Quality Audit on Major Vendors / Subcontractors


QMS Audits for major Suppliers (Vendors / Subcontractors) on EPCI Project for oil and gas industry shall be managed in accordance with the EPCI Project CONTRACT. The Project QMS effectiveness and continuing suitability shall be assessed based on the overall results of the audit.

Controlling vendors / subcontractors for EPCI Project is probably one of the hardest tasks for a Main Contractor. However, with proper planning, monitoring, auditing and (mainly) effective supervising, vendors / subcontractors can be controlled quite well to achieve the Project HSE-Q Objectives/Targets.

Typical EPCI project structure

Terms and Definitions

Suppliers organization or person that provides a product (ISO 9000:2005 Cl. 3.3.6),

Outsourced process :

  • The Oxford English Dictionary defines the verb “outsource” as “to obtain….. by contract from a source outside the organization or area; to contract (work) out”.
  • Outsourced process – is a process that the organization needs for its quality management system and which the organization chooses to have performed by an external party. (ISO 9001:2008 clause 4.1 NOTE 2).

An EPCI Contractor to outsource their work or function to their Subcontractors, if required like:

  • Engineering: CAD drafting, safety analysis, E&I, pipeline design and development, etc.
  • Construction: manufacturing of pressure vessels, piping fabrication, hydrotest, PWHT, NDT, man power supply, etc.
  • Installation: E&I installation and commissioning, onshore pipeline installation, bolt thightening, ROV survey, etc.

An EPCI Contractor to purchase the materials for project to their Vendors, e.g. Valves supplier, CS/SS/Duplex steel pipes supplier, etc.

Audit programme – set of one or more audits planned for a specific time frame and directed towards a specific purpose. (ISO 9000:2005 Cl. 3.9.2)

Quality system audit – is the process of systematic examination of a quality system.

How to control Vendors/Subcontractor?

ISO 9001:2008 clause 4.1 states:

“Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

The necessary control through the application of requirements of both ISO9001:2008 clause 7.4 (Purchasing) and clause 4.1 (General Requirements).

More detail control of an outsourced process – SAMPLE:

  • To conduct pre-qualification audit/ Qualifications of outsourcers before order is placed
  • To measure, monitor and control the quality of service. Quality of service is measured through a service level agreement (SLA) in the outsourcing contract. In poorly defined contracts there is no measure of quality or SLA defined. Quality in terms of end-user-experience is best measured through customer satisfaction questionnaires which are professionally designed to capture an unbiased view of quality.
  • To implement an effective coordination and communication like kick off meeting , pre- inspection meeting, routine meeting
  • To implement ITP
  • To implement vendor/subcontractor document review
  • To ensure project qms is adequately, implemented though audits
  • etc.

Project quality system audit on major vendors / sub-contractors

Quality system audit for major vendors / sub-contractors is mainly based on ,

  • criticality rating, and or
  • purchase amount.


Ignoring supplier/subcontractor audit was risky to organization’s project because a lack of supplier responsiveness or a lack of technical capabilities.

ISO19011 Guidelines for auditing

First-party audits are conducted by, or on behalf of, the organization itself for internal purposes and can form the basis for an organization’s self – declaration of conformity. (ISO 9000:2005 Clause 2.82 Paraf 2)

Second-party audits are conducted by customers of the organization or by other persons on behalf of the customer. (ISO 9000:2005 Clause 2.82 Paraf 3)

Third-party audits are conducted by external independent organizations, such organizationa, usually acrredited, provide certifiaction or registration of conformity with requirements such as those of ISO 9001. (ISO 9000:2005 Clause 2.82 Paraf 4)

Hence, for this Vendors/Subcontractor Audit can be considered as :

  • internal audit (first party audit), if outsource work is given to the organization in the same group or consortium.
  • second party audit, if an audit is conducted by Customer on their Contractors, by CONTRACTOR on their suppliers/vendors/subcontractors.

The latest International Standard ISO guidelines for this audit is ISO19011 second edition.

Auditing the Procurement Process

In auditing the process for the management of procurement, the following should be considered:-

  • Procurement starts during the design and development of a product when a specification is prepared;
  • Inter-departmental discussions take place to ensure that potential suppliers can provide a product that meets the design specification at the required cost;
  • The organization should ensure that the specified purchase requirements are correct prior to their communication to the supplier;
  • Statutory & regulatory requirements have been included in the purchase requirements; and,
  • The degree of risk associated with a component product and the controls required to ensure that it meets the design specification have been assessed.

Audit Programme

This audit shall be arranged in accordance Project Audit Plan.

An audit programme shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits on similar past projects.

During audit, Subcontractors and Vendors will be required to demonstrate an effective quality management system is being implemented and appropriate to the work scope.

Audit programme includes a series of quality management audits on major suppliers.

  • General
  • References
  • Audit program objective
  • Audit program responsibilities, resources and procedures
  • Attachments
    • Attachment-1 Quality Management System Audit Procedure
    • Attachment-2 Audit Plan
    • Attachment-3 The list of qualified auditors (including any certificate of Competency)
    • Attachment-4 Audit Check List

Audit Checklist

Whilst not always required in management system standards, audit checklists are just one tool available from the “auditors toolbox”. Many organizations will use them to ensure that the audit at a minimum will address the requirements as defined by the scope of the audit.

Checklists if developed for a specific audit and used correctly:

a. Promote planning for the audit.

b. Ensure a consistent audit approach.

c. Act as a sampling plan and time manager.

d. Serve as a memory aid.

e. Provide a repository for notes collected during the audit process (audit field notes)

In contrast, when audit checklists are not available, or poorly prepared, the following issues/concerns are noted:

1. The checklist can be seen as intimidating to the auditee.

2. The focus of the checklist may be too narrow in scope to identify specific problem areas.

3. Checklists are a tool to aid the auditor, but will be restrictive if used as the auditor’s only support mechanism.

A good audit checklist will help initially to identify any issues and room for improvements.

The use of checklists and forms should not restrict the extent of audit activities, which can change as a result of information collected during the audit.

Subcontractors Audit Checklist

There are some of the key items that have to be checked while auditing a Subcontractor, as applicable, not limited to this list:

  • Scope of Supply / Customer Requirements : Is there a contract in place with this Subcontractor? What is its scope? Are quality requirements (CUSTOMER Requirements/Specifications) understood, available , implemented ?
  • Quality Assurance System : Has the subcontractor established any documented Quality Plan for the specific Project? Is it submitted and approved by the Main Contractor? Is the subcontractor ISO 9001 certified? Are they planning to be? What is the Certification body?  schedule of project specific audits?
  • Resources Management : Has the subcontractor established any Organization Chart-Team for the specific Project? Responsible person for the project? Responsible for Quality? Is it submitted/approved by the Main Contractor?  Outline of personnel competency and training ?
  • Quality Procedures : Are there any documented Quality Procedures – Processes? Are they submitted to the Main Contractor? Does the subcontractor have the latest revision of the Main Contractors Procedures, Quality and HSE Plan?
  • Outsouced Work / Sub-supplier controls : Has the Subcontractor subcontracted any of the works? Are these subcontractors approved by the Main Contractor?
  • Control of Documents/Records : Does the subcontractor have any Doc.Control department? How do they receive the documents from the Main Contractor (Drawings, Approvals, transmittals, others…)? Are they filed and kept properly? Are they traceable?  How are the construction documents and drawings distributed to the construction teams on site? How it is ensured that the teams are using the correct revision of the document/drawings and that they are aware of any changes? What kind of documents is the subcontractor submitting to the Main Contractor and how are these verified prior to submitting (signatures, stamps etc)?  Review Subcontractor or Vendor document submissions?
  • Project Planning / Progress Control : How is the planning of the works being performed and how it is followed up with the Main Contractor? (Daily, Weekly, Monthly Reports and schedules)
  • Engineering : Management of change / Technical Query (TQ), etc.
  • Product realization control: Control of special processes (welding, NDT, heat treatment, coatings), etc. Manufacturing management (including manufacturing and fabrication processes, NDT, dimensional inspections, management of FATs and preservation considerations)?
  • Procurement Control / Material Control : How are the materials received on site and what kind of inspections are done prior to use at the works? How are the materials stored on site? Conditions, separation of materials,isolated of nonconforming materials etc
  • Equipments calibration / maintenance : Calibration and maintenance of test and inspection equipment, including software validation. How is the calibration of equipment performed and followed up? Evidence-certificates.
  • Quality Control (Include ITP , traceability and QC Dossier) : How is the Quality Control of the works on site being performed? Evidence and records of inspections on site. Are all the records according to the ITP being kept by the subcontractor and how are these submitted to the Main Contractor for completion packages (As-Built)?  Non Conformance (NCR) and Corrective Action management and reporting.

Related links :

References :


6 responses to “Quality Audit on Major Vendors / Subcontractors

  1. Pingback: Free Webmaster Guide·

  2. When some one searches for his necessary thing, so heshe desires to be available that in detail, thus that thing is maintained over here. dfaaegagdfcd

  3. Thank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to far added agreeable from you! By the way, how could we communicate? dakffegkkaekekgb

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s