Structural Audits

Structural Audits is a comprehensive breakdown of a Structural Audit Program within the context of Six Sigma Labs’ supplier management system.

Six Sigma Labs: Supplier Structural Audit Program

1. Executive Summary & Philosophy

A Structural Audit is a foundational, system-level evaluation of a potential or existing supplier. Unlike a process-specific or product-specific audit, it assesses the supplier’s overall quality management system (QMS) and organizational infrastructure.

The Core Philosophy: “A weak structure cannot reliably support strong processes.” The goal is to determine if the supplier has the fundamental systems, leadership, and resources in place to be a capable, consistent, and improving partner. It answers the question: “Is this organization structurally sound?”

This audit is typically conducted during the initial supplier qualification phase (on-site or virtually) and then repeated on a defined cycle (e.g., every 2-3 years) or triggered by significant organizational changes.

2. Key Objectives of the Structural Audit

• Verify Compliance: Confirm the supplier’s QMS conforms to required standards (e.g., ISO 9001, ISO 13485, ICH Q7, 21 CFR Part 211/820).
• Assess Organizational Health: Evaluate management commitment, company culture, and financial stability.
• Determine Systemic Capability: Gauge the supplier’s inherent ability to meet current and future quality, capacity, and regulatory requirements.
• Identify Systemic Risks: Uncover weaknesses in the QMS that could lead to widespread failures, not just isolated incidents.
• Foster Continuous Improvement: Use the audit as a tool to drive improvement within the supplier’s systems, aligning them with Six Sigma Labs’ standards.

3. The Structural Audit Framework: A Six Sigma Approach

The program is built on the DMAIC framework to ensure rigor and data-driven outcomes.

Phase 1: Define (Planning & Preparation)

• Scope Definition: Clearly define the audit scope—e.g., “Structural Audit of the QMS at Supplier XYZ’s Main Manufacturing Facility.”
• Audit Team Selection: Assign qualified auditors with expertise in quality systems, the relevant industry, and auditing techniques.
• Document Review: Request and review key documents in advance:
  • Quality Manual
  • Organizational Charts
  • Quality Policy & Objectives
  • Management Review Records
  • List of Key Processes and SOPs
  • Previous Audit Reports (Internal & External)
  • Financial Health Indicators (for critical suppliers)
• Audit Plan Development: Create a detailed plan using a standardized checklist (see below).

Phase 2: Measure (On-Site/Remote Execution)
This is the data collection phase, executed through interviews, observation, and record review.

Phase 3: Analyze (Finding Development)

• Correlate evidence against standards and requirements.
• Identify root causes of systemic gaps, not just symptoms.
• Categorize findings (Major, Minor, Observation).

Phase 4: Improve (Reporting & CAPA)

• Issue a formal audit report with clear, objective findings.
• Require a formal Corrective and Preventive Action (CAPA) plan from the supplier for all major and minor non-conformances.

Phase 5: Control (Follow-up & Closure)

• Verify the effectiveness of implemented corrective actions.
• Close the audit loop only when evidence confirms the structural issue has been resolved.

4. Core Components & Audit Checklist (What to Audit)

The Structural Audit focuses on these macro-level systems:

5. Scoring & Supplier Classification

A quantitative scoring system provides an objective measure of structural health.

• Scoring Model: Each area in the checklist is weighted based on criticality (e.g., Management Responsibility and CAPA are high-weight). A score out of 100 is calculated.
• Classification Tiers:
  • Approved (Score: 90-100): Strong QMS. Minimal to no findings. Eligible for new business.
  • Approved with Conditions (Score: 75-89): QMS is adequate but has minor systemic gaps. A CAPA plan is required, and follow-up audit may be needed before new business is awarded.
  • Provisional (Score: 60-74): QMS has major weaknesses. Significant business risk. Existing business may be maintained under tight control, but no new business until a successful re-audit.
  • Disapproved (Score: <60): QMS is ineffective or non-compliant. High risk. Business relationship is terminated or not initiated.

6. Integration with Overall Supplier Management

The Structural Audit is one pillar of a comprehensive program:

• Structural Audit: “Can their system produce good results?”
• Process Audit: “Do they follow their own procedures for a specific process (e.g., sterilization, packaging)?”
• Product Audit: “Is the finished product we receive to specification?”

The findings from the Structural Audit directly inform the risk-based frequency of process audits and incoming inspection levels for that supplier.

Conclusion

For Six Sigma Labs, a robust Supplier Structural Audit Program is not a bureaucratic exercise; it is a critical risk mitigation strategy. By rigorously assessing the very foundation of a supplier’s organization, Six Sigma Labs ensures its supply chain is built on partners who are not just capable of making a good product today, but are structurally designed to do so consistently and improve over time, thereby protecting the lab’s reputation, regulatory standing, and ultimately, the end-user.

What is Required Structural Audits

Required Elements for Six Sigma Labs Supplier Structural Audit Programs – Structural Audits

A “Structural Audit” assesses the fundamental framework of a supplier’s Quality Management System (QMS). The requirement is to verify that this framework is sound and capable of consistently supporting quality and compliance. Here are the mandatory components of the program.

1. Required Foundation: Governance & Program Management

• Formal, Documented Procedure: A mandatory, controlled document (e.g., a Standard Operating Procedure – SOP) titled “Supplier Qualification and Structural Audit Process” must exist. This SOP is the master plan.
• Defined Audit Triggers: Clear criteria specifying when a Structural Audit is required:
  • Initial Qualification: For all new suppliers of critical materials/services.
  • Re-audit Schedule: A risk-based schedule (e.g., every 2 years for high-risk, 3 years for medium-risk).
  • For-Cause: Triggered by major quality events, recurring non-conformances, significant organizational changes (e.g., acquisition, major layoffs), or a change in the supplier’s regulatory status.
• Risk-Based Supplier Classification: A formal process to classify suppliers (e.g., A/B/C or High/Medium/Low risk) based on the impact of their product/service on Six Sigma Labs’ final product quality, safety, and efficacy. This classification must drive audit frequency and depth.

2. Required Pre-Audit Activities

• Audit Plan & Scope: A formal audit plan must be developed and approved before every audit. It must define:
  • Scope: The specific physical locations and QMS elements to be audited.
  • Standards: The reference standards (e.g., ISO 9001:2015, ISO 13485, ICH Q10, 21 CFR Part 211).
  • Objective: The clear purpose of the audit.
  • Team: Identification of the lead auditor and team members.
• Document Review: The audit team is required to perform a pre-audit document review. The supplier must provide key documents in advance, including:
  • Quality Manual
  • Organizational Charts
  • Last Internal and External Audit Reports
  • Management Review Minutes
  • Quality Policy and Objectives
  • List of Key Procedures.

3. Required On-Site/Remote Audit Components (The Audit Checklist Core)

The audit must systematically evaluate these core structural elements of the QMS. Evidence must be gathered through observation, interview, and record review.

4. Required Post-Audit Activities

• Formal Audit Report: A comprehensive report is required, including:
  • Executive Summary
  • Audit Scope and Objectives
  • Detailed findings categorized as Major, Minor, and Observations.
  • A clear statement of compliance/conformance.
• Categorization of Findings:
  • Major Non-conformance: A breakdown or absence of a required QMS element. Poses a significant risk to product quality. (e.g., No effective CAPA system).
  • Minor Non-conformance: An isolated failure to follow a documented procedure within a system that is generally sound.
  • Observation: An opportunity for improvement with no direct non-conformance noted.
• Supplier CAPA Response: The supplier must provide a formal, documented corrective action plan with root cause analysis and proposed timelines for all non-conformances.
• Formal Supplier Rating/Score: A quantitative score (e.g., 0-100) or a qualitative rating (e.g., Approved, Conditional, Disapproved) must be assigned based on the audit results. This rating determines the supplier’s status.
• Follow-up and Closure: A defined process is required to verify the effectiveness of the supplier’s corrective actions. The audit is not closed until all actions are verified as effective.

5. Required Integration & Outcomes

• Link to Procurement: The outcome of the Structural Audit (the rating/score) must be a formal input into the supplier selection and qualification decision. A “Disapproved” or “Provisional” rating must block new business until issues are resolved.
• Link to Ongoing Monitoring: The audit results determine the required level of ongoing oversight (e.g., reduced/increased product testing, frequency of process audits).

Summary: The Non-Negotiables

In short, a required Six Sigma Labs Supplier Structural Audit Program must have:

1. A Written Procedure governing the entire process.
2. A Risk-Based Approach to scheduling and scoping audits.
3. A Comprehensive Checklist based on international quality standards.
4. A Focus on Systemic Elements like Management Responsibility, CAPA, and Internal Audits.
5. A Formal Reporting & Grading System with clear categorization of findings.
6. A Closed-Loop CAPA Process for addressing audit findings with the supplier.
7. Integration with Business Decisions, where audit results directly impact supplier status and use.

Without these required elements, the program is merely an inspection, not a predictive, risk-mitigating system capable of protecting the quality and supply chain of Six Sigma Labs.

Who is Required Structural Audits

Interpretation 1: Who is Required to Participate and Execute the Program?

These are the individuals and roles within Six Sigma Labs that are mandatory for an effective Structural Audit Program.

Interpretation 2: Which Suppliers Are Required to Be Audited?

Not all suppliers require a full Structural Audit. The requirement is based on a Risk-Based Approach. The following suppliers are typically required to undergo a Structural Audit:

Suppliers who are typically NOT required for a full Structural Audit (may receive a simpler questionnaire or a product audit instead):

• Suppliers of Low-Risk Items: Office supplies, janitorial services, general maintenance parts.
• Distributors of Standard Chemicals: Where the manufacturer has already been qualified.

Summary

To answer your question directly:

• Within Six Sigma Labs, the following are required: Management, Quality Assurance, Qualified Auditors, Procurement, and Subject Matter Experts. They form a cross-functional team essential for the program’s authority, execution, and integration.
• In the supply chain, the following suppliers are required to be audited: All Critical/High-Risk suppliers of materials and services that can directly impact final product quality, as determined by a formal risk assessment.

The absence of any of these key players or the failure to audit the required suppliers would render the Six Sigma Labs Supplier Audit Program ineffective and expose the organization to significant quality and regulatory risk.

When is Required Structural Audits

A Structural Audit is not a continuous activity; it is a significant resource investment triggered at key decision points. The requirement is driven by a Risk-Based Approach and occurs at the following defined times:

1. Initial Supplier Qualification (The “Gatekeeper” Audit)

This is the most common and critical trigger.

• When: Before the first purchase order is issued for a new supplier of a critical material or service.
• Purpose: To answer the fundamental question: “Is this supplier’s quality system structurally capable of consistently meeting our requirements?”
• Outcome: The audit result is a go/no-go decision for supplier approval.

2. Periodic Re-Audits (The “Surveillance” Audit)

Even with good performance, systems can degrade. Periodic re-audits are required to ensure ongoing compliance.

• When: Based on a pre-defined, risk-based schedule.
  • High-Risk Suppliers: Typically every 2 years.
  • Medium-Risk Suppliers: Typically every 3 years.
  • Low-Risk Suppliers: Often not required; managed via questionnaires and performance reviews.
• Purpose: To verify that the supplier’s QMS has been maintained and continues to be effective. It also checks for positive improvements.

3. “For-Cause” or “Directed” Audits (The “Reactive” Audit)

This is triggered by negative quality or performance signals, indicating a potential breakdown in the supplier’s system.

• When: Any of the following events occur:
  • Repeated or Major Quality Failures: Multiple lots rejected, an increase in minor deviations, or a single catastrophic failure.
  • Adverse Trend in Data: A negative trend in key performance indicators (KPIs) like defect rates or on-time delivery.
  • Significant Change at Supplier: The supplier undergoes a merger, acquisition, major reorganization, or key personnel change that could impact the QMS.
  • Change in Supplier’s Regulatory Status: A regulatory agency (like the FDA or EMA) issues a warning letter or inspection finding against the supplier.
  • Change in Six Sigma Labs’ Product Criticality: If a material supplied becomes more critical due to a change in its use.

4. Significant Change in Scope (The “Expansion” Audit)

• When: An already approved supplier is proposed for a new, significantly different product, process, or manufacturing site that was not covered in the original audit.
• Purpose: To verify that their QMS is robust enough to cover the new scope and associated risks.

Summary: The Non-Negotiable Triggers

In short, a Six Sigma Labs Supplier Structural Audit is required at these specific times:

1. Before First Use: For any new critical supplier.
2. On a Schedule: Every 2-3 years for existing critical suppliers, based on risk.
3. When Things Go Wrong: Upon signals of systemic failure (quality issues, regulatory actions).
4. When Things Change: Upon significant changes at the supplier or in the scope of supply.

This disciplined, trigger-based approach ensures that Six Sigma Labs invests its audit resources wisely, proactively manages risk, and maintains a robust, reliable supply chain.

Where is Required Structural Audits

The requirement applies to all physical locations and organizational functions that influence the quality of the supplied product or service. The audit must follow the product’s lifecycle and the quality system’s influence.

1. Primary Physical Location: The Site of Record

This is the main address on the quality agreement and regulatory filings.

• Manufacturing Plants: Where the product is produced, processed, packaged, or repackaged.
• Testing Laboratories (Internal or External): Where raw materials, in-process samples, or finished goods are tested. This is critical, even if it’s a different building from the manufacturing plant.
• Warehousing and Distribution Centers: Where the product is stored, handled, and shipped. Conditions and controls here are part of the quality system.

Key Principle: The audit must cover all sites listed in the supplier’s Quality Manual and any site mentioned in the regulatory submissions (e.g., Drug Master File – DMF) for the product being supplied.

2. Functional Areas Within a Location (The “Vertical” Audit)

A Structural Audit doesn’t just stay on the production floor. It must assess all supporting departments and systems that form the QMS structure.

3. The “Virtual” Location: The Quality Management System Itself

A crucial “where” is the documented system. The audit occurs within the framework of the QMS documentation, which is a “virtual location” interconnecting all physical spaces.

• The Quality Manual: The top-level map of the entire system.
• Standard Operating Procedures (SOPs): The instructions that govern activities.
• Records & Data: The evidence that the system is functioning (e.g., batch records, audit reports, training files).

The auditor must traverse this “virtual location” by tracing a requirement from the Quality Manual, down to the SOP, and finally to the executed record.

Practical Scenarios: Where to Audit

The “Where” vs. “How” – Linking Location to Method

• On-Site Audits: The required and preferred method. Allows for direct observation of practices, facility conditions, and spontaneous employee interviews.
• Remote Audits (Virtual): May be used for low-risk re-audits or when travel is restricted. Relies on video tours, shared screens, and electronic document review. It is generally not sufficient for an initial, high-risk supplier qualification.
• Hybrid Audits: A combination, where document review and management interviews are done remotely, but a short on-site visit is reserved for critical process observation.

Summary: The Non-Negotiable Locations

In short, a Six Sigma Labs Supplier Structural Audit is required to be conducted:

1. At the Supplier’s Site(s): All physical locations involved in the supply chain that can impact product quality.
2. Across All Critical Functions: From the CEO’s office to the warehouse floor and the quality control lab—any function that forms a pillar of the Quality Management System.
3. Within the Documented QMS: Tracing the thread from policy to procedure to practice.

Failure to define and audit the correct “where” creates blind spots where significant quality system failures can remain undetected, putting Six Sigma Labs’ products and patients at risk.

How is Required Structural Audits

The process is rigorous, systematic, and follows a defined cycle, heavily influenced by the PDCA (Plan-Do-Check-Act) or DMAIC (Define, Measure, Analyze, Improve, Control) framework. It is not an ad-hoc inspection.

Phase 1: PLAN – The Pre-Audit Phase (How to Prepare)

This phase is about strategic preparation. Failure here leads to an ineffective audit.

1. Risk-Based Supplier Selection:
   • How it’s done: The supplier is scored based on the criticality of the material/service they provide. High-risk suppliers are prioritized for audit. This is a formal, documented assessment.
2. Audit Scope and Plan Development:
   • How it’s done: A formal audit plan is created. It must define:
     • Objective: “To conduct a structural audit of the QMS at Supplier XYZ against ISO 9001:2015 and 21 CFR Part 211.”
     • Criteria: The specific standards and procedures to be used for the assessment.
     • Scope: The physical locations and organizational functions to be included (e.g., “Building A, manufacturing and QC lab only”).
     • Schedule: A detailed agenda.
3. Document Review:
   • How it’s done: The supplier is required to provide key documents in advance. The audit team reviews them to understand the supplier’s QMS structure, identify potential gaps, and prepare focused questions. This includes the Quality Manual, org charts, previous audit reports, and key SOPs.
4. Audit Team Formation:
   • How it’s done: A competent lead auditor and, if necessary, subject matter experts (e.g., for sterile processes, data integrity) are assigned. Auditors must be independent of the function being audited.

Phase 2: DO – The On-Site Execution Phase (How to Collect Evidence)

This is the evidence-gathering phase. The methodology is critical for objectivity.

1. Opening Meeting:
   • How it’s done: A formal meeting with the supplier’s management. The audit plan is reviewed, the scope and objectives are confirmed, and the lines of communication are established.
2. Evidence Collection Through the “Audit Trail”:
   • How it’s done: Auditors do not randomly check items. They follow systematic trails:
     • Forward Trace: “Show me the procedure for managing non-conforming material → Now show me the training records for the personnel performing this task → Now show me a recent non-conformance record that demonstrates the procedure was followed.”
     • Backward Trace: “Here is a batch record with a deviation → What is the procedure for reporting deviations? → Was this specific deviation investigated per the CAPA procedure? → Show me the CAPA record and its effectiveness check.”
3. The Sampling Strategy:
   • How it’s done: Auditors cannot review every record. They use statistical sampling to select a representative subset of records (e.g., “Show me the 5 most recent calibration records for this equipment.”). The sample size must be justified to provide confidence.
4. Interviewing Technique:
   • How it’s done: Use open-ended questions (What, How, Why, Show me…). Avoid “yes/no” questions. The goal is to understand the employee’s knowledge and the actual process, not just the theoretical one.
     • Poor: “Do you follow SOP XYZ?”
     • Effective: “Could you walk me through how you perform this process? Can you show me the relevant procedure?”
5. Objective Evidence Recording:
   • How it’s done: All findings are recorded in real-time using detailed notes, including who, what, when, and where. Evidence is fact-based and reproducible.

Phase 3: CHECK & ACT – The Post-Audit Phase (How to Report and React)

This phase is about communication and initiating correction.

1. Daily Debriefs & Closing Meeting:
   • How it’s done: The audit team holds private daily debriefs to consolidate findings. The audit concludes with a formal closing meeting where findings are presented to the supplier’s management. They have an opportunity to clarify any facts.
2. Categorization of Findings:
   • How it’s done: Findings are systematically categorized based on risk:
     • Major: A systemic breakdown or absence of a critical QMS element. Poses a significant risk to product quality. (e.g., No validated cleaning process, data integrity falsification).
     • Minor: An isolated failure to meet a requirement, but the overall process is controlled.
     • Observation: An opportunity for improvement with no direct non-conformance found.
3. Formal Audit Report:
   • How it’s done: A comprehensive report is generated, including the scope, executive summary, detailed findings with evidence, and a conclusion. It is distributed to designated personnel at both Six Sigma Labs and the supplier.

Phase 4: FOLLOW-UP – The Closure Phase (How to Verify Effectiveness)

This phase ensures the audit drives meaningful change.

1. Supplier CAPA Response:
   • How it’s done: The supplier is required to submit a formal Corrective and Preventive Action plan. The plan must address root cause, not just the symptom, and include realistic timelines.
2. Effectiveness Check:
   • How it’s done: This is the most critical step. Six Sigma Labs does not just check that the supplier implemented the action. They must verify that the action was effective in preventing recurrence. This could be through review of subsequent data, a records review, or a limited re-audit.
3. Audit Closure:
   • How it’s done: The audit is officially closed only once all major and minor findings have been verified as effectively addressed. This status is recorded in the supplier’s quality file.

Summary: The Non-Negotiable Methodology

In short, a Six Sigma Labs Supplier Structural Audit is required to be conducted in the following way:

• Systematically, following a defined PDCA/DMAIC lifecycle.
• Objectively, relying on evidence-based trails and facts, not opinions.
• Thoroughly, using competent auditors and a risk-based sampling plan.
• Documentedly, with clear reporting and categorization of findings.
• Effectively, with a closed-loop process that verifies corrective actions truly address the root cause.

This rigorous methodology ensures the audit is a predictive tool for identifying and mitigating systemic risk, not just a reactive check of the past.

Case Study on Structural Audits

The Contaminated Catalyst

A Structural Audit at “Precision Catalysts, Inc.”

Background:
Six Sigma Labs is a pharmaceutical company developing a new, critical oncology drug. The drug’s active pharmaceutical ingredient (API) requires a specialized catalyst for a key synthesis step. After a supplier selection process, “Precision Catalysts, Inc.” (PCI) was chosen as the sole-source supplier due to their proprietary technology. A Structural Audit is mandated by Six Sigma Labs’ SOPs before any GMP (Good Manufacturing Practice) material can be purchased for clinical trials.

Phase 1: Define & Plan (The Preparation)

• Trigger: Initial qualification of a new, critical supplier.
• Risk Assessment: PCI is classified as “High Risk” because:
  1. The catalyst is custom-made and single-source.
  2. It has a direct impact on the yield and purity of the final API.
  3. Any contamination could jeopardize the entire multi-million dollar clinical trial batch.
• Audit Team:
  • Lead Auditor: Senior QA Auditor from Six Sigma Labs.
  • Subject Matter Expert (SME): PhD in Organic Chemistry, familiar with catalyst synthesis.
• Pre-Audit Document Review: PCI provided their Quality Manual, organizational chart, and list of SOPs. The team noted that their CAPA procedure seemed weak, focusing only on corrective actions without a clear link to preventive actions or effectiveness checks.

Phase 2: Measure & Analyze (The On-Site Execution)

The audit was conducted over two days at PCI’s manufacturing facility. The audit followed several key trails, but one was particularly revealing.

The Audit Trail: Management Responsibility & CAPA

1. Interview with Management: The lead auditor started with the Plant Manager and Quality Head. They confidently stated their commitment to quality but could not provide specific metrics linked to their quality objectives beyond “on-time delivery.”
2. The Finding: While reviewing batch records for a similar catalyst, the SME noticed a minor deviation where a reaction temperature had slightly exceeded the limit. The investigation simply stated “operator error” and the action was “retrain the operator.”
3. The Deep Dive (The “5 Whys” in Action):
   • Auditor: “Why did the operator set the wrong temperature?”
   • PCI Supervisor: “The procedure was unclear. The temperature setting was in a footnote on page 2.”
   • Auditor: “Why is a critical parameter in a footnote?”
   • PCI Quality Head: “The procedure is an old template. It hasn’t been updated to our new format.”
   • Auditor: “Why hasn’t it been updated? Is there a plan to review and update all similar procedures?”
   • PCI Quality Head: “We have a large backlog of documents. We don’t have a proactive, preventive schedule for document review based on risk.”
4. The Systemic Root Cause: This single deviation revealed a Major Non-conformance.
   • The root cause was not “operator error” but a failure of the Document Control system and a weak CAPA process that did not drive preventive action.
   • The finding was categorized as Major because it represented a systemic breakdown in two core QMS elements (Document Control and CAPA) that could affect every product batch.

Other Findings:

• Minor: Calibration stickers on several tanks in the warehouse were faded and unreadable. (Failure of the calibration system’s control).
• Observation: The training records did not easily show if an employee was certified for all tasks on a specific equipment line. (Opportunity for improvement).

Phase 3: Improve & Control (The Reporting and Follow-Up)

• The Report: The formal audit report highlighted the Major finding in the CAPA system and its link to Document Control. It stated that PCI’s QMS was not fully mature and posed a significant risk to consistent quality.
• Supplier Rating: PCI was rated “Provisional.”
• The CAPA Demand: Six Sigma Labs required a robust CAPA response from PCI before any GMP order could be placed. The required actions included:
  1. Revise the CAPA procedure to include requirements for root cause analysis (using a standard method like 5 Whys or Fishbone) and effectiveness verification.
  2. Perform a risk-based review of all manufacturing SOPs and update those with critical parameters not prominently displayed.
  3. Implement a preventive schedule for document review.
  4. Provide evidence of all completed updates and train all relevant staff.

The Outcome and Value Realized:

1. Short-Term: The GMP order was put on hold for 60 days while PCI implemented its corrections. This delayed the project slightly but prevented a likely quality disaster.
2. Long-Term:
   • PCI submitted its CAPA evidence. The Six Sigma Labs auditor performed a follow-up document review and verified that the procedures were updated and training was complete.
   • PCI’s QMS was strengthened, making them a more reliable long-term partner.
   • Six Sigma Labs placed its first GMP order with high confidence. The catalyst supplied was consistently within specification, and the oncology drug proceeded successfully through clinical trials.
   • The “Provisional” status was upgraded to “Fully Approved” after the first three successful batches.

Analysis: Why the Structural Audit Was Crucial

• A Process Audit Would Have Missed It: A process audit focused only on the catalyst’s manufacturing steps might have found the unclear procedure but likely would have categorized it as a minor issue. It would not have forced the systemic fix of the CAPA and Document Control systems.
• A Product Audit Would Have Been Too Late: A product audit upon receipt of the catalyst would only check if the material met spec. It would not have predicted the high probability of a future failure due to a flawed system.
• The Structural Audit was Predictive and Preventive: It identified a weakness in the foundation of PCI’s quality system that, if left uncorrected, would have inevitably led to a major quality failure, potentially contaminating a critical drug batch and halting a clinical trial.

Conclusion:
This case study demonstrates that a Six Sigma Labs Supplier Structural Audit is not a mere compliance exercise. It is a strategic, risk-based investment that protects product quality, patient safety, and the company’s financial future by ensuring that suppliers are not just capable of making a good product once, but are structurally designed to do so consistently.

White paper on Structural Audits

Building a Foundation of Quality

The Critical Role of Structural Audits in a Six Sigma Supplier Management Program

Document Version: 1.0
Date: October 26, 2023
Author: Six Sigma Labs Quality Assurance
Classification: Public

Abstract

In today’s complex and globalized supply chain, the quality of a finished product is inextricably linked to the quality of its components and raw materials. For organizations committed to Six Sigma levels of excellence, controlling supplier quality is not merely an inspection activity; it is a strategic imperative. This white paper argues that the Supplier Structural Audit is the most critical tool for proactive supply chain risk management. It moves beyond assessing what is produced to evaluating how it is produced within a robust Quality Management System (QMS). We will define the Structural Audit, differentiate it from other audit types, detail its core components, and present a framework for implementation, demonstrating how it serves as the foundation for a reliable, compliant, and continuously improving supply chain.

1. Introduction: The Limitations of Traditional Supplier Assessment

Many organizations rely primarily on product-centric assessments: certificates of analysis (CoA), product samples, and desktop questionnaires. While these have value, they are inherently reactive and historical. They answer, “Was this batch good?” but fail to predict, “Will the next batch be good?”

A single compliant product does not guarantee a capable system. A supplier may pass a questionnaire but lack the management commitment, robust procedures, or corrective action systems to ensure consistency. This systemic risk exposes the receiving organization to:

• Production Delays: Due to rejected raw materials.
• Costly Investigations: To root-cause supplier-related failures.
• Regulatory Action: If a supplier failure impacts drug safety or efficacy.
• Reputational Damage: From product recalls or quality issues.

The Six Sigma philosophy demands a proactive, data-driven approach to eliminate defects at their source. The Supplier Structural Audit is the embodiment of this philosophy within the supply chain.

2. What is a Supplier Structural Audit?

A Supplier Structural Audit is a system-level evaluation of a supplier’s overall Quality Management System (QMS). It is a deep, holistic assessment of the organizational infrastructure, policies, and procedures that form the backbone of quality and consistency.

Core Philosophy: “A weak structure cannot reliably support strong processes.”

Unlike a process audit (which follows a specific product’s manufacturing steps) or a product audit (which examines the finished item), the Structural Audit examines the enabling environment. It answers fundamental questions about the supplier’s organizational health:

• Is quality led from the top?
• Is there a culture of continuous improvement?
• Are resources adequate and competent?
• Is the system designed to prevent, detect, and correct problems?

3. The Six Sigma Structural Audit Framework: A DMAIC Approach

The program is systematically built around the DMAIC (Define, Measure, Analyze, Improve, Control) methodology.

3.1 Define (Planning)

• Risk-Based Supplier Classification: Suppliers are categorized (e.g., A/B/C or High/Medium/Low) based on the impact of their product/service on final product quality. This determines audit frequency and depth.
• Scope Definition: A formal audit plan defines the specific locations, processes, and QMS elements to be reviewed.
• Team Selection: A cross-functional team is assembled, led by a qualified lead auditor and including subject matter experts as needed.

3.2 Measure (Execution)

• Evidence Collection: Auditors gather objective evidence through interviews, observation, and record review. The focus is on tracing system implementation, for example, following a single CAPA from initiation to effectiveness check.
• Systematic Sampling: A statistically justified sample of records is reviewed to assess systemic compliance, not just isolated instances.

3.3 Analyze (Finding Development)

• Root Cause Analysis of System Gaps: Findings are not just listed; the auditor probes to understand the systemic root cause. A training failure, for instance, may point to a weak resource management system.
• Categorization: Findings are classified as:
  • Major: A systemic breakdown or absence of a required QMS element.
  • Minor: An isolated failure to meet requirements within a sound system.
  • Observation: An opportunity for improvement with no direct non-conformance.

3.4 Improve (Reporting & Corrective Action)

• Formal Reporting: A detailed report is issued, providing a clear, evidence-based snapshot of the supplier’s structural health.
• Supplier CAPA: The supplier is required to develop a formal Corrective and Preventive Action plan addressing the root causes of all non-conformances.

3.5 Control (Closure & Monitoring)

• Effectiveness Verification: The audit is not closed until the organization verifies that the supplier’s corrective actions have been implemented and are effective.
• Integration with Supplier Scorecard: The audit results feed into the supplier’s overall performance score, influencing future business and monitoring levels.

4. Key Differentiators: Structural vs. Process vs. Product Audits

5. The Business Case: Tangible Benefits

Implementing a rigorous Structural Audit program delivers a significant return on investment:

• Risk Mitigation: Proactively identifies and mitigates systemic risks before they cause a quality event, protecting patient safety and brand reputation.
• Cost Reduction: Drastically reduces costs associated with incoming inspection, rejected materials, production delays, and downstream failure investigations.
• Supply Chain Resilience: Creates a network of capable, high-quality suppliers who are partners in continuous improvement.
• Regulatory Assurance: Provides documented evidence of due diligence in supplier selection and control, a key expectation of regulators (FDA, EMA, etc.).
• Fosters a Culture of Quality: Encourages suppliers to strengthen their own QMS, elevating the standard of the entire supply chain.

6. Conclusion: An Indispensable Foundation

For an organization dedicated to the principles of Six Sigma, supplier quality cannot be left to chance or verified only at the point of receipt. The Supplier Structural Audit is not an optional administrative task; it is a strategic, foundational activity that builds a supply chain capable of supporting world-class quality and operational excellence.

By shifting the focus from product to system, from detection to prevention, Six Sigma Labs can ensure that every link in its supply chain is not just strong, but structurally sound. Investing in a robust Structural Audit program is ultimately an investment in product quality, patient trust, and long-term business success.

For more information on implementing a Six Sigma Supplier Audit Program, please contact the Quality Assurance department at Six Sigma Labs.

Industrial Application of Structural Audits

Executive Summary

For industrial organizations committed to operational excellence, the Supplier Structural Audit is not a quality check—it is a strategic risk management and continuous improvement tool. By applying a rigorous, system-level assessment to their supply chain, companies in sectors like aerospace, automotive, and heavy manufacturing proactively ensure reliability, reduce total cost, and drive innovation. This document outlines the practical application and tangible benefits of these programs beyond theoretical frameworks.

1. Core Industrial Application: The “Why”

In an industrial context, supplier failures are not just about a single defective part; they can lead to catastrophic downtime, safety incidents, and massive recall costs. The Structural Audit is applied to answer critical business questions:

• Can this supplier’s system handle our volume and complexity without failure?
• Will their management prioritize a quality issue that stops our $1M/hour production line?
• Is their culture one of transparency and problem-solving, or concealment and blame?
• Do they have the financial and technical stability to be a partner for the next 10 years?

2. Sector-Specific Applications & Case Examples

Application 1: Automotive Manufacturing

• Supplier in Scope: A manufacturer of Anti-lock Braking System (ABS) control modules.
• Structural Audit Focus:
  • Management Responsibility: Review of management review meetings—is safety and failure mode avoidance a standing topic?
  • Risk Management: Evaluation of the Failure Mode and Effects Analysis (FMEA) process. Is it a living document updated with field data?
  • Product Traceability: Audit of the system for tracking components from raw material to serialized unit (critical for recalls).
  • Change Control: Rigorous assessment of how the supplier manages engineering changes (e.g., a firmware update) and communicates them.
• Industrial Benefit: Prevents safety-related recalls, ensures just-in-time (JIT) delivery lines are not halted by quality issues, and maintains compliance with IATF 16949 standards.

Application 2: Aerospace & Defense

• Supplier in Scope: A foundry producing titanium turbine blades for jet engines.
• Structural Audit Focus:
  • Special Process Validation: Deep dive into the validation and ongoing control of critical processes like heat treating and non-destructive testing (NDT).
  • Calibration System: Verification that all measurement and test equipment is calibrated to national standards with impeccable records.
  • Personnel Competency: Assessment of certification programs for welders, NDT technicians, and other specialized roles.
  • Control of Non-Conforming Product: Ensuring any suspect blade is physically quarantined and its disposition is formally reviewed by authorized quality personnel.
• Industrial Benefit: Mitigates the risk of catastrophic in-flight failure, ensures compliance with AS9100, and protects the OEM from immense liability.

Application 3: Medical Device Manufacturing

• Supplier in Scope: A contract manufacturer assembling a disposable surgical stapler.
• Structural Audit Focus:
  • Design Controls (if applicable): Ensuring the supplier can manage design changes properly.
  • CAPA System: The most critical element. Auditing for robust root cause analysis (using 5 Whys, Fishbone) and verification of effectiveness.
  • Supplier Management (Their Suppliers): Tracing a critical component (e.g., the stainless steel for the staple) back to the raw material supplier and their mill certs.
  • Cleanroom & Environmental Controls: Assessment of the validation and monitoring of the manufacturing environment.
• Industrial Benefit: Ensures patient safety, achieves and maintains FDA 21 CFR Part 820 compliance, and prevents field corrective actions.

Application 4: Electronics & Semiconductor

• Supplier in Scope: A fabricator of multi-layer printed circuit boards (PCBs).
• Structural Audit Focus:
  • Statistical Process Control (SPC): Evaluating the real-time use of control charts for key parameters like etch depth and line width.
  • Contamination Control: Audit of procedures for handling chemicals and preventing electrostatic discharge (ESD).
  • Data Integrity: A growing focus. Ensuring that automated production data is secure, auditable, and cannot be altered without trace.
• Industrial Benefit: Drives yields up and defect rates down (in parts per million), which is essential for high-volume production. Prevents latent defects that cause early-life failures in consumer products.

3. The Industrial Audit Workflow: From Planning to Partnership

The application follows a disciplined cycle:

1. Risk-Based Trigger: A new supplier for a critical component is selected, or an existing supplier shows a trend of minor delays or non-conformances.
2. Deep Document Review: The audit team reviews the supplier’s Quality Manual, their internal audit reports, and their last customer audit findings.
3. On-Site System Tracing: The auditor does not just check boxes. They follow a “thread” through the QMS. For example:
   • Thread: Management Review → Quality Objective → CAPA → Effectiveness.
   • Action: “Show me your quality objective for on-time delivery. You missed it last quarter; what was the CAPA? Show me the evidence that the corrective action actually improved delivery performance this quarter.”
4. Business-Focused Reporting: Findings are phrased in terms of business risk, not just clause non-compliance.
   • Instead of: “Clause 4.4.1 not met.”
   • Write: “Major Finding: The supplier lacks a process to manage outsourced heat treatment. This creates an uncontrolled risk of part failure under stress, which could lead to a field failure and safety incident for our end product.”
5. Supplier Development & Closure: The outcome is not just a score, but a collaborative action plan. Six Sigma Labs may provide templates or training to help a strategically important supplier improve their CAPA system, turning a audit finding into a stronger partnership.

4. Tangible Industrial Metrics & ROI

The success of the program is measured by its impact on key performance indicators (KPIs):

• Reduction in Incoming Defect Rate (PPM): A direct result of auditing and improving supplier systems.
• Increase in Supplier On-Time Delivery (OTD): Systemic issues often cause delays; fixing them improves delivery.
• Reduction in Production Line Downtime caused by supplier quality issues.
• Decrease in Cost of Poor Quality (COPQ): Less internal time spent on sorting, rework, and supplier-generated non-conformance reports (NCRs).
• Shortened New Product Introduction (NPI) Cycle Time: Reliable suppliers from the start prevent launch delays.

Conclusion

In the industrial world, the Six Sigma Labs Supplier Structural Audit is the cornerstone of a resilient and high-performing supply chain. It transforms the supplier relationship from a transactional “purchasing” function to a strategic “quality and risk management” partnership. By rigorously applying these system-level audits, industrial organizations don’t just inspect quality into their supply chain—they architect it in from the very foundation, ensuring reliability, safety, and competitive advantage.