By Matt Casey ·

Layered Process Audits and IATF 16949: What Your Next Surveillance Audit Will Check

Layered Process Audits (LPA) went from a “nice to have” to a surveillance audit checkpoint under IATF 16949. The 6th Edition rules and AIAG CQI-8 3rd Edition are specific about what a compliant LPA program looks like — and auditors are asking more detailed questions than they were five years ago.

This post covers what IATF 16949 §9.2.2.2 actually requires, what Stellantis’s recent mandate means for your LPA program, and what a well-designed LPA system should prove to an auditor in under 10 minutes.

What IATF 16949 §9.2.2.2 requires

The clause requires that the organization has a documented process for layered process audits. Specifically:

  • Defined layers: Different management levels conduct audits at different frequencies
  • Defined cadence: The AIAG CQI-8 framework establishes four tiers — Operator (daily), Supervisor (weekly), Manager (monthly), Plant Manager (quarterly)
  • Process-focus, not product-focus: LPAs audit the process, not the product. You’re checking whether operators are following the standard work, not whether the part is in tolerance
  • Finding-driven CAPA: Nonconformant findings must link to corrective action. An LPA program that identifies findings and doesn’t resolve them fails the purpose of the clause

The intent is a management engagement system where problems are surfaced, escalated, and resolved — not a paperwork exercise.

What Stellantis SQA Connect (June 2025) added

Stellantis issued updated SQA Connect guidance in June 2025 that mandates weekly LPAs for suppliers on their approved supplier list. This is a customer-specific requirement (CSR) that applies regardless of your IATF 16949 certification status — it’s a Stellantis contractual requirement, not just an IATF clause.

The practical implication: if you’re a Stellantis Tier 1 or Tier 2 supplier and your LPA program is monthly, you’re not meeting the CSR. Monthly isn’t wrong for IATF 16949 §9.2.2.2 for the Supervisor tier, but it’s insufficient for the Stellantis CSR requirement.

What an auditor actually checks in an LPA surveillance audit

When an IATF CB auditor reviews your LPA program in a surveillance audit, they typically:

  1. Review the schedule: Is there a defined cadence per tier? Are audits actually happening on schedule, or are there gaps?

  2. Review audit records: Are findings recorded with finding type (Compliant / Observation / NonCompliant)? Is there documented evidence of completion?

  3. Trace findings to CAPA: For NonCompliant findings, is there a linked CAPA? Is the CAPA in a closed or verified-effective state? A finding with no linked CAPA, or a linked CAPA that’s been open for 18 months, is a finding against your CAPA process as well.

  4. Check auditor competency: Are the auditors conducting each tier trained and documented? §7.2 requires documented competency for auditors.

  5. Verify management engagement: Are the right management levels actually conducting audits? A Plant Manager tier that’s always delegated to a supervisor fails the layering concept.

What a well-designed LPA system proves in 10 minutes

For an audit session, you should be able to pull up a dashboard and show:

  • Completed audits by tier, last 90 days — every scheduled audit completed, or exceptions documented
  • Finding summary — count of Compliant / Observation / NonCompliant by tier and site
  • CAPA linkage — every NonCompliant finding has a linked CAPA; CAPA status visible
  • Overdue summary — any findings past SLA highlighted (Major: 30-day default, Minor: 90-day default)
  • Auditor records — who completed each audit, with their electronic signature

If you’re pulling this from a spreadsheet at audit time, you’re spending 2 hours reconstructing records that should be a 2-minute report. The auditor notices.

The most common LPA program failures

Gap-filling before the audit: Some teams complete missed audits retroactively in the week before a surveillance visit. Auditors look at completion timestamps — a spike of completions in the 5 days before an audit date is a pattern they know.

Findings without CAPA links: Logging an observation and marking it resolved with no corrective action is fine for Observation-class findings. For NonCompliant findings, it’s a CAPA process finding waiting to happen.

Checklist drift: A checklist that hasn’t been updated in 2 years doesn’t reflect the current process. If your process changed after an engineering change order and the LPA checklist didn’t update, you’re auditing the old process.

Tier collapse: If the Supervisor tier and Manager tier use the same checklist at the same frequency, you don’t have a layered program — you have one program with two labels.

See Qontiv’s LPA module for how the four-tier cadence, electronic sign-off, and closed-loop CAPA linkage work in practice. For the full automotive quality module set, see the automotive overview. If you want to see how an LPA dashboard looks in an audit walk-through context, request a demo.

← Back to blog Request a demo