On the Difference Between an Audit and an Assessment

“Audits” and “Assessments” may appear similar but are substantially different.

One of the fundamental tasks of quality management is systematically evaluating the adherence to quality aspects. Typically, one or several national and international institutions apply to any given discipline, such as product design and development. Currently, Automotive SPICE (see http://www.automotivespice.com), led by the German auto manufacturers association VDA (https://www.vda.de/en.html), is arguably one of the most relevant software and systems development standards. The terms “audit” and “assessment” are distinct in this context. The “Automotive SPICE Assessment Model,” a supplementary document to the Automotive SPICE standard,  provides the following definitions: Audit: An evaluation of work products and processes against specifications, standards, processes, or other agreements, generally carried out based on checklists. Assessment: A formalized and standardized evaluation of the processes of an organizational unit against a reference model (the “process reference model”). Depending on the situation, the assessor’s experience is used in the assessment. While neither audits nor standards can possibly be entirely objective, assessments tend to have more standardized rating schemes, such as ranks (e.g., “none-partially-mostly-fully,” etc.) Audits tend to be “black vs. white” outcome ratings, not unlike test cases (which are rated either passed or failed). Neither the VDA’s standard nor my attempt to refine it satisfies me since definitions may still appear too vague (terms like “usually” or “generally” are not too helpful). I am therefore proposing a more precise and less general distinction:

• audits are based on the quality manager’s checklist, while
• assessments are based on formal standards and reference models.

While still imperfect, that kind of definition leaves less space for rhetorical argument, and the simplicity of it appears hard to top. Note that having a (possibly comprehensive) checklist does not necessarily suffice. The intention, stylistic aspects, internal policies, and other numerous characteristics determine the effectiveness of any checklist. Also, standards like Automotive SPICE or any other given standard, like CMMI or functional safety standard ISO 26262, are naturally subject to interpretation and – even worse – corporate politics. The most important aspect of them all is the quality manager’s professional skill and experience. Otherwise, as a popular proverb goes: “A fool with a tool is still a fool,” which is often accredited to the renowned computer scientist Grody Booch and can be applied to any standard or checklist.

---

Let’s start a conversation on LinkedIn or X.com (formerly Twitter).