Audit Types

An audit is a “systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.”

Different types of audits are described below:

Combined Audit

A combined audit is when two or more management systems of different disciplines, for example, quality, environment, and safety, are audited together.

Compliance Audits

A compliance audit verifies compliance to legal requirements (statutes and regulations). The audit confirms the organization has a process for identifying applicable legal requirements and a process to ensure the organization is in compliance.

Desktop Audit

A desktop audit reviews the documents within the audit scope. It is referred to as a “desktop” audit because it can be performed remotely at the auditor’s desk. The documents are reviewed to ensure they are complete, correct, consistent, and current. The information gained is used to plan for the on-site audit. The desktop audit also gives an indication of the effectiveness of the auditee’s document control system.

External Audit

An external audit is an audit conducted by an organization that is independent of the audited organization, for example, a certification body (registrar) or regulatory body.

First Party Audit

A first party audit is an internal audit conducted by an organization on its own management system. The internal auditors must be independent of the audited areas. Internal audits are required by management system standards.

Financial Audit

A financial audit is the verification of the financial statements of a company. The audit provides assurance that the financial reports are presented fairly and give a true view in accordance with the financial reporting framework. Financial audits are typically performed by firms of practicing accountants. Many organizations employ internal auditors to focus mainly on internal financial controls, not financial reports.

Gap Analysis

A gap analysis is performed to compare a current management system to the one necessary to achieve certification to a management system standard. Any missing documents, practices, and records are identified for the purpose of creating an implementation plan to achieve certification.

Integrated Audit

An integrated audit is when an organization has integrated the requirements of two or more management systems standards into a single management system and is audited against more than one standard.

Internal Audit

An internal audit is a first party audit conducted by an organization on its own management system. The internal auditors must be independent of the audited areas. Internal audits are required by management system standards. For financial internal audits, see Financial Audit.

Joint Audit

A joint audit is when two or more auditing organizations cooperate to jointly audit a single auditee.

On-site Audit
An on-site audit is when the audit activities are performed at the location of the auditee.

Outsourced Audit

An outsourced audit is when an organization chooses to have an audit performed by an external party, for example, having a consultant carry out the internal audit. Outsourced audits could also be having supplier audits performed by an external party.

Pre-Assessment Audit

A pre-assessment audit is an optional audit conducted on an implemented management system for the purpose of identifying any nonconformities that need to be corrected before the certification audits. With the introduction of the required stage 1 certification audit, the need for pre-assessment audits has been reduced. If desired, the typical one day stage 1 audit can be expanded to multiple days to be more like an in-depth pre-assessment before the stage 2 certification audit.

Process Audit

A process is a set of activities that transform inputs into outputs by the application of resources. A process is performed by following applicable procedures and ensuring that quality objectives are met. A process audit is an audit of a selected process within the management system to assess its inputs, methods, resources, deliverables, and measures against the applicable requirements.

Product Audit
A product audit is an independent inspection or test of the product to ensure specifications are met and that the system produced the desired result. It could also be viewed as a process audit that is limited to those processes for planning, producing, or supporting a specific product.

Recertification Audit

A recertification audit is an on-site audit that confirms the continued conformity, effectiveness, and improvement of the management system, as well as, its continued relevance and applicability to the scope of certification. The recertification audit considers the performance of the management system over the three year period of certification and includes a review of previous surveillance audit reports. The duration of a recertification audit is about two-thirds the days of the initial certification audit. If nonconformities are found during a recertification audit, the certification body will define time limits for correction and corrective actions to be implemented prior to the expiration of certification.

Remote Audit
A remote audit is when the audit activities are performed at any place other than the location of the auditee.

Second Party Audit

A second party audit is an external audit performed by an organization on its suppliers. Supplier audits are an optional way of evaluating and re-evaluating suppliers.

Special Audit

A special audit may be undertaken by a certification body to assess the extension to the scope of a current certification. This type of special audit may be conducted in conjunction with a surveillance audit. A special audit may also be necessary on short notice to investigate complaints, assess major changes, or to follow up on suspended clients.

Stage 1 Audit

The initial certification audit of a management system is conducted in two stages. The stage 1 audit is usually performed on-site to review the client’s management system documentation, confirm the scope, determine the implementation status, and plan for the stage 2 audit.

Stage 2 Audit

The initial certification audit of a management system is conducted in two stages. The stage 2 audit is an on-site certification audit that evaluates the implementation and effectiveness of the client’s management system.

Supplier Audit

A supplier audit is a second-party audit of a potential supplier for the purpose of evaluating their management system and product to determine if they will be approved as a new supplier. It can also be an audit of an existing supplier to evaluate the continued conformity of their management system and its improvement to determine if they will be retained as an approved supplier.

Surveillance Audit
Surveillance audits ensure the management system remains conforming and effective between recertification audits. Surveillance audits take place in the first and second year after a certification or recertification audit. Its duration is usually about a third of the combined time for the stage 1 and stage certification audits, and about half of the time allocated for recertification audits.

System Audit

A system audit is an audit of all the processes within the scope of the system. It is usually a single audit that covers the entire system. A series of process audits over time can cover the system, but would be viewed as process audits since the system is not fully addressed in a single audit.

Third Party Audit
A third party audit is an external audit carried out by an auditing group independent of the organization, most often for the purpose of certifying the organization’s management system.

Transfer Audit
A transfer audit is performed by an “accepting” certification body on a management system that was certified by an “issuing” certification body. An acceptable transfer audit recognizes an existing and valid certification (granted by a certification body) by another certification body for the purpose of issuing its own certification.