Auditing and assessment is the verification arm of the nuclear QA program, the set of activities that confirm whether the quality program is being implemented as designed and whether it is achieving the intended outcomes. NQA-1 Requirement 18 and 10 CFR 50 Appendix B Criterion XVIII establish the audit requirements. The program encompasses internal audits of the organisation's own QA program elements, supplier audits and surveillance, and self-assessments. Together, these activities provide the feedback loop that management needs to identify weaknesses, verify corrective actions, and demonstrate program effectiveness to regulators and customers.

01

Types of audit and assessment activity

Nuclear QA programs typically maintain three distinct verification activities. Internal audits assess the organisation's own QA program elements against the requirements of the applicable standard (NQA-1, CSA N286, or equivalent). They are scheduled periodically, typically annually for each program element, and conducted by personnel independent of the area being audited. Supplier audits and surveillance assess whether approved suppliers are implementing their QA programs as committed in their qualification submissions. Self-assessments are conducted by line management and technical staff against their own areas of responsibility, often more frequently than formal audits, to identify issues before they become findings.

Independence requirement: Auditors must be independent of the area being audited, they cannot audit their own work or directly supervise the work being audited. For smaller organisations, satisfying this independence requirement may mean using qualified personnel from other departments or engaging external auditors. The independence requirement exists to prevent the cognitive bias of self-assessment from contaminating the formal audit record.

02

Audit planning, execution, and reporting

Every audit begins with a documented audit plan: scope, objectives, criteria, schedule, and lead auditor designation. The audit team reviews applicable procedures, previous audit reports, and corrective action records before the on-site portion. During execution, auditors collect objective evidence through document review, record examination, interviews, and direct observation of activities. Findings are documented as observations, concerns, or non-conformances, with objective evidence supporting each finding.

The audit report is issued to the auditee's management within a defined timeframe after the audit. The auditee must respond with corrective actions for each finding, and those corrective actions must be verified as implemented before the audit can be formally closed. Audit reports and auditee responses are quality records, they are retained for the life of the program and reviewed during subsequent audits and regulatory inspections.

A common audit program weakness is slow closure. Audit findings that age open for months without corrective action are themselves audit findings in subsequent cycles. Organisations should track audit finding closure rates as a leading indicator of corrective action program health.

03

Supplier audits and qualification maintenance

Supplier audits serve two purposes: qualifying new suppliers and maintaining the qualification of approved suppliers. A qualification audit examines whether the supplier's documented QA program is implemented in practice, that personnel are qualified for the work they perform, that records are being maintained, that nonconformances are being identified and dispositioned, and that the specific processes relevant to the contracted scope are under adequate control.

The frequency of supplier re-audit and surveillance should be risk-based. Suppliers providing high safety-significance items, new suppliers without a performance history, and suppliers with prior quality findings warrant more frequent oversight than established suppliers with consistently clean performance records. Surveillance activities, periodic observation of supplier operations without the formality of an audit, provide ongoing assurance between scheduled re-audits.

When a supplier audit identifies significant findings, the response should include not just corrective actions on the specific findings but an evaluation of whether the findings indicate broader systemic problems. A supplier that cannot maintain an adequate QA program may need to be removed from the approved supplier list pending demonstrated improvement.

04

Self-assessments and safety culture indicators

Self-assessment programs are one of the most revealing indicators of safety culture maturity. When implemented genuinely, not as a compliance exercise, self-assessments demonstrate that the organisation is committed to finding and addressing its own weaknesses before regulators or customers do. Regulators compare self-assessment findings against their own inspection results; organisations that consistently identify fewer issues than regulators find are assessed as having inadequate self-identification capability, which is a safety culture concern.

Conversely, self-assessment programs that routinely find no significant issues, or find only minor administrative items, invite scrutiny. A large, complex nuclear program that goes multiple consecutive assessment cycles without identifying significant findings is either performing exceptionally well or not looking carefully enough. Regulators treat thin self-assessment finding records as a potential warning sign, particularly when combined with findings identified by external parties.

Effective self-assessment programs benchmark against industry performance, use structured assessment methodologies, include personnel at all levels of the organisation, and feed findings directly into the corrective action program. The self-assessment record should show not just what was found but what was done about it.

Forged Operations tracks the full audit lifecycle, scheduling, finding classification, corrective action assignment, and closure verification. AI surfaces overdue audit responses, identifies repeat findings across audit cycles, and assembles audit-readiness summaries before regulatory inspections.

Book a demo Learn more →

Related terms

Corrective Action Program (CAP) Supplier Qualification NQA-1 10 CFR 50 Appendix B

References

  1. American Society of Mechanical Engineers. ASME NQA-1-2022: Quality Assurance Requirements for Nuclear Facility Applications, Requirement 18 — Audits. New York: ASME, 2022.
  2. U.S. Nuclear Regulatory Commission. "Criterion XVIII — Audits." Code of Federal Regulations, 10 CFR 50 Appendix B. Washington, D.C.: NRC.
  3. Canadian Nuclear Safety Commission. REGDOC-2.1.1: Management System. Ottawa: CNSC, 2019.
  4. ISO 19011:2018. Guidelines for Auditing Management Systems. Geneva: ISO, 2018.