ISO 19011:2018 Clause 6.6 Completing audit

ISO 19011:2018 8 Minutes

The audit is completed when all planned audit activities have been carried out, or as otherwise agreed with the audit client (e.g. there might be an unexpected situation that prevents the audit being completed according to the audit plan).
Documented information pertaining to the audit should be retained or disposed of by agreement between the participating parties and in accordance with audit programme and applicable requirements.
Unless required by law, the audit team and the individual(s) managing the audit programme should not disclose any information obtained during the audit, or the audit report, to any other party without the explicit approval of the audit client and, where appropriate, the approval of the auditee. If disclosure of the contents of an audit document is required, the audit client and auditee should be informed as soon as possible.
Lessons learned from the audit can identify risks and opportunities for the audit programme and the auditee.

The audit is completed when all planned audit activities have been carried out, or as otherwise agreed with the audit client (e.g. there might be an unexpected situation that prevents the audit being completed according to the audit plan). The completion of an audit is contingent on the successful execution of all planned audit activities, as outlined in the audit plan. However, unforeseen circumstances or unexpected situations may arise that could impact the original audit schedule. Here are key points related to the completion of an audit:

  1. Completion of Planned Audit Activities: The audit is considered complete when all the activities outlined in the audit plan have been successfully carried out.
  2. Agreement with the Audit Client: In certain situations, it might be necessary to deviate from the original audit plan due to unexpected events or conditions. Any deviations should be agreed upon with the audit client.
  3. Unforeseen Circumstances: Unforeseen circumstances could include emergencies, disruptions, or other events that make it impractical or unsafe to continue with planned audit activities.
  4. Communication with the Audit Client: Open and transparent communication with the audit client is crucial in the event of unexpected situations. Inform the audit client promptly about any challenges or deviations from the original plan.
  5. Evaluation of Completed Activities: Assess the results of the completed audit activities. Ensure that the audit objectives have been met to the extent possible.
  6. Documentation: Document the reasons for any deviations from the audit plan. Keep detailed records of the activities that were completed and any that were impacted by unexpected events.
  7. Audit Client Agreement on Completion: Obtain the agreement of the audit client regarding the completion of the audit, especially if there were deviations from the original plan.
  8. Review of Audit Findings: Review and summarize the audit findings, conclusions, and any recommendations. Ensure that the audit report accurately reflects the outcomes of the completed audit activities.
  9. Closure Activities: Complete any necessary closure activities, such as finalizing reports, documenting lessons learned, and archiving relevant documentation.
  10. Continuous Improvement: Use the experience gained during the audit, including any challenges faced, to identify opportunities for continuous improvement in future audit processes.
  11. Lessons Learned: Conduct a lessons learned session to reflect on the audit process. Identify areas for improvement in planning, execution, and response to unexpected situations.
  12. Client Feedback: Seek feedback from the audit client on the overall audit process, including any deviations from the plan. Use this feedback to enhance future audit planning and execution.

By carefully managing unexpected situations, communicating effectively with the audit client, and documenting the audit process, the audit team can ensure that the completion of the audit is conducted in a thorough and professional manner. This approach supports the overall goal of providing reliable and valuable insights to the audited organization.

Documented information pertaining to the audit should be retained or disposed of by agreement between the participating parties and in accordance with audit programme and applicable requirements. The retention or disposal of documented information related to the audit should be conducted based on agreement between the participating parties and in accordance with the audit program as well as any applicable requirements. Here are some key considerations:

  1. Agreement Between Participating Parties: Documented information may include audit plans, reports, evidence, and other records. The retention or disposal of such information should be agreed upon by all relevant participating parties, including the audit team and the auditee.
  2. Audit Program Guidelines: Adhere to the guidelines and procedures outlined in the audit program regarding the retention or disposal of documented information. Ensure that the agreed-upon timeline for document retention is followed.
  3. Applicable Requirements: Consider any legal, regulatory, or industry-specific requirements related to the retention of audit-related documentation. Ensure compliance with relevant standards or regulations.
  4. Sensitive Information: Identify and handle sensitive information appropriately. If certain information is confidential or contains sensitive data, take necessary measures to protect it during retention or disposal.
  5. Retention Period: Clearly define the retention period for different types of documented information. Some information may need to be retained for a specific period to meet legal or regulatory requirements.
  6. Record of Retention/Disposal: Maintain a record of the retention or disposal activities. Document which documents were retained, for how long, and any reasons for disposal.
  7. Audit Findings and Conclusions: Retain records of audit findings and conclusions for an appropriate period. These records may be important for future reference, improvement, or for addressing any follow-up actions.
  8. Secure Disposal Methods: If disposal is agreed upon, ensure that secure methods are used. Shred or permanently delete electronic files to prevent unauthorized access.
  9. Review and Approval: Obtain necessary approvals before disposing of any documented information. Ensure that all stakeholders are aware of and agree to the disposal plan.
  10. Lessons Learned Documentation: Consider retaining documentation related to lessons learned from the audit process. This information can be valuable for continuous improvement in future audits.
  11. Communication with Participating Parties: Communicate clearly with all participating parties about the agreed-upon retention or disposal plan. Address any concerns or questions regarding the handling of documented information.
  12. Continuous Improvement: Evaluate the document retention and disposal processes after each audit. Identify opportunities for improvement in the handling of documented information.

By following these guidelines and considering the perspectives of all participating parties, the audit team can ensure the appropriate and secure retention or disposal of documented information, contributing to the overall effectiveness and integrity of the audit process.

Unless required by law, the audit team and the individual(s) managing the audit programme should not disclose any information obtained during the audit, or the audit report, to any other party without the explicit approval of the audit client and, where appropriate, the approval of the auditee. If disclosure of the contents of an audit document is required, the audit client and auditee should be informed as soon as possible. Confidentiality is a critical aspect of the audit process, and disclosing information obtained during an audit should be done with utmost care and only with the explicit approval of the audit client and, where applicable, the auditee. Here are key considerations:

  1. Legal Compliance: Adhere to legal requirements related to confidentiality and data protection. Only disclose information if required by law and in accordance with legal obligations.
  2. Explicit Approval: Obtain explicit approval from the audit client before disclosing any information obtained during the audit to third parties. Seek approval from the auditee where appropriate.
  3. Scope of Approval: Clearly define the scope and purpose for which the information will be disclosed. Specify any limitations or conditions associated with the disclosure.
  4. Advance Notification: If disclosure is required, notify the audit client and auditee as soon as possible. Provide sufficient information about the nature and extent of the disclosure.
  5. Confidentiality Agreement: Ensure that all parties involved in the audit, including the audit team, are bound by confidentiality agreements. Clearly communicate the importance of maintaining confidentiality.
  6. Sensitive Information Handling: Identify and handle sensitive information with extra care. Apply additional security measures, if necessary, when disclosing sensitive data.
  7. Protecting Trade Secrets and Proprietary Information: Be particularly cautious when dealing with trade secrets or proprietary information. Obtain specific consent before sharing such information.
  8. Third-Party Contractors: If third-party contractors are involved in the audit process, ensure they also adhere to confidentiality requirements. Include confidentiality clauses in contracts with external parties.
  9. Non-Disclosure Agreements: Consider the use of non-disclosure agreements (NDAs) when appropriate. Ensure that all parties involved in the audit, including external consultants, understand and agree to confidentiality obligations.
  10. Documentation of Approval: Maintain documentation of the explicit approval received for disclosure. Record the details of the approval process and any conditions specified.
  11. Secure Communication Channels: Use secure communication channels when transmitting or sharing confidential information. Encrypt electronic communications to prevent unauthorized access.
  12. Limited Disclosure: Limit the disclosure of information to only what is necessary for the intended purpose. Avoid unnecessary or excessive sharing of information.
  13. Audit Report Redaction: If portions of the audit report are to be disclosed, consider redacting sensitive information to protect confidentiality.
  14. Communication Protocol: Establish a clear communication protocol for any requests for information or disclosure. Designate specific individuals or roles responsible for handling such requests.

By following these guidelines, the audit team ensures that confidentiality is maintained throughout the audit process, and any disclosure of information is conducted responsibly, ethically, and in compliance with legal and contractual obligations.

Lessons learned from the audit can identify risks and opportunities for the audit programme and the auditee.

Lessons Learned for the Audit Programme:

  1. Process Improvement:
    • Identify areas in the audit process that can be improved for increased efficiency and effectiveness.
    • Evaluate the effectiveness of the audit plan, communication protocols, and overall management of the audit.
  2. Training and Development:
    • Assess the skills and competencies of the audit team.
    • Identify training needs and areas for professional development to enhance future audit performance.
  3. Resource Optimization:
    • Evaluate the allocation of resources during the audit.
    • Determine if there are opportunities to optimize resources, including personnel, time, and technology.
  4. Feedback Mechanism:
    • Review the effectiveness of the feedback mechanism within the audit program.
    • Establish a system for capturing and incorporating feedback from audit team members, auditees, and other stakeholders.
  5. Continuous Improvement Culture:
    • Promote a culture of continuous improvement within the audit program.
    • Encourage the audit team to actively contribute ideas for enhancements based on their experiences.
  6. Risk Management:
    • Identify any risks encountered during the audit process.
    • Develop strategies to mitigate or manage these risks in future audits.

Lessons Learned for the Auditee:

  1. Management System Enhancement:
    • Analyze findings related to the auditee’s management system.
    • Use lessons learned to enhance the effectiveness of the auditee’s processes, policies, and controls.
  2. Risk Identification and Mitigation:
    • Identify risks observed during the audit within the auditee’s operations.
    • Collaborate with the auditee to develop strategies for mitigating identified risks.
  3. Opportunity Recognition:
    • Highlight areas where the auditee demonstrated best practices or opportunities for improvement.
    • Encourage the auditee to leverage these strengths for ongoing success.
  4. Alignment with Objectives:
    • Assess the alignment of the auditee’s objectives with the audit findings.
    • Ensure that the auditee’s strategic goals are supported and enhanced by the audit process.
  5. Continuous Improvement Initiatives:
    • Collaborate with the auditee to establish a culture of continuous improvement.
    • Support the auditee in implementing improvement initiatives based on audit insights.
  6. Communication Enhancements:
    • Evaluate communication channels between the auditee and the audit team.
    • Identify opportunities for enhanced communication and collaboration.

General Considerations:

  1. Documenting Lessons Learned:
    • Establish a systematic approach to documenting lessons learned.
    • Maintain a repository of insights, recommendations, and success stories for future reference.
  2. Periodic Review:
    • Conduct periodic reviews of lessons learned to ensure their ongoing relevance.
    • Update processes and strategies based on changing circumstances and feedback.
  3. Feedback Loop:
    • Establish a feedback loop between the audit program and auditees.
    • Encourage open communication to facilitate continuous improvement for both parties.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply