ISO 19011:2018 Clause 5.5.6 Managing audit programme results

ISO 19011:2018 13 Minutes

The individual(s) managing the audit programme should ensure that the following activities are
performed:
a) evaluation of the achievement of the objectives for each audit within the audit programme;
b) review and approval of audit reports regarding the fulfilment of the audit scope and objectives;
c) review of the effectiveness of actions taken to address audit findings;
d) distribution of audit reports to relevant interested parties;
e) determination of the necessity for any follow-up audit.
The individual managing the audit programme should consider, where appropriate:
— communicating audit results and best practices to other areas of the organization, and
— the implications for other processes.

The individual(s) managing the audit programme should ensure that evaluation of the achievement of the objectives for each audit within the audit programme. In ISO audits, evaluating the achievement of objectives for each audit within the audit program is a crucial step to ensure that the organization’s management system is effective and continually improving. Here’s a general guideline on how to perform this evaluation:

  1. Define Clear Objectives: Ensure that each audit within the audit program has well-defined objectives. These objectives should align with the organization’s overall goals and the specific requirements of the ISO standard being audited.
  2. Establish Key Performance Indicators (KPIs): Identify key performance indicators that will help measure the achievement of the audit objectives. KPIs could include factors like compliance rates, process efficiency, corrective action implementation, and other relevant metrics.
  3. Collect Data: Gather relevant data during the audit process. This may involve conducting interviews, reviewing documentation, and observing processes. Ensure that the data collected is objective, accurate, and sufficient to assess the achievement of the audit objectives.
  4. Compare Results with Objectives: Compare the data collected against the established objectives for each audit. Determine whether the organization has met, exceeded, or fallen short of the intended goals. Look for evidence and examples to support your assessment.
  5. Consider Context and Circumstances: Take into account the context and circumstances surrounding the audit. Factors such as changes in regulations, organizational structure, or external influences may impact the achievement of objectives.
  6. Evaluate Effectiveness of Controls: Assess the effectiveness of the controls and processes in place to achieve the audit objectives. Determine whether the controls are robust and whether any corrective actions are necessary to improve performance.
  7. Document Findings: Document your findings in a clear and concise manner. Clearly articulate whether the objectives were achieved and provide supporting evidence. This documentation is essential for communicating results to stakeholders and for future reference.
  8. Provide Recommendations for Improvement: If the audit objectives were not fully achieved, provide recommendations for improvement. These recommendations should be actionable and aimed at addressing any identified shortcomings.
  9. Review and Continuous Improvement: Periodically review the evaluation process itself to ensure its effectiveness. Implement any necessary improvements to the evaluation process as part of the organization’s commitment to continuous improvement.
  10. Feedback Loop: Establish a feedback loop with relevant stakeholders, including top management, to discuss the evaluation results and any recommended improvements. This dialogue is essential for fostering a culture of continual improvement.

Remember that the evaluation process should be systematic, transparent, and well-documented to demonstrate the effectiveness of the audit program and contribute to the overall improvement of the organization’s management system.

The individual(s) managing the audit programme should ensure review and approval of audit reports regarding the fulfilment of the audit scope and objectives. The review and approval of audit reports in the context of ISO audits is a critical step to ensure the accuracy, completeness, and effectiveness of the audit process. Here’s a step-by-step guide on how to review and approve audit reports:

  1. Document Audit Findings: Ensure that all audit findings, including non-conformities, observations, and positive aspects, are thoroughly documented. Clearly link each finding to the relevant audit criteria and objectives.
  2. Verify Adherence to Audit Scope and Objectives: Review the audit report to ensure that it accurately reflects the audit scope and objectives. Confirm that the audit team covered all relevant areas and that the report provides a comprehensive view of the audited processes or systems.
  3. Check for Accuracy and Consistency: Verify the accuracy of the information presented in the report. Cross-check facts, data, and observations to ensure consistency throughout the document. Inconsistencies can undermine the credibility of the audit findings.
  4. Evaluate Conclusions and Recommendations: Assess the conclusions drawn from the audit findings. Determine whether the conclusions align with the evidence collected during the audit. Evaluate the recommendations provided and ensure they are practical, actionable, and aimed at improvement.
  5. Ensure Objectivity and Impartiality: Confirm that the audit report maintains objectivity and impartiality. The report should present a fair and unbiased assessment of the audited processes or systems, free from personal biases or conflicts of interest.
  6. Review Compliance with ISO Standards: Check that the audit report complies with the relevant ISO standards and any additional requirements specified by the organization or accreditation bodies. This includes the format, content, and structure of the report.
  7. Involve Multiple Reviewers: Consider involving multiple reviewers in the process to bring diverse perspectives and ensure a more thorough review. This may include internal auditors, subject matter experts, and individuals who were not directly involved in the audit.
  8. Document Review Findings: Document the findings of the review process. Identify any areas of concern, discrepancies, or suggested improvements. This documentation can be used for discussions during the approval stage and for continuous improvement of the audit process.
  9. Obtain Approval from Relevant Authorities: Once the audit report has been thoroughly reviewed and any necessary revisions have been made, seek approval from relevant authorities. This may include top management, quality assurance teams, or other designated individuals responsible for the oversight of the audit process.
  10. Communicate Results and Implement Corrective Actions: Communicate the results of the review to the audit team and relevant stakeholders. If any corrective actions are identified during the review, ensure they are implemented promptly to enhance the effectiveness of the audit process.
  11. Maintain Documentation: Retain documentation related to the review and approval process. This documentation serves as a record of the audit report’s approval and is valuable for traceability and transparency.

By following these steps, organizations can establish a robust process for the review and approval of audit reports, ensuring that the reports accurately reflect the outcomes of the audit and contribute to the organization’s continual improvement

The individual(s) managing the audit programme should review of the effectiveness of actions taken to address audit findings.

Reviewing the effectiveness of actions taken to address audit findings is a crucial step in the ISO audit process. It ensures that identified issues are properly resolved and that the organization is continually improving its processes. Here’s a guide on how to conduct a review of the effectiveness of actions taken:

  1. Establish Criteria for Effectiveness: Clearly define the criteria for evaluating the effectiveness of actions taken. These criteria should align with the objectives of the audit and the corrective actions specified in response to the findings.
  2. Collect and Review Evidence: Gather evidence related to the actions taken to address audit findings. This may include reviewing documentation, interviewing responsible personnel, and examining relevant records. Ensure that the evidence is objective, verifiable, and directly linked to the corrective actions.
  3. Verify Implementation: Confirm that the corrective actions have been fully implemented as planned. Check whether the identified issues have been addressed in a timely manner and in accordance with the organization’s procedures and requirements.
  4. Evaluate Compliance: Assess whether the actions taken are in compliance with applicable ISO standards, regulatory requirements, and the organization’s internal policies. Verify that the implemented solutions align with the root causes of the identified issues.
  5. Check for Sustainability: Evaluate the sustainability of the corrective actions. Consider whether the implemented solutions are likely to prevent the recurrence of the identified issues in the future. Sustainability is a key aspect of effective corrective action.
  6. Assess Impact on Processes: Analyze the impact of the corrective actions on the relevant processes. Determine whether the changes have led to improvements in efficiency, effectiveness, and overall performance. This assessment may involve key performance indicators (KPIs) related to the audited processes.
  7. Review Documentation: Examine the documentation associated with the corrective actions, including reports, procedures, and any other relevant records. Ensure that the documentation is complete, accurate, and provides a clear trail of the actions taken.
  8. Engage Stakeholders: Seek feedback from relevant stakeholders, including those who were directly affected by the identified issues or who are responsible for implementing the corrective actions. Stakeholder input can provide valuable insights into the effectiveness of the solutions.
  9. Identify Lessons Learned: Identify and document lessons learned from the corrective action process. This information can be used to enhance the organization’s overall approach to addressing issues and to inform future audits.
  10. Document Review Findings: Document the findings of the review process, including observations on the effectiveness of the actions taken. This documentation is essential for reporting and continuous improvement.
  11. Provide Feedback: Provide feedback to the individuals or teams responsible for implementing the corrective actions. Recognition of successful efforts and constructive feedback on areas for improvement can contribute to a culture of continual improvement.
  12. Update the Audit Report:If the review indicates that the corrective actions have been effective, update the audit report accordingly. Clearly communicate the status of the identified issues and the actions taken in subsequent audit reports.

By following these steps, organizations can conduct a thorough and systematic review of the effectiveness of actions taken to address audit findings, contributing to the overall success of the ISO audit process and the organization’s commitment to continuous improvement.

The individual(s) managing the audit programme should ensure distribution of audit reports to relevant interested parties. Ensuring the distribution of audit reports to relevant interested parties is crucial for transparency, accountability, and facilitating continuous improvement within an organization. Here are steps to ensure effective distribution of audit reports in ISO audits:

  1. Identify Relevant Interested Parties: Identify and compile a list of relevant interested parties who should receive the audit reports. This may include top management, process owners, quality managers, regulatory bodies, and other stakeholders with a vested interest in the audit outcomes.
  2. Understand Communication Requirements: Understand the specific communication requirements of each interested party. Some parties may need a comprehensive report, while others may require a summary or specific details related to their areas of responsibility.
  3. Define Distribution Procedures: Establish clear procedures for the distribution of audit reports. Define who is responsible for the distribution, the format of the reports, and the frequency of distribution. This information can be documented in the organization’s quality management system (QMS) or relevant procedures.
  4. Secure Approval for Distribution: Ensure that the audit report has undergone the necessary reviews and approvals before distribution. This may involve obtaining approval from top management or other designated authorities to ensure the accuracy and reliability of the information.
  5. Use Secure and Traceable Communication Channels: Utilize secure and traceable communication channels to distribute audit reports. This may include email, secure file-sharing platforms, or a dedicated portal within the organization’s intranet. Ensure that the chosen channels comply with data protection and confidentiality requirements.
  6. Personalize Distribution Lists: Tailor distribution lists to the specific needs of each interested party. This ensures that individuals receive information relevant to their roles and responsibilities, avoiding unnecessary information overload.
  7. Include Covering Messages:Accompany the audit reports with covering messages that highlight key findings, recommendations, and any actions that need to be taken. Clearly communicate the significance of the report to enhance understanding.
  8. Establish a Tracking System: Implement a tracking system to monitor the distribution of audit reports. This ensures that reports are sent to the correct recipients and provides a record of who has received and acknowledged the information.
  9. Provide Access to a Centralized Repository:Consider maintaining a centralized repository for audit reports that interested parties can access at any time. This promotes transparency and accessibility, especially for those who may need historical audit information.
  10. Schedule Follow-Up Communication:Schedule follow-up communication sessions or meetings with relevant parties to discuss the audit findings, address any questions, and clarify action plans. This interactive approach enhances the understanding and acceptance of audit outcomes.
  11. Seek Feedback on the Reporting Process:Encourage feedback from interested parties regarding the reporting process. This feedback can be valuable for continuous improvement in the way audit reports are prepared, distributed, and communicated.
  12. Document Distribution Records:Maintain records of the distribution of audit reports, including the date of distribution, recipients, and any acknowledgments. This documentation is essential for audit trail purposes and to demonstrate compliance with communication requirements.

By implementing these steps, organizations can establish a robust system for the distribution of audit reports to relevant interested parties, fostering transparency and supporting the effectiveness of the ISO audit process.

The individual(s) managing the audit programme should ensure determination of the necessity for any follow-up audit. Determining the necessity for a follow-up audit in ISO audits is crucial to ensure that corrective actions taken in response to identified non-conformities are effective and that the organization’s management system is continually improving. Here’s a guide on how to assess the need for a follow-up audit:

  1. Define Criteria for Follow-Up: Establish clear criteria for when a follow-up audit is deemed necessary. This could include factors such as the severity of the non-conformity, the complexity of the corrective actions, and the potential impact on the organization’s processes.
  2. Consider the Significance of Non-Conformities: Assess the significance and impact of the identified non-conformities. High-risk or critical non-conformities may warrant a follow-up audit to ensure that the corrective actions have effectively addressed the root causes.
  3. Review Corrective Action Plans: Evaluate the corrective action plans submitted by the audited entity. Assess the completeness, relevance, and feasibility of the proposed actions. If the corrective actions are complex or involve significant changes, a follow-up audit may be necessary.
  4. Evaluate Timeliness of Implementation: Consider the timeliness of corrective action implementation. If there are delays or if the corrective actions are not implemented within the agreed-upon timeframe, a follow-up audit may be necessary to understand the reasons behind the delays and ensure prompt resolution.
  5. Assess Effectiveness of Corrective Actions: Evaluate the effectiveness of the corrective actions taken. This may involve reviewing evidence provided by the audited entity, conducting interviews, and assessing whether the actions have addressed the root causes of the non-conformities.
  6. Consider the Complexity of the Organization’s Processes: Take into account the complexity of the audited organization’s processes. In organizations with intricate or highly regulated processes, a follow-up audit may be more critical to ensure that changes have been integrated effectively.
  7. Verify Implementation of Preventive Measures:Check whether the organization has implemented preventive measures to avoid the recurrence of similar non-conformities in the future. A follow-up audit can assess the organization’s commitment to preventing the reoccurrence of issues.
  8. Involve Relevant Stakeholders: Consult with relevant stakeholders, including the audited organization and any external regulatory bodies, to gather input on the need for a follow-up audit. Their perspectives can provide valuable insights into the effectiveness of corrective actions.
  9. Refer to ISO Standards and Certification Requirements: Refer to the specific ISO standard being audited and any certification requirements. Some standards may explicitly require follow-up audits in certain situations. Ensure compliance with these standards and requirements.
  10. Use Risk-Based Approach: Apply a risk-based approach to prioritize follow-up audits. Focus on areas with the highest risk and potential impact on the organization’s ability to meet its objectives and comply with ISO standards.
  11. Document the Decision-Making Process:Document the decision-making process regarding the necessity for a follow-up audit. This documentation should include the rationale for the decision, the criteria considered, and any input from relevant stakeholders.
  12. Communicate the Decision:Clearly communicate the decision regarding the need for a follow-up audit to the audited organization. Provide details on the scope, objectives, and expected outcomes of the follow-up audit, if applicable.

By following these steps, auditors and organizations can systematically assess the necessity for a follow-up audit, ensuring that corrective actions are effective, and the management system is continually improving in line with ISO standards.

The individual managing the audit programme should communicating audit results and best practices to other areas of the organization, and the implications for other processes.effective communication of audit results and best practices is crucial for the success of an audit program. Here are key considerations for the individual managing the audit program:

Communicating Audit Results:

  1. Prepare a Comprehensive Audit Report: Develop a comprehensive audit report that includes clear and concise information about audit findings, including strengths and areas for improvement.
  2. Tailor Communication to the Audience: Adapt communication styles and formats to the needs of different audiences within the organization. Top management may need a high-level overview, while process owners may require more detailed information.
  3. Use Understandable Language: Avoid technical jargon and use language that is easily understandable by individuals who may not be familiar with the specific details of the audited processes.
  4. Highlight Key Findings and Trends: Emphasize key findings and trends that are relevant to organizational goals and objectives. This helps stakeholders focus on the most critical aspects of the audit results.
  5. Facilitate Q&A Sessions: Provide opportunities for stakeholders to ask questions and seek clarification. This can be done through meetings, workshops, or other interactive sessions to ensure a clear understanding of the audit results.
  6. Distribute Audit Reports Timely: Timely distribution of audit reports is crucial. Avoid unnecessary delays to maintain the relevance and impact of the audit findings.
  7. Encourage Open Dialogue:Foster an environment that encourages open dialogue about the audit results. This can lead to a better understanding of the issues and a more collaborative approach to improvement.
  8. Demonstrate Objectivity:Clearly communicate the objectivity and impartiality of the audit process. This builds trust in the audit results and promotes a culture of continuous improvement.

Sharing Best Practices:

  1. Identify and Showcase Success Stories: Highlight examples of best practices and success stories identified during audits. Showcase these as examples for other areas of the organization to learn from.
  2. Create Knowledge Sharing Platforms: Establish platforms, such as workshops, training sessions, or knowledge-sharing forums, where best practices can be shared across different departments.
  3. Encourage Peer-to-Peer Learning:Promote a culture of peer-to-peer learning where individuals and teams can share their experiences and insights. This informal sharing can be as valuable as formal communication channels.
  4. Document and Disseminate Lessons Learned:Document lessons learned from audits, both positive and negative. Disseminate this information to relevant parties to prevent the recurrence of issues and encourage the adoption of successful practices.
  5. Provide Practical Examples: Offer practical examples of how implementing best practices has positively impacted other areas of the organization. This can serve as motivation for continuous improvement.

Communicating Implications for Other Processes:

  1. Connect the Dots: Clearly articulate the implications of audit results for other processes. Help stakeholders understand the interconnections and dependencies between different areas of the organization.
  2. Highlight Cross-Functional Impact: Emphasize how improvements or changes in one process may have implications for other processes. This encourages a holistic approach to organizational improvement.
  3. Facilitate Cross-Functional Discussions: Organize discussions or workshops that involve representatives from various functions to collectively address implications and develop coordinated improvement plans.
  4. Integrate Recommendations into Action Plans:Work with relevant stakeholders to integrate audit recommendations and implications into action plans for other processes. This ensures a unified approach to addressing identified issues.

By focusing on effective communication strategies, the individual managing the audit program can contribute significantly to organizational learning, improvement, and the overall success of the audit program.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a ReplyCancel reply