Overall responsibility for the content of an audit and selection of the audit method lies with the auditing organization unless otherwise specified by the customer. It is recommended to define a company-specific strategy for internal and external audits.
When considering risk and influencing factors, either for auditors or auditees, or for products and processes, remote audits, i.e. audits without auditors being physically present, are an alternative to on-site audits.
The QMA (Quality Management Committee) resolution of 16/09/2020 stipulates that a maximum of two remote audits of the five audits to be verified shall also be recognized in terms of maintaining the VDA 6.3:2016 auditor qualification (“extension” of the validity period for the VDA QMC certificate after passing the VDA 6.3 examination).
Recommendations on the remote conduct of a VDA 6.3 audit were drawn up by the members of the VDA 6.3 project group on behalf of the QMA, explained below, and are retroactively valid for remote audits and hybrid audits in 2020. In principle, remote audits cannot represent a fully comprehensive VDA 6.3 process audit (P2-P7). This is because of a lack of transparency during the audit process as well as technical, legal, and data protection aspects. The same applies to carrying out potential analyses (P1), which can only be done to a limited extent without an on-site visit to the supplier.
However, individual process elements of VDA 6.3 can certainly be audited remotely. Preferably, the product and process development elements (P2-P4) could be audited remotely. Parts of the supplier management element (P5) and the customer element (P7) can be mapped remotely. To a certain extent, individual questions from P6 are suitable for remote audits, taking into account product and process risks, although the “two-thirds rule” must still be observed.
The criticality of the product, as well as the development/manufacturing process, past performance, and location factors, are particularly important when selecting a remote audit. An overview of audit methods (on-site audit, remote audit, or hybrid audit) with classification according to the risk and influencing factors is therefore available below. Detailed recommendations for the individual process elements P2-P7 and for the potential analysis P1 are also listed below.
Remote audits can be carried out internally and externally in the same way as on-site audits.
Classification of Audit Methods Based on Existing Risk and Impact Factors
Type 1 HIGH Product/Process Risk | Type 2 MEDIUM Product/Process Risk | Type 3 LOW Product/Process Risk |
High Product Criticality | Medium Product Criticality | Low Product Criticality |
e.g product safety relevance, type approval relevance, Special/Critical Characteristics (relevant to homologation or safety) | e.g. special technical features of products, Special Characteristics (relevant to function) | - |
High Risks to Quality | Medium Risks to Quality | Low Risks to Quality |
e.g. unknown processes, new products, high degree of innovation | e.g. unknown location | e.g. products and processes are known, processes have already been audited |
Performance | Performance | Performance |
e.g. permanently negative KPI | e.g. temporary negative KPI | e.g. acceptable KPI |
Degree of Maturity | Degree of Maturity | Degree of Maturity |
High Product Criticality | Product or process maturity has not been reached (VDA RGA yellow) | Product or process maturity exists (VDA RGA green) |
On-site Audit | Hybrid Audit Part 1: Remote Audit* Part 2: On-site Audit | Remote Audit* |
*Remote audits are possible as an alternative to an on-site audit
Note: The most critical estimation is crucial for the selection of the audit method. Performing on-site audits requires that the health of auditors and auditees may not be endangered.
Recommendation on Remote Audits for VDA 6.3 Process Elements (P2-P7)
Question VDA 6.3 | Suitable | Conditionally Suitable |
P 2 - P 4, P 5.1 - P 5.4 | x | |
P 5.5* | | x |
P 5.6 | | x |
P 5.7 | x | |
P 6.1.1, P 6.1.2, P 6.1.3, P 6.1.4 | | x |
P 6.1.5* | (x) | (x) |
P 6.2.1 | | x |
P 6.2.2 | (x) | (x) |
P 6.2.3* | (x) | (x) |
P 6.2.4* | | x |
P 6.2.5 | | x |
P 6.3.1* | (x) | (x) |
P 6.3.2, P 6.3.3 | (x) | (x) |
P 6.4.1* | | x |
P 6.4.2 | (x) | (x) |
P 6.4.3* | | x |
P 6.4.4, P 6.4.5 | | x |
P 6.5.1 | x | |
P 6.5.2 | (x) | (x) |
P 6.5.3* | (x) | (x) |
P 6.5.4 | x | |
P 6.6.1, P 6.6.2 | | x |
P 6.6.3 | (x) | (x) |
P 6.6.4* | (x) | (x) |
P 7.1, P 7.2 | x | |
P 7.3* | x | |
P 7.4* | (x) | (x) |
P 7.5 | x | |
(x) = suitable/conditionally suitable depending on product and process risks
Recommendation on Remote Audits for VDA 6.3 Potential Analysis (P1)
Question VDA 6.3 | Suitable | Conditionally Suitable |
P2 | x | |
P3.1/3.2* | x | |
P4.1* | x | |
P4.3/4.4* | x | |
P 5.1/5.2/5.4* | x | |
P 5.5*/5.6 | | x |
P 6.1.1, P 6.2.1 | | x |
P 6.2.2 | (x) | (x) |
P 6.2.3* | x | |
P 6.2.4* | | x |
P 6.3.1* | (x) | (x) |
P 6.3.3 | (x) | (x) |
P 6.4.1* | | x |
P 6.4.2 | (x) | (x) |
P 6.4.3* | | x |
P 6.4.4 | | x |
P 6.5.3* | (x) | (x) |
P 6.5.4 | x | |
P 6.6.2 | | x |
P 6.6.4* | (x) | (x) |
P 7.1, P 7.2 | x | |
P 7.3* | x | |
P 7.4* | (x) | (x) |
(x) = suitable/conditionally suitable depending on product and process risks
Content extracted from the official VDA QMC document - Berlin, February 2021