online coatings
Asia & Middle East
online coatings
online coatings
ISO 9001:2015


Quality plan, Quality audit, ITP

QMS Audits for major Suppliers (Vendors / Subcontractors) on EPCI Project for the oil and gas industry shall be managed in accordance with the EPCI Project CONTRACT. The Project QMS effectiveness and continuing suitability shall be assessed based on the overall results of the audit.

Controlling vendors/subcontractors for EPCI Project is probably one of the hardest tasks for a Main Contractor. However, with proper planning, monitoring, auditing, and (mainly) effective supervising, vendors/subcontractors can be controlled quite well to achieve the Project HSE-Q Objectives/Targets for quality assurance and quality control.

Typical EPCI project structure

Terms and Definitions

Suppliers organization or person that provides a product (ISO 9000:2005 Cl. 3.3.6),

Outsourced process :

  • The Oxford English Dictionary defines the verb “outsource” as “to obtain….. by contract from a source outside the organization or area; to contract (work) out”.
  • Outsourced process – is a process that the organization needs for its quality management system and which the organization chooses to have performed by an external party. (ISO 9001:2008 clause 4.1 NOTE 2).

An EPCI Contractor to outsource their work or function to their Subcontractors, if required like:

  • Engineering: CAD drafting, safety analysis, E&I, pipeline design, and development, etc.
  • Construction: manufacturing of pressure vessels, piping fabrication, hydro test, PWHT, NDT, manpower supply, etc.
  • Installation: E&I installation and commissioning, onshore pipeline installation, bolt tightening, ROV survey, etc.

An EPCI Contractor to purchase the materials for the project to their Vendors, e.g. Valves supplier, CS/SS/Duplex steel pipes supplier, etc.

Audit program – set of one or more audits planned for a specific time frame and directed towards a specific purpose. (ISO 9000:2005 Cl. 3.9.2) Quality assurance program

Quality system audit – is the process of systematic examination of a quality system. (quality control & quality assurance)

How to control Vendors/Subcontractors?

ISO 9001:2008 clause 4.1 states:

“Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

The necessary control through the application of requirements of both ISO9001:2008 clause 7.4 (Purchasing) and clause 4.1 (General Requirements).

More detail control of an outsourced process – SAMPLE:

  • To conduct pre-qualification audit/ Qualifications of outsourcers before the order is placed
  • To measure, monitor, and control the quality of service. Quality of service is measured through a service level agreement (SLA) in the outsourcing contract. In poorly defined contracts there is no measure of quality or SLA defined. Quality in terms of end-user-experience is best measured through customer satisfaction questionnaires which are professionally designed to capture an unbiased view of quality.
  • To implement effective coordination and communication like kick-off meeting, pre-inspection meeting, routine meeting
  • To implement ITP
  • To implement vendor/subcontractor document review
  • To ensure the project QMS is adequate, implemented through audits
  • etc.

Project quality system audit on major vendors / sub-contractors (Quality assurance)

Quality system audit for quality assurance to major vendors / sub-contractors is mainly based on,

  • criticality rating, and or
  • purchase amount.


Ignoring supplier/subcontractor audit was risky to the organization’s project because of a lack of supplier responsiveness or a lack of technical capabilities.

ISO19011 Guidelines for auditing

First-party audits are conducted by, or on behalf of, the organization itself for internal purposes and can form the basis for an organization’s self – declaration of conformity. (ISO 9000:2005 Clause 2.82 Paraf 2)

Second-party audits are conducted by customers of the organization or by other persons on behalf of the customer. (ISO 9000:2005 Clause 2.82 Paraf 3)

Third-party audits are conducted by external independent organizations, such organizations, usually accredited, provide certification or registration of conformity with requirements such as those of ISO 9001. (ISO 9000:2005 Clause 2.82 Paraf 4)

Hence, for this Vendors/Subcontractor Audit can be considered as :

  • internal audit (first-party audit), if outsource work is given to the organization in the same group or consortium.
  • second party audit, if an audit is conducted by Customer on their Contractors, by CONTRACTOR on their suppliers/vendors/subcontractors.

The latest International Standard ISO guidelines for this audit is ISO19011 second edition.

Auditing the Procurement Process

In auditing the process for the management of procurement, the following should be considered:-

  • Procurement starts during the design and development of a product when a specification is prepared;
  • Inter-departmental discussions take place to ensure that potential suppliers can provide a product that meets the design specification at the required cost;
  • The organization should ensure that the specified purchase requirements are correct prior to their communication to the supplier;
  • Statutory & regulatory requirements have been included in the purchase requirements; and,
  • The degree of risk associated with a component product and the controls required to ensure that it meets the design specification has been assessed.

Audit Programme

This audit shall be arranged in accordance Project Audit Plan.

An audit program shall be planned, taking into consideration the status and importance of the processes and areas to be audited, as well as the results of previous audits on similar past projects.

During the audit, Subcontractors and Vendors will be required to demonstrate an effective quality management system is being implemented and appropriate to the work scope.

The audit program includes a series of quality management audits on major suppliers.

  • General
  • References
  • Audit program objective
  • Audit program responsibilities, resources, and procedures
  • Attachments
    • Attachment-1 Quality Management System Audit Procedure
    • Attachment-2 Audit Plan
    • Attachment-3 The list of qualified auditors (including any certificate of Competency)
    • Attachment-4 Audit Check List

Audit Checklist

Whilst not always required in management system standards, audit checklists are just one tool available from the “auditors toolbox”. Many organizations will use them to ensure that the audit at a minimum will address the requirements as defined by the scope of the audit.

Checklists if developed for a specific audit and used correctly:

a. Promote planning for the audit.

b. Ensure a consistent audit approach.

c. Act as a sampling plan and time manager.

d. Serve as a memory aid.

e. Provide a repository for notes collected during the audit process (audit field notes)

In contrast, when audit checklists are not available, or poorly prepared, the following issues/concerns are noted:

1. The checklist can be seen as intimidating to the auditee.

2. The focus of the checklist may be too narrow in scope to identify specific problem areas.

3. Checklists are a tool to aid the auditor but will be restrictive if used as the auditor’s only support mechanism.

A good audit checklist will help initially to identify any issues and room for improvements.

The use of checklists and forms should not restrict the extent of audit activities, which can change as a result of information collected during the audit.

Subcontractors Audit Checklist

There are some of the key items that have to be checked while auditing a Subcontractor, as applicable, not limited to this list:

  • Scope of Supply / Customer Requirements: Is there a contract in place with this Subcontractor? What is its scope? Are quality requirements (CUSTOMER Requirements/Specifications) understood, available, implemented?
  • Quality Assurance System: Has the subcontractor established any documented Quality Plan for the specific Project? Is it submitted and approved by the Main Contractor? Is the subcontractor ISO 9001 certified? Are they planning to be? What is the Certification body?  schedule of project-specific audits?
  • Resources Management: Has the subcontractor established any Organization Chart-Team for the specific Project? Responsible person for the project? Responsible for Quality? Is it submitted/approved by the Main Contractor?  Outline of personnel competency and training?
  • Quality Procedures: Are there any documented Quality Procedures – Processes? Are they submitted to the Main Contractor? Does the subcontractor have the latest revision of the Main Contractors Procedures, Quality, and HSE Plan?
  • Outsourced Work / Sub-supplier controls: Has the Subcontractor subcontracted any of the works? Are these subcontractors approved by the Main Contractor?
  • Control of Documents/Records: Does the subcontractor have any Doc.Control department? How do they receive the documents from the Main Contractor (Drawings, Approvals, transmittals, others…)? Are they filed and kept properly? Are they traceable?  How are the construction documents and drawings distributed to the construction teams on-site? How it is ensured that the teams are using the correct revision of the document/drawings and that they are aware of any changes? What kind of documents is the subcontractor submitting to the Main Contractor and how are these verified prior to submitting (signatures, stamps, etc)?  Review Subcontractor or Vendor document submissions?
  • Project Planning / Progress Control: How is the planning of the works being performed and how it is followed up with the Main Contractor? (Daily, Weekly, Monthly Reports and schedules)
  • Engineering: Management of change / Technical Query (TQ), etc.
  • Product realization control: Control of special processes (welding, NDT, heat treatment, coatings), etc. Manufacturing management (including manufacturing and fabrication processes, NDT, dimensional inspections, management of FATs, and preservation considerations)?
  • Procurement Control / Material Control: How are the materials received on-site and what kind of inspections are done prior to use at the works? How are the materials stored on-site? Conditions, separation of materials, isolated of nonconforming materials, etc
  • Equipment calibration/maintenance: Calibration and maintenance of test and inspection equipment, including software validation. How is the calibration of equipment performed and followed up? Evidence-certificates.
  • Quality Control (Include ITP, traceability, and QC Dossier): How is the Quality Control of the works on site being performed? Evidence and records of inspections on site. Are all the records according to the ITP being kept by the subcontractor and how are these submitted to the Main Contractor for completion packages (As-Built)?  Non Conformance (NCR) and Corrective Action management and reporting.


Leave a Comment