What are the “New” Audit Activities?

If you are an auditor, chances are your auditing course was based on ISO 10011, Guidelines for Auditing Quality Systems. You were probably taught that an audit consists of five phases: Initiation, Preparation, Execution, Reporting, and Follow-Up. That terminology has changed somewhat with the replacement of ISO 10011 by ISO 19011, Guidelines for Quality and/or Environmental Management System Auditing.

Audit phases are now called audit activities. Also, the “documentation review” activity has been separated from the old Initiation phase. As for Completion, it was already there in ISO 10011, but only consisted of a single sentence stating “the audit is completed upon submission of the audit report to the client.” As a result, most auditing courses included it in Reporting, not as a separate phase. However, ISO 19011 lists additional completion tasks and identifies it as one of the major audit activities. Therefore, I now list the audit activities in my courses as:

1. Initiation (define audit objectives)
2. Review (examine the documents)
3. Preparation (plan for onsite activities)
4. Execution (audit the quality system)
5. Reporting (report the audit results)
6. Completion (complete the audit plan)
7. Follow-Up (conduct the follow-up audit, if needed)

In addition, the key tasks for each audit activity are summarized below:

Initiate the Audit

  • Clarify the reason for the requested audit
  • Appoint the audit team leader
  • Define the objectives, scope, and criteria
  • Determine the feasibility of the audit
  • Select the audit team
  • Establish initial contact with the auditee

Review the Documentation

  • Review the documentation before the onsite audit
  • Include all relevant documents and records
  • Determine the conformity to the audit criteria
  • May defer review until the audit (if not detrimental)
  • Could review documentation in a preliminary site visit
  • Report any documentation concerns
  • Decide to continue the audit or suspend it

Prepare for the Audit

  • Prepare the audit plan as the basis for agreement
  • Use the plan to schedule and coordinate the audit
  • Keep it flexible to permit changes during the audit
  • Assign work to the audit team members
  • Prepare audit working documents: checklists, forms
  • Confirm the audit arrangements and logistics

Perform the Audit

  • Conduct the opening meeting
  • Communicate during the audit
  • Establish roles of guides and observers
  • Interview people performing the work
  • Collect and verify sampled information
  • Prepare and agree on audit conclusions
  • Conduct the closing meeting

Report the Audit Results

  • Prepared by the audit team leader
  • Complete, accurate, clear, and concise record
  • Dated, reviewed, and approved per procedure
  • Audit report issued within the agreed timeframe
  • Report distributed to client-designated recipients

Complete the Audit
The audit is considered “complete” when:

  • all activities in the audit plan are carried out
  • the approved audit report has been distributed
  • documents are kept or destroyed per agreement

Note: The audit should not be considered “closed” until the follow-up audit, if needed, is complete.

Conduct the Follow-Up Audit

  • Conclusions may require actions by the auditee
  • Actions are undertaken in the agreed timeframe
  • Such actions are not considered part of the audit
  • Auditee informs the audit client of action status
  • Effectiveness of the corrective action is verified
  • Verification can be part of the subsequent audit

Does your internal audit procedure adequately address these audit activities?