Category: Auditing

Gap Analysis Vs. Pre-assessment for a Standards Audit

Audit, audit by exception

Question:
Can you clarify the difference between a gap analysis and a pre-assessment in relation to an activity that takes place prior to the full compliance audit? It is my understanding that a gap analysis compares something against a set performance level or standard requirement and an assessment is the collection and analysis of information to determine the projected compliance of an organization to a standard. Both provide the answer of what is missing, but the gap analysis also provides information on where an organization wants to be without going so far as to telling the organization how to get there (consulting).

Response:
Thanks for contacting ASQ’s Ask the Experts program. With regard to your question, the primary difference between a gap analysis and a pre-assessment is that a gap analysis applies to management systems such as ISO 9001:2008, ISO TS29001 or others. A gap analysis is typically the initial step in the QMS certification process. It is used to identify areas within a quality management system that do not meet defined requirements for certification. This can include processes, persons or product. The results of the gap analysis are based upon objective evidence, such as records reviewed, interviews conducted and observations made, to evaluate an Auditee’s conformance with requirements.
A pre-assessment is usually the initial phase of the accreditation process. A pre-assessment, or a practice assessment, is conducted prior to a conformity assessment to identify areas that must be improved or corrected before accreditation can be obtained. Unlike a compliance audit where the Auditor verifies conformance based upon objective evidence as mentioned earlier, an Assessor is also focused on assessing an organization’s competencies and performance of required tasks, such as measurement of uncertainty (MU), metrological traceability and proficiency testing (PT) as defined by ISO 17025:2005 and referred to by some as the “big three”.
A commonality shared by a gap analysis and a pre-assessment is that they both identify nonconformities or gaps between what exists and what is required by the standard or other defined criteria.
As you are aware, “gap analysis” and “pre-assessment” are not interchangeable terms. A gap analysis is associated with QMS certification or registration as issued by a Registrar and pre-assessment or practice assessment is associated with an activity performed prior to conducting a conformance assessment for accreditation. ISO 9000:2005 and ISO 17000:2004 provide vocabulary and terms for ISO 9001:2008 and ISO 17025:2005 quality management systems, respectively. Additional vocabulary and terms, as applicable to ISO 17025:2005, are provided in ISO/IEC Guide 99:2007, International Vocabulary of Metrology.

I hope this helps.

Best regards,

Bill

Bill Aston, Managing Director
Aston Technical Consulting Services, LLC
Kingwood, TX 77339
Website: www.astontechconsult.com

For more on this topic, please visit ASQ’s website.

Audit by Exception

Audit, audit by exception

Question:

I would like information regarding the use of the internal auditing method referred to as “audit by exception”. While this method sounds like it may provide a much more efficient use of my time and my Manager’s/employees time, I have no idea how this is accomplished in a manner that can still be compliant and what proof would be deemed acceptable when going through my external RAB certified audit. I am referring specifically to ISO 9001:2008 in regards to auditing. I currently audit every process/process owner every 6 months in a calendar year and it is a full week of audit time each audit. Thank you.

Response:

Thanks for contacting ASQ’s Ask the Expert program. With regard to your inquiry, I suggest that you continue to use an audit methodology that best serves your organization’s requirements. As you are aware, “auditing by exception”, is a practice that is utilized in the financial sector. The terminology “audit exception” in this case, has the same meaning as an “audit finding”. Since internal audits are one of the most important tools that an organization has to assess the effectiveness and continual improvement their quality management system, auditing by exception may not provide the level of information needed to keep your organization’s top management and it’s process owners adequately informed.
In my opinion, an effective internal audit will focus as much on identifying opportunities for improvement (OFI) as documenting audit findings. A robust internal audit report will identify nonconformances, but will equally focus on areas that can be improved or that have improved. To sustain continual improvement of a new or a matured QMS, the process owners and employees must be kept informed and engaged. One of the ways to accomplish this, is to share audit results that report on findings, OFI and the status of objectives or targets that have been established. Auditing by exception, usually will not provide this level of reporting.

Please note, ISO 9001:2008, clause 8.2.2, does not prescribe any particular audit methods to be used for 1st, 2nd or 3rd party audits. Each organization is expected to select audit techniques that best suit the scope and objective of the audit to be conducted.

I hope this helps.

Best regards,

Bill Aston, Managing Director
Aston Technical Consulting Services
Kingwood, Texas