As the definition suggests, auditing is defined as the on-site verification activity, such as inspection or examination, of a process or quality system, to ensure compliance to requirements. There are seven steps that will help you understand the requirement in an easier way and focus on what needs to be verified.
An audit can apply to an entire organization or might be specific to a function, process, or production step. Some audits have special administrative purposes, such as auditing documents, risk, or performance, or following up on completed corrective actions. That’s why it is so important to understand the audit requirements. Here are seven steps to help you read and understand any audit requirement:
1) Read the standard carefully and slowly
The first step is to read the clause of the standard carefully and slowly, and try to understand it. Normally the clauses are lengthy and you may be distracted whilst you read them. Divide it into a smaller portion. Read it sentence by sentence and repeat it for yourself.
2) Write down the title of the clause and read it one more time
The clause is written to explain a condition about the title. It is all about the requirements relevant to the title. If you get lost in the middle of reading, go back and read the title one more time.
3) Extract the facts of the clause title
The requirements have been written to express a condition that must be met by the organization. These conditions are in the context of the clause title. It is all about that specific title. Read it carefully focus on the facts of the clause title.
4) Highlight the verbs
Looking for the below verbal forms. In ISO 9001:2015, ISO 14001:2015 or ISO 45001:2018 Standards, the following verbal forms are used:
— “shall” indicates a requirement;
— “should” indicates a recommendation;
— “may” indicates permission;
— “can” indicates a possibility or a capability.
Information marked as “NOTE” is intended to assist the understanding or use of the document.
These four verbs are giving auditors an indicator of severity. For example, where you see "shall", then there must be a piece of evidence available to support the implementation, whereas for the other verbs, a piece of evidence is "nice to have".
5) Rewrite the requirements in a simple language or write a checklist
Writing helps you reflect on the topic as well as helping you remember better. When writing, it allows us to take a bird's-eye view. You can take a step back and revisit thoughts by re-reading what you wrote. Divide it into a smaller portion, write the requirements in a simpler language for yourself.
6) Prepare your questions accordingly
You have done a great job so far. Turn lengthy complicated requirements into a smaller portion. It is now time to turn these smaller portions into questions.
Asking the right question from the right person during the audit is an important factor in helping you to understand the processes and gather objective evidence.
Always start the conversation by asking for a bit of background. Clarify your questions if needed and acknowledge that you have understood their response to your questions.
7) Look for the objective evidence
Start asking the questions you have prepared earlier. Look for objective evidence to demonstrate the compliance of the organization. Note taking is an important factor in an audit. Keeping precise notes enables you to remember what you have seen and what still needs to be asked.
You may be concerned that taking notes could give the auditees a wrong impression and they may think that you have found faults. It is a very good idea to let them know the purpose of the notes. Try not to hide your notes from the auditee. Explain that it is part of the process. Note both positive elements and findings/gaps, as you need both to prepare a detailed and accurate audit report.
Now you have learned the 7 steps that help you understand the requirements in an easier way so you can focus on what needs to be verified.
This blog is part of our free 10-week audit and compliance course. During those 10 weeks, we will be covering topics such as Audit & Compliance and its Definitions, Importance of Compliance, Criteria and Scope, Evaluation of Compliancy, and Report Contents.
LMS TRG is an Exemplar Global Recognised Training Provider for courses in Management Systems Auditing. We come together from various specialist backgrounds to produce unique online learning experiences. Our team is composed of auditors, management systems consultants and providers, with over fifteen years of experience in delivering high-level quality training. We were founded with the policy of being pioneers in fully online and smart training solutions. To learn more click here.
Our email content is full of value, void of hype, tailored to your interests whenever possible, never pushy, and always free.