990-26产品经理:WHAT IS AUDITING? 什么是审计？

Quality Glossary Definition: Audit
Auditing is defined as the on-site verification activity, such as inspection or examination, of a process or quality system, to ensure compliance to requirements. An audit can apply to an entire organization or might be specific to a function, process, or production step. Some audits have special administrative purposes, such as auditing documents, risk, or performance, or following up on completed corrective actions.
The three different types of auditing
What are first-party, second-party, and third-party audits?
What are the four phases of an audit cycle?
Auditing resources
Become a certified auditor
质量术语定义：审核
审核被定义为现场验证活动，如过程或质量体系的检查或检验，以确保符合要求。稽核可以套用至整个组织，也可以是特定于某个功能、处理或生产步骤。一些审计具有特殊的管理目的，如审计文档、风险或性能，或跟踪已完成的纠正措施。
三种不同类型的审计
什么是第一方、第二方和第三方审核？
审计周期的四个阶段是什么？
审计资源
成为一名注册审计师

THE THREE DIFFERENT TYPES OF AUDITS 三种不同类型的审计

ISO 19011:2018 defines an audit as a “systematic, independent and documented process for obtaining audit evidence [records, statements of fact or other information which are relevant and verifiable] and evaluating it objectively to determine the extent to which the audit criteria [a set of policies, procedures or requirements] are fulfilled.” There are three main types of audits:
ISO 19011:2018将审核定义为“获取审核证据的系统的、独立的和形成文件的过程【记录，相关和可证实的事实陈述或其他信息】，并对其进行客观评价，以确定审核准则【一组政策、程序或要求】得到满足的程度。”审核主要有三种：

Process audit: This type of audit verifies that processes are working within established limits. It evaluates an operation or method against predetermined instructions or standards to measure conformance to these standards and the effectiveness of the instructions. A process audit may:Check conformance to defined requirements such as time, accuracy, temperature, pressure, composition, responsiveness, amperage, and component mixture.
Examine the resources (equipment, materials, people) applied to transform the inputs into outputs, the environment, the methods (procedures, instructions) followed, and the measures collected to determine process performance.
Check the adequacy and effectiveness of the process controls established by procedures, work instructions, flowcharts, and training and process specifications.
Product audit: This type of audit is an examination of a particular product or service, such as hardware, processed material, or software, to evaluate whether it conforms to requirements (i.e., specifications, performance standards, and customer requirements).
System audit: An audit conducted on a management system. It can be described as a documented activity performed to verify, by examination and evaluation of objective evidence, that applicable elements of the system are appropriate and effective and have been developed, documented, and implemented in accordance and in conjunction with specified requirements.A quality management system audit evaluates an existing quality management program to determine its conformance to company policies, contract commitments, and regulatory requirements.
Similarly, an environmental system audit examines an environmental management system, a food safety system audit examines a food safety management system, and safety system audits examine the safety management system.
过程审核：这种类型的审核可以验证过程是否在既定的范围内工作。它根据预先确定的指令或标准来评估操作或方法，以衡量是否符合这些标准和指令的有效性。过程审核可以：检查是否符合规定的要求，如时间、精度、温度、压力、成分、反应性、电流强度和组分混合物。
检查用于将输入转化为输出的资源（设备、材料、人员）、环境、所遵循的方法（程序、说明）以及为确定过程性能所收集的测量。
检查由程序、作业指导书、流程图、培训和过程规范建立的过程控制的充分性和有效性。
产品审核：这类审核是对特定产品或服务（如硬件、加工材料或软件）的检查，以评价其是否符合要求（即规格、性能标准和顾客要求）。
系统审核：对管理体系进行的审核。它可以被描述为通过对客观证据的检查和评价，验证体系的适用要素是适当和有效的，并且已经根据规定的要求并结合规定的要求开发、形成文件并实施的形成文件的活动。质量管理体系审核评估现有的质量管理程序，以确定其是否符合公司政策、合同承诺和法规要求。
同样，环境体系审核审查环境管理体系，食品安全体系审核审查食品安全管理体系，安全体系审核审查安全管理体系。

Audit Considerations

Other methods, such as a desk or document review audit复核审计, may be employed independently or in support of the three general types of audits.
Some audits are named according to their purpose or scope. The scope of a department or function audit is a particular department or function. The purpose of a management audit relates to management interests, such as assessment of area performance or efficiency.
An audit may also be classified as internal or external, depending on the interrelationships among participants. Internal audits are performed by employees of your organization. External audits are performed by an outside agent. Internal audits are often referred to as first-party audits, while external audits can be either second-party or third-party.
审核注意事项
其他方法，如案头或文件审查审计，可独立使用，或配合三种一般类型的审计使用。
有些审计是根据其目的或范围命名的。部门或职能审计的范围是一个特定的部门或职能。管理审计的目的与管理层的利益有关，例如评估地区业绩或效率。
根据参与者之间的相互关系，审计也可分为内部审计和外部审计。内部审核是由您的组织的员工进行的。外部审计由外部代理人进行。内部审核通常被称为第一方审核，而外部审核可以是第二方或第三方。

WHAT ARE FIRST-PARTY, SECOND-PARTY, AND THIRD-PARTY AUDITS? 什么是第一方、第二方和第三方审核？

A first-party audit is performed within an organization to measure its strengths and weaknesses against its own procedures or methods and/or against external standards adopted by (voluntary) or imposed on (mandatory) the organization. A first-party audit is an internal audit conducted by auditors who are employed by the organization being audited but who have no vested interest in the audit results of the area being audited.
A second-party audit is an external audit performed on a supplier by a customer or by a contracted organization on behalf of a customer. A contract is in place, and the goods or services are being, or will be, delivered. Second-party audits are subject to the rules of contract law, as they are providing contractual direction from the customer to the supplier. Second-party audits tend to be more formal than first-party audits because audit results could influence the customer’s purchasing decisions.
A third-party audit is performed by an audit organization independent of the customer-supplier relationship and is free of any conflict of interest. Independence of the audit organization is a key component of a third-party audit. Third-party audits may result in certification, registration, recognition, an award, license approval, a citation, a fine, or a penalty issued by the third-party organization or an interested party.
第一方审计是在一个组织内进行的，目的是对照自己的程序或方法和/或对照该组织采用的（自愿）或强加于该组织的（强制）外部标准，衡量该组织的长处和短处。第一方审计是由被审计组织雇用的审计员进行的内部审计，但他们在被审计领域的审计结果中没有既得利益。
第二方审核是由顾客或代表顾客的签约组织对供方进行的外部审核。合同已经订立，货物或服务正在或将要交付。第二方审核受合同法规则的约束，因为他们提供了从客户到供应商的合同指导。第二方审核往往比第一方审核更正式，因为审核结果可能会影响客户的购买决定。
第三方审核由独立于客户—供应商关系的审核组织进行，不存在任何利益冲突。审计组织的独立性是第三方审计的关键组成部分。第三方审核可能会导致认证、注册、认可、奖励、许可证批准、传讯、罚款或第三方组织或相关方发出的处罚。

Industry Certification Through Auditing 通过审核获得行业认证

Companies in certain high-risk categories—such as toys, pressure vessels, elevators, gas appliances, and electrical and medical devices—wanting to do business in Europe must comply with Conformité Europeënne Mark (CE Mark) requirements. One way for organizations to comply is to have their management system certified by a third-party audit organization to management system requirement criteria (such as ISO 9001).
Customers may suggest or require that their suppliers conform to ISO 9001, ISO 14001, or safety criteria, and federal regulations and requirements may also apply. A third-party audit normally results in the issuance of a certificate stating that the auditee organization management system complies with the requirements of a pertinent standard or regulation.
Third-party audits for system certification should be performed by organizations that have been evaluated and accredited by an established accreditation board, such as the ANSI-ASQ National Accreditation Board (ANAB).
公司在某些高风险类别-如玩具，压力容器，电梯，燃气用具，电气和医疗设备-想在欧洲做生意必须遵守符合欧洲标志（CE标志）要求。组织遵守的一种方法是由第三方审核组织根据管理体系要求准则（如ISO 9001）对其管理体系进行认证。
客户可建议或要求其供应商符合ISO 9001、ISO 14001或安全准则，联邦法规和要求也可能适用。第三方审核的结果通常是签发一份证书，说明受审核组织的管理体系符合相关标准或法规的要求。
体系认证的第三方审核应由已经由既定的认可委员会（如ANSI-ASQ国家认可委员会（ANAB））评估和认可的组织进行。

Performance Audits vs. Compliance and Conformance Audits 绩效审核与合规性和符合性审核

Value-added assessments评估, management audits审核, added value auditing审核, and continual持续 improvement assessment评估 are terms used to describe an audit审核 purpose beyond compliance服从 and conformance一致性. The purpose of these audits relates to organization performance. Audits that determine compliance and conformance are not focused on good or poor performance, yet. Performance is an important concern for most organizations.
A key difference between compliance audits, conformance audits, and improvement audits is the collection of evidence related to organization performance versus evidence to verify conformance or compliance验证一致性或遵从性 to a standard or procedure一个标准或程序. An organization may conform to its procedures for taking orders, but if every order is subsequently changed two or three times, management may have cause for concern and want to rectify整流 the inefficiency.
增值评估、管理审核、增值审核和持续改进评估是用于描述合规性和一致性之外的审核目的的术语。这些审计的目的与组织绩效有关。确定遵从性和一致性的审计并不关注好的或坏的性能。性能是大多数组织关注的一个重要问题。
合规性审核、符合性审核和改进审核之间的一个关键区别是收集与组织绩效相关的证据，而不是验证符合或遵守标准或程序的证据。一个组织可能会遵守其接受订单的程序，但如果每个订单随后都改变了两三次，管理层可能会有理由担心，并希望纠正效率低下的问题。

Follow-Up Audits 后续审计

A product, process, or system audit may have findings that require correction and corrective action. Since most corrective actions cannot be performed at the time of the audit, the audit program manager may require a follow-up audit to verify that corrections were made and corrective actions were taken. Due to the high cost of a single-purpose follow-up audit, it is normally combined with the next scheduled audit of the area. However, this decision should be based on the importance and risk of the finding.
An organization may also conduct follow-up audits to verify preventive actions were taken as a result of performance issues that may be reported as opportunities for improvement. Other times organizations may forward identified performance issues to management for follow-up.
产品、过程或体系审核可能有需要纠正和纠正措施的发现。由于大多数纠正措施不能在审核时实施，审核项目经理可能要求进行跟踪审核，以验证是否进行了纠正和采取了纠正措施。由于单一目的的后续审计费用很高，通常与该领域的下一次预定审计合并进行。然而，这个决定应该基于发现的重要性和风险。
一个组织也可以进行跟踪审计，以验证预防措施是作为绩效问题的结果而采取的，这些绩效问题可能被报告为改进的机会。其他时候，各组织可能会将查明的业绩问题提交管理层采取后续行动。

WHAT ARE THE FOUR PHASES OF AN AUDIT CYCLE? 审计周期的四个阶段是什么？

Audit planning and preparation: Audit preparation consists of planning everything that is done in advance by interested parties, such as the auditor, the lead auditor, the client, and the audit program manager, to ensure that the audit complies with the client’s objective. This stage of an audit begins with the decision to conduct the audit and ends when the audit itself begins.

Audit execution: The execution phase of an audit is often called the fieldwork. It is the data-gathering portion of the audit and covers the time period from arrival at the audit location up to the exit meeting. It consists of multiple activities including on-site audit management, meeting with the auditee, understanding the process and system controls and verifying that these controls work, communicating among team members, and communicating with the auditee.

Audit reporting: The purpose of the audit report is to communicate the results of the investigation. The report should provide correct and clear data that will be effective as a management aid in addressing important organizational issues. The audit process may end when the report is issued by the lead auditor or after follow-up actions are completed.

Audit follow-up and closure: According to ISO 19011, clause 6.6, “The audit is completed when all the planned audit activities have been carried out, or otherwise agreed with the audit client.” Clause 6.7 of ISO 19011 continues by stating that verification of follow-up actions may be part of a subsequent audit.
审核计划和准备：审核准备包括对相关方（如审核员、主审核员、客户和审核项目经理）提前完成的所有工作进行计划，以确保审核符合客户的目标。审计的这一阶段从决定实施审计开始，到审计本身开始时结束。
审计执行：审计的执行阶段通常称为现场工作。它是审计的数据收集部分，涵盖了从到达审计位置到退出会议的时间段。由多项活动组成，包括现场审核管理、与受审核方会面、了解过程和体系控制并验证这些控制是否有效、团队成员之间的沟通以及与受审核方的沟通。
审计报告：审计报告的目的是沟通调查结果。报告应提供正确和明确的数据，有效地帮助管理层解决重要的组织问题。审核过程可能在主审核员发布报告或后续行动完成后结束。
审计后续行动和结束：根据ISO 19011第6.6条“当所有策划的审核活动均已实施，或与审核委托人另行商定时，审核即告完成。” ISO 19011第6.7条继续指出，后续行动的验证可能是后续审核的一部分。

Note: Requests for correcting nonconformities or findings within audits are very common.
Corrective action is action taken to eliminate the causes of an existing nonconformity, defect, or other undesirable situation in order to prevent recurrence (reactive). Corrective action is about eliminating the causes of problems and not just following a series of problem-solving steps.
Preventive action is action taken to eliminate the causes of a potential nonconformity, defect, or other undesirable situation in order to prevent occurrence (proactive).
注：审核中要求纠正不合格或发现的情况非常普遍。
纠正措施是为消除现有不合格、缺陷或其他不期望情况的原因以防止再发生（反应性）而采取的措施。纠正措施是关于消除问题的原因，而不仅仅是遵循一系列解决问题的步骤。
预防措施是为消除潜在的不合格、缺陷或其他不期望情况的原因，以防止其发生而采取的措施（积极主动）。

AUDITING RESOURCES 审核资源

You can also search articles, case studies, and publications for auditing resources.
Books
The ASQ Certified Quality Auditor Handbook
Internal Quality Auditing
Advanced Quality Auditing
Articles
Auditing: It’s All in the Approach (Quality Progress) To effectively use the process approach, organizations and auditors alike must understand the difference between a department and the QMS processes employed in that department, and auditors must be competent in the processes they’re auditing.
Starfish and Turtles (Quality Progress) Regardless of industry, a typical quality program consists of multiple elements, including internal audits. The process grid walk model is an internal audit initiative that features a self-sustainable self-check method with verifiable deliverables at minimum operating cost.
Auditing Strategy For ISO 9001:2015 (Journal for Quality and Participation) Auditing an organization for compliance with ISO standards has two parts: conformance audits and performance audits.
Relating Evidence To Conclusions (PDF) Standards experts and members of U.S. TAG 176 explain that if the intent of an audit is to assess the effectiveness of processes in relation to requirements, auditors must be open to audit a process in relation to the inputs, outputs, and other contributing factors, such as objectives or the infrastructure involved.
Videos
ISO 9000 and Audits
The Changing Role of Remote Audits
您还可以搜索文章、案例研究和出版物以获得审计资源。
书籍
ASQ注册质量审核员手册
内部质量审核
高级质量审核
文章
审计：一切尽在方法（质量进步）为了有效地使用过程方法，组织和审核员都必须理解一个部门和该部门所采用的质量管理体系过程之间的区别，审核员必须对他们所审核的过程有能力。
海星和海龟（质量进度）无论在哪个行业，一个典型的质量计划都由多个要素组成，包括内部审核。过程网格步行模型是一个内部审计的倡议，具有自我可持续的自我检查方法，以最低的运营成本可验证的交付成果。
ISO 9001：2015(质量和参与杂志)的审计战略审计一个组织是否符合ISO标准有两个部分：一致性审计和绩效审计。
将证据与结论相关联（PDF）标准专家和U.S. TAG 176成员解释说，如果审核的目的是评估与要求相关的过程的有效性，审核员必须开放地审核与输入、输出和其他影响因素相关的过程，如目标或所涉及的基础设施。
视频
ISO9000和审核
远程审计角色的变化

BECOME A CERTIFIED AUDITOR WITH ASQ 成为ASQ的注册审计师

ASQ certification is a formal recognition that you have demonstrated a proficiency within, and comprehension of, a specific body of knowledge. In 2016, ASQ Certification exams changed from paper and pencil to computer-based testing via computer at one of the 8,000 Prometric testing facilities, which allows for additional annual exam administrations, greater availability of exam days, faster retesting, and faster test results. Learn more about computer-based testing.
ASQ认证是对您在特定知识体系中的熟练程度和理解程度的正式认可。2016年，ASQ认证考试从纸制和铅笔式考试转变为基于计算机的考试，在八千个考试机构中的一个通过计算机进行考试，这样就可以增加年度考试管理，增加考试天数，加快复试速度，加快考试结果。了解更多关于基于计算机的测试。