Reality check · IATF-16949
IATF surveillance is the strictest QMS audit in manufacturing. Walk it with operators who have lived it.
A pre-audit walk for automotive Tier 1 and Tier 2 manufacturers certified to IATF 16949:2016. We find the gap before the IATF auditor does.
IATF 16949 is the strictest QMS audit standard in widespread manufacturing use. The reason is the OEM customer base: the auto OEMs (GM, Ford, Stellantis, BMW, Daimler, VW, Toyota, Honda, Nissan, Tesla) wrote the standard to enforce supply-chain discipline at a level the rest of manufacturing has never seen. The audits are unannounced. The CSRs vary by OEM. The penalty for a Major is loss of certification, which means immediate quote-block on every OEM in the customer base.
Quick answer
The IATF 16949 Reality Check is a pre-audit walk for automotive Tier 1 and Tier 2 manufacturers certified to IATF 16949:2016. Brass & Bench partners come onsite for five to seven days, walk the AQMS against the floor reality with attention to the customer-specific requirements (CSRs) of your major OEMs, the core tools (PPAP, MSA, SPC, FMEA, APQP), and the IATF-specific clauses, and deliver a bound gap-matrix report. Pricing is $40,000 to $70,000 all-inclusive depending on facility size, OEM customer mix, and CSR scope. Most clients use this engagement six to sixteen weeks ahead of a recertification audit or after a major nonconformance writeup.
By Lorrie Lynn · Founding Partner. Operations, Manufacturing & International Contracts · Updated May 14, 2026The gap
What the registrar finds that your internal audit missed.
IATF 16949 gaps cluster in six high-cost places.
Customer-specific requirements (CSRs). Every OEM publishes its own CSR document layered on top of IATF 16949. GM has different requirements than Ford, which has different requirements than Stellantis. The auditor will pull the CSRs that map to your customer base and audit you against them line by line. Common gap: the CSRs are filed but not flowed down into your work instructions, your supplier-management procedure, or your FMEA inputs.
PPAP and APQP discipline. Production Part Approval Process and Advanced Product Quality Planning are core tools. Most certified shops have PPAP submissions on file but lack the cross-referencing between the PPAP, the Control Plan, the PFMEA, and the work instructions. The IATF auditor follows a single part number through all five PPAP elements and looks for inconsistencies. Common gap: the PFMEA Severity, Occurrence, and Detection ratings do not match the Control Plan controls, or the work instructions do not enforce the controls the Control Plan describes.
MSA (Measurement System Analysis). AIAG MSA Manual compliance for gage R&R, bias, linearity, and stability studies. Common gap: the MSA studies were done at PPAP time and have not been refreshed against gage changes, calibration drift, or operator-population shifts. IATF auditors look at the MSA log and the calibration log side by side and find the mismatches.
SPC (Statistical Process Control). Control charts maintained per the Control Plan, with documented out-of-control rules and reaction-plan execution. Common gap: the SPC charts are run but the out-of-control points get acknowledged without reaction-plan execution. The chart logs show the special-cause flags. The reaction-plan logs do not. The auditor cross-references both.
Layered Process Audit (LPA). IATF 16949 expects an LPA program with documented frequency, documented findings, and closed-loop corrective action. Common gap: the LPA gets done at the supervisor level but not at the plant-manager and quality-manager levels the standard expects. Or the LPA findings are recorded but not actioned.
Embedded software process (where applicable). IATF 16949 expects controlled software development for any embedded automotive software. Auditors who see embedded code in your product go looking for the software-development lifecycle. Common gap: the embedded software is treated as a black box from the supplier, with no SDLC visibility flowing to your QMS. Auditor flags it as systemic.
The path
How we close the gap before the audit.
The Reality Check is structured around CSR alignment, core-tool depth, and IATF-specific clauses.
Day zero. Remote intake. Your AQMS manual, the procedure set, the work instruction library, the last two IATF audit reports, twelve months of corrective actions, twelve months of customer scorecards (heavy IATF input), all customer CSR documents in force, your PPAP submissions for the past twelve months, the live Control Plans and PFMEAs, the MSA studies, the SPC chart log, and the LPA records.
Day one. CSR flowdown walk. Lorrie Lynn maps every CSR against your work instructions, supplier-management procedure, and FMEA inputs. Every gap gets logged. The CSRs are the deepest gap risk in most shops.
Days two and three. PPAP and APQP cross-reference. The team picks two or three representative part numbers and walks PPAP, Control Plan, PFMEA, and work instructions end-to-end. Every inconsistency gets logged.
Day four. MSA and SPC walk. Calibration log, gage-management procedure, MSA study log, and SPC chart log are reviewed against actual gage and process data. The team specifically looks for out-of-control points without reaction-plan closure.
Day five. LPA and embedded software (where applicable). LPA program reviewed at every level. Where embedded software is in scope, the SDLC visibility chain is traced.
Day six. Backbone walk and findings build. Targeted walk on management review, internal audit, risk register, and corrective-action effectiveness. The bound gap-matrix report is built in real time.
Day seven (if needed). Multi-site or multi-shift extension.
The bound report ships within forty-eight hours of onsite wrap. The recommended-path appendix sequences remediation against the audit calendar and the highest-CSR-risk OEM in your customer base.
IATF-16949 audit coming up? Let's find the gap first.
The first call is a thirty-minute conversation. We tell you whether the Conformance Reality Check is the right product, or whether you need something different.