Management system audit requirements may include reference to documents such as policies, objectives, processes, procedures, instructions, quality plans, which can when combined with an audit scope statement, deliver internal audits which can be either wide-ranging or focused on any aspect of the organization or part thereof and which has the potential to address risk performance.

ISO 19011 considers that there is a risk associated with delivering an audit program that addresses all the requirements of the various standards or the management system is covered within a year.

Why does this method of scheduling create a risk?

Essentially audit programs that are fitted into an annual 12-month calendar program rarely consider risk.

Since there are very few pre-audit considerations related to risk elements during the planning phase of the audits or to put it in context to consider the “effect of uncertainty on audit objectives”.

During the delivery of the internal audit, any non-conformances (whilst rectified following the finding) are typically factored into future audits which lean towards a consideration of risk but into the future.

What’s in an Audit?

Every performed audit during the planning phase should reference a defined scope. The scope typically provides direction related to the criteria as a reference point as well as a focus for the auditor.

The audit scope may consider the whole management system or an individual process within the Management System.

Driving Audit Value

To enable the use of internal audits as an effective tool, the scope should be adjusted to consider the parts of the management system that have been associated with an identified risk.

Experience shows that actual processes are typically lower in risk exposure when compared with the interface between organizations and their processes that present the highest risk.

Audits are in basic terms, a gap analysis or a comparison of the degree of conformity to a specified requirement.

The requirement against which the audit is conducted may be modified to better suit the risk profile identified.

Typical Criteria may be used to identify risk for example related to:

1. Regulatory Requirements
2. Customer or Client Requirements
3. Service Level Agreements

Audit Planning Tools

Performing an audit can be a complex task and several planning tools are available to auditors.

Checklists - The use of checklists may sometimes be found to miss the point of the audit by not going deep enough – however when used as an aide memoir the checklist often serves a valuable purpose.

The final comment related to checklists is that effective audits must go deeper into a management system than simply asking “check box” questions.

Have questions about our programs, need more information, or want to learn about our exclusive special offers? We’re here to help! Reach out to us at team@sassofia.com, and one of our friendly experts will get back to you promptly. Let us guide you in finding the perfect training solution tailored to your needs!