ISO 19011:2018 Clause 6.4.6 Reviewing documented information while conducting audit

ISO 19011:2018 9 Minutes

The auditee’s relevant documented information should be reviewed to:
— determine the conformity of the system, as far as documented, with audit criteria;
— gather information to support the audit activities.

The review may be combined with the other audit activities and may continue throughout the audit, providing this is not detrimental to the effectiveness of the conduct of the audit.
If adequate documented information cannot be provided within the time frame given in the audit plan, the audit team leader should inform both the individual(s) managing the audit programme and the auditee. Depending on the audit objectives and scope, a decision should be made as to whether the audit should be continued or suspended until documented information concerns are resolved.

The auditee’s relevant documented information should be reviewed to determine the conformity of the system, as far as documented, with audit criteria. Reviewing the auditee’s relevant documented information is a fundamental step in the audit process. This review aims to assess the conformity of the audited system with the established audit criteria. Here are key points to consider when conducting this review:

  1. Identify Relevant Documented Information: Begin by identifying and gathering the relevant documented information from the auditee. This may include policies, procedures, manuals, records, and other documents that are pertinent to the audited system.
  2. Establish Audit Criteria: Clearly define the audit criteria against which the audited system will be assessed. Audit criteria serve as the benchmarks or standards by which conformity is measured. These criteria could be internal policies, industry standards, legal requirements, or other established norms.
  3. Document Review: Conduct a thorough review of the identified documents. Analyze the content to determine whether the documented information aligns with the established audit criteria. Look for evidence of compliance, adherence to procedures, and fulfillment of requirements.
  4. Cross-Reference Information: Cross-reference the documented information with the audit criteria to ensure that all relevant aspects are covered. Identify any gaps or discrepancies that may require further investigation or clarification during the audit.
  5. Verification of Implementation: Assess not only the existence of documented information but also the implementation of the documented processes and procedures. Verify that what is documented is effectively put into practice within the audited system.
  6. Comprehensive Coverage: Ensure that the review covers all relevant areas of the audited system. This may include quality management processes, environmental practices, safety protocols, or any other system components based on the scope of the audit.
  7. Evidence of Conformity: Look for tangible evidence within the documented information that demonstrates conformity with the audit criteria. This evidence may include records of activities, documented evidence of compliance, and evidence of continual improvement.
  8. Consideration of Updates and Revisions: Take into account any updates or revisions to the documented information. Ensure that the auditee’s system has adapted to changes, and assess the effectiveness of change management processes.
  9. Communication with Auditee: If there are questions or uncertainties during the document review, engage in communication with the auditee. Seek clarification on aspects that may impact the determination of conformity.
  10. Documentation of Findings: Document the findings of the review systematically. Clearly note instances of conformity as well as any non-conformities or areas that require further investigation during the audit.
  11. Feedback to Auditee: Provide feedback to the auditee regarding the initial findings of the document review. This feedback can foster collaboration and ensure that both the audit team and the auditee have a shared understanding.
  12. Integration with On-Site Assessment: Integrate the findings of the document review with on-site assessments and other audit methods. This holistic approach ensures a comprehensive evaluation of the audited system.

By thoroughly reviewing the auditee’s relevant documented information, auditors can establish a solid foundation for the audit process. This step is essential for evaluating the system’s conformity, identifying areas for improvement, and ultimately contributing to the overall effectiveness of the audit.

The auditee’s relevant documented information should be reviewed to gather information to support the audit activities. Reviewing the auditee’s relevant documented information is a critical step in gathering essential information to support audit activities. This process involves systematically examining documents, records, and other documented sources to gain insights, evidence, and context for the audit. Here’s a breakdown of the key aspects of reviewing relevant documented information to support audit activities:

  1. Identification of Documented Information: Begin by identifying and collecting the pertinent documented information from the auditee. This may include policies, procedures, manuals, plans, records, and other relevant documents that are integral to the audited system.
  2. Alignment with Audit Objectives: Ensure that the reviewed documented information aligns with the specific objectives of the audit. This alignment is crucial for focusing on the areas that are most relevant to the audit scope and criteria.
  3. Comprehensive Document Review: Conduct a comprehensive review of the documented information to cover all relevant aspects of the audited system. This may involve examining different types of documents to gain a holistic understanding of the organization’s processes and practices.
  4. Evidence of Conformance: Look for evidence within the documented information that demonstrates conformance with established criteria. This evidence could include documented procedures, records of compliance, and other indicators of adherence to relevant standards.
  5. Identification of Processes and Controls: Identify and understand the documented processes, controls, and management systems in place. This information provides a foundation for assessing the effectiveness of the audited system in meeting its objectives.
  6. Assessment of Implementation: Evaluate not only the existence of documented processes but also their actual implementation within the organization. Verify that the practices outlined in the documents are consistently applied in real-world scenarios.
  7. Data for Analysis: Use the reviewed documented information as a source of data for analysis. This may involve extracting quantitative and qualitative data that can be used to assess performance, identify trends, and draw conclusions during the audit.
  8. Risk Identification: Identify any potential risks, issues, or areas of concern through the document review. Understanding the documented risk management processes can help the audit team focus on critical areas during on-site assessments.
  9. Integration with On-Site Activities: Integrate the findings from the document review with on-site audit activities. This ensures a cohesive and complementary approach to gathering information, combining the insights gained from documented sources with direct observations and interviews.
  10. Collaboration with Auditee: Collaborate with the auditee during the document review process. Seek clarification or additional information as needed, and maintain open communication to enhance the accuracy and depth of the information gathered.
  11. Documentation of Findings: Document the findings of the document review systematically. Note key observations, areas of conformity, and any potential non-conformities or opportunities for improvement that may require further investigation.
  12. Feedback and Validation: Provide feedback to the auditee on the initial findings of the document review. This feedback allows for validation and ensures a shared understanding between the audit team and the auditee.

By effectively reviewing the auditee’s documented information, the audit team can lay the groundwork for a thorough and well-informed audit. This step is crucial for supporting subsequent audit activities, providing a basis for analysis, and contributing to the overall success of the audit process.

The review may be combined with the other audit activities and may continue throughout the audit, providing this is not detrimental to the effectiveness of the conduct of the audit. Combining the review of documented information with other audit activities and maintaining a flexible, ongoing approach throughout the audit is a common and effective practice. This approach allows the audit team to adapt to emerging insights, address real-time findings, and ensure a continuous assessment of the audited system. Here are key considerations:

  1. Integration with On-Site Activities: Combine the review of documented information seamlessly with on-site audit activities. This integration ensures that insights gained from documents can be immediately applied to observations, interviews, and other assessment methods.
  2. Real-Time Adaptability: Stay open to adapting the audit plan in real time based on the findings from the document review and other ongoing activities. This flexibility allows the audit team to respond to unexpected discoveries or changing circumstances during the audit.
  3. Continual Data Gathering: Continue to gather relevant information from documented sources throughout the audit process. This continual data gathering approach ensures that the audit team remains well-informed and can adjust focus areas as needed.
  4. Alignment with Audit Objectives: Ensure that the combined activities align with the overall objectives of the audit. This alignment is critical for maintaining a cohesive and purposeful approach to gathering information and assessing the audited system.
  5. Dynamic Risk Assessment: Conduct a dynamic risk assessment to identify emerging risks or areas of concern. This ongoing assessment allows the audit team to prioritize areas that require immediate attention or further investigation.
  6. Efficient Use of Resources: Optimize the use of resources by integrating document review with other activities. For example, if on-site inspections reveal areas of interest, the audit team can refer back to relevant documented information for deeper analysis.
  7. Feedback Loop with Auditee: Establish a feedback loop with the auditee throughout the audit. Regular communication allows for clarification, validation of findings, and ensures that the audit team and auditee have a shared understanding of the evolving audit process.
  8. Continuous Improvement: Embrace a mindset of continuous improvement. Use ongoing insights from document reviews and other activities to refine audit methodologies, address challenges, and enhance the overall effectiveness of the audit process.
  9. Balancing Thoroughness and Efficiency: Strive to balance thoroughness with efficiency. While the audit process should be comprehensive, it’s important to avoid delays or inefficiencies that could hinder the overall progress of the audit.
  10. Documentation of Changes: Document any changes made to the audit plan or focus areas during the course of the audit. This documentation provides transparency, accountability, and a clear audit trail of decision-making processes.
  11. Adherence to Audit Criteria: Ensure that the combined activities align with the established audit criteria. Adhering to the criteria is essential for maintaining the integrity and reliability of the audit findings.
  12. Risk of Detriment to Effectiveness: Continuously evaluate whether the integration of activities is detrimental to the overall effectiveness of the audit. If necessary, make adjustments to maintain a balanced and impactful audit approach.

By integrating the review of documented information with other audit activities and maintaining a dynamic, adaptable approach, the audit team can enhance the efficiency, relevance, and overall success of the audit process. This approach supports the continuous improvement of audit methodologies and contributes to the achievement of audit objectives.

If adequate documented information cannot be provided within the time frame given in the audit plan, the audit team leader should inform both the individual(s) managing the audit programme and the auditee. Depending on the audit objectives and scope, a decision should be made as to whether the audit should be continued or suspended until documented information concerns are resolved. If the auditee is unable to provide adequate documented information within the specified time frame outlined in the audit plan, it is crucial for the audit team leader to take appropriate actions. Here are the key steps to consider in such a situation:

  1. Communication with Auditee: Initiate open and transparent communication with the auditee as soon as it becomes apparent that the expected documented information may not be provided within the planned timeframe. Clearly express the need for the information and inquire about any challenges or reasons for the delay.
  2. Notification to Audit Program Management: Inform the individual(s) managing the audit program about the situation. Provide details regarding the challenges faced in obtaining the necessary documented information and discuss potential implications for the audit timeline and objectives.
  3. Assessment of Impact: Assess the impact of the delayed or unavailable documented information on the overall audit process. Consider the significance of the information in relation to the audit objectives, scope, and the ability to draw meaningful conclusions.
  4. Decision-Making Process: Based on the assessment, engage in a decision-making process to determine the next steps. This process should involve considering the audit’s importance, the criticality of the missing information, and potential alternatives for obtaining the required data.
  5. Options for Resolution: Explore potential options for resolving the situation. This may include extending the timeframe for document submission, seeking alternative sources of information, or adjusting the audit plan to accommodate the delay.
  6. Audit Continuation or Suspension: Depending on the audit objectives and scope, make a decision regarding whether the audit should be continued, with adjusted timelines if necessary, or temporarily suspended until the documented information concerns are resolved.
  7. Consultation with Stakeholders: Consult with relevant stakeholders, including audit program management, to gather input and perspectives on the best course of action. Collaborative decision-making ensures that all parties are informed and aligned with the chosen approach.
  8. Document Decision and Communication: Document the decision-making process, including the reasons behind the chosen course of action. Clearly communicate the decision to both the auditee and audit program management, ensuring that expectations are managed appropriately.
  9. Establish Timelines for Resolution: If the decision is to continue the audit, work with the auditee to establish realistic timelines for providing the necessary documented information. Set clear expectations and milestones to monitor progress.
  10. Risk Mitigation Strategies: Implement risk mitigation strategies to address potential impacts on the audit. This may involve adjusting audit procedures, revising the audit plan, or incorporating additional audit methods to compensate for the absence of certain documented information.
  11. Reassessment and Continuous Monitoring: Continuously reassess the situation and monitor progress toward obtaining the required documented information. Adjustments may be needed throughout the audit process to ensure that the audit remains effective despite the challenges encountered.
  12. Audit Program Review: Use the experience as an opportunity for continuous improvement in the audit program. Review and assess whether there are lessons learned that can be applied to future audits, such as refining expectations for document submission timelines.

By taking these steps, the audit team leader can navigate challenges related to documented information availability, make informed decisions, and maintain the integrity and effectiveness of the audit process. Open communication and collaborative problem-solving are key elements in managing such situations successfully.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply