I. Auditing Fundamentals (37 Questions)
|
|
A. Types of Quality Audits |
1. Types
- Define, differentiate, and analyze various audit types, including product, service, process, desk (e.g., questionnaire-based assessments), department, function, element, system, management, and integrated (combined and joint), hybrid, and remote. (Analyze)
2. Auditor-auditee relationship and context
- Define, differentiate, and analyze various audit types based on the relationship between the auditor and auditee, including first-party, second-party, third-party, and their context (internal and external). (Analyze)
3. Purpose
- Define, differentiate, and analyze various audit types based on their purpose, including verification of corrective and preventive action (CAPA), risk-based audits, accreditation (registration), compliance, surveillance, and for-cause audits. (Analyze)
4. Common elements with other audits
- Explain and apply the elements shared by quality audits and other types of audits, such as sustainability, environmental, safety, and financial audits. These include audit purposes, data gathering techniques, and tracing methods. (Apply)
|
|
B. Purpose and Scope of Audits |
1. Elements of purpose and scope
- Describe and determine how the purpose of an audit influences its scope. (Apply)
2. Benefits of audits
- Analyze how audits provide an independent assessment of system effectiveness and efficiency, financial risks, cybersecurity risks, and other organizational measures. (Analyze)
|
|
C. Criteria to Audit Against |
- Define and distinguish between various audit criteria, such as external (industry, national, international) standards, contracts (including quality agreements), specifications, policies, and internal quality management system (QMS). (Analyze) |
|
D. Roles and Responsibilities of Audit Participants |
- Define and choose the appropriate functions and responsibilities of key audit participants, including audit team members, lead auditor, client, auditee, observer, and other relevant stakeholders. (Apply) |
|
E. Professional Conduct and Consequences for Auditors |
1. Professional conduct and responsibilities
- Define and apply the ASQ Code of Ethics, emphasizing due diligence, due care, and ethical responsibilities, including confidentiality and conflict of interest. Choose appropriate actions in response to illegal activities or unsafe conditions. (Apply)
2. Legal consequences
- Identify the potential legal and financial impacts of improper auditor actions (e.g., carelessness, negligence) in various situations. Consider how certain audit results may affect an auditee’s liability. (Analyze)
3. Audit credibility
- Identify and apply key factors that influence audit credibility, including auditor independence, objectivity, and qualifications. (Apply)
|
II. Audit Process (45 Questions)
|
|
A. Audit Preparation and Planning |
1. Elements of the audit planning process
- Evaluate and implement the basic steps in audit preparation and planning. Verify audit authority and determine the purpose, scope, type, and format (e.g., on-site, remote, or hybrid) of the audit. Identify the criteria to audit against such as, customer-specific requirements, applicable standards, regulations, and laws. Map and understand process relationships and boundaries. Determine the necessary resources, including the size and number of audit teams, and documentation requirements. (Evaluate)
2. Auditor selection
- Identify and examine key criteria for selecting auditors, including education, experience, industry background, subject-matter or technical expertise, and independence from the audited activity. (Analyze)
3. Audit-related documentation and considerations
- Identify the sources of pre-audit information and examine audit-related documentation, including audit criteria references, gap assessments, and results from prior audits. (Analyze)
4. Logistics
- Prepare and arrange audit-related logistics, including, safety and security considerations, the need for escorts, confidentiality agreements, clear right of access, and facility accommodations such as internet access, workspace, and personal protective equipment (PPE). (Apply)
5. Auditing tools and working papers
- Use the appropriate sampling plan, method, and procedural guidelines for the specific audit. Select and prepare working papers, such as checklists, log sheets, and forms, to document the audit and specify the method of documentation (manual or electronic). (Apply)
6. Auditing strategies
- Identify and use various tactical methods for conducting an audit, such as forward and backward tracing, discovery, observation, and other relevant techniques. (Apply)
7. Audit plan
- Create an audit plan based on information gathered during the audit planning process. Share the plan with the client and/or auditee and distribute it to relevant stakeholders. (Create)
|
|
B. Audit Performance |
1. On-site audit management for the auditor
- Evaluate situations during the audit to assess time management and identify the need for changes. Adjust planned audit team activities, reallocate resources, reassess the audit plan as needed, and ensure timely communication of audit status, findings, and observations to the auditee. (Evaluate)
2. On-site audit management for the auditee
- Identify and apply techniques to manage and facilitate the audit process on behalf of the auditee organization. This includes acting as a liaison between auditee management and the auditing organization, accompanying auditors during data-collection, providing clarifying information, and confirming or disputing observations, nonconformities, and findings. (Analyze)
3. Opening meeting
- Manage the opening meeting of an audit by defining its purpose and scope, explaining the scoring or rating criteria to be used, recording attendee attendance, reviewing the audit schedule, and addressing any questions. (Apply)
4. Audit data collection and analysis
- Use various data collection methods to capture information: conducting interviews, observing work activities, taking physical measurements, and examining documents. Evaluate the results to determine their importance for providing audit evidence. (Evaluate)
5. Establishment of objective evidence
- Identify and differentiate the characteristics of objective evidence, including observed, measured, confirmed, corroborated, and documented. (Analyze)
6. Organization of objective evidence
- Classify evidence based on its significance, severity, frequency, and level of risk. Assess its potential impact on the product, process, system, and cost of quality, and determine if further investigation is needed to fulfill the audit scope. (Evaluate)
7. Exit and closing meetings
- Formally manage exit and closing meetings by reiterating the audit’s purpose, scope, and scoring or rating criteria, and creating a record of the attendees. Present the audit results and obtain concurrence on evidence that may lead to an adverse conclusion. Discuss the next steps, such as follow-up audits or additional evidence-gathering, and clarify who is responsible for those actions. (Apply)
|
|
C. Audit Reporting |
1. Report development and content
- Group observations into actionable findings, highlighting their significance and assessing the severity and risk to the client and auditee. Follow appropriate steps to generate the audit report, including organizing and summarizing details, reviewing and finalizing results, emphasizing critical issues, and assigning unique identifiers or codes to facilitate tracking and monitoring. (Create)
2. Effective reports
- Develop and evaluate the key components of effective audit reports, including background information, an executive summary, and prioritized results such as observations, findings, opportunities for improvement. Present information clearly and effectively, using analytical tools to highlight conclusions, and establish a timeline for auditee responses and corrective actions. (Create)
3. Final audit report steps
- Obtain the required approvals for the audit report and distribute it following established procedures. Identify the contents of the audit file and ensure its retention complies with organizational policies and procedures. (Apply)
|
|
D. Audit Follow-Up and Closure |
1. Elements of the corrective and preventive action (CAPA) process
- Identify and evaluate key elements of the CAPA process, including assigning responsibility for problem identification, conducting root cause analysis, and implementing measures to prevent recurrence. (Evaluate)
2. Review of corrective and preventive action (CAPA) plan
- Evaluate the acceptability of proposed CAPA and its completion schedule. Identify and apply strategies to negotiate changes to plans deemed unacceptable. (Evaluate)
3. Verification of corrective and preventive action (CAPA)
- Evaluate the adequacy of the CAPA by verifying new or updated procedures, observing revised processes, and conducting follow-up audits. (Evaluate)
4. Follow-up on ineffective corrective and preventive action (CAPA)
- Develop strategies for addressing CAPAs that are not implemented or prove ineffective. These may include escalating the issue to higher management, reissuing the CAPA request, or conducting a re-audit. (Create)
5. Audit closure
- Identify and apply the key elements and criteria required for audit closure. (Apply)
|
III. Auditor Competencies (30 Questions)
|
|
A. Auditor Characteristics |
- Identify the characteristics that contribute to an auditor’s effectiveness, including interpersonal skills, problem-solving abilities, attention to detail, cultural awareness and sensitivity, diplomacy, and the ability to work both independently and collaboratively as part of a team. Additionally, apply lead auditor characteristics such as negotiation skills and the capability to direct an audit team by leveraging the strengths and addressing the weaknesses of team members. (Apply) |
|
B. On-Site Audit Resource Management |
- Identify and apply techniques to manage audit teams, schedule meetings and activities, and handle logistical adjustments effectively. (Apply) |
|
C. Conflict Resolution |
- Identify common conflict situations, such as mild to severe disagreements, auditee delaying tactics, or interruptions. Determine appropriate techniques for resolution, including asking questions, clarifying requests, reiterating ground rules, involving another authority, or implementing cool-down periods. (Analyze) |
|
D. Communication and Presentation Techniques |
- Evaluate and apply effective communication techniques, including written, oral, and electronic methods, for delivering presentations during opening, closing, and ad hoc audit meetings. Evaluate and apply appropriate technical and managerial reporting techniques, such as graphs, charts, and diagrams for various contexts, including domestic, global, inperson, remote, and multiple sites environments. (Evaluate) |
|
E. Interviewing Techniques |
- Select and use appropriate interviewing techniques and methodologies. (Apply)
1. Use open-ended or closed question types.
2. Apply active listening, paraphrasing, and empathy.
3. Recognize and respond to non-verbal cues, such as body language and pauses.
4. Determine when and how to prompt a response, considering factors such as the presence of supervisors, group interviews, and the use of translators. |
|
F. Team Dynamics |
Define, describe, and apply various aspects of team dynamics. (Apply)
1. Team building:
- Clarify roles and responsibilities for participants and leaders to ensure equitable treatment, provide clear direction for deliverables, and identify and ensure the availability of necessary resources.
2. Team facilitation:
- Offer coaching and guidance, resolve conflicts between members, encourage input from all participants, foster objectivity, monitor progress, and promote diverse perspectives and consensus.
3. Stages of team development:
- Forming, storming, norming, performing, and adjourning.
|
IV. Audit Program Management and Business Applications (23 Questions)
|
|
A. Audit Program Management |
1. Senior management support
- Identify and explain management’s role in establishing and supporting the audit function. (Understand)
2. Staffing and resource management
- Develop staffing budgets that allocate sufficient time for auditors to plan, conduct, and respond to scheduled audits, while also accounting for the time and resources required by internal auditees. Consider the requirements for special audits, such as outsourced, contracted, shared, or integrated audits, based on factors like costs and geography. Regularly evaluate audit results and adjust resources as necessary. (Evaluate)
3. Auditor training and development
- Identify minimum audit knowledge and skill requirements for auditors. Provide training on the audit process and relevant (industry-specific) standards, regulations, and legal requirements. Include training on diversity and cultural influences (ethnicity, gender, age, organized labor, etc.) and facilitation techniques. Examine how such factors can affect communications and other interactions among audit participants. Define requirements for continuing education to maintain auditor qualifications. (Evaluate)
4. Audit program evaluation
- Select appropriate metrics to evaluate the effectiveness of the audit program, including its impact on the organization’s bottom line and risk level. (Evaluate)
5. Internal audit program management
- Develop policies, procedures, schedules, and periodic review cycles (e.g., quarterly, biannually, annually) to support the organization’s objectives. Conduct periodic reviews to identify systemic trends from internal audit results and recommend system enhancements to improve performance and address emerging risks. (Create)
6. External audit program management
- Develop procedures, policies, and schedules to support the supplier management program. This includes activities such as supplier qualification surveys, surveillance audits, self-assessment, and initiatives for supplier improvement. (Create)
7. Best practices
- Assess audit results to identify and standardize best practices and lessons learned throughout the organization. (Evaluate)
8. Organizational risk management
- Analyze how the audit program affects an organization’s risk level and how the risk level can influence the number and frequency of audits performed. Assess organizational preparedness through business continuity planning (e.g., disaster planning) and succession planning to ensure alignment with risk management objectives. (Analyze) [Note: Tools and techniques for managing risk are covered in BoK area V.H.]
9. Management review input
- Examine and summarize audit program results, trends, and risk changes to provide meaningful input for management reviews. (Evaluate)
10. Electronic records and computerized system considerations
- Identify and apply techniques for detecting issues related to data integrity, fraud, and cybersecurity when auditing systems involving electronic records or computerized systems. Recognize when it is appropriate to evaluate practices related to data integrity, retention, and retrieval, as well as the management of electronic documents, records, computerized systems (e.g., cybersecurity) within the audit process. (Apply)
|
|
B. Business and Financial Impact |
1. Auditing as a management tool
- Use audit results to monitor continuous improvement, supplier management, customer satisfaction, and organizational metrics. Analyze metrics and performance data to provide management with an independent view of the strategic plan’s effectiveness and how well it is deployed. (Analyze)
2. Interrelationships of business processes
- Identify the interconnections between business units, such as receiving, product and process design, production, engineering, sales, marketing, and field support, as well as across multiple sites. Recognize how their unique metrics and goals may create potential conflicts. (Understand)
3. Cost of quality (COQ) principles
- Identify, describe, and analyze how the audit program impacts the four COQ categories: prevention, appraisal, internal failure, external failure. (Analyze)
|
V. Quality Tools and Techniques (15 Questions)
|
|
A. Basic Quality and Problem-solving Tools |
- Identify, interpret, and analyze: 1) Pareto charts, 2) cause and effect diagrams, 3) flowcharts, 4) statistical process control (SPC) charts, 5) check sheets, 6) scatter diagrams, 7) histograms, 8) root cause analysis (e.g., 5 Whys), 9) plan-do-check-act (PDCA). (Analyze) |
|
B. Process Improvement Techniques |
1. Six Sigma
- Identify, interpret, and apply the phases of the Six Sigma DMAIC methodology: Define, Measure, Analyze, Improve, Control. (Apply)
2. Lean
- Identify, interpret, and apply lean principles and tools, including 5S, standard operations, kanban (pull systems), error-proofing, value-stream mapping, and 8 wastes. (Apply)
|
|
C. Basic Statistics |
1. Measures of central tendency
- Identify, interpret, and use mean, median, and mode. (Apply)
2. Measures of dispersion
- Identify, interpret, and use standard deviation and frequency distribution. (Apply)
3. Qualitative and quantitative analysis
- Describe qualitative data by its nature, type, or attributes, and explain how to quantify it using methods such as coding, grouping, or categorizing. Explain how quantitative data is used to identify patterns, trends, or variations and determine whether a problem is systemic or isolated. (Understand)
|
|
D. Process Variation |
1. Common and special cause
- Identify and differentiate between common and special cause variation. (Apply)
2. Process performance metrics
- Describe the elements of Cp and Cpk process capability studies, including process centering, process stability, specification limits, and underlying distribution. Explain how these studies and other performance metrics are used to support and achieve established goals. (Understand)
3. Outliers
- Define outliers, identify their significance, their potential impact on process performance, and methods for identifying them. (Apply)
|
|
E. Sampling Methods |
1. Acceptance sampling plans
- Use acceptance sampling plans for attributes and variables data. (Apply)
2. Types of sampling
- Define and choose between random, stratified, and cluster sampling. Identify the uses and potential problems of non-statistical sampling, including risk-based sampling and measurement systems analysis (MSA). (Apply)
3. Sampling terms
- Define key terms related to sampling, such as consumer risk, producer risk, and confidence level. (Understand)
|
|
F. Change Control and Configuration Management |
- Identify the principles of change control and configuration management systems as applied to various areas, including hardware, software (with security considerations), products, processes, and services. (Understand) |
|
G. Verification and Validation |
- Define and differentiate between verification and validation. Identify qualifications necessary for conducting these activities and use appropriate methods to perform them effectively. (Analyze) |
|
H. Risk Management Tools |
- Identify methods for managing risk, including avoidance, mitigation, and tradeoffs. Describe tools and techniques for estimating and controlling risk, such as failure mode and effects analysis (FMEA), process failure mode and effects analysis (PFMEA), design failure mode and effects analysis (DFMEA), hazard analysis and critical control points (HACCP), critical-to-quality (CTQ) analysis, and strengths, weaknesses, opportunities, threats (SWOT) analysis. (Understand) [Note: Organizational risk management is covered in BoK area IV.A.8.] |
To achieve the professional designation of ASQ Certified Quality Auditor from the ASQ, candidates must clear the CQA Exam with the minimum cut-off score. For those who wish to pass the ASQ Quality Auditor certification exam with good percentage, please take a look at the following reference document detailing what should be included in ASQ Quality Auditor Exam preparation.
