Step 10 – Audit Program
An ISO audit is carried out to ensure that the existing Management System (MS) complies with the ISO standard of your choice. The audit helps organizations identify and address issues and discover potential improvements with their MS software to ensure that best practice processes are in place. An ISO audit is conducted by referring to an audit program that outlines the standard's clauses through periodic reviews.
The ISO requirements for the audit program is that you plan, establish, implement, and maintain an audit program, meaning that you need to have an ongoing program in effect.
The guidance includes what audit you need to conduct based on the ISO standard of choice, including timeframes, responsibilities, and results.
Why you need to implement an internal Audit Program for your Management System (MS)
9.2.2 The organization shall:
Plan, establish, implement and maintain an audit programme(s) including the frequency, methods, responsibilities, planning requirements and reporting, which shall consider the importance of the processes concerned, changes affecting the organization, and the results of previous audits.
How the ISOvA software does 80% of the work for you
The three videos below show how the ISOvA software makes your life easier by handling 80% of the work involved in determining the internal audit program for your ISO Management System.
ISO 9001
ISO 14001
ISO 27001
The headings below match the columns provided in your IMS Toolbox:
Program Year
It is essential to allocate the year in this column as this will communicate the periodic review year. Also, this will be used for traceability purposes when looking back at the year you have completed a certification audit situation.
Title
These will be in the template issued to you and will be used for the headers for each internal audit you conduct. Correlation between the audit program and the internal audits are paramount when a review of your system is undertaken.
Audit
These are the sub-headings for each section of your audit you must cover and sample from your management system.
Clauses
From the sub-headers (stated above), this section represents clauses of the standard that have been covered in this audit. It also communicates to your organisation and the certification auditor that all standard clauses have been periodically reviewed.
Planned Date
The date that you have planned to conduct your audit (your intent).
Auditee
Select the person in your organisation that you will need to assist you in the audit (typically by department). The selection list comes from Step 1, Roles & Responsibilities.
Auditor
The person that is to conduct the audit whether internal or external consultants.
Completed
When the audit was completed, add the date.
Findings
If any issues are raised in the audit, they will be recorded in the corrective action log located in Toolbox. Once this has been logged, you will allocate the corrective action in the findings drop-down selection.
Compliance Type
There are many different standards that the Toolbox can support. If you have an integrated management system (more than one standard), this will differentiate the audit from the standard.
Risk
This column communicates if there are potential issues found within the audit. By issuing the risk, status allows you from a top level to understand where the problems are regarding your management system. Audits that have been categorised as high risk should be audited again that year.
Next Step…
Having determined roles, responsibilities, and authorities for your ISO MS, you can now move to the next step:
Step Implementation Guides:
1: Roles & Responsibilities
2: Aims and objectives
3: Controls
4: SWOT Analysis
5: Interested Parties
6: Legal Register
7: Processes & Procedures
8: Key Performance Indicators
9: Risks & Opportunities
10: Audit Programme
If you would like a demo of the ISOvA (Risk Compliance Software and) Integrated Management System (IMS) software fill out our form below:
