I know that terminology can drive people crazy. We standards and certification types tend to use lots of it, and it can seem like a secret club if you don’t know what it all means. Good thing that I am here to pull back the curtain…
I have written in the past about audits, but I have not really said what an audit is. To do it justice, we should look at several terms that are used and often get confused. To do this I will take a run at the terms: audit, assessment, inspection, verification and validation. I know that there may be other terms, but usually they are usually a different term that refers substantially to one or a combination of these processes.
I should be clear that I am talking about business processes or management systems and only tangentially about products. There are other terms that are used for the work of testing laboratories - these are the folks that conduct physical tests of products to determine if a physical thing meets specific performance standards. For example, if a helmet is strong enough or if a lamp won’t catch fire. Some of the terms we will discuss in this post are used in similar ways for product testing as for management systems.
All of the four terms are important, and many organizations use some or all of them. That is to say that all these processes play a slightly different role. Just like an internal audit and a management review - maybe I should do a post about these also, but that will have to wait for now.
Audits are normally full evaluations that are conducted by an independent person (or team) and produce findings and a decision (sometimes call a determination). Strictly speaking, an audit evaluates performance against specific measures and thresholds. Findings are the results against each of the requirements, it could be a finding of conformity or non-conformity supported by a record of the evidence found. The decision or determination answers the question: Does the system or process that was audited conform to the requirements or does it not?
Assessments are evaluations that determine the capacity of an organization (or a part of one) to perform a specific function. These are similar to the strict definition of an audit, but it the findings are based to a much larger degree on the experience and training of the assessor. Assessments also produce a finding but rather than being based on a numerical set of requirements it is largely based on the judgment of the assessor.
NOTE: Management system audits include many elements that fit the description of an audit and others that fit the description of an assessment.
Inspections are evaluations that are conducted by either an independent inspector or by an internal inspector. Inspectors will normally identify weakness or failings to meet a set of requirements but will not produce a decision about overall conformity with a standard.
Verifications are evaluations that look a single process or service to determine if it meets its design specification. These can be done by an independent verifier or an internal verifier. Often verifications are undertaken with new processes or products to make sure that what was intended was achieved. Verifications are often done at the design stage to test if all factors have been fully considered. For example, a verification may be undertaken to determine if a batch of a product or an input can be fully traced through all the steps in production.
Validations are evaluations that look at a single product or service to determine that it meets the need of the user. These can be done by an independent validator or an internal validator. Validations are often conducted once a process or product is up and running to make sure that the result is what was intended. To some degree these are related to quality control, but can extend to cover how the product or service is used in the real world.
As I mentioned above, these terms are used differently in some industries, so the important part is not the term itself, but the concept of what is being done.
For example, audit and assessment are interchangeable for some people as are verification and validation for others.
In the case of third-party certification, the key definition is that of audit. It includes a decision about whether or not there is conformity with a standard backed up by the evidence gathered.
All of these evaluations may be based on a standard, but the need for a formal decision of conformity is less important than in an audit and may not carry as much formal weight since there is no certificate being issued.
Finally, I will note that in some cases, some standard systems will hire an inspector to conduct a full inspection of a client and the decision of conformity is made by the standard system based on the findings of the inspector. In these cases, the certification decision is taken by the standard system, not by the inspector.
If we were to map these terms in a Venn diagram, they would all overlap to some degree or other. The point is that they all have a slightly different use and are all used to some degree or other in a whole range of businesses.
There, now it is clear as mud…right?