Presented by Dr. Catherine L. Martin, DBA
July 14, 2015
7/20/2015 1
Introductions – Tell us ……. Your Name
Your Business Area
The Function You Reside in
Your Experience with performing Internal Audits or Supplier Assessments
Your Experience in Counterfeit Parts
The Big Question, if any, on your mind
7/20/2015 2
Becoming a Counterfeit Parts Auditor
7/20/2015 3
Understanding
Knowledge
Skill
Training
Performing
Audits with a
Counterfeit SME .
Through Repetition -
Performing Many
Audits
The Learning Model – application of knowledge builds understanding,
repetitive application builds skill – you must apply the training to learn.
Introduction The problem of counterfeit goods is not new.
Counterfeit parts can pose significant risk to consumer and/or patient safety.
What if you purchased a critical device and the core component used was detected as counterfeit part?
As time goes by, there is an increase in number of counterfeit parts and as a result, organizations must be prepared to have proper methods in place for detection assessment and audits to avoid accepting counterfeit parts.
7/20/2015 4
Purpose Introduction into legislative, regulatory and industry
standards activity addressing counterfeit risks.
Brief Overview of counterfeit avoidance detection
and prevention processes.
Audit approach and method for counterfeit detection
and avoidance.
Information to assist in the development or
enhancement of counterfeit detection and avoidance
assessment and audit programs.
7/20/2015 5
Learning Outcomes
Define legislative, regulatory and industry standards
activity addressing counterfeit risks.
Define, describe, and interpret the basic elements of
counterfeit detection and avoidance audits.
Apply and create an audit program for counterfeit
detection and avoidance.
7/20/2015 6
Terms & DefinitionsSAE AS5553
ELECTRICAL, ELECTRONIC, AND ELECTROMECHANICAL (EEE) PART: Electrical, electronic, and electromechanical parts are components designed and built to perform specific functions, and are not subject to disassembly without destruction or impairment of design use. Examples of electrical parts include resistors, capacitors, inductors, transformers, and connectors. Electronic parts include active devices, such as monolithic microcircuits, hybrid microcircuits, diodes, and transistors. Electromechanical parts are devices that have electrical inputs with mechanical outputs, or mechanical inputs with electrical outputs, or combinations of each. Examples of electromechanical parts are motors, synchros, servos, and some relays
DFARS 252.246-7007
“Electronic part” means an integrated circuit, a discrete electronic component (including, but not limited to, a transistor, capacitor, resistor, or diode), or a circuit assembly (section 818(f)(2) of Pub. L. 112-81). The term “electronic part” includes any embedded software or firmware.
7/20/2015 7
Counterfeit Definition(s) SAE AS5553
3.1 Suspect Part
A part in which there is an indication that it may have been misrepresented by the supplier or manufacturer and may meet
the definition of fraudulent part or counterfeit part provided below.
3.2 Fraudulent Part
Any suspect part misrepresented to the Customer as meeting the Customer’s requirements.
3.3 Counterfeit Part
A fraudulent part that has been confirmed to be a copy, imitation, or substitute that has been represented, identified, or marked as genuine, and/or altered by a source without legal right with intent to mislead, deceive, or defraud.
NOTE: The following diagram (Figure 2) depicts the aboveinterrelationship between Suspect, Fraudulent and CounterfeitParts. A Suspect Part may be determined to be, fraudulent or counterfeit through further evaluation and testing. All counterfeit parts are fraudulent, but not all fraudulent partsare counterfeit.
7/20/2015 8
Counterfeit Definition(s) DFARS
252.246-7007“Counterfeit electronic part” means an unlawful or unauthorized reproduction, substitution, or alteration that has been knowingly mismarked, misidentified, or otherwise misrepresented to be an authentic, unmodified electronic part from the original manufacturer, or a source with the express written authority of the original manufacturer or current design activity, including an authorized aftermarket manufacturer. Unlawful or unauthorized substitution includes used electronic parts represented as new, or the false identification of grade, serial number, lot number, date code, or performance characteristics.
“Suspect counterfeit electronic part” means an electronic part for which credible evidence (including, but not limited to, visual inspection or testing) provides reasonable doubt that the electronic part is authentic.
7/20/2015 9
The Audit Challenge How do I perform an internal audit for Counterfeit
Parts in my company?
“There is so much information”
“Where do I start”
“How do I know I am auditing the right things”
“How does this topic fit into ISO9000/AS9100 or FDA”
7/20/2015 10
The Audit Challenge
The Information: Legislative, regulatory and
industry standards
See ASQLA April 2015 Presentation
7/20/2015 11
The Audit Challenge Where to Start
As with any Internal Audit (or external) there are
required elements for auditing.
Follow ASQ Certified Quality Auditor process
Follow Company internal audit process
Overview of Audit Process on next slides
7/20/2015 12
Audit Process Definitions
Process Responsibilities
Process
Responsibilities
Lead Auditor
Audit response and follow up
Guidelines for Conducting Audits
Initiating the Audit
Audit Preparation
Audit Notification
Audit Plan
Preparing Working Documents
Create Checklist
01/09
Audit Process Conducting Audit Activities
Opening Meeting
Opening meeting Presentation
Conduct Audit
Daily Debriefs
Closing Meeting
Conclusion of Audit
Verification and Validation (V&V)
01/09
DEFINITIONS
Audit - A systematic, independent, and documented process
for obtaining evidence and evaluating it objectively to
determine the extent to which audit criteria are fulfilled.
Auditee – An audited individual, organization, or function.
Audit Plan - Description of the activities and arrangements
for an audit including tentative date, time and place, names of
audit team members, scope, objective, and standards.
Auditor - The person (or persons) who conduct the audit.
Audit Schedule - A list of audits the Audits organization will or
has performed during the current year (or previous years as in
the case of archived schedules).
Audit Team - The auditors, observers, subject matter experts
and/or customers who participate in an audit.
DEFINITIONS (continued) Closing Meeting – A formal or informal meeting at which the
auditors review the audit results with the primary auditees and direct management or supervisors.
Concern – An issue to consider for continuous improvement.
Corrective Action –1.An action plan to correct problems that have already occurred.
2.Changes to processes, work instructions, workmanship practices, training, inspections, tests, procedures, specifications, drawings, tools, equipment, facilities, resources, or material that prevent, minimize, or eliminate nonconformance.
3.Design Changes to processes, work instructions, workmanship practices, training, inspection, tests, procedures, specifications, drawing, tools, equipment, facilities, resources, or material in order to prevent, minimize, or eliminate recurrence of nonconformance or adverse trends.
4.An action or activity implemented to prevent an issue from recurring by determining the root cause and implementing changes to prevent reoccurrence.
5.Specific Action taken to directly correct a particular failure.
DEFINITIONS (continued)
Corrective Action Request – A formal request for
corrective action.
Daily Debrief- Report of daily audit results. Information
should include: Progress of audit
Any changes/delays in schedule
Potential audit findings/observations
Outstanding items/actions required by auditee
Audit Management and Corrective Action Database.
Internal Audit - An audit by the company Audits
organization.
Lead Auditor - The person having primary responsibility
for all phases of the audit.
DEFINITIONS (continued) Major Nonconformance - Non-fulfillment of specified
requirement(s) having an adverse affect on the quality system or resulting in a total systemic breakdown. A Major Nonconformance includes:
Several nonconformities exist that taken together conclude that one or more requirements of the Quality Management System are not implemented.
The safety of personnel or end users is compromised.
The reliability and/or integrity of product/services are affected resulting in nonconforming product/services.
Any ethical issue that warrants immediate action.
Significant Minor Nonconformance - A condition, which the Audit Team deems to be of a significant nature, warrants management’s attention and could result in a Major Nonconformity if not corrected.
01/09
DEFINITIONS (continued) Minor Nonconformance – Non-fulfillment of a specified
requirement having a minimal affect/impact on the Quality Management System and/or product/service quality. A Minor Nonconformance is a nonconformance category in which occasional, isolated lapses are noted or where the nonconformance has minimal impact on the delivered product or service.
Nonconformance - Violation of requirements. Example: legal, regulatory, ethical, safety, contract provisions or company requirements.
Objective Evidence - Data that verifies or supports the audit. Auditors may obtain it through observation, measurement, test, or other means without the influence of prejudice, emotion, or bias. Example: quality records, performance of activities, system outcomes, or verifiable verbal statements.
Observation - A point of concern or a positive notation relating to an area, process or product/service not identified as a nonconformance.
Opening Meeting - A formal or informal meeting with auditees and direct management/supervisors before starting an audit. The opening meeting may include the schedule, scope and audit approach.
DEFINITIONS (continued) Pencils Down-Final opportunity for auditees, direct
management or supervisors to meet with auditor to retract potential findings and assign findings to appropriate personnel.
Quality Management System (QMS) – An interconnected system of coordinated processes and documentation that ensure the quality of products and services. The QMS continually measures and improves its effectiveness and complies with AS9100, ISO 9001:2008.
Verification – Confirmation, through the provision of objective evidence, that the requirements for a specific intended use or application have been fulfilled.
Validation- Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled and that corrective action implementation has been effective.
Process/Responsibilities
Auditors in the Audits organization plan and conduct
internal quality audits to determine whether the Quality
Management System conforms to the requirements of
ISO 9001:2008, AS9100, Quality Management System
Manual, Policies/Procedures, and Management
System directives.
The internal audit methodology incorporates a three-
step process consisting of pre-planning, auditing,
and reporting. The audit process includes
interviewing employees, witnessing audited processes
and activities, and examining documents, records, and
procedures.
Process/Responsibilities
The Audits organization develops and maintains an
audit schedule that evaluates compliance to all
ISO/AS9100 clauses that are within scope of the
Organization. The audit schedule identifies each
planned audit area and the applicable ISO/AS9100
clauses that compliance is accessed to.
The following factors are considered when developing
the audit schedule.
a. results of previous audits
b. customer requirements, requests, and or concerns
c. management requirements, concerns, and priorities
Process/Responsibilities
The Audit organization assigns each planned audit to
a qualified Lead Auditor.
A Lead Auditor may assemble an audit team that
includes additional personnel to serve as subject
matter experts or liaisons during the audit. Members of
the audit team may not report directly to the audited
organization, function, or area.
Accountability
The Audits organization is accountable to
Management for conducting Quality Management
System (QMS) compliance audits to maintain
ISO/AS9100 certification.
Process/Responsibilities Lead Auditor responsibilities
The Lead Auditor plans and coordinates the audit.
Update Audit Schedule.
Conduct an opening meeting, informal or formal, daily debriefs and a closing
meeting, informal or formal, with auditees and area management
a. If an opening meeting is not conducted, brief area management/supervisors on the
audit scope and objectives.
b. If a closing meeting is not conducted, brief area management/supervisors on the
audit results.
Discuss audit results with auditees and management/supervisors. Obtain
acknowledgement on nonconformances. Document each nonconformance
in applicable corrective action system. a. Notify appropriate area management of any Major nonconformances affecting
safety, work environment, hardware and/or deliverable.
b. The Auditor creates a Corrective Action Request through appropriate closed- loop
system for each nonconformance in accordance with Work Instruction for
Corrective Action Processing.
Process/Responsibilities
Audit response and follow up
The assignee of the Corrective Action Request (CAR)
processes the corrective action in accordance with Work
Instruction for Corrective Action Processing.
Upon completion of the corrective action, the auditor
verifies implementation and validates effectiveness of the
corrective actions.
The auditor attaches objective evidence of verification
that the corrective action was implement to the CAR
record
The auditor attaches objective evidence of validation that
the corrective action adequately addressed the problem
and will prevent further recurrence.
Guidelines for Conducting Audits
Initiating the Audit Initiating the Audit
Audit Preparation
a. 30 days prior (when possible), refer to Annual Audit Schedule. The
Audit Schedule identifies the Lead Auditor and defines the audit.
b. Create an Audit and add References to contain all aspects of the
upcoming audit
Audit Notification
a. Notify the auditees of the upcoming audit via email. Obtain agreement
on date/time of audit. Attach notification to audit record.
b. For larger audits e.g. program audits, customer audits etc., a pre-
planning meeting should be conducted to clarify objective, scope,
audit date/time, criteria, and interfaces e.g., auditees, points of
contacts (POCs), escorts, subject matter experts (SMEs).
Guidelines for Conducting Audits
Audit Plan Audit Plan
a. Complete the Scope section or the Audit Plan based on
concurrence received from the audit notification/pre-planning
meeting.
b. Complete the Audit Schedule.
c. Send an email with the audit number and Audit Plan. Attach the
Audit Schedule. Distribute to auditees, management and
POCs/SMEs as required prior to audit start date. If any
revisions are required to plan or schedule after the initial
distribution, redistribute to auditees, management and POCs as
required.
Guidelines for Conducting Audits
Working Documents Preparation
Preparing Working Documents
Create checklists
a. Reference the document number, title, and revision date in
checklist header.
b. Checklists need to cover any audit follow-up actions.
c. Identify the applicable ISO/AS9100 provision.
d. Reference source documents (Policies, procedures) and
paragraph for each audit question.
e. Distribute checklists to auditee.
01/09
Guidelines for Conducting Audits
Opening Meeting Planning
Conducting Audit Activities
Opening meeting planning
a. Schedule opening meetings and invite auditees and
stakeholders. Attach agenda as applicable.
b. Prepare opening meeting presentation.
Guidelines for Conducting Audits
Opening Meeting Presentation
Opening meeting presentations should include the following as applicable:
a. Introductions
b. Scope of audit – scope should include reviewing the effectiveness of corrective actions taken as a result of prior assessment concerns.
c. Objective of audit – objective should include the purpose, reason or goal for the audit.
d. Audit schedule – include daily debriefs as applicable.
e. Coordination with escorts representing the organization undergoing audit to define roles and responsibilities.
g. Define “pencils down” deadline for providing objective evidence in response to potential non-conformances.
h. Corrective action process – after the closing meeting, corrective actions for non-conformances identified during the audit will be created in Corrective Action System.
i. Questions
01/09
Guidelines for Conducting Audits
Conduct Opening Meeting and route attendance sheet to attendees.
a. Scan the Opening Meeting presentation and attendance sheets; save in the audit folder structure.
Conduct audit
a. Use checklists and immediately report any safety or product risk violations to management.
b. Complete checklists
– Daily debriefs
a. Daily debriefs will be communicated to auditees and documented. Debriefs should include the following as applicable:
1. Progress of audit
2. Any changes/delays in schedule
3. Potential audit findings/observations
4. Outstanding items/actions required by auditee
Guidelines for Conducting Audits
Closing Meeting
a. Schedule closing meeting via email and invite auditees and stakeholders. Attach agenda as applicable.
b. Prepare closing meeting presentation.
c. Closing Meeting presentation should include the following as applicable:
1. Scope of audit
2. Objective of audit
3. Summary of audit results:
• Identify type of non-conformance(s) and quantity for each category, for example:
I. Major Non-conformance
II. Significant Minor Non-conformance
III. Minor Nonconformance
IV. Observation
V. Provide detail slides of each non-conformance identifying the corresponding requirement.
Guidelines for Conducting Audits
c. Closing Meeting presentation should include the following as
applicable:
4. Strengths
5. Opportunities for improvement
6. Corrective action process- if audit resulted in non-conformances,
discuss requirements of a Corrective Action Plan (CAP) e.g. root
cause, corrective action, preventive action and CAP
implementation. Non-conformances are documented on the
checklists and corrective action requests are created in the closed
loop corrective action system. Discuss due date for CAP and
obtain agreement on responsible person to provide CAP. Discuss
the Verification & Validation (V&V) process.
7. Audit frequency recommendation
8. Thank auditees and SMEs
9. Questions
d. Conduct Closing Meeting and route attendance sheet to auditees.
Guidelines for Conducting Audits – Conclusion of audit
a. Complete checklist
b. Attach any checklist objective evidence into the Checklist.
c. Create Corrective Action
d. Ensure all audit records are in order prior to the next steps, which is Audit Closure.
e. Attached approved audit results
f. Sign Audit Results
g. Complete Review/Closure Hours.
h. Print and Save Audit Summary report
i. Distribute Audit Summary Report.
j. Sign to Close Audit Record
Guidelines for Conducting Verification
and Validation (V&V) Verification &Validation Sources
Verification and Validation assignments come from two sources:
a. Internal audit
1. Corrective actions created as a result of an audit that the
auditor had responsibility for, or
2. The Verification and Validation Activity is assigned to
another auditor, who is independent of that audit.
b. External audit
1. Corrective actions which resulted from an external audit,
where the Verification and Validation Activity is assigned to
an auditor.
Guidelines for Conducting Verification
and Validation (V&V) Corrective Action Record
The “Corrective Action Details” section contains all of the known
information about the selected action, its status, any other records it
refers to and much more. As part of the Verification and Validation
process, this section needs to be carefully read and understood.
a. The “Problem Description” should have been clear and concise.
I. Is: Describe the current anomalous condition.
II. Should be: Describe what the corrective condition should
be citing requirement reference.
b. The “Containment Actions” section should have notes about the
actions taken immediately to stop a safety hazard or stop a
problem from propagating.
c. The “Root Cause Summary” section should have notes about the
analysis conducted to identify the cause of the problem identified in
the Problem Description.
Guidelines for Conducting Verification
and Validation (V&V)– The “Corrective Action Details” section contains all of the known
information about the selected action, its stage, any other records it
refers to and much more. As part of the Verification and Validation
process, this section needs to be carefully read and understood.
d. The “Corrective Action Plan” section should document the process,
results and estimated completion date.
e. The “Response Approval” section allows the CA Requestor to
review and approve the Containment Actions, the Root Cause
Summary and Corrective Action Plan. If Containment, Root Cause,
or Corrective Action Plan is not effective, the response will be
rejected.
f. The “Closure” section documents the “Verification / Validation
Activity” that confirms the Corrective Action Plan has been
completed and that the problem was eliminated. The Approver
“Closes” the Corrective Action Record.
Guidelines for Conducting Verification
and Validation (V&V) Conducting Verification
– It is required that each action stated in the corrective action plan has
been carried out and that objective evidence be submitted as proof by
the Responsible Assignee that the action has been effectively
resolved.
a. Enter the “Date Verified.”
b. Enter the “Verification / Validation Activity” – document all
activities completed to verify the corrective action plan
implementation; title this entry “Verification.”
c. Evidence should have been clearly identified and attached.
1. Such evidence includes updated procedures,
corrected/updated sections of the department’s documents
associated with a stated nonconformity, copies of completed
records, training attendance sheets, etc.
Guidelines for Conducting Verification
and Validation (V&V) Conducting Validation
– The preventive action taken should have eliminated the cause(s) of the nonconformities. In order to prevent their occurrence, corrective action implementation must be effective.
a. To validate that the cause(s) of potential nonconformities have been eliminated, review the requirement identified in the Problem Description that resulted in the nonconformity(s).
a.Pull a new sample and assess the condition. Attach the sampled records as evidence to “References.”
b. Evidence should have been clearly identified and attached .a.Such evidence includes updated procedures, corrected/updated
sections of the department’s documents associated with a stated nonconformity, copies of completed records, training attendance sheets, etc.
b.Attach a validation summary sheet, detailing the dates and details of the verification process. (Note this may be combine with verification summary sheet.)
c. Enter the “Verification / Validation Activity” – document all activities completed to validate the effectiveness of the action taken; title this entry “Validation.”
Guidelines for Conducting Verification
and Validation (V&V) Corrective Action Record Closure
– If you are not the assigned Approver, notify the CA Requestor that
the “Verification / Validation Activity” has been completed and is
ready to be closed.
– If you are the Approver, “Close” the record.
The Audit Challenge “How do I know I am auditing the right things”
7/20/2015 41
The Right Audit Plan Audit Plan
Scope: Internal Audit of Supply Chain Management in which activities will be evaluated for compliance to “Organization’s Counterfeit Parts Risk Mitigation and Prevention Process”, ISO/AS9100C and AS5553A .
Sample processes with be chosen in an attempt to determine adequacy and compliance to the requirements of the documented system.
Criteria/Document Review: Company “Counterfeit Products Risk Mitigation and Prevention”. Doc.
No. XXX
AS5553 Rev A “ Fraudulent/Counterfeit Electronics Parts: Avoidance, Detection, Mitigation and Disposition”, 2013
AS9100C “Quality Management Systems-Requirements for Aviation, Space and Defense Organizations”, 2009
The Right Working Documents
Internal Audit Checklist
“Counterfeit Products Risk Mitigation and Prevention ”
Checklist
Audit Schedule
Resources
01/09
Checklist Template
7/20/2015 44
AS9100
Provision
AS5553
Provision
Procedure
#, Rev and
Date
Requirement
Para #Requirements Questions
Complian
t Yes, No,
N/A
Category Comments
Look For:
Look For:
Look For:
Look For:
Look For:
Look For:
Look For:
Look For:
Internal Audit Checklist Template
Title:
Auditor(s):
Date(s) of Audit:
Audit Area and Location:
Auditee(s):
Prepared by:
How the Checklist Works
The Checklist references the applicable
requirements as detailed in AS5553 and internal
Policy/Procedures.
The Checklist provides the appropriate question to
ask.
There is a response box for the auditor to record
answers and details.
Provides guidance for what information and/or
documentation to ask the Auditee to either provide or
review with you (Look For).
7/20/2015 45
Audit Resources
AS5553 Rev A “ Fraudulent/Counterfeit
Electronics Parts: Avoidance, Detection,
Mitigation and Disposition”, 2013
TOR-2014-02200 “Counterfeit Parts
Prevention Strategies Guide”
Contractor Counterfeit Electronic Part
Detection And Avoidance System DFAR
252.246-70077/20/2015 46
AS5553 Rev A
7/20/2015 47
Application
7/20/2015 48
Risk Chart
7/20/2015 49
Supplier Assessment Pyramid
7/20/2015 50
Risk Mitigation
7/20/2015 51
Testing
7/20/2015 52
TOR-2014-02200
7/20/2015 53
Detailed Checklist Example
7/20/2015 54
AS9100
Provision AS5553 Provision
Procedure #,
Rev and
Date
Requirement
Para #Requirements Questions
Compliant
Yes, No,
N/A
Category Comments
4.2.3 Control of
Documents
4.1
Fraudulent/Counterfeit
EEE Parts Control Plan
XXX xx Does the organization have a
controlled documented counterfeit
avoidance policy?
Look For: Approved and Controlled Policy and Procedure
for counterfeit product risk mitigation and detection.
7.5.3
Identification and
Traceability
4.1
Fraudulent/Counterfeit
EEE Parts Control Plan
XXX xx Does the documented counterfeit
avoidance plan detail it processes
used for risk mitigation, disposition,
and reporting of suspect or
confirmed fraudulent/counterfeit
parts and or assembles containing
such parts?
Look For: Purpose, Applicability, Definitions,
Responsibilities, Procedure for risk mitigation, disposition,
and reporting in the Approved and Controlled Policy.
7.1.2 Risk
Management
4.1
Fraudulent/Counterfeit
EEE Parts Control Plan
XXX xx Does the organization have a
documented counterfeit risk
mitigation process, that also
includes non-electronic materials?
Look For: Inclusion of non-electronic Mechanical Items
(fasteners, gaskets, molded items, sealing items, nuts, bolts,
machined items, castings, forgings, extrusions, etc) in the
documented Policy.
6.2.2
Competence,
Awareness,
Training
4.1.1 Personnel
Training
XXX xx Is there training of relevant
personnel, including management
of programs, projects,
procurement, quality assurance,
inspection, receiving,
manufacturing, and engineering
that is appropriate to their function
in awareness, avoidance,
detection, mitigation, and
disposition of suspect/ fraudulent
counterfeit parts?
Look For: .Training requirements, training materials, and
records of who is trained. Employees for counterfeit product
risk mitigation and detection training include: Program
Manager, Quality Engineers, Engineering, Purchasing,
Supplier Quality and Inspection.
6.2.2
Competence,
Awareness,
Training
4.1.1 Personnel
Training
XXX xx Is the frequency of employee
training defined and new
employees are trained in a timely
fashion?
Look For: Training Matrix for each function.
7.5.1 Control of
Production and
Service
4.1.2 Parts Availability XXX xx How is availability of authentic,
originally designed and/or qualified
parts throughout the product's life
cycle?
Look For: Lifetime or bridge buy, System redesign,
Alternate/multiple sources, Substitutions, Planning for
adequate procurement lead times.
7.5.1 Control of
Production and
Service
4.1.2 Parts Availability XXX xx How is obsolescence addressed
across the life cycle of the
program?
Look For: Obsolescence Management Plan, Diminishing
Manufacturing Sources and Material Shortages (DMSMS)
management plan.
Internal Audit Checklist Template
Title: Counterfeit Parts Risk Mitigation and Prevention
Auditor(s): Catherine Martin, Lead Auditor
Date(s) of Audit:
Audit Area and Location: Supply Chain Management
Auditee(s):
Prepared by: Catherine Martin
Published Checklists
TOR-2014-02200 “Counterfeit Parts Prevention
Strategies Guide”
Appendix G – 64 questions
7/20/2015 55
Audit Schedule
Date Time Location Description Auditee(s)
6/25/15 09:00-9:30
AM
Opening Meeting:
Counterfeit Parts Risk Mitigation
6/25/159:30 AM -
3:30 PMAudit Interviews
6/28/15 2-3 PMClosing Meeting:
Counterfeit Parts Risk Mitigation
The Audit Challenge
“How does this topic fit into ISO9000/AS9100”
7/20/2015 57
ISO Standards
The requirements of AS5553A are intended to
supplement the requirements of a higher quality
standard (e.g. AS9100), and other quality
management system documents.
7/20/2015 58
AS9100 Clauses Affected by this Audit
Audit Area AS9100C Clause
Control of Documents 4.2.3
Control of Records 4.2.4
Risk Management 7.1.2
Customer-Related Processes 7.2
Determination of Requirements Related to the
Product
7.2.1
Review of Requirements Related to the Product 7.2.2
Customer Communication 7.2.3
Purchasing 7.4
Purchasing Process 7.4.1
Purchasing Information 7.4.2
Verification of Purchased Product 7.4.3
Identification and Traceability 7.5.3
Preservation of Product 7.5.5
Control of Nonconforming Product 8.3
Analysis of Data 8.4
AS5553A Clauses for this Audit
Audit Area AS5553A Clause
Purpose and Application 1.0 Scope
SAE, ISO, ANSI, US Government, Commercial,
Related
2.0 Applicable Documents
Suspect Part, Fraudulent Part, Counterfeit Part,
etc
3.0 Terms and Conditions
Documented and Controlled Counterfeit Plan 4.1 Counterfeit Control Plan
Training requirements, materials and records 4.1.1 Personnel Training
Authentic Parts and Parts Obsolescence 4.1.2 Parts Availability
Assessment criteria, sources of supply, OCMs,
authorized suppliers, risk mitigation
4.1.3 Purchasing Process
Supply Chain Traceability to the OCM, Flow
down of AS5553A, disclosure of authorized
source
4.1.4 Purchasing Information
Detection of counterfeit parts prior to formal part
acceptance, return inspection to validate
authenticity
4.1.5 Verification of Purchased/Returned Part(s)
Detection, verification, and control of in-process
and ins-service suspect or confirmed counterfeit
parts
4.1.6 In-Process Investigation
Determine if failure is due to counterfeit part 4.1.7 Failure Analysis
AS5553A Clauses for this Audit
Audit Area AS5553A Clause
Control excess and nonconforming parts to
prevent from entering the supply chain as
counterfeit parts. Quarantine counterfeit parts
4.1.8 Material Control
All occurrences of suspect or confirmed
counterfeit parts are reported to internal,
customers, government, industry, and
authorities
4.1.9 Reporting
Process for resolving nonconformance’s related
to suspect counterfeit parts that have been
used in product delivered to the customer
4.1.10 Post Delivery Support
Design, Proposal, and Program Planning Appendix A, A1
Obsolescence Management Appendix A, A2
Procurement Approach Appendix B
Supply Chain Traceability Appendix C
Contract Requirements - General Appendix D
Fraudulent/Counterfeit Part Detection Appendix E
AS5553A
See AS5553A Standard
7/20/2015 62
Wrap Up and Next Steps
Review the Requirements
Develop your Policy
Develop Training
Create Audit Schedule
7/20/2015 63
The Audit Challenge How do I perform an internal audit for Counterfeit
Parts in my company?
“There is so much information”
Answer: I know where to go to find the information
“Where do I start”
Answer: Start with an Audit Plan
“How do I know I am auditing the right things”
Answer: Create a checklist to AS5553A and/or Internal Policy
“How does this topic fit into ISO9000/AS9100 or FDA”
Answer: It supplements ISO9000/AS9100
7/20/2015 64
Resources
7/20/2015 65