Process-Based Auditing for ISO/TS 16949:2002

The 2nd Edition of the Automotive Certification Scheme for ISO/TS 16949:2002, Rules for Achieving IATF Recognition, requires organizations and registrars to conduct process-based audits. According to section 2.7, each onsite audit by a registrar (initial, surveillance, and recertification) must include an audit of:

a) Implementation of requirements for new customers since the last audit
b) Customer complaints and organization responses
c) Internal audit and management review results and actions
d) Progress made toward continual improvement targets
e) Effectiveness of the corrective actions and verification since the last audit
f) Effectiveness of the system with regard to achieving both customer and organization objectives

And, every audit must include auditing on all shifts.

Every surveillance audit must be planned around the processes of the organization, taking into account current customer and internal performance data, internal audit and management review results, and the same information pertinent to any new customers since the last audit. Items a) and b) in the list above should be obtained during planning for the surveillance audit.

Every surveillance audit must re-examine some of the organization processes so that all of the processes, and all customer specific system requirements, have been re-examined within each three year cycle.

Every recertification audit (three year cycle) must re-assess the:

  • Effective interaction between all the processes defined in the quality management system
  • Effectiveness of the system in its entirety, considering internal and external changes that may have affected the system

Sections 2.11 and 2.12 state that audit plans must be based on the processes of the organization. The audits must evaluate the effectiveness of the system, its linkages, its requirements, and its performance. Part of the evidence required is process-based internal audits being conducted by the organization, followed by a management review. The effectiveness of the system should consider how well the system is deployed, as demonstrated by the defined measures, to meet customer satisfaction and company objectives.

Annex 5 states that ISO/TS 16949:2002 audits must not be driven by a “clause” or “section” driven checklist. The automotive approach for process-based audits begins by identifying the organization’s processes and evidence that they address all the requirements of ISO/TS 16949:2002. These processes are then analyzed according to this criteria:

  • Products provided to the customer
  • Risks to the customer
  • Interfaces (process inputs and outputs)
  • Identification of group processes for an economical and effective audit

Audit activities are to be prioritized based on:

  • Customer requirements, including customer-specific system requirements
  • Followup issues of prior audits (external and internal)
  • Customer satisfaction and complaints status, including customer reports and scorecards
  • Key indicator trends for the previous 12 months, minimum
  • Value (add) to the audited organization