This image relates to computer vendor audit web page.

Computer Vendor Auditing Rationale.

The Computer Vendor Audit (CVA) sprung to life in the aircraft industry, in the late 1950’s, when it became very apparent that you could not just build an aircraft, and then certify it, fit to fly, just by inspecting it, quality had to be built into every manufactured part and every line of code. Opinions were out, documented, company approved instructions, were in. Quality Management was born, not an event - a process, and a mindset. Years later the same problem became apparent to the medical regulators, and cGMP appeared. The inspection and assessment of quality became extremely important, and assessing your suppliers became mandatory. Documents like IQ,- OQ, - DQ, - PQ,- VRA,- VP, - URS, were born.

Just completed a supplier assessment, how important was your documentation? How important was your justification for your decision? Have you been biased in your judgement? Were your priorities right? How did you get it so wrong? These are questions that are in the minds of all persons affected by an adverse audit outcome. To make certain that you are going to be ‘squeaky clean’, every question, and every answer and observation, needs to be clearly documented. The company priorities must be understood and integrated into the weighting of the audit documents. If you are auditing on behalf of a client, they have a right to review your assessment documents, and you are required to be impartial and accurate in your findings.

Assurance services involve the internal auditor's objective assessment of evidence to provide an independent opinion or conclusions regarding an entity, operation, function, process, system, or other subject matter. The nature and scope of the assurance engagement are determined by the internal auditor. There are generally three parties involved in assurance services: (1) the person or group directly involved with the entity, operation, function, process, system, or other subject matter - the process owner, (2) the person or group making the assessment - the internal auditor, and (3) the person or group using the assessment - the user.


Computer Vendor Auditing Scope.

An quality assessment questionnaire must cover the under listed topics but it must use a method of weighting the topics in order that the clients really critical topics have a more significant impact on the vendor’s assessment.

  • General.
  • Organization & Personnel.
  • Facilities
  • Equipment.
  • System Integration.
  • Development Plan.
  • Test Plan.
  • Configuration Management.
  • Customer Support.
  • Product Security.
  • Change Control.
  • Quality Systems.
  • Document Control.
  • Program Documentation.
  • Documentation Management