Everything you need to know about audit preparation and management system consulting

RSQMS is a management systems auditing and advisory consulting firm that helps manufacturers and suppliers prepare for certification audits, customer audits, and surveillance assessments. We provide practical services including gap assessments, internal audit programs, corrective action support, mock audits, and pre-audit coaching across standards such as ISO 9001, ISO 14001, ISO 45001, IATF 16949, MMOG/LE, AS9100, and more. Our goal is to make your quality management system audit-ready and sustainable.

Our clients are primarily manufacturers, automotive suppliers, aerospace companies, and other organizations that need to maintain or achieve certification to standards like ISO 9001, IATF 16949, or AS9100. We work with quality managers, plant managers, and operations leaders who need expert support to prepare for upcoming audits, address findings from previous assessments, or build stronger management systems from the ground up.

A registrar or certification body (such as BSI, Bureau Veritas, or SGS) conducts your official certification audit and issues your ISO or IATF certificate. RSQMS is an independent advisory firm that works on your side to prepare you for that audit. We help you identify gaps, strengthen documentation, coach your team, and run mock audits so you are fully ready when the registrar arrives. We do not issue certifications ourselves.

We work with organizations of all sizes, from small machine shops and component suppliers with fewer than 50 employees to large multi-site manufacturing operations. Our approach scales to fit your team size, complexity, and budget. Many smaller companies benefit especially from our advisory services because they may not have a dedicated quality department or internal audit team.

Absolutely. We frequently work with organizations pursuing first-time ISO 9001 certification or initial IATF 16949 registration. We guide you through the entire process from understanding the standard's requirements, building your quality management system documentation, training your team, conducting internal audits, and preparing for the Stage 1 and Stage 2 certification audits. Starting from scratch is one of our core strengths.

ISO 9001 is the internationally recognized standard for quality management systems (QMS). It provides a framework for organizations to consistently deliver products and services that meet customer and regulatory requirements. ISO 9001 certification demonstrates your commitment to quality, opens doors to new customers and markets, and helps reduce waste and improve operational efficiency. It is often a baseline requirement for doing business in manufacturing, aerospace, automotive, and many other industries.

ISO 9001 is the general quality management system standard applicable to any industry. IATF 16949 builds on ISO 9001 and adds automotive-specific requirements developed by the International Automotive Task Force. These additional requirements cover areas like advanced product quality planning (APQP), production part approval (PPAP), failure mode and effects analysis (FMEA), measurement systems analysis (MSA), and statistical process control (SPC). If you supply parts or services to the automotive industry, your customers will likely require IATF 16949 certification.

ISO 14001 is the international standard for environmental management systems (EMS). It helps organizations identify, manage, and reduce their environmental impact, including waste generation, energy use, emissions, and resource consumption. ISO 14001 is relevant to any organization that wants to demonstrate environmental responsibility, and it is often required by automotive OEMs, government contracts, and customers who prioritize sustainability in their supply chain.

ISO 45001 is the international standard for occupational health and safety management systems. It replaced the older OHSAS 18001 standard and follows the same high-level structure (Annex SL) as ISO 9001 and ISO 14001, making integration across standards much easier. ISO 45001 places greater emphasis on leadership commitment, worker participation, and a proactive approach to identifying and controlling workplace hazards and risks. Organizations previously certified to OHSAS 18001 were required to transition to ISO 45001.

ISO 19011 provides guidelines for auditing management systems, including planning, conducting, and following up on internal and external audits. It covers auditor competence, audit principles, and how to manage an audit program. While ISO 19011 is not a certifiable standard itself, it is the foundation for effective internal auditing across all management system standards. RSQMS uses ISO 19011 principles when building internal audit programs and training auditors for our clients.

Yes. AS9100 is the quality management system standard for the aerospace, space, and defense industries. It builds on ISO 9001 and adds requirements specific to aerospace, including configuration management, risk management, project management, and first article inspection. We help aerospace manufacturers and suppliers prepare for AS9100 certification audits, conduct gap assessments against AS9100 requirements, and coach teams on aerospace-specific documentation and evidence expectations.

Yes. ISO 13485 is the quality management system standard specifically designed for the medical device industry. It addresses regulatory requirements, risk management, design controls, traceability, and sterile manufacturing processes. We support medical device manufacturers and suppliers with gap assessments, documentation reviews, internal audit programs, and pre-audit preparation for ISO 13485 certification or surveillance audits.

ISO 22000 is the international standard for food safety management systems, covering hazard analysis, critical control points (HACCP), prerequisite programs, and food safety planning. FSSC 22000 is a GFSI-benchmarked certification scheme built on ISO 22000 with additional technical requirements. We provide advisory support for food and beverage manufacturers seeking ISO 22000 or FSSC 22000 certification, including gap assessments, HACCP plan reviews, and audit preparation.

Yes. ISO 27001 is the leading international standard for information security management systems (ISMS). It provides a framework for protecting confidential data, managing cybersecurity risks, and ensuring business continuity. We help organizations assess their current information security posture against ISO 27001 requirements, identify gaps in controls, and prepare documentation and evidence for certification audits.

ISO 50001 is the international standard for energy management systems. It helps organizations establish processes to improve energy performance, reduce energy consumption, and lower operating costs. ISO 50001 follows the same high-level structure as other ISO management system standards, which simplifies integration with ISO 9001, ISO 14001, or ISO 45001. We support manufacturers with energy management gap assessments, energy performance baseline analysis, and audit preparation.

IATF 16949 is the global quality management system standard for the automotive industry, published by the International Automotive Task Force. It was formerly known as ISO/TS 16949 or simply TS16949. The standard builds on ISO 9001 and incorporates automotive-specific requirements for defect prevention, reduction of variation, and supply chain management. It is a mandatory requirement for most OEM and Tier 1 automotive suppliers worldwide, and certification is maintained through regular surveillance and recertification audits.

MMOG/LE stands for Materials Management Operations Guideline / Logistics Evaluation. It is a self-assessment tool developed by the automotive industry (through AIAG and Odette) to evaluate the maturity of an organization's materials planning, logistics, and supply chain management processes. Many automotive OEMs and Tier 1 suppliers require their supply base to complete MMOG/LE assessments and achieve specific scoring thresholds. RSQMS helps organizations understand the MMOG/LE criteria, close gaps, improve their score, and prepare for customer reviews of their assessment.

VDA 6.3 is a process audit standard developed by the German Association of the Automotive Industry (VDA). It evaluates whether manufacturing and support processes are capable of consistently producing quality products. VDA 6.5 is a product audit standard that focuses on verifying finished products against customer specifications and requirements. Both are widely used by European automotive OEMs such as Volkswagen, BMW, and Mercedes-Benz, and are increasingly expected across the global automotive supply chain. RSQMS provides VDA 6.3 and VDA 6.5 audit preparation, training, and advisory support.

The CQI special process assessments are industry-developed evaluation tools published by the Automotive Industry Action Group (AIAG). Each CQI standard targets a specific manufacturing process: CQI-9 covers heat treating, CQI-11 covers plating, CQI-12 covers coating, CQI-15 covers welding, CQI-17 covers soldering, CQI-23 covers molding, and CQI-27 covers casting. These assessments evaluate process controls, equipment, training, and quality system requirements specific to each process. Automotive OEMs and Tier 1 customers often require their suppliers to pass these assessments as a condition of doing business.

The AIAG Core Tools are five foundational quality methodologies required by IATF 16949 and widely used across the automotive supply chain. APQP (Advanced Product Quality Planning) is a structured framework for developing new products and processes. PPAP (Production Part Approval Process) documents that a supplier can consistently produce parts meeting customer specifications. FMEA (Failure Mode and Effects Analysis) is a risk assessment tool for identifying potential failure modes. MSA (Measurement Systems Analysis) evaluates the reliability and accuracy of measurement equipment. SPC (Statistical Process Control) uses data and control charts to monitor and control manufacturing process variation.

Customer-specific requirements (CSRs) are additional quality, logistics, and process requirements imposed by individual OEMs and Tier 1 customers on top of the base IATF 16949 standard. Each major automaker (such as GM, Ford, Stellantis, Toyota, or Volkswagen) publishes its own set of CSRs covering areas like supplier portal usage, PPAP submission formats, packaging standards, warranty reporting, and escalation procedures. These requirements are auditable during your IATF 16949 certification audit, and non-conformances to CSRs are treated as audit findings. RSQMS helps you identify, interpret, and implement applicable customer-specific requirements.

A gap assessment (also called a gap analysis) is a systematic review of your current management system compared to the requirements of the standard you are targeting, such as ISO 9001, IATF 16949, or ISO 14001. The goal is to identify specific areas where your documentation, processes, or evidence do not yet meet the standard's requirements. RSQMS conducts gap assessments that produce a clear, prioritized action plan so your team knows exactly what needs to be addressed before the certification audit.

Preparation timelines vary depending on your starting point, the complexity of your operations, and which standard you are pursuing. For a first-time ISO 9001 certification, most organizations need between 3 to 9 months of focused preparation. More complex standards like IATF 16949 or integrated multi-standard systems typically require 6 to 12 months. Organizations that already have a mature management system in place may need only a few weeks of focused pre-audit preparation for a surveillance or recertification audit.

A mock audit (also called a pre-assessment or readiness audit) simulates the actual certification or surveillance audit experience. An experienced auditor reviews your documentation, interviews process owners, and examines objective evidence just as a registrar would. The key benefit is that it reveals gaps, weak evidence, and unprepared areas before the real audit, giving your team time to make corrections. Mock audits also help reduce anxiety and build confidence among staff who will be interviewed during the official assessment.

The most frequently cited audit findings across ISO and IATF audits include incomplete or outdated documented information, lack of objective evidence for process effectiveness, inadequate internal audit programs, weak corrective action and root cause analysis, insufficient management review outputs, failure to address risks and opportunities, calibration gaps in measurement equipment, and incomplete training records. RSQMS helps organizations proactively address these common problem areas before the audit so they are less likely to result in nonconformities.

A surveillance audit is a periodic check (usually annual) that verifies your management system continues to meet the standard's requirements between certification cycles. It typically covers a subset of clauses and processes. A recertification audit is a full-scope reassessment conducted every three years to renew your certificate. Preparation for both involves reviewing previous audit findings, ensuring corrective actions are effective, updating documents, conducting fresh internal audits, and completing a management review. Recertification requires more comprehensive preparation since the entire system is evaluated.

A corrective action is a structured response to an identified nonconformity or audit finding. It goes beyond simply fixing the immediate problem (which is called a correction or containment) and addresses the underlying root cause to prevent recurrence. A good corrective action includes a clear description of the nonconformity, thorough root cause analysis (using methods like 5-Why, fishbone diagrams, or fault tree analysis), a defined action plan with responsibilities and deadlines, implementation evidence, and follow-up verification that the action was effective.

Root cause analysis (RCA) is a problem-solving methodology used to identify the fundamental cause of a nonconformity, defect, or failure rather than just treating the symptoms. Common RCA tools include the 5-Why technique, Ishikawa (fishbone) diagrams, fault tree analysis, and the 8D problem-solving method. Auditors focus heavily on root cause analysis because superficial corrective actions that do not address the true root cause tend to result in repeat findings. Demonstrating effective RCA is a key indicator that your management system is mature and continuously improving.

A typical engagement begins with a scoping discussion where we understand your current state, the standards in play, your audit timeline, and your specific challenges. From there, we propose a practical work plan that may include a gap assessment, documentation support, internal audits, training, corrective action coaching, and a mock audit. Engagements are flexible and can range from a focused one-week readiness review to a multi-month advisory program. We work collaboratively with your team to build sustainable capability, not dependency.

We offer both on-site and remote consulting depending on the scope of work and your preferences. Activities like gap assessments, document reviews, training sessions, and corrective action coaching can often be conducted effectively through remote sessions. On-site visits are typically most valuable for mock audits, process walkthroughs, and shop floor assessments where physical observation of operations, equipment, and working conditions is important. Many engagements use a hybrid model combining remote preparation with targeted on-site activities.

Our fees depend on the scope of the engagement, the number of standards involved, the size of your organization, and the depth of support required. We offer flexible engagement models ranging from short-term focused assessments to comprehensive multi-month advisory programs. We provide a clear proposal with transparent pricing after our initial scoping discussion so there are no surprises. Contact us with your scope and timeline for a tailored estimate.

Getting started is simple. Reach out to us by email at rsqms@outlook.com to schedule a free consultation. During that conversation, we will discuss your current management system status, the standards you need to meet, your audit timeline, and any specific challenges you are facing. From there, we will recommend a practical engagement path and provide a clear proposal. You can also use the contact form on our website or try our free self-assessment tool to evaluate your current readiness.