4 minute read time.
When seeking to audit a project it helps to adopt a process thinking approach to the task.  By this it is meant that there are inputs, the process stages themselves within a defined boundary, and process outputs.  It is also important to be fully aware of the environment which surrounds the project (stakeholders, regulators, legislation, standards, codes of practice etc) and expectations thereof.  This blog entry seeks to identify some of the dimensions of the above by way of offering thought prompts that the reader can take to reflect upon and identify key issues for their consideration.
Auditing and process reviews occur in many guises.  In consideration of this, the author suggests that there are 10 types of Quality Audit that are commonly encountered.  These are:


  1. Design Control Audits - These are generally found within highly regulated industries (Nuclear, MOD, Aerospace, Automotive, Rail, Marine etc).  They ensure that manufacturers follow a formalized process that results in an end-product that meets acceptable quality and safety standards and adequately serves user needs. A design plan and design inputs and outputs are reviewed against defined acceptance criteria and a formal risk analysis is conducted.

  • Environmental Audits - Used to ensure compliance to regulatory standards relating to the environment.  It also looks to ensure that the company has an effective environmental policy and that the company (or project) culture promotes environmental awareness.

  • Facilities Audits - A facilities audit addresses quality concerns of a corporation’s assets (e.g. review of building systems such as HVAC, manufacturing equipment or technology).   These can also include safety systems and identify improvements that could affect quality and reliability outcomes.

  • Method Valuation Audits - A method validation audit is used by regulatory authorities to ensure that the analytical test methods used in the are standardized, reproducible and documented. This methodology is applied to testing that requires consistency and accuracy, usually in cases of products manufactured for human use (e.g. Drugs and Medical Equipment), laboratory or on-site testing (e.g. Nuclear, Scientific etc). 

  • Production/Project Audits - Generally implemented when key project stages are reached, or in line with defined audit strategies, re-certification, skills management re-qualification, process changes, continued non conformance or system failures.

  • Quality Management System Audits - This is used to examine a company's Quality Management System's effectiveness in delivering assurance, governance and compliance with all relevant standards and regulations applicable to the organisation's operations.

  • Regulatory Audits - These are conducted to verify compliance with a specific set of regulations or standards (e.g. Regulatory agencies (UK) which include: (a) Agencies - DEFRA, ONR, DSNR, HSE, GMC, (b) Standards - ISO 9001:2015, ISO 14001:2015, ISO 45001:2018, AQAP, ASME, etc.

  • Risk Assessment Audits - The identification of potential workplace hazards which also included the categorisation of each risk so that preventative measures are defined and implemented. All risks can be identified, preventative measures then prioritized, preventing adverse workplace and economic consequences.

  • Safety Audits - Reviews plans and procedures defined and applied to protect the safety and well being of the organisations staff.  This can include reviews of equipment operation, method statements, risk assessments, accident rates, accident investigation processes and responses, and safety policy and culture.

  • Supplier Audits - Used to monitor, manage and control the quality of products and services originating from the organisations supply base.  It is used to introduce accountability within suppliers.  The use of KPI's and review of audit findings can be used to quickly identify areas for improvement (NCR's), address non-conformances to expectation and requirement, whilst recognising areas which are well done [Plaudits].



There are five essentials to the process of auditing which any auditor should consider and address during a review.  They being:


  1. Process - Every project is a process, or series of interdependent processes.  In taking a process approach to an audit is essential to know that every process has a series of Inputs, Resources, Activities, Controls, and Outputs.

  • People - Auditing requires skilful communication throughout the complete process.  Successful auditors relate to people who work in, affected by, or own the process.

  • Performance - This should be measured against the expectation of standards, project control systems, reporting systems.

  • Evidence - When conducting an audit a finding can only exist if it is supported by evidence.  Evidence and objectivity is the Key foundation for any audit activity throughout the review process.

  • Perspective -Any findings resulting from an audit must be able to be put into perspective to facilitate the audited organisation or project to prioritise findings and rate/level of response when seeking to address Non-Conformances, Observations, Opportunities for Improvement and identified Points of Excellence.  Upon completion of any findings a common sense approach should always be applied when seeking to address the findings.  Through the audit process and review of the findings full consideration as to the impact of risk should always be considered.

Guidance when seeking to conduct audits can be found in:


  1. ISO 19011:2018: - Guidelines for Auditing Management Systems

  • ISO/IEC 27007 ISMS Audit Standard