The Registrar Company

TRC Audit Process

Audit and Registration of Management Systems

  1. Purpose
    1. The purpose of this procedure is to identify the responsibility and authority and provide a process for planning, conducting and reporting of initial, surveillance or re-registration audits for issuance of certificates of registration.
  2. Responsibility
    1. The TRC Client Services Manager is responsible for ensuring assignment of qualified audit personnel to perform audit activities; the VP of Accreditation shall remain accountable.
    2. TRC Qualified Reviewers are responsible for making decisions or authorizing decisions with regard to the granting, renewing, suspending, or withdrawing of client registrations.
    3. For Aerospace Audits: TRC Aerospace Client Services Manager shall be responsible for ensuring required audit data is entered into the OASIS database, per AS 9101 and the AS 9104/1 Appendix C “Information To Be Uploaded Into The Online Aerospace Supplier Information System Database”.
  3. Definitions
    1. Nonconformity – the absence of, or the failure to implement and maintain one or more quality management system requirements, or a situation that would, on the basis of objective evidence, raise significant doubt as to the quality of what the organization is supplying.
        1. Major Nonconformity is either: a) the absence or total breakdown of a quality management system element that results in failure to meet a specified requirement; or b) a nonconformance that judgment and experience indicate is likely either to result in the failure of the quality management system or to materially reduce its ability to assure controlled processes, products or services or c) where the effect is judged to be detrimental to the integrity of the product, processes or service or d) an instance or multiple instances where compliance to legal or regulatory requirements are not addressed and has a negative impact on the environment.
        2. Minor Nonconformity is either: a) a single observed lapse in following one item of a company’s quality management system; or b) a nonconformance that judgment and experience indicate is not likely to result in the failure of the quality management system or reduce its ability to assure controlled processes, products or services; or c) a single system failure or lapse in conformance with a procedure relating to the AQMS standard or d) an instance or multiple instances where compliance with legal or regulatory requirements are not addressed but do not have an impact on the environment.

      NOTE 1: a number of minor nonconformities against one requirement can represent a total breakdown of the system and this can be considered as a major nonconformity.

      NOTE 2: if during an EMS audit an organization is observed as having a noncompliance against a legal requirement, the lapse is written as nonconformity against a clause of the ISO 14001 Standard, not against a law or regulation the organization fails to meet.

      1. Stage 1 – The combined assessment of the client’s documented management system and preparedness for the Stage 2 audit. Typically, this consists of a 0.5 day review, which can be either off-site or on-site contingent upon the agreement obtained from both the client and Lead Auditor, of Tier 1 & 2 documents and an on-site assessment of the client facility to plan and prepare for Stage 2.
      2. Stage 2 – An assessment performed on-site at a client’s facility to confirm the organization’s management system adheres to policies, procedures, and objectives of the applicable standard or normative documents and to assess the overall implementation and effectiveness of the management system to a defined scope of activities.
  4. Assigning of New Clients
    1. Once the Sales Manager has effectively won a new contract with a new client they submit the signed proposal and signed Terms & Conditions to the VP of Accreditation for review and assignment of Client Services Manager.
    2. The VP of Accreditation reviews all relevant documents and assigns the Client Services Manager based on workload, audit scheme and location.
    3. The VP of Accreditation signs the Terms & Conditions and returns a fully executed copy to the Client Services Manager for distribution to the client.
  5. Planning Audits
    1. Prior to the Stage 1 Audit, an audit programme for the full certification cycle will be developed to clearly identify the audit activities required to demonstrate that the client’s management system fulfils the requirements for certification to the selected standard(s) or normative document(s).
      1. The audit programme will be documented and will include a two-stage initial audit, surveillance audits in the first and second years, and a recertification audit in the third year prior to expiration of certification.
        1. Determination of the audit programme and any subsequent adjustments shall consider the following:
          1. Size of the client organization;
          2. The scope and complexity of its management system;
          3. Products and processes as well as the demonstrated level of management system effectiveness; and
          4. The results of any previous audits.
    2. All audits are planned/scheduled in accordance with Work Instruction 9-02-D.
    3. Planning for multiple site registrations is conducted based on Work Instruction 9-02-D and Quality System Procedure 09-05.
    4. Auditors are assigned in accordance with Work Instruction 9-02-D.
  6. Initial Certification Audit
    1. Stage 1 Audit
      1. Client’s Documented Management System (QMS, EMS, AQMS)
        1. A detailed review of the client’s documented management system, Tier 1 and Tier 2 (manual and procedures respectively) is conducted to determine conformance with the applicable management system requirements.
        2. The documented system must be reviewed and approved prior to the Stage 2 assessment.
        3. The assigned, qualified individual performs this review in accordance with the applicable TRC Audit Report.
        4. For AS 9100/9120 audits, the review shall be performed by a qualified aerospace auditor and will include any additional quality system processes established to meet customer needs.
        5. For EMS document review, the review shall be conducted by a qualified EMS auditor and shall include:
          1. EMS documentation, including procedures;
          2. A description of the organization and its on-site processes;
          3. An indication of environmental aspects and their associated impacts and the determination of significant environmental aspects (at minimum at least one significant environmental aspect must be identified);
          4. The means by which the concept of continual improvement is realized;
          5. An overview of the applicable regulations (including licenses/permits), and any agreements with Authorities;
          6. Internal audit programs and reports.
          7. Reviewing and ensuring the organization has established procedures to define the criteria by which environmental aspects and their associated impacts are identified as significant.
          8. Ensure the documented system describes the EMS and makes clear any relationship, where applicable, to any other related management system in operation in the organization or having an influence on the EMS subject to certification. Where the organization combines the documentation for environmental and other management systems (such as for quality or health and safety), the components of the EMS must be clearly identified together with the appropriate interfaces to the other systems.
        6. A report of the results of the document review will be prepared and the client notified of any omissions or deviations from the requirements with a request that revisions meeting those requirements be submitted for review and approval.
        7. When it is determined that the client’s documented management system meets the applicable quality system requirements, the client is notified that the manual and subsequent Tier 2 documents are approved.
        8. Readiness Review (QMS & AQMS)
          1. In nearly all cases the readiness review will occur on-site at the client’s facility.
          2. Where the readiness review is conducted by more than one auditor, the Lead Auditor has the responsibility for coordinating and documenting the activities of the audit team.
          3. The Lead Auditor will be responsible for documenting and communicating any nonconformities found during the Stage 1 Audit, including identification of any areas of concern that could be classified as nonconformity during the Stage 2 audit.
            1. The Lead Auditor has complete responsibility for conducting the audit in accordance with WI 9-02-E.
        9. Readiness Review (EMS)
          1. In nearly all cases the readiness review will occur on-site at the client’s facility.
          2. Where the readiness review is conducted by more than one auditor, the Lead Auditor has the responsibility for coordinating and documenting the activities of the audit team.
          3. The Lead auditor will gain an understanding of the EMS in the context of the organization’s environmental aspects and associated impacts, policy and objectives, and the overall preparedness for the Stage 2 audit by reviewing the extent to which:
            1. The EMS includes an adequate process for identification of environmental aspects and subsequent determination of their significance (at minimum at least one significant environmental aspect must be identified);
            2. The relevant activities of the organization, environmental licenses are in place.
            3. The EMS is designed to achieve the organization’s environmental policy.
            4. The EMS implementation program justifies proceeding to the audit (Stage 2).
            5. The internal audit conforms to the requirements of the EMS standard.
            6. Management reviews are being conducted and cover the continuing suitability, adequacy and effectiveness of the EMS.
            7. The EMS documents and responds to relevant communication from external interested parties.
            8. Additional documentation has to be reviewed and/or what knowledge has to be obtained in advance.
          4. The Lead Auditor will document the information required above and ensure submission of documentation to TRC in a timely manner.
    2. Stage 2 Audit (QMS & AQMS)
      1. Based on the results of the Stage 1 audit, Stage 2 will be planned in accordance with WI 09-02-D.
        1. The Lead Auditor has complete responsibility for conducting the audit in accordance with WI 9-02-E.
      2. For AS 9100/9120 sector audits, the Lead Auditor has the responsibility:
        1. To prepare and present the audit results, stating the conclusions on conformance and effectiveness of the quality system;
        2. To ensure closure and verification of effectiveness of corrective action(s).
    3. Stage 2 Audit (EMS)
      1. Based on the results of the Stage 1 audit, an audit plan is prepared and forwarded to the client.
      2. The objective of the Stage 2 EMS audit is to:
        1. confirm the organization adheres to its own policies, objectives and procedures.
        2. confirm that the EMS conforms with all the requirements of the EMS standard and is achieving the organization’s policy objectives.
      3. The Lead Auditor has the responsibility to conduct the audit in accordance with Work Instruction 9-02-E and to ensure the implementation of all elements of the standard (except those fully and successfully audited in Stage 1) and in particular focus on the organization’s:
        1. identification of environmental aspects and subsequent determination of their significance (at minimum at least one significant environmental must be identified);
        2. procedures to ensure compliance with legal and other requirements;
        3. objectives and targets derived from the evaluation process;
        4. operational control;
        5. performance monitoring, measuring, reporting and review against the objectives and targets;
        6. identification and evaluation of nonconformities and completion of corrective/ preventive actions;
        7. internal auditing and management review;
        8. management responsibility for the environmental policy;
        9. links between policy, environmental aspects and their associated environmental impacts, objectives and targets, responsibilities, programs, procedures, performance data, internal audit and review.
      4. Where the EMS Stage 2 audit is combined with another management system audit, the Lead Auditor shall ensure the roles of all team members along with the criteria to be audited are clearly defined.
      5. The Lead Auditor shall also ensure that the quality of the audit is not adversely affected by the combining of the different management system audits.
  7. Audit Package
    1. The audit package will be submitted to TRC by the Lead Auditor within seven working days from completion of the audit and shall include items identified on the Audit Review and Cert Decision Document and any necessary supporting documentation.
    2. The Lead Auditor shall ensure the audit package is complete and includes the recommendations, as applicable, for certification.
    3. If the recommendation is to defer registration, reason(s) will be summarized.
  8. Audit Report Preparations And Review
    1. See WI 9-02-F for Audit Report Preparation and Review requirements.
  9. Issuance Of The Certificate
    1. Once the formal audit report is reviewed and approved and it has been determined that the client has met all the requirements for registration, TRC shall ensure issuance of the certificate, valid for three years in accordance with Work Instruction 9-02-C.
    2. In cases of AS 9100/9120 sector audits, all identified items of nonconformance must be closed and verified for implementation and effectiveness before issuance of the registration certificate. In some cases, this may require additional on-site audit time.
      1. The issuance of the registration certificate will not occur until the client has met all requirements in accordance with AS 9104, including but not limited to submitting the required information in the IAQG OASIS Database to set up the Supplier Administrator.
      2. In addition, any certification documents issued as a result of a combined audit, shall be issued as either one single certificate referencing all AQMS standards, or separate certificate for each AQMS standard.
    3. For all other registrations, corrective action plans and root cause analysis for items of nonconformance must be accepted prior to issuance of the registration certificate. Verification may occur during the subsequent surveillance activity, unless otherwise noted by the Lead Auditor.
    4. The client’s name is entered into TRC’s Registration Listing (Certification Log) and, where applicable, the OASIS database.
    5. When a certificate is being issued for the first time, TRC operations will add the certificate number to the client’s Terms and Conditions and resend to the client.
  10. Surveillance Audits
    1. Surveillance audits are performed on-site (not necessarily full system audits) at least once per calendar year, scheduled from the date of the last audit activity. The date of the first surveillance audit following initial certification shall not be more than 12 months from the certification decision date. At a minimum, all areas of the Client’s quality management system shall be audited within a two-year period so that TRC can maintain confidence that the certified management system continues to fulfill requirements between recertification audits.
    2. Surveillance audits are performed to:
      1. Verify the continued implementation and effectiveness of the QMS, EMS, and AQMS;
      2. Ensure that representative areas and functions covered by the scope of the management system are monitored on a regular basis;
      3. Take into account, changes to the certified client and their management system;
      4. Assess the client’s management system’s fulfillment of specified requirements with respect to the standard to which the certification is granted.
    3. Surveillance audit programme shall include, at least:
      1. Review of the organization’s Management Review and Internal Audit processes;
      2. A Review of the corrective and preventive action program(s) including any actions taken on nonconformities identified during the previous audit;
      3. Customer complaints, changes in the documented system, and any other areas subject to change; and
      4. Continued effectiveness of established procedures for receiving, documenting, and responding to relevant communications from external parties as required by the management system;
      5. Effectiveness of the management system with regard to achieving the certified client’s objectives;
      6. Progress of planned activities aimed at continual improvement;
      7. Functioning of procedures for periodic evaluation and review of compliance with relevant environmental legislation and regulations;
      8. Continuing operational control; and
      9. Use of marks and/or any other reference to certification.
      10. (EMS Only) A Review of a client’s environmental aspects and impacts to ensure that they have identified those that have a higher value, significance, or importance, and use these resultant aspects and impacts to appropriately address the requirements of the standard for objectives and targets, personnel training and awareness, communication, operational controls, and monitoring and measurement (as evidenced in procedures or processes).
    4. Upon receipt of the surveillance audit package, TRC Operations ensures that the client is notified of the results of the audit including a request for corrective action of any findings.
    5. Where surveillance is performed on combined management systems, reporting shall clearly indicate all aspects relevant to each applicable management system.
    6. See WI 9-02-F and QSP 1-2-02 for requirements related to the review of Surveillance Audit activities.
  11. Special Audits
    1. A special audit could take place as a result of a request generated by:
      1. The client for the purpose of addressing scope changes;
        1. Based on a review of the request, the VP of Accreditation will decide whether to accept the scope revision or to schedule a visit to audit the client’s revised scope.
      2. The client for the purpose of addressing extensions to scope, in which case a review of the request will be conducted and any necessary audit activities will be determined (this can be conducted in conjunction with a surveillance audit);
      3. TRC Auditors for the purpose of follow-up for closure or verification of nonconformance corrective action;
      4. TRC for the purpose of addressing complaints/concerns raised by the registered client’s customer (i.e. AAQG, OEM, etc.);
        1. Upon approval, the results of the audit will be forwarded to the applicable party.
      5. TRC for the purpose of addressing any changes; or
      6. TRC for the purpose of following-up on suspended clients.
    2. Upon scheduling, TRC Operations will ensure preparation and delivery of an audit plan, if applicable, identifying the areas or processes that will be the subject of the assessment.
    3. Upon completion, the VP of Accreditation or delegate will ensure preparation and timely delivery of a formal audit report; if applicable.
  12. Renewal Of Client’s Registration
    1. A re-certification audit is conducted to confirm the continued conformity and overall effectiveness of the management system in its entirety, and its continued relevance and applicability for the scope of certification. It is conducted prior to the expiration of the client’s registration certificate.
    2. The Client Services Manager has the responsibility of issuing a new proposal and executing the Terms & Conditions in accordance with procedure (QSP 9-01). Prior to proceeding with the re-certification assessment the Client Services Manager must ensure this has been completed and all relevant documents have been returned by the client.
      1. Once the forms are returned they are sent to the VP of Accreditation for review and the Terms & Conditions are signed and returned to the client by the VP of Accreditation.
    3. The re-certification assessment is an on-site audit of the client’s full system which considers the performance of the management system over the period of certification, and includes the review of previous surveillance audit reports.
      1. In situations where there have been significant changes to the management system, the client, or the context in which the management system is operating, a recertification audit may need to include a Stage 1 audit.
    4. The re-certification audit shall include an on-site audit that addresses the following:
      1. The effectiveness of the management system in its entirety in the light of internal and external changes and its continued relevance and applicability to the scope of certification;
      2. Demonstrated commitment to maintain the effectiveness and improvement of the management system in order to enhance overall performance;
      3. Whether the operation of the certified management system contributes to the achievement of the organization’s policy and objectives;
    5. For all re-certification audits, planning must take into consideration time needed for any required follow-up to ensure renewal can be granted prior to the expiration of the registration certificate.
      1. In the case of multiple sites or certification to multiple standards, the planning for the audit shall ensure adequate on-site audit coverage to provide confidence in the certification.
  13. Changes To The Client’s Quality Management System
    1. The client shall be responsible for promptly informing TRC about proposed changes to their quality management system or any other changes which may affect conformance to the requirements of registration.
      1. The VP of Accreditation or delegate shall review the proposed changes for conformance to the registration requirements and recommend accepting or rejecting the changes, and/or recommending if an audit or investigation is required. The final decision shall be communicated to the client.
    2. If a client fails to report these changes to TRC, the VP of Accreditation or delegate will determine the action to be taken in accordance with QSP 1-2-02.
  14. Changes To The System Rules
    1. Dependant on the nature of changes in system rules, the VP of Accreditation or delegate shall:
      1. Notify clients of any changes impacting them;
      2. Specify an effective date for the change to allow time for clients to revise their quality management system;
      3. Notify all clients affected by the changes of the effective date of the change and actions required by them.
      4. For clients certified to an AS standard, an upgrade to a new revision of said standard must be conducted in accordance with the requirements conveyed by TRCs governing bodies (IAQG, etc.).
    2. If the client fails to take the required action by the effective date, the VP of Accreditation will determine the action to be taken in accordance with QSP 1-2-02.
  15. Records
    1. All records shall be maintained in accordance with QSP 16-01.