This is the fourth instalment and final instalment in the ISO 19011 audit series which looks at activities required to successfully prepare for an integrated management audit. In this post we will look at post-audit activities and elaborate on the graph below:
Once audit findings and a report have been finalised, it is then time to turn your attention to the post-audit activities.
The audit report should potentially include the following:
- Objectives
- What was audited, including the organization/area and scope
- Details of the audit client
- Audit team details
- Dates and locations of the audit investigation
- Audit criteria
- Audit findings (which may be summarized in the body of the report if they are reported separately elsewhere)
- Conclusions
- Audit plan
- People contacted within the auditee organization
- Audit process
- Problems encountered that may have an impact on the reliability of the results
- Achievement of the audit objectives
- Areas within the scope but not covered
- Improvement recommendations
- Follow-up plans and arrangements
- A confidentiality statement
- Distribution list for the audit report
The auditor’s report will outline the follow up actions required to resolve any issues with the integrated management system and the auditor should ensure that remedial action is taken. The report can vary depending on the audit objectives, but will indicate the need for corrections or for corrective, preventive or improvement actions. These actions are usually decided and undertaken by the auditee within an agreed timeframe. Also, the auditee should keep the person managing the audit programme and the audit team informed of the status of the actions.
Possible Corrective/Preventive or Improvement Actions
For each non-compliance, there should be:
- A description of the non-compliance or observation
- Assigned risk rating of the non-compliance
- Timeframe for completion of actions for each non-compliance identified
ISO 19011:2011 also allows for the evaluation of individuals involved in the auditing process:
- Auditors should have the necessary skills and knowledge to conduct the audits in a satisfactory manner and achieve expected results. They should be knowledgeable on audit principles, procedures and methods
- Auditors should be able to comprehend the audit scope and apply audit criteria
- The auditor should be able aware of and be able to work within an organisations legal and contractual requirements
- Auditors should have achieved competency through formal education, training programmes, relevant technical experience and audit experience
Links to previous blogs in the series are available here:
Preparing for an Integrated Management Systems Audit: ISO 19011:2011
Pre-audit activities using ISO 19011:2011
Audit activities using ISO 19011:2011
Sources:
ISO 19011:2011 Full Standard: http://www.cnis.gov.cn/wzgg/201202/P020120229378899282521.pdf
ISO 19011:2011 Overview: http://www.iso.org/iso/catalogue_detail?csnumber=50675
Follow up: http://www.lbma.org.uk/assets/ISAE%20Corrective%20Action%20Plan.pdf