by Greg Hutchins
I've been quality auditing for more than 15 years. When I started, I was so excited and impressed by the power of quality auditing that I learned everything I could about it. I read every auditing book I could lay my hands on and took many classes, even accounting classes. I was so fanatical that I even had enough hours to sit for the certified public accountant exam.
Quality auditing is now coming into its own. The ASQC's Certified Quality Auditor certification is a testament to this. Three recent business developments have thrust quality auditing and the CQA into prominence: changes in financial auditing, ISO 9000/QS-9000 sourcing developments and a focus on increasing operational efficiencies.
Changes in financial auditing
Recently, the external financial auditors of a Fortune 100 company asked the client's management for operational information, specifically ISO 9000 records. The Statement on Auditing Standards 55 and, more recently, SAS 78 require financial auditors to understand the internal control practices carried out by business managers that can affect financial statements. What better way to understand internal controls than through quality auditing, corrective action and preventive action internal control systems and records?
Traditionally, external auditors looked at organizational areas where there may have been a financial breach or exposure, such as variances in inventory counts, payables, receivables or computerized transactions.
Now, financial auditors examine the overall financial health of the organization, including looking at operational efficiencies and effectiveness. External financial auditors don't want to conduct operational or internal audits. Instead, they rely on internal auditors to maintain budgetary controls, and they rely on quality auditors to assess operational quality controls.
ISO 9000/QS-9000 sourcing developments
ISO 9000 and QS-9000 have lent importance and credibility to quality auditing. Maintaining internal quality auditing systems has become a business issue. Many companies require their suppliers to be registered to ISO 9000 or QS-9000, and impose this requirement as a purchase order line item to prospective and existing suppliers. The message is strong and clear: If you want to do business with us, you must be ISO 9000-registered.
Some would say the most significant requirement of the ISO 9000 series is the need for internal quality auditing systems. These standards require a registered company to have internal quality auditing and corrective/preventive action systems in place and operating properly.
The Registrar Accreditation Board, the U.S. accreditor of ISO 9000 registrars, has also sanctioned the CQA as being one of the approved methods for becoming an ISO 9000 lead assessor. Certification as a quality auditor from ASQC, plus an RAB-accredited, 16-hour Quality Systems Auditor Course for CQAs, followed by an approved examination, satisfies the training requirements for RAB auditors.
As the quest for improving operational efficiency and effectiveness grows, the role of quality auditing takes on even greater importance. The CQA has become the professional ticket to demonstrating knowledge, skills and experience for planning, conducting and reporting almost any type of operational and quality audit.
Traci V.A. Edwards, director of QA/QC at InSite Vision, has been using quality auditing for years. She knows the process works.
"The value of quality audits starts with an effective audit management program that defines audit needs and priorities of the organization," explains Edwards. "Satisfying these needs and top management support ensure that the audit program is a useful tool to improve company performance. This is something every one of our certified quality auditors knows and understands."
CQAs add organizational value because they know how to conduct the following assessments:
ISO 9000 systems audits -- to evaluate quality policies and procedures.
Product audits -- to test, validate and assess products for conformance to technical requirements.
Malcolm Baldrige National Quality Award -- to assess world-class quality.
Functional audits -- to evaluate efficiency and effectiveness of operational areas, such as manufacturing, quality assurance, engineering and purchasing.
Process audits -- to determine the internal process controls that will minimize and eliminate risks throughout the company. Process quality audits are also used to complement reengineering activities. Reengineering determines if a core process activity is necessary, while the process quality audit evaluates if the process is in control, capable and satisfying customers.
Operational audits -- to evaluate the effectiveness, productivity and efficiency of internal operations.
Surveys -- to quickly assess a specific company function or supplier.
Surveillance -- to assess adherence of quality practices, procedures or controls to established criteria without resorting to a full-scale audit. ISO 9000 surveillance system audits evaluate continuing maintenance of selected quality systems of ISO 9000-registered companies.
Walkthroughs -- to gain a broad overview of an area or facility, solicit information and get a sense of what's happening.
What is a CQA?
The ASQC defines the CQA as "a professional who understands the standards and principles of quality, and the auditing techniques of examining, questioning, evaluating and reporting to determine a quality system's adequacy and deficiencies. The CQA analyzes all elements of a quality system and judges its degree of adherence to the criteria of industrial management, and quality evaluation and control systems."
The CQA itself is a quality control and assurance certification of a person's competency. The certification ensures that the certificate holder can plan, conduct and report almost any type of quality audit, whether it is a quality system, process or product audit. The certificate tests whether the applicant can develop and follow a logical, step-by-step approach to minimize risks, correct deficiencies and ensure they don't recur.
Many can benefit from this certification, including quality function personnel, ISO 9000 administrators, customer-supplier improvement team members, financial/internal audit personnel and reengineering team members, because they are all involved in improvement activities.
Common quality terms and concepts
The CQA body of knowledge covers methodologies, principles and practices for planning, conducting and reporting quality audit results. The CQA tests for knowledge, skills and experience. For many coming into the quality profession, understanding the special terms and auditing protocols can be difficult. So, it is essential that a person sitting for the CQA understand the terms and concepts that are peculiar and distinct to the profession.
Just like any profession, quality auditing has its "secret handshakes," those special definitions and concepts that practitioners use among themselves. More seriously, these special concepts are defined so there is effective communication among audit stakeholders, specifically the auditee, auditor and customer. Again, a critical function of quality communication is to define common concepts and limit variation around these standards.
Compared to other types of audits, quality auditing is still in its infancy. There are few barriers to becoming an auditor, so a codified standard set of quality auditing definitions is crucial to ensuring consistency in planning, conducting and reporting audit results. This consistency also ensures that audit results are credible in managerial decision making.
ISO 9000 registration is becoming a condition of business in many industry sectors. Companies must have a quality manual and procedure. ISO 8402 (1987) defines a quality manual as "a document stating the quality policy, quality system and quality practices of an organization." According to the same document, a procedure is "a document that specifies the way to perform an activity." These terms are critical in the quality standards world, where the understanding, application and demonstrated effectiveness of these concepts may mean the difference of getting or not getting a contract.
Typical CQA questions
There are no tricks for preparing for the CQA. A candidate must know quality and quality auditing, and this can only be gained through experience and study.
On preparing for the certification exam, Ken Love, corporate manager for The Gillette Co. Shaving Systems Evaluation, says: "In my experience, there is no quick and easy way to prepare for the exam. The candidate must have a solid understanding of the fundamental concepts in all areas of the body of knowledge and must be able to apply them universally -- not just in their own industry or work setting."
The CQA generally presents situations typically encountered by a quality auditor and offers generally approved, applied or accepted answers. The CQA usually doesn't have trick questions. Quality auditing principles are generally understood and approved. Quality auditing practices may differ somewhat from company to company. Focus on the big picture, and be aware that there may be company-by-company differences in applying or implementing some quality-auditing practices.
The following, from ASQC's CQA bulletin, may shed some light on the nature of CQA questions:
Question: Attribute sampling should be used when:
a. The population contains attributes.
b. A yes-or-no decision is to be made.
c. The population has variability.
d. A multistage sampling plan is needed.
Attribute sampling is a method for gathering audit information from a population of data. The key to answering this question is to understand that attribute data is binary; specifically, it is yes/no type of data.
Question: After auditors report deficiencies that haven't yet been corrected, their role should be to:
a. Ensure that corrective action is done right.
b. Leave all further action up to the auditee.
c. Evaluate corrective action after it is taken.
d. Inform the auditee's top management that they should monitor the corrective action.
This question addresses the fundamental role of the quality auditor. Let's look at each answer. A and d suggest the role of the quality auditor should be that of enforcer or overseer. These answers also suggest that the quality auditor is the process owner and should be involved in determining the symptomatic and root-cause fixes. A fundamental principle is that the process owner is responsible for his or her quality, and this responsibility can't be abdicated or transferred to a third party like the quality auditor.
B suggests that the auditor remain entirely passive in the process. The most correct answer, c, emphasizes the quality auditor's role of being objective and independent.
The future of quality auditing
The CQA has been a very successful ASQC certification since 1987. It has raised awareness of quality. It has dovetailed very nicely with ISO 10000 and ISO 9000 quality standards. It has been used to screen, train and certify thousands of ISO 9000 and QS-9000 auditors. It has offered companies a new tool to evaluate operations. Many quality professionals have used it as a source of new income. Many now list quality auditing as their profession or primary vocation.
The CQA is now at a juncture. It is being rewritten this year. I think the latest revision of CQA will emphasize and integrate more business principles and practices. This has already taken place with the Baldrige Award over the last few years. While it is still a quality award, quality is now inextricably linked to improving business performance.
These developments will probably emerge in the field of quality auditing:
Quality auditing will be more business-driven. Companies want to know what quality auditing will do for them. Quality activities, including quality auditing, must and will be closely linked with a company's strategic objectives.
Quality auditing will focus on core business processes. Quality auditing evolved from a military mind-set, which had a strong compliance mind-set -- binary, regulated and quality standards-driven. Companies are now process-driven.
Quality auditing will focus on business performance. Companies want to know how quality auditing will make them more efficient, effective and economic -- in other words, quality auditing will have more of a bottom-line orientation.
Quality auditing will align its methodology. Financial, internal and quality auditing will align their methodologies, practices and principles.
Information on the CQA
For more information on the CQA, call the ASQC at (800) 248-1946 and ask for Item B0020, the Certified Quality Auditor application.
About the author
Greg Hutchins is a noted author and lecturer on quality. His firm, Quality Plus Engineering, offers internal CQM training. He wrote The Quality Book, a sourcebook for the CQMgr. The book can be ordered through QPE at (800) 266-7383.
Copyright 1997 QCI International. All rights reserved. Quality Digest can be reached by phone at (916) 893-4095.
Please contact our Webmaster with questions or comments.