CARA - Common Audit Report Application

IATF has developed an audit documentation tool under the name"CARA - Common Audit Report Application". The main purpose is to harmonize audit documentation, which was previously handled individually by certification bodies. In the future, audit documents will be created, edited, stored and used in a standardized way. In the future, all IATF auditors worldwide will document audit results on a common platform, regardless of which certification body they work for.

CARA is an IATF browser-based application that does not require any additional software to be installed in your organization. The application is also not connected to a server or cloud. All audit data created and imported is stored only in the internal database of each user's browser, which can be accessed offline (without an Internet connection). This, in turn, requires the user to work only with this one browser, because no access is possible from other browsers.

The use of the tool is mandatory for all IATF audit procedures as of January 1, 2021, even if you are already in the middle of an audit cycle. To help you better understand CARA, we have compiled the most important questions & answers for you.

If you have any further questions, our customer service team will be happy to assist you.

Questions and answers about IATF CARA

What is the goal of CARA?

The harmonization of the audit documentation, which was previously handled individually by the certification companies. In the future, all audit documents will be created, edited, saved and used in a standardized manner.

How do I contact CARA?

As the customer involved in the certification process, you can reach the areas that are relevant to you within CARA via the following link: nccara.iatfglobaloversight.org.

Does CARA require additional software to be installed within the organization?

No, CARA is a browser-based application that only requires internet access, but no additional software. The application is also not connected to a server or a cloud. All created and imported audit data is stored exclusively in the internal database of the browser of the respective user, which can also be accessed offline (without an internet connection). This ensures that no further data is transmitted to databases outside of the local application

Which browsers are supported?

  • Edge, Chrome, Firefox and Opera - these four browsers are fully supported in their respective current versions.
  • Internet Explorer version 11 and above is supported, but should not be used.

Which browsers are not supported?

  • Safari - this Apple browser is not supported. It works according to its own standards, PDF files cannot be generated and reports cannot be printed.
  • Apple iOS devices cannot create files within the browser, so no data backup is possible. Its use is not recommended or officially supported.

What effects does the transition to CARA have for our organization?

  1. Audit Planning

For the past four years you have used the DQS Audit Manager for the audit planning process. As soon as the transition to CARA has been completed, however, this will no longer be possible. Instead, DQS will introduce Excel-based templates in order to use them to carry out the documented audit planning process on a transitional basis. As soon as your audit is planned and confirmed, the responsible CS staff or auditor will send you these templates to fill out. The documents / documents you then send back form the basis for developing and completing the audit plan for the upcoming audit.

  1. Audit documentation

From January 1, 2021, all audit reports and the downstream documentation of any nonconformities will be created in CARA. This means that nonconformity management and the exchange of the necessary information between you and your auditor also take place directly via CARA.


In the past you have also used the DQS Audit Manager to be able to react to the nonconformities identified in an audit. With the transition to CARA, there will also be a change in the sense of standardization. Because CARA has a web-based template with which you have to react to open nonconformities in a standardized way worldwide. The mandatory use of CARA for nonconformity management is already noted in SI 13 of the IATF certification rules.


The web form uses the same technology as CARA, so you do not need to install any additional software and access is not restricted in any way. Using the web form ensures that the data structure is preserved and your responses are recorded in a consistent format. For you, this changes the appearance of the audit report and the action plan for tracking measures (action plan).

How is a remote audit identified in CARA?

In CARA, in the subsection “Audit data” it is now explicitly asked whether the IATF audit is a remote audit or not – the company must fill in the corresponding field (yes / no).


In addition, CARA has created a category for partially remote audits. CARA gives the following information: If the audit was partially conducted remotely, please name the auditors who conducted it on remote and indicate in the area “Processes” in the “Process audit details” section under “Audit information” which processes were performed remotely. Mandatory field if
applicable.

How exactly does the nonconformity (NC) management work in CARA?

Your input is exchanged via CARA's NC Forms application. The communication process between you and your auditor is as follows and can be repeated as often as necessary:

  1. Your entries will be exchanged via the CARA NC form application. The communication process between you and your auditor
    is as follows and can be repeated as often as necessary:
    1. Your auditor completes all the data required for the certification process in the CARA application and then creates the
    audit report.
    2. At the same time, the NC report is created if nonconformities are found.
    3. The auditor usually sends you this NC report by e-mail by exporting and sending a JSON file* including the link to CARA
    (https://nc-cara.iatfglobaloversight.org/). The transmission takes place outside of CARA. Note: The saved file can only be
    read within the CARA system, i.e. it must be re-imported into the application beforehand by the editor.
    4. For you this means, after receiving the NC report (JSON file), open „NC CARA“ and import it back into CARA by clicking
    on „Load report“.
    5. Now you can edit the nonconformities as usual – the report is available for entries within your organization.
    Individual NCs from the report can be exported and passed on to the responsible departments.
    6. After you have finished editing the NC report will be saved to your download folder by clicking “Save NCs for auditor”.
    7. The NC report is exported again and sent back to your auditor (again as a JSON file by e-mail). For security reasons,
    additionally attached files must be in the PDF or JPG format and must not exceed 10 MB each.
    8. Upon receipt of the NC report, the auditor imports it back into CARA by clicking on “Load customer NC management”.
    This version of the NC report automatically replaces the one available there.
    9. If further processing of the feedback is necessary, this is done again according to steps 1 to 8.
    * The abbreviation JSON stands for JavaScript Object Notation (file extension .json). It is a pure text file that is used to exchange data between applications.

How do I receive my audit report?

The final audit report will be sent to you as before. There will be no changes for you even after the introduction of CARA..

Where can I get support from DQS?

Please note that the CARA application is programmed exclusively by IATF. However, our CS team can support you in case of technical difficulties, to the extent possible.

Where can I find further information?

For more information on the new audit documentation tool CARA, please visit the official CARA Wiki page of the IATF and the official CARA manual. Current FQA and useful video tutorials for users are also available there.