
accordance with the DCMA Records Management instruction.
If not needed to support the audit report, copies of these
documents shall be destroyed.
Competencies/Certifications
Audits
should be led by an individual that meets the lead auditor
core plus competency described in the Quality System Skill
Set. Audit team members should meet the auditor core
plus competency described in the Quality System Skill Set.
All the competency and certification requirements are
described in the QA Development instruction.
Training
Matrix
"Process Title" Training Matrix Template
What
TASKS are
required to
accomplish this
process?