ISO 19011:2018 Clause 6.4.5 Audit information availability and access

ISO 19011:2018 9 Minutes

The audit methods chosen for an audit depend on the defined audit objectives, scope and criteria, as well as duration and location. The location is where the information needed for the specific audit activity is available to the audit team. This may include physical and virtual locations. Where, when and how to access audit information is crucial to the audit. This is independent of where the information is created, used and/or stored. Based on these issues, the audit methods need to be determined . The audit can use a mixture of methods. Also, audit circumstances may mean that the methods need to change during the audit.

The audit methods chosen for an audit depend on the defined audit objectives, scope and criteria, as well as duration and location. The selection of audit methods is a crucial aspect of the audit planning process, and it should align with the defined audit objectives, scope, criteria, as well as the duration and location of the audit. The choice of audit methods determines how the audit team will gather and evaluate evidence to assess the audited entity’s compliance, performance, or conformity to established criteria. Here are key considerations for choosing audit methods:

  1. Audit Objectives: Align the chosen audit methods with the specific objectives of the audit. Different objectives may require different approaches, whether the focus is on compliance, performance, risk management, or other aspects.
  2. Audit Scope: Consider the scope of the audit when selecting audit methods. The scope defines the boundaries of the audit, indicating the areas, functions, or processes that will be examined. The methods should be tailored to address the identified scope effectively.
  3. Audit Criteria: Choose audit methods that are appropriate for evaluating compliance or performance against the established audit criteria. The criteria serve as benchmarks or standards against which the audited entity’s activities are assessed.
  4. Duration of the Audit: The duration of the audit can influence the choice of methods. Short-term audits may require more focused and efficient methods, while long-term audits may allow for a more comprehensive and detailed examination.
  5. Audit Location: The location of the audit, whether on-site or remote, can impact the selection of audit methods. On-site audits may involve direct observation and physical inspections, while remote audits may rely more on documentation and virtual communication.
  6. Type of Audit: Different types of audits (e.g., internal, external, financial, operational) may require different audit methods. For example, financial audits may involve detailed scrutiny of financial records, while operational audits may focus on processes and efficiency.
  7. Risk Assessment: Consider the results of the risk assessment when selecting audit methods. High-risk areas may require more intensive methods to ensure thorough examination and accurate risk identification.
  8. Resource Availability: Assess the availability of resources, including personnel, technology, and tools. The chosen methods should be feasible within the constraints of available resources.
  9. Data Collection Methods: Determine the most suitable data collection methods based on the nature of the audit. This could include interviews, document reviews, observations, data analytics, and other techniques.
  10. Sampling Techniques: If sampling is part of the audit methodology, choose appropriate sampling techniques based on statistical considerations and the audit objectives. Sampling methods should be representative and reliable.
  11. Audit Team Competencies: Ensure that the chosen audit methods align with the competencies of the audit team. The team should possess the skills and knowledge necessary to effectively implement the selected methods.
  12. Continuous Monitoring and Adjustments: Continuously monitor the progress of the audit and be prepared to adjust the chosen methods as needed. Flexibility allows the audit team to adapt to changing circumstances or unexpected findings.

By carefully considering these factors, the audit team can tailor the audit methods to the specific context of the audit, optimizing the effectiveness and efficiency of the audit process. This strategic approach ensures that the chosen methods are well-suited to achieve the desired audit objectives.

The location is where the information needed for the specific audit activity is available to the audit team.This may include physical and virtual locations.

the location of an audit is a crucial consideration, and it is where the information needed for the specific audit activity is available to the audit team. This concept encompasses both physical and virtual locations, reflecting the diverse ways in which modern audits are conducted. Here are key points to consider regarding the location of an audit:

  1. Physical Locations: Physical locations refer to on-site visits where the audit team physically goes to the premises of the audited entity. This could include visiting offices, manufacturing facilities, warehouses, or any other physical location relevant to the audit.
  2. Virtual Locations: Virtual locations involve conducting audits remotely or without a physical presence at the audited entity’s premises. This approach is facilitated by advancements in technology and can include activities such as virtual meetings, online document reviews, and data analysis conducted from a remote location.
  3. Accessibility of Information: The choice of location should be based on the accessibility of the information required for the audit. Consider whether the necessary documents, records, and personnel can be accessed effectively in the chosen location.
  4. Efficiency and Cost Considerations: Assess the efficiency and cost-effectiveness of the chosen location. Remote audits, for example, may reduce travel costs and time, but physical presence might be necessary for certain types of inspections or verifications.
  5. Data Security and Confidentiality: Consider the security and confidentiality of information, especially when conducting remote audits. Ensure that virtual audit methods adhere to data security standards and do not compromise sensitive information.
  6. Nature of Audit Activities: The nature of the audit activities may influence the choice of location. For activities that require hands-on inspection or observation, a physical location may be essential. Meanwhile, data analysis or interviews may be conducted virtually.
  7. Technology Infrastructure: Evaluate the technology infrastructure available for virtual audits. Ensure that the audit team has access to the necessary tools and platforms to effectively communicate, collaborate, and conduct audit activities remotely.
  8. Regulatory Compliance: Consider any regulatory requirements or restrictions related to the location of the audit. Some audits may be subject to specific regulations that dictate whether on-site visits are mandatory or if remote methods are permissible.
  9. Client and Auditee Preferences: Take into account the preferences of the audit client and auditee. Some organizations may prefer on-site audits for certain activities, while others may be comfortable with or even prefer remote audit methods.
  10. Risk Assessment: Conduct a risk assessment to identify potential risks associated with the chosen location. This includes assessing risks related to data security, information accessibility, and the reliability of remote audit methods.
  11. Communication and Coordination: Establish effective communication and coordination mechanisms, especially when conducting remote audits. Regular communication channels and collaboration tools should be in place to ensure seamless interaction between the audit team and the audited entity.

By carefully considering these factors, the audit team can determine the most suitable location or combination of locations for the audit. The goal is to optimize the efficiency, effectiveness, and overall success of the audit process while meeting the specific needs and requirements of the audit engagement.

Where, when and how to access audit information is crucial to the audit. This is independent of where the information is created, used and/or stored. Based on these issues, the audit methods need to be determined .

Audit methods

The considerations of where, when, and how to access audit information are fundamental to the success of an audit, and they indeed influence the determination of appropriate audit methods. The diversity of information sources, along with the need for flexibility and adaptability in the audit process, often necessitates a mixture of audit methods. Here’s a breakdown of how these considerations influence the selection of audit methods:

  1. Where (Location):
    • Consideration: The physical and virtual locations of audit information.
    • Influence on Audit Methods: On-site visits may be required for physical inspections, while remote access methods, such as virtual meetings and document sharing platforms, are essential for information stored digitally.
  2. When (Timeliness):
    • Consideration: The timing of when access to audit information is needed.
    • Influence on Audit Methods: Depending on the audit timeline, methods may vary. For example, initial planning might involve virtual meetings, while on-site inspections may be scheduled later in the process.
  3. How (Access Methods):
    • Consideration: The agreed-upon methods for accessing information.
    • Influence on Audit Methods: The nature of the information and preferences of the auditee may guide the choice of methods. This could include a mix of interviews, document reviews, data analytics, and physical inspections, depending on what is most effective.
  4. Independence of Information Location:
    • Consideration: The recognition that information can be created, used, and stored in diverse locations.
    • Influence on Audit Methods: This understanding necessitates a versatile approach. A combination of on-site visits, virtual meetings, and data analysis methods may be employed to cover the breadth of information sources.
  5. Flexibility and Adaptability:
    • Consideration: The need for the audit process to be flexible and adaptable to changing circumstances.
    • Influence on Audit Methods: A mixture of methods allows for adaptability. For example, if unexpected issues arise during on-site visits, the audit team may need to supplement with additional document reviews or virtual meetings.
  6. Diversity of Information Sources:
    • Consideration: The acknowledgment that information comes from various sources and platforms.
    • Influence on Audit Methods: A diverse set of methods ensures that the audit team can effectively gather information from different sources, whether it’s financial records, operational processes, or digital data.
  7. Digital Transformation:
    • Consideration: The impact of digital transformation on information accessibility.
    • Influence on Audit Methods: Embracing digital tools for virtual communication, document sharing, and data analytics is crucial for audits in organizations that have undergone digital transformation.
  8. Risk Management:
    • Consideration: Identifying and mitigating risks associated with information access.
    • Influence on Audit Methods: The mixture of methods allows for a balanced approach to risk management. For example, on-site visits may be essential for certain high-risk areas, while remote methods may be suitable for lower-risk aspects of the audit.
  9. Collaboration and Communication:
    • Consideration: The importance of effective collaboration and communication.
    • Influence on Audit Methods: A mix of methods supports collaborative efforts. Virtual meetings facilitate real-time communication, while on-site visits allow for face-to-face interactions, fostering effective collaboration.

By acknowledging these considerations and incorporating a mixture of audit methods, the audit team can navigate the complexities of information access and ensure a comprehensive and effective audit process. This approach allows for versatility, adaptability, and responsiveness to the unique circumstances of each audit engagement.

The audit can use a mixture of methods. Also, audit circumstances may mean that the methods need to change during the audit. The use of a mixture of audit methods provides flexibility and adaptability to changing circumstances during the audit process. It’s crucial to recognize that audit planning is dynamic, and unexpected developments, new findings, or shifts in the audit environment may necessitate adjustments to the initially planned methods. Here are key considerations:

  1. Flexibility in Audit Planning: Recognize that audit planning should be flexible to accommodate unforeseen changes or discoveries during the audit. The initial plan serves as a guide, but adjustments may be necessary based on evolving circumstances.
  2. Continuous Monitoring: Implement continuous monitoring throughout the audit process. Regularly assess the progress, findings, and any emerging issues to determine if adjustments to the audit methods are required.
  3. Real-Time Evaluation: Evaluate audit methods in real-time as the audit progresses. If certain methods are proving to be more or less effective than anticipated, consider making adjustments to optimize the audit process.
  4. Communication with Auditee: Maintain open communication with the auditee. If unexpected challenges arise or if there are changes in the availability of information, coordinate with the auditee to address the situation and discuss potential modifications to the audit plan.
  5. Risk Assessment and Mitigation: Conduct ongoing risk assessments and adapt audit methods to address identified risks. Mitigate risks by adjusting the audit approach to ensure that critical areas are adequately examined.
  6. Resource Allocation: Monitor resource allocation and consider whether adjustments are needed. If certain methods require additional resources or expertise, assess the availability of resources and make informed decisions.
  7. Emerging Issues: Be responsive to emerging issues that may impact the audit. If new information comes to light that suggests a change in focus or priorities, be prepared to modify the audit methods accordingly.
  8. Audit Team Collaboration: Foster collaboration within the audit team. Team members should regularly communicate and share insights about the effectiveness of various audit methods, allowing for collective decision-making on potential adjustments.
  9. Client and Stakeholder Engagement: Engage with the audit client and relevant stakeholders to discuss any changes to the audit plan. Transparent communication ensures that all parties are informed and supportive of adjustments made during the audit.
  10. Documentation of Changes: Document any changes made to the audit plan, including the reasons for the changes and the impact on the audit process. This documentation provides a clear audit trail and helps maintain transparency.
  11. Continuous Improvement: Embrace a mindset of continuous improvement. Use insights gained during the audit to enhance future audit planning processes and methodologies.
  12. Ethical Considerations: Ensure that any adjustments made during the audit adhere to ethical standards. Maintain objectivity, integrity, and independence in decision-making, and avoid compromising the integrity of the audit process.

By embracing flexibility and adaptability, audit teams can navigate changing circumstances, unexpected challenges, and evolving information needs. This approach enhances the resilience of the audit process and ensures that the audit remains effective in achieving its objectives, even in dynamic and unpredictable environments.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a ReplyCancel reply