Auditee Responsibility

Auditors are trained on their audit responsibilities, but do the managers of the areas to be audited understand their audit responsibilities?

Audit Objectives

The objectives of an audit are to determine conformity to the audit criteria, evaluate the capability to meet customer needs, ensure compliance with legal requirements, and determine the effectiveness of the management system.

In addition, the audit may identify opportunities for improvement, reduce the risk of product and service failures, and increase the awareness of the organization.

As the manager of an area to be assessed, you should understand and agree with the audit objectives so you can clearly communicate the value of the audit to the participants and encourage their cooperation.

Audit Scope

The scope of an audit describes the extent and boundaries of the areas to be assessed. For example, the audit scope defines the physical locations (where); organizational units (who); products, services, projects, and processes (what); and time period for the audit (when).

As the manager of an area to be assessed, you should understand and agree with the audit scope so you can ensure that the key people in your organization will be available and ready for the planned audit.

Audit Criteria

The audit criteria are the applicable requirements used as the basis for the audit. These requirements may include statutes and regulations, policies and procedures, orders and contracts, and management system standards.

The audit evidence, such as, statements, observations, documents, and records, will be compared to the audit criteria to determine if the requirements are being met (conformity), or not (nonconformity).

As the manager of an area to be assessed, you should understand the audit criteria so you can agree with the requirements against which your processes and deliverables will be evaluated.

Audit Plan

The audit plan will identify the specific areas to assessed, on which dates, at what times, and for how long. You should review this agenda to ensure it addresses the agreed to audit objectives and scope. Share any plan suggestions, concerns, or conflicts with the audit team leader.

To help the lead auditor prepare the audit plan, you should identify any significant process, technology, infrastructure, or product changes since the last audit. These system changes can introduce risk and the lead auditor may want to allocate more time to those areas on the audit plan.

You should understand and agree with the audit plan. You need to inform all their employees of the upcoming audit. Although everyone should be ready for an audit without any special preparation, announcing the audit can avoid the stress of what might otherwise appear to be a surprise audit.

Audit Preparation

As the manager of an audited area, you should provide the audit team with access to the relevant documents and records for planning purposes. And, you should expect to receive the audit plan at least two weeks prior to the audit.

You should identify for the audit team the applicable legal and contractual requirements that are relevant to your activities and products. Let the auditors know if they will have to sign any non-disclosure agreements regarding the disclosure and treatment of confidential information.

Advise the audit team about any specific requirements for access, security, and safety. Agree on the participation of any observers and the need for auditor guides.

Audit Participation

The managers of the areas to be assessed should attend the opening and closing meetings, as well as, the end of day briefings for multiple-day audits. Encourage everyone that may be interviewed to cooperate with the auditors and provide honest answers to receive the full benefit of the assessment.

Acknowledge the audit findings. Be sure to verify that the evidence is correct and any nonconformities are understood. If you disagree, inform the auditor. If the different views cannot be resolved, initiate the audit appeals process.

Corrective Actions

The first step is to contain the problem and avoid the release of any affected products or service. Then, make an immediate fix or correction to stop the problem. Remember that audits rely on samples taken during a brief time period, so determine if similar deficiencies exist that were not reported.

The next step is to identify the causes of the nonconformity, then eliminate those causes, so the nonconformity doesn’t repeat itself. This activity to prevent recurrence is called corrective action.

Verify after the corrective action is taken that the solution was effective in stopping the problem. Remember to reflect any process changes in the related documents. Notify the audit program that you are ready for the follow-up audit to verify the effectiveness of your corrective action.