01244 851 913

What is an Audit ?

An audit is an evidence gathering process. Audit evidence is used to evaluate how well audit criteria  is being met. Audits must be objective, impartial, and independent, and the audit process must be both systematic and documented.

There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and third party audits are external audits.

Organizations use first party audits to audit themselves. Firsta party audits are used to confirm or improve the effectiveness of management systems. They're also used to declare that an organization complies with an ISO standard (this is called a self-declaration). Of course, such a declaration is credible only if first party auditors are genuinely independent and free of bias. If you decide to use first party auditors to make a self-declaration of compliance, make sure that they aren't auditing their own work.

 

Second party auditsare external audits. They’re usually done by customers or by others on their behalf. However, they can also be done by regulators or any other external party that has a formal interest in an organization.

Third party audits are external audits as well. However, they’re performed by independent organizations such as certification bodies or regulators.

ISO 19011 2011also distinguishes between combined audits and joint audits. When two or more management systems of different disciplines are audited together at the same time, it's called a combined audit; and when two or more auditing organizations cooperate to audit a single auditee organization it's called a joint audit.

ISO 19011 2011 should be used by those who carry out first and second party audits. ISO/IEC 17021 2011 should be used by those who carry out third party audits.

TermsOf Reference

Prior to any audit taking place, a Terms Of Reference (ToR) will be prepared. The ToR, will clearly define the scope of the audit, the expected duration, who is required, the names of the auditors and the objectives. Other criterua may also be included within the TpR. The TpR is typically issued 14 days ahead of the audit, to ensure that the persons, or orgination being audited have sufficient time to plan and make people available

Auditee

An auditee is an organization (or part of an organization) that is being audited. Organizations can include companies, corporations,enterprises, firms, charities, associations, and institutions.Organizations can be either incorporated or unincorporated and can be privately or publicly owned.

Auditor

An auditor is a person who carries out audits. Auditors collect evidencein order to evaluate how well audit criteriaare being met. They must be objective, impartial, independent, and competent.

ISO 19011 distinguishes between internal and external auditors. Internal auditors perform first party audits while external auditors perform second and third party audits.

Audit client

An audit client is any person or organization that requests an audit. Internal audit clients can be either the auditee or audit program manager whereas external audit clients can include regulators or customers or any other parties that have a legal or contractual right or obligation to carry out an audit.

Audit conclusions

Audit conclusions are drawn by the audit team after the audit has been completed and after audit findings and audit objectives have been considered. Audit findings result from a process that evaluates audit evidence and compares it against audit criteria.

Audit criteria

Audit criteria include policies, procedures, and requirements. Audit evidence is used to determine how well audit criteria are being met. Audit evidence is used to determine how well policies are being implemented, how well procedures are being applied, and how well requirements are being followed.

When requirements are used as audit criteria, auditors often use the terms conformity and nonconformity to indicate whether or not requirements are being met. However, when legal requirements are used as audit criteria, auditors tend to use the terms compliance and noncompliance (instead of conformity and nonconformity).

Audit evidence

Audit evidence includes records, factual statements, and other verifiable information that is related to the audit criteria being used. Audit criteria include policies, procedures, and requirements.

Audit evidencecan be either qualitative or quantitative. Objective evidence is information that shows or proves that something exists or is true.

Audit findings

Audit findings result from a process that evaluates audit evidence and compares it against audit criteria. Audit findings can show that audit criteria are being met (conformity) or that they are not being met (nonconformity). They can also identify best practices or improvement opportunities.

Audit evidence includes records, factual statements, and other verifiable information that is related to the audit criteria being used. Audit criteria include policies, procedures, and requirements.

Audit plan

An audit plan specifies how you intend to conduct a particular audit. It describes the activities you intend to carry out in order to achieve your audit objectives.

An audit is an evidence gathering process. Audit evidence is used to evaluate how well audit criteria are being met.

Audit program

An audit program (or programme) is a set of arrangements that are intended to achieve a specific audit purpose within a specific time frame. It includes all of the activities and resources needed to plan, organize, and conduct one or more audits.

ISO 19011 expects organizations to appoint audit program managers. They are responsible for setting objectives, assigning responsibilities, allocating resources, and monitoring performance.

Audit scope

The scope of an audit is a statement that specifies the focus, extent, and boundary of a particular audit. The scope canbe specified by defining the physical location of the audit, the organizational units that will be examined, the processes and activities that will be included, and the time period that will be covered.

Audit team

An audit team is made up of one or more auditors, one of whom is appointed to be the audit leader. The audit team may also include audit trainees.

When necessary,audit teams are also supported by guides and technical experts. Guides and technical experts assist auditors but do not themselves act as auditors.

Competence

Competence means being able to apply knowledge and skill to achieve intended results. Being competent means having the knowledge and skill that you need and knowing how to apply it. Being competent means that you know how to do your job.

Conformity

Conformity is the "fulfillment of a requirement". To conform means to meet or comply with requirements. There are many types of requirements. There are management system requirements, customer requirements, contractual requirements, regulatory requirements, statutory requirements and so on.

Guide

Guides are appointed by auditee organizations to help auditors. However, they may not influence or interfere with the conduct of an audit. Guides are expected to identify potential interviewees, to confirm interview schedules, to arrange accessto auditee locations, and to make sure that auditors and observers are familiar with all relevant safety and security procedures. They may also be asked to help auditors collect information and provide clarification.

Management system

A management system is a set of interrelated or interacting elements that organizations use to establish and implement policies and set and achieve objectives.

There are many types of management systems. Some of these include quality management systems, environmental management systems, emergency management systems, food safety management systems, occupational health and safety management systems, information security management systems, and business continuity management systems.

Nonconformity

Nonconformity is the "non-fulfillment of a requirement". It is a failure to comply with requirements. A requirement is a need, expectation, or obligation. It can be stated or implied by an organization, its customers, or other interested parties.

Observer

Observers accompany auditors and witness audit activities. However, they're not audit team members and therefore do not perform audit functions. They may not influence or interfere with the audit. Observers can represent auditee organizations, regulators, or any other interested party.

Risk

According to ISO Guide 73, risk is the “effect of uncertainty on objectives” and an effect is a positive or negative deviation from what is expected. So, risk is the chance that there will be a positive or negative deviation from the objective you hope to achieve.

Technical expert

Technical experts support audit teams by providing specific expertise or knowledge about the organization, process, or activity being audited or about the auditee's language or culture. They do not act as auditors.

 

chesterchamber.png
           01244 851 913