WHAT IS AUDIT, AUDITOR AND MANAGING AN AUDIT?

WHAT IS AUDIT, AUDITOR AND MANAGING AN AUDIT?

During implementation of ISO, QMS, EnMS, EMS and other management systems the terms we encounter most are Audit, Internal Audit, External Audit and Internal/External Auditors. With these terms we can add more as product audit, process audit etc. This article explains all these terms which are useful in day to day life after implementation of the system.

1. Definition of audit as per ISO 19011:2018

“Systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled”.

2. Definition of Auditor

Person who conducts audit

3. Definition of Auditee

A person(s) of the organization or organization itself, who is going through the process of audit by auditor or face the audit.

4. Types of Audit: Process audit, Product Audit, System Audit

a) Process audit:

Process audits are conducted to evaluate the process, where there is some kind of input and result in output against the stipulated procedure, standards and instruction. Also it is important to evaluate the efficiency and effectiveness of the process against planned.

b) Product Audit:

The product audit is carried out for the product or the services. The final product which is ready for dispatch to customer is audited against specification, customer requirement, Technical Delivery Condition to evaluate product confirms the stipulated requirements.

c) System Audit:

System audit means audit conducted for management systems, for evaluation of objected evidence through use of documented procedure, data, and objective of management.

The examples are Management system audit, Energy Management system, Environmental Management system.

5. Types of Audit: First Party Audit, Second Party Audit, Third Party Audit

a) First Party Audit:

The audit is performed by the organization itself to check the effectiveness of the management system .These audits are conducted independently by employees of the organization.

b) Second Party Audit:

The second party audits are conducted by the customer at supplier premises .This audit is conducted against the purchase order terms, contract of supply etc.

c) Third Party Audit:

The third party audit is conducted by the independent body. Such bodies are independent of supplier and customer relations. The third party audit conducts for inspection of material certification.

6. Follow-up audit:

During Process audit, Product Audit, System Audit, there are findings and nonconformity observed by the auditor and the same could not be closed on the spot after completion of audit, where correction and corrective action are required. So, to verify the correction and corrective action on the finding and nonconformity follow-up audit are conducted.

7. Managing an audit:

For managing an audit, there is a standard, ISO 19011:2018 – Guideline for Auditing Management System to follow. The process flow of the audit is based on Plan – Do – Check– Act (PDCA) Cycle.

The clause wise details as below:
  1. Establishing audit programme objective(5.2)
  2. Determining and evaluating audit programme risk and opportunity(5.3)
  3. Establishing audit programme(5.4)
  4. Implementing audit programme(5.5)
  5. Monitoring audit programme(5.6)
  6. Reviewing and improving audit programme(5.7)
  7. Initiating audit(6.2)
  8. Preparing audit activity (6.3)
  9. Conducting audit activities(6.4)
  10. Preparing and distributing audit report(6.5)
  11. Completing audit(6.6)
  12. Conducting audit follow-up (6.7)

It is to be noted that completing audit (6.6) says

“The audit is completed, when all planned audit activities have been carried out, or as otherwise agreed with the audit client”.

Also, lessons learnt from audit can identify risk and opportunity for the audit program and for the auditee and same shall be noted for improvement of quality management system.