ISO 19011:2018 Clause 6.5 Preparing and distributing audit report

ISO 19011:2018 8 Minutes

6.5.1 Preparing audit report

The audit team leader should report the audit conclusions in accordance with the audit programme.
The audit report should provide a complete, accurate, concise and clear record of the audit, and should include or refer to the following:
a) audit objectives;
b) audit scope, particularly identification of the organization (the auditee) and the functions or
processes audited;
c) identification of the audit client;
d) identification of audit team and auditee’s participants in the audit;
e) dates and locations where the audit activities were conducted;
f) audit criteria;
g) audit findings and related evidence;
h) audit conclusions;
i) a statement on the degree to which the audit criteria have been fulfilled;
j) any unresolved diverging opinions between the audit team and the auditee;
k) audits by nature are a sampling exercise; as such there is a risk that the audit evidence examined is not representative.
The audit report can also include or refer to the following, as appropriate:
— the audit plan including time schedule;
— a summary of the audit process, including any obstacles encountered that may decrease the
reliability of the audit conclusions;
— confirmation that the audit objectives have been achieved within the audit scope in accordance with the audit plan;
— any areas within the audit scope not covered including any issues of availability of evidence,
resources or confidentiality, with related justifications;
— a summary covering the audit conclusions and the main audit findings that support them;
— good practices identified;
— agreed action plan follow-up, if any;
— a statement of the confidential nature of the contents;
— any implications for the audit programme or subsequent audits.

The audit team leader should report the audit conclusions in accordance with the audit programme. Reporting audit conclusions is a critical step in the audit process, and it’s essential that this is done in accordance with the audit program. Here are key considerations for the audit team leader when reporting audit conclusions:

  1. Adherence to Audit Program:
    • Ensure that the reporting aligns with the schedule and requirements outlined in the audit program.
    • Follow the established timeline for reporting.
  2. Clear Communication of Conclusions:
    • Clearly communicate the audit conclusions to the auditee and relevant stakeholders.
    • Use language that is concise, precise, and easily understandable.
  3. Structured Presentation:
    • Present audit conclusions in a structured manner.
    • Use a logical sequence that reflects the audit objectives and key findings.
  4. Comprehensive Coverage:
    • Provide a comprehensive coverage of the audit, including positive aspects, areas of compliance, and identified nonconformities.
  5. Documented Evidence:
    • Support conclusions with documented evidence from the audit process.
    • Reference specific findings and their corresponding evidence.
  6. Link to Audit Criteria:
    • Clearly link audit conclusions to the established audit criteria.
    • Articulate how the audited processes align with or deviate from the criteria.
  7. Highlight Positive Aspects:
    • Begin by highlighting positive aspects and areas of compliance.
    • Acknowledge strengths within the audited processes or management system.
  8. Presentation of Nonconformities:
    • If nonconformities are identified, present them objectively and in a manner that allows for a clear understanding by the auditee.
    • Provide specific details about each nonconformity.
  9. Clarify Severity Levels:
    • If applicable, clarify the severity levels of nonconformities (e.g., minor, major) based on the organization’s grading system.
  10. Recommendations for Improvement:
    • If specified in the audit plan, present opportunities for improvement recommendations.
    • Emphasize that these are optional suggestions for enhancing processes.
  11. Concise and Actionable:
    • Keep the presentation concise while ensuring that it contains actionable information.
    • Focus on the most critical aspects relevant to the audit objectives.
  12. Discussion of Audit Findings:
    • Be prepared to engage in a discussion with the auditee about the audit findings and conclusions.
    • Encourage questions and provide clarifications as needed.
  13. Alignment with Audit Objectives:
    • Reiterate how the audit conclusions align with the initial audit objectives and scope.
    • Confirm that the audit goals have been addressed.
  14. Feedback on Cooperation:
    • Provide feedback on the level of cooperation and collaboration received from the auditee during the audit.
    • Acknowledge positive aspects of the auditee’s engagement.
  15. Next Steps and Follow-Up:
    • Discuss any next steps, including the implementation of corrective actions or opportunities for improvement.
    • Clarify the follow-up process, if applicable.
  16. Documentation:
    • Document the audit conclusions comprehensively in the audit report.
    • Ensure that the report is accurate, complete, and aligns with the audit program.
  17. Prepare for the Closing Meeting:
    • If a closing meeting is part of the audit program, prepare for it by summarizing key audit conclusions for presentation to the auditee and relevant stakeholders.

By following these considerations, the audit team leader contributes to a thorough and effective reporting process, fostering transparency and constructive communication between the audit team and the auditee.

The audit report should provide a complete, accurate, concise and clear record of the audit.

creating a comprehensive, accurate, concise, and clear audit report is crucial for effectively communicating the outcomes of the audit. Here are key principles to ensure the quality of the audit report:

  1. Clarity of Language:
    • Use clear and straightforward language.
    • Avoid unnecessary jargon or technical terms that may not be familiar to all readers.
  2. Structured Format:
    • Organize the report in a structured format.
    • Use headings, subheadings, and a logical flow to enhance readability.
  3. Executive Summary:
    • Include an executive summary at the beginning of the report.
    • Summarize key findings, conclusions, and recommendations for quick reference.
  4. Objective and Scope:
    • Clearly state the objectives and scope of the audit.
    • Define the criteria against which the audited processes or systems were assessed.
  5. Detailed Findings:
    • Present detailed findings, both positive aspects and identified issues.
    • Provide evidence and reference specific audit criteria for each finding.
  6. Nonconformities:
    • Clearly document any identified nonconformities.
    • Specify the nature and severity of each nonconformity.
  7. Opportunities for Improvement (OFIs):
    • If applicable, include opportunities for improvement recommendations.
    • Clearly distinguish between OFIs and nonconformities.
  8. Conciseness:
    • Be concise while ensuring that all relevant information is included.
    • Avoid unnecessary details that may obscure the main points.
  9. Recommendations and Corrective Actions:
    • Clearly outline recommendations for improvement, if applicable.
    • Specify corrective actions that are required to address identified issues.
  10. Compliance with Criteria:
    • Clearly communicate the degree of compliance with established criteria.
    • Articulate where deviations or gaps were observed.
  11. Evidence-Based:
    • Support findings and conclusions with documented evidence.
    • Reference specific audit evidence, such as records, interviews, or observations.
  12. Risk Assessment:
    • If relevant, include a risk assessment or evaluation of risks associated with nonconformities.
    • Discuss potential consequences and implications.
  13. Conclusion:
    • Summarize the overall conclusion of the audit.
    • Reiterate the main points and their significance.
  14. Appendices:
    • Include appendices for supporting documents, such as audit plans, checklists, and additional evidence.
    • Ensure that appendices are referenced in the main body of the report.
  15. Language and Tone:
    • Use a professional and objective tone throughout the report.
    • Avoid subjective language that may introduce bias.
  16. Review for Accuracy:
    • Conduct a thorough review of the report for accuracy.
    • Verify that all information presented is factually correct.
  17. Avoid Ambiguity:
    • Eliminate ambiguity in language and statements.
    • Ensure that readers can interpret the report with a clear understanding.
  18. Actionable Recommendations:
    • Craft recommendations and corrective actions that are actionable and practical.
    • Provide guidance on how improvements can be implemented.
  19. Visual Aids:
    • Use visual aids, such as charts or graphs, to enhance understanding.
    • Visual representations can help convey complex information.
  20. Compliance with Reporting Standards:
    • Ensure that the report complies with any applicable reporting standards or guidelines.
    • Align the structure and content with industry or organizational requirements.
  21. Confidentiality and Security:
    • Address matters relating to confidentiality and information security.
    • Clearly communicate how sensitive information is handled and protected.

By adhering to these principles, the audit report becomes a valuable tool for communicating the results of the audit, facilitating decision-making, and providing a basis for continuous improvement within the audited processes or systems.

A well-structured audit report should cover or refer to various essential elements to provide a comprehensive overview of the audit process and outcomes. Here’s a breakdown of each point you mentioned:

a) Audit Objectives:

  • Clearly state the objectives of the audit.
  • Outline what the audit aimed to achieve and the specific goals set.

b) Audit Scope:

  • Define the audit scope, including the functions or processes audited.
  • Identify the organization (the auditee) under examination.

c) Audit Client Identification:

  • Clearly identify the audit client.
  • Specify who commissioned or requested the audit.

d) Audit Team and Auditee’s Participants:

  • List and identify members of the audit team.
  • Identify key participants from the auditee’s side.

e) Dates and Locations:

  • Specify the dates when audit activities were conducted.
  • Clearly state the locations where audit activities took place.

f) Audit Criteria:

  • Define and reference the audit criteria against which the audit was conducted.
  • Clearly articulate the standards, regulations, or benchmarks used.

g) Audit Findings and Related Evidence:

  • Present audit findings in detail.
  • Reference specific evidence (documents, records, observations) supporting each finding.

h) Audit Conclusions:

  • Summarize overall audit conclusions.
  • Highlight key takeaways and insights from the audit.

i) Degree of Fulfillment of Audit Criteria:

  • Provide a statement on the degree to which the audit criteria have been fulfilled.
  • Assess and communicate the level of compliance or noncompliance.

j) Unresolved Diverging Opinions:

  • Clearly state if there are any unresolved diverging opinions between the audit team and the auditee.
  • Document the nature of disagreements and any steps taken to address them.

k) Sampling Exercise and Representativeness:

  • Acknowledge that audits are inherently a sampling exercise.
  • Highlight the risk that the audit evidence examined might not be fully representative.
  • Discuss how the audit team addressed this risk and any considerations taken into account.

Including or referring to these elements ensures that the audit report is thorough, transparent, and provides a clear understanding of the audit process and its outcomes. Each point contributes to the overall integrity and completeness of the report, helping stakeholders interpret the findings and conclusions effectively.

The audit report can also include or refer to the following, as appropriate:

Audit Plan and Time Schedule:

  • Include or refer to the original audit plan, including the time schedule.
  • Evaluate the actual timeline against the planned schedule.

Summary of the Audit Process:

  • Provide a concise summary of the overall audit process.
  • Highlight any obstacles or challenges encountered during the audit that may impact the reliability of the conclusions.

Confirmation of Achieved Objectives:

  • Confirm that the audit objectives have been achieved within the defined audit scope.
  • Ensure that the audit was conducted in accordance with the approved audit plan.

Uncovered Areas within the Scope:

  • Clearly state any areas within the audit scope that were not covered.
  • Provide justifications, including issues related to the availability of evidence, resources, or confidentiality.

Summary of Conclusions and Main Findings:

  • Summarize the main audit conclusions and findings that support them.
  • Offer a high-level overview for quick reference.

Identification of Good Practices:

  • Identify and document any good practices observed during the audit.
  • Highlight positive aspects that can serve as examples for improvement.

Agreed Action Plan Follow-Up:

  • If applicable, include details about the agreed action plan for follow-up.
  • Discuss any proposed corrective actions and improvements.

Statement of Confidential Nature:

  • Explicitly state the confidential nature of the contents of the audit report.
  • Highlight the importance of handling the information responsibly.

Implications for the Audit Program:

  • Discuss any implications the audit findings may have for the overall audit program.
  • Consider how the results may influence the planning and execution of subsequent audits.

Including or referring to these additional aspects enhances the overall quality and transparency of the audit report. It provides stakeholders with a comprehensive view of the audit process, outcomes, and any recommendations for improvement. The report becomes a valuable tool for decision-making and continuous improvement within the audited organization.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply