What are early warning signs of AS9102-related audit risk?

Several recurring patterns show up in plants that later have AS9102 findings. Most of them surface well before an external audit if you know what to look for.

1. Inconsistent or incomplete FAI packages

Audit risk is high if any of the following are common:

• FAI forms filled out differently by each engineer or site (different fields used, local templates, mixed rev levels).
• Ballooned drawings are missing, outdated, or not clearly linked to Form 3 characteristics.
• Not all drawing notes, flag notes, and key characteristics are ballooned and accounted for.
• Partial FAIs done as full FAIs, or full FAIs done when only a partial is justified, with weak rationale.
• FAI packages stored in email, personal drives, or local folders instead of controlled systems.

In a brownfield stack, this is often a symptom of disconnected PLM, QMS, and MES, or reliance on Excel/Net-Inspect uploads without a clear internal standard.

2. Weak traceability between requirements and evidence

AS9102 findings frequently stem from traceability gaps rather than a single wrong number. Warning signs include:

• Operators or inspectors cannot easily show which work order, lot, or serial number a given FAI corresponds to.
• Measurement data cannot be traced back to specific gages, calibration records, or inspection methods.
• Material certs, process certs, and special process records are stored separately from the FAI with no clear links.
• Reworked or repaired parts included in FAI without clear documentation and justification.

In mixed-system environments, these issues often come from manual copy-paste between ERP/MES/quality tools and paper travelers that are not kept in sync.

3. Confusion around when a new or partial FAI is required

Another early warning is policy or practice drift on FAI triggers. Risk indicators:

• Different planners, engineers, or sites interpret FAI triggers differently (e.g., drawing revision, new supplier, new machine, change in NC program).
• No clear, approved procedure that maps typical change scenarios to full FAI, partial FAI, delta verification, or no FAI.
• FAIs are sometimes skipped for schedule reasons, then backfilled later only when a customer asks.
• First production run dates do not align with FAI dates in the records.

Because change control is often run through PLM/ECN while FAI is handled in QMS or point tools, gaps here are common unless workflows are deliberately connected.

4. Reliance on manual data entry and re-keying

High manual handling of FAI data is not automatically noncompliant, but it is a strong early signal of audit risk:

• Characteristics manually typed into Form 3 from drawings instead of derived from a controlled source or ballooning tool.
• Inspection results manually re-entered from paper sheets or standalone CMM reports into the FAI form.
• Multiple versions of the same FAI Excel file circulating via email.
• Frequent transcription errors found during internal review (wrong units, misplaced decimal, wrong characteristic ID).

In brownfield plants, full digital integration may not be realistic in the short term, but uncontrolled re-keying without checks and audit trails is a clear risk flag.

5. Poor linkage to change control and configuration management

AS9102 is tightly coupled to configuration. Early risk signs include:

• FAIs that reference obsolete drawing or model revisions.
• Engineering change notices that do not automatically prompt FAI review (full, partial, or no action) as part of the workflow.
• Different systems showing different revisions for the same part (PLM vs ERP vs MES vs FAI tool).
• Suppliers performing FAIs to one revision while the internal system of record shows another.

In long-lifecycle aerospace programs, these misalignments build up over years, especially when PLM, ERP, and MES/inspection software are only loosely integrated.

6. Gaps in special process and supplier evidence

FAI is broader than dimensional checks. Early audit risk indicators include:

• Special process reports (heat treat, NDT, plating, welding, etc.) are not clearly referenced in the FAI package.
• Supplier FAIs are accepted as-is without internal review of completeness and alignment to the drawing and PO requirements.
• Different suppliers follow different FAI formats and interpretations for the same customer requirement with no harmonization.
• Flowdown requirements from primes (e.g., Net-Inspect usage, specific FAI instruction) are inconsistently followed.

With multi-tier supply chains and mixed systems, misalignments between customer portals, internal QMS, and supplier practices are a common source of findings.

7. Limited internal review and weak FAI governance

Even when FAIs exist, lack of structured review is an early warning:

• No defined sign-off roles for FAI review (e.g., quality, manufacturing engineering, and sometimes design authority).
• FAIs are approved under schedule pressure with known gaps to be “fixed later”.
• Internal process audits find recurring issues in FAI content, but corrective actions are weak or not sustained.
• No cross-site standard or work instruction for how FAIs are planned, executed, and archived.

In a multi-site, multi-system environment, inconsistent governance is often the root cause of customer-to-customer variation in FAI execution.

8. Difficulty retrieving complete FAI records on demand

Audit risk increases when evidence is hard to pull together quickly. Early signs:

• It takes days (or a “war room”) to locate a complete FAI package for a given part and serial/lot.
• Some FAI elements live in PLM, others in a shared drive, others in an inspection system or customer portal, with no clear index.
• Different people retrieve different versions of “the” FAI package.
• Legacy FAIs for current production parts cannot be located or are incomplete.

This is a typical brownfield reality but a clear warning: if retrieval is painful during normal operations, it is highly exposed under time-bounded audits or customer escapes.

9. Metrics and feedback loops that ignore FAI quality

Plants often track on-time FAI completion but not FAI quality. Early warning signals include:

• FAI KPIs are purely schedule-based (e.g., % on-time) without any measure of rejections, rework of FAIs, or audit findings.
• Customer returns or escapes trace back to characteristics that were supposedly covered in FAI, with no systematic review of the FAI itself.
• Lessons learned from nonconformances or MRB do not flow back into how FAI plans are built.

Without feedback, systemic weaknesses in FAI planning and execution stay hidden until an external body forces the issue.

10. Overreliance on tools without process discipline

Digital FAI or Net-Inspect-based workflows can help, but they also mask underlying issues if not governed carefully. Risk signs:

• Assuming that using a particular FAI software or portal is itself evidence of compliance.
• Ballooning and characteristic lists are generated automatically but not reviewed for completeness against notes, GD&T, and key characteristics.
• Integration between CAD/PLM, MES, and inspection systems is assumed to be correct without periodic verification.
• No controlled process for updating FAIs when the digital thread changes (e.g., CAD model update, NC program revision).

In regulated, long-lifecycle environments, tools help, but auditors will still drill into process discipline, validation, and change control.

Practical steps if you see these warning signs

Without providing legal or regulatory advice, there are practical moves that usually reduce AS9102 audit exposure:

• Standardize FAI work instructions, templates, and sign-off flows across sites and key suppliers, tied to your QMS.
• Create a simple FAI trigger matrix aligned with your change control process, and embed it into existing PLM/ECN and routing workflows rather than building a separate process.
• Run targeted internal process audits focused on a sample of high-risk parts: check traceability from drawing/model to ballooning to Form 3 to actual measurement data and certs.
• Improve evidence retrieval: at minimum, a consistent naming/indexing convention and a clear system of record for the “official” FAI package per part/configuration.
• In brownfield environments, prioritize light-touch integrations (or disciplined manual cross-checks) between PLM, ERP, MES, and inspection systems rather than attempting a risky full replacement.

The earlier these issues are surfaced and corrected, the less likely they are to appear as formal findings during AS9102-related audits or customer reviews.