There are several things for you to prepare to become ready for your external audit, from updating policies and procedures to reviewing single details of each process and practices. Knowing your rights and responsibilities will help you understand the auditing process and will assist you in addressing actions if needed. In this blog post, we focus on the things you need to know as an Auditee (a person/organization audited by an Auditor). This blog post is intended to provide general information and should act as a guide only, this may not apply to all circumstances. Below are the most common points you need to be aware of as an Auditee.
You are getting ready for your audit, and the Certification Body (CB) has appointed an auditor for your organization. It is your right to ask for more information from the Certification Body about the selected Auditor. You have the right to say no if you believe that the Auditor won't be a good match for your organization.
The CBs and their allocated Auditor have to be in touch with you in regards to the audit plan. Key information such as audit date, duration, the audit team, etc., should be communicated well prior to the audit. Generally, you should be aware of the audit plan three weeks before the audit. You can ask for a date that suits you and your team. You are not able to cancel your booking a week or ten days before the audit as that may cause financial implications. In force majeure circumstances, the CBs might wave the cancelation fee.
As a host, you should provide an environment that suits the audit. This includes a room with a desk and a chair to sit, a printer if needed and other office equipment. You also have to allocate resources such as a management representative or a guide to assist the Auditor on the day of the audit. You should evaluate your circumstances and contact your Auditor if anything may impact the accessibility of the Auditor to the required resources.
As an auditee, you should be well prepared for your audit. The auditors' scope is to evaluate your compliance against specific criteria. It is not part of their scope to give you consultation on topics such as how you can improve your business or how to fix your issues. These matters are not part of the auditor’s scope; however, the auditors may share good practices observed in some other similar industries if it is not breaching confidentiality.
Audit outcomes normally include some nonconformities. The audit findings are very handy in helping you identify your potential gaps and address risks in your organization; however, not all audit nonconformities may be correct or bring value to your organization. It is your right to discuss your concern with your Auditor about the validity of their nonconformity. The Auditor must provide objective evidence to support their findings.
If you deem that the nonconformity is not a valid finding, you should ask your Auditor to provide the evidence and inform you about the audit criteria he/she used as a basis of the audit nonconformity. It is your right not to accept an invalid audit nonconformity. The Auditor uses audit criteria and evidence to evaluate your compliance. You should cross-check to ensure you are on the same page with your Auditor. Often the evidence is not entirely provided to your Auditor, or the Auditor may have an incorrect interpretation of your evidence. Discuss your concern with your Auditor if you think their audit nonconformity is not correct. Note: Audit nonconformity doesn’t mean that your system is failing. Usually, it is part of any audit process to have some feedback or nonconformities. If you think the audit finding is correct and valid, you should accept and welcome it. The nonconformity that was found by your Auditor is more manageable than the ones found by your clients or regulatory bodies.
The audit is finished and your effort to satisfy your Auditor to remove invalid findings did not come to any resolution. You found that your Auditor was not helpful. The audit findings bring no value, on top of that, it may impact your operation's integrity too. You failed to justify their invalidity and you may find your Auditor was not reasonable. If this happens, you are more than welcome to share your feedback with the Certification Body. Your feedback is an essential factor in enabling Certification Bodies to understand market expectations better and calibrate their auditors.
In many cases, your complaints will be addressed by the Certification Bodies. If not, then you have the choice to escalate your complaint to the body that accredited the Certification Body. You can find their name by looking at the Certification Body website. In Australia, JAS-ANZ is the body responsible to accredit the Certification Bodies. The name of these Accreditation Bodies and can be found by a simple search. There are some other bodies such as NDIS Commission that also can be helpful for the NDIS provider (applicable only in Australia).
Knowing your rights and responsibility is an essential factor to the success of the audit. Make yourself familiar with the audit-specific process and learn about the steps. The more you educate yourself about the audit process, the less stress you will get and the smoother your audit process will be going ahead.
Who We Are
LMS TRG is an Exemplar Global Recognised Training Provider for courses in Management Systems Auditing. We come together from various specialist backgrounds to produce unique online learning experiences. Our team is composed of auditors, management systems consultants and providers, with over fifteen years of experience in delivering high-level quality training. We were founded with the policy of being pioneers in fully online and smart training solutions. To learn more, click here.
Our email content is full of value, void of hype, tailored to your interests whenever possible, never pushy, and always free.