Digging
deeper into
procurement
When auditing supply chain and procurement processes auditors must look closely advises the
When developing a quality management system, many organizations put in place systems to control the procurement of products and services and the verification of purchased products to satisfy the requirements of clause 7.4 of ISO 9001. Similarly, auditors may consider it sufficient to confirm compliance by checking that an organization’s approved supplier list is up to date, that orders have been placed only with those approved suppliers and that activities necessary for meeting specified purchase requirements have been carried out.
In many instances, however, this approach may not be sufficient to ensure that purchased products and services meet original specifications in all respects. In such instances, it would be preferable to review the wider processes for procurement management and the supply chain.
Auditing the procurement process
When auditing the process for the management of procurement, auditors must keep in mind that procurement starts right at the beginning of the process during the design and development of a product when a specification is prepared. Auditors must also consider the inter-departmental discussions that take place to ensure that potential suppliers can provide a product or service that meets the design specification or organization’s needs at the required cost.
The organization should also ensure that the specified purchase requirements are correct prior to their communication to the supplier and that statutory and regulatory requirements have been included in the purchase requirements. Finally, the organization must have analyzed and considered the degree of risk associated with a component product and the controls required to ensure that it meets the design specification have been assessed.
For those tasked with auditing procurement systems, the following practical suggestions will help to confirm that these crucial elements have been adequately considered:
- Confirm that the specification quoted in a purchase order is the same as the specification contained in the design (or the specification received from the customer)
- Identify whether or not there were discussions between the organization and potential suppliers regarding the design specification of critical components during the design process or prior to an order being placed
- Identify whether or not there was there some form of ‘approval’ of the specification before the final specification or order was confirmed to the supplier
- Confirm that the purchase order contained or referred to any statutory or regulatory requirements.
Auditing the supply chain
In many cases, audits of the evaluation and selection of suppliers simply consists of a review of the organization’s approved supplier list and whether this list has been reviewed at regular intervals. However, this type of simple analysis may not be sufficient to ensure that an organization has effective control of all of those suppliers in its supply chain. When auditing supply chain processes auditors should ask:
- Are the suppliers of critical component products selected only on their ability to supply at an economical price or is their ability to supply consistently to specifications also taken into consideration?
- Are suppliers included in approved lists solely on their continued registration against a recognized quality standard or is the scope of this registration reviewed?
- How frequently are credit notes raised by the organization for products rejected but subsequently accepted by the organization?
- How many concessions have been raised allowing the organization to accept previously rejected products?
In some cases, it may be advantageous for the organization to audit the intended supplier to establish clear lines of communication, product specifications and delivery parameters.
Generally, for an experienced auditor, reviewing the procurement process and supply chain of an organization is straightforward common sense but there are situations where the nature of the product and components may indicate that additional investigation is necessary. Every product is unique just as all audit situations are unique.
About the author
The ISO 9001 Auditing Practices Group is an informal group of quality management system experts, auditors and practitioners drawn from ISO/TC 176 and the IAF. It has developed a number of guidance papers and presentations that contain explanations about the auditing of quality management systems. These reflect the process-based approach that is essential for auditing the requirements of ISO 9001
- Building on safety
- What we eat
- Getting online
- ISO 19011 vs ISO/IEC 17021-2
- Get chartered: become a CQP
- Digging deeper into procurement
This article is an edited version of ‘Auditing the procurement and supply chain processes’ from the website of the ISO 9001 Auditing Practices Group and is reproduced courtesy of ISO and the IAF. These papers were developed on current best practice and therefore have not been formally endorsed as IAF guidance or ISO/TC 176 interpretations. Follow the link for further information about the Auditing Practices Group