Now that we have examined what to look for and what to ask for in the areas of documentation requirements, management commitment and provision of resources, it’s time to move forward to the area of planning product realization. Processes required for product realization vary between organizations. Some internal processes can include product support, production planning, design and development, purchasing, marketing and sales, manufacturing, assembly, warehousing, delivery and maintenance. 9100 standards work to verify, validate, monitor, measure, inspect and test relevant processes for the underlying organization.

Project Management

Each organization audited will have unique project management plans, requiring a customized audit and advanced preparation. Some of the project management areas to examine include the management’s plan, project organization, work breakdown structure as well as phasing and scheduling. In terms of project realization, be sure to examine technical performance controls, cost controls and schedule controls.

Risk Management

What should you look for with regard to risk management? Consider how product risk management activities are maintained. Examine how project phases are performed and updated. Evaluate how risk analyses are updated when products or parts are modified. And, consider how lessons learned from prior risk management activities are taken into account. The auditor’s role in the area of risk management is to examine all risks that could potentially disrupt the business’s operational processes, or end customer service. Once risks have been accurately identified, they must be communicated to relevant parties within the organization. And finally, following communication, risks must be monitored on an ongoing basis.

Configuration Management

Four primary areas should be examined during this portion of the audit, including:

  • Planning Management- Look for the configuration management planning scope, planning timetables, and methods utilized.
  • Identification- Examine the existence of serial number traces, how product configurations are communicated and identification methods for products.
  • Change Controls- Objective evidence can include the configuration methods and any deviations as well as the system of the management’s configuration.
  • Status Accounting- Examples of objective evidence can include routing cards, production operations performed by the operators and forms showing data and any relevant changes that need to be recorded.

Control of Work Transfers

Work transfers include the entire lifecycle, not just product production. Both permanent and temporary transfers should be examined. And, moves between suppliers and organizations should be included in this portion of the audit. When examining the control levels of work transfers, acceptable evidence can include identification of members of the transfer team and cross functional team, detailed task plans with noted milestones, identified risks, a review of the technical requirements and a verification of production processes.

For additional direction in structuring your audit, consider enrolling in AS9100 lead auditor training. Audit results will increase in efficiency and accuracy with proper preparation in the areas of what to ask and what to examine. Stay tuned for our next article in the Process Auditing series, Customer Related Processes.