Quality Audit


Why, What, How?

Quality Management vs Quality Audit

In the ePMbook, we will make a distinction between Quality Management and Quality Audit.

These concepts are related, but should not be confused. In particular, Quality Audit relates to the approach to quality that is laid down in quality standards such as the ISO-900x standards.

The abbreviation "QA" has been generally avoided in the ePMbook as it can mean different things - eg "Quality Assurance", "Quality Audit", testing, external reviews, etc.

In this section, we discuss Quality Audit.


The principle behind Quality Audit

The principles of Quality Audit, in the sense we mean it here, are based on the style of quality standards used in several formal national and international standards such as the ISO-900x international quality standards. These standards do not in themselves create quality. The logic is as follows.

Every organisation should define comprehensive procedures by which their products or services can be delivered consistently to the desired level of quality. As was discussed in the section on Quality Management, maximum quality is rarely the desired objective since it can cost too much and take too long. The average product or service provides a sensible compromise between quality and cost. There is also a legitimate market for products that are low cost and low quality.

Standards authorities do not seek to make that business judgement and enforce it upon businesses, except where certain minimum standards must be met (eg all cars must have seat belts that meet minimum safety standards, but there is no attempt to define how elegant or comfortable they are).

The principle is that each organisation should create thorough, controlled procedures for each of its processes. Those procedures should deliver the quality that is sought. The Quality Audit, therefore, only needs to ensure that procedures have been defined, controlled, communicated and used. Processes will be put in place to deal with corrective actions when deviations occur. This principle can be applied to continuous business process operations or recurring project work. It would not be normal to establish a set of quality controlled procedures for a one-off situation since the emphasis is consistency.

This principle may be applied whether or not the organisation seeks to establish or maintain an externally recognised quality certification such as ISO-900x. To achieve a certification, the procedures will be subjected to internal and external scrutiny.


Preparing for Quality Audit

Thorough procedures need to be defined, controlled, communicated and used.


Thorough Procedures should cover all aspects of work where conformity and standards are required to achieved desired quality levels. For example, one might decide to control formal program testing, but leave the preliminary testing of a prototype to the programmer's discretion.
Procedures Any recurring aspect of work could merit regulation. The style and depth of the description will vary according to needs and preferences, provided it is sufficiently clear to be followed.
Defined A major tenet is that the defined procedures are good and will lead to the desired levels of quality. Considerable thought, consultation and trialing should be applied in order to define appropriate procedures. Procedures will often also require defined forms or software tools.
Controlled As with any good quality management, the procedures should be properly controlled in terms of accessibility, version control, update authorities etc.
Communicated All participants need to know about the defined procedures - that they exist, where to find them, what they cover. Quality reviewers are likely to check that team members understand about the procedures.
Used The defined procedures should be followed. Checks will be made to ensure this is the case. A corrective action procedure will be applied to deal with shortcomings. Typically the corrective action would either be to learn the lesson for next time, or to re-work the item if it is sufficiently important.


There is no reason why these Quality Audit techniques should conflict with the project's Quality Management processes. Where project work is recurring, the aim should be for the Quality Methods and other procedures to be defined once for both purposes.

Problems may occur where the current project has significant differences from earlier ones. Quality standards may have been set in stone as part of a quality certification. In extreme situations this can lead to wholly inappropriate procedures being forced upon the team, for example, using traditional structured analysis and design in a waterfall style approach for what would be handled best using iterative prototyping. The Project Manager may need to re-negotiate quality standards with the organisation's Quality Manager.


Operating Quality Audit

A Quality Audit approach affects the entire work lifecycle:

This should be seen as an underlying framework and set of rules to apply in the project's Quality Management processes.


Quality Audit reviews

Although the impact of Quality Audit will be across all parts of the lifecycle, specific Quality Audit activities tend to be applied as retrospective reviews that the Project Team correctly followed its defined procedures. Such reviews are most likely to be applied at phase end and project completion. Of course, the major drawback of such a review is that it is normally too late to affect the outcome of the work. The emphasis is often on learning lessons and fixing administrative items. In many ways, the purpose of the review is to encourage conformity by the threat of a subsequent bad experience with the quality police.


Case Study

A famous Programme Management guru joined a major consultancy. He was invited to review the firm's methodology. His first pronouncement was...

..."you should have a version number and date on the bottom of every page".





ePMbook - click to re-load
Copyright ©  Simon Wallace, 1999-2016