An audit is a tool used to review a process or function to determine if it is fit for purpose. Audits examine and compare a process against the documented version of it to determine if it still meets its aims and goals. In this way, they are great simulators for change and growth within a business as they can highlight potential areas for improvement.
There are a number of different types of audit when it comes to ISO Certification and Management System Standards all of which can be broadly categorised as:
- Internal Audits / First Party Audits
- Supplier Audits / Second Party Audits
- External Audits / Third Party Audits
These are performed by the business on their own systems as part of the maintenance of their Management System. They look at individual systems and processes, looking to confirm that they are still fit for purpose.
For smaller businesses, or those struggling to prepare for an External Audit, it is possible for a third party to visit and carry out the Internal Audits on their behalf.
These are performed on the systems and processes of any suppliers or contractors that an organisation works with. They look at how the suppliers are working to determine if they are doing what they say they are.
Although usually supplier audits are carried out by the business, it is acceptable for a third party to visit and carry out these audits on their behalf.
These are performed by a third party such as QMS. They look at the Management System, either in part through random sampling or as a whole, in order to confirm that it meets the requirements of the ISO Standard.
To ensure impartiality, this type of audit must be performed by a third party.
Mostly when businesses refer to external audits they are talking about the ISO Certification audit, but there are many types of external audit that can be performed.
ISO Certification Audit / Stage 2 Audit
A Certification or Stage 2 Audit is an in-depth look at a Management System, the purpose of which is to assess whether the business has put in place all of the processes and procedures that they need to meet the requirements of their chosen ISO Standard.
Following the success of this type of audit, and the confirmation of its results, certification is awarded.
This type of audit only happens once for each Standard a business is certified to. After this, the certification cycle begins.
A Recertification Audit is performed at the start of a certification cycle. Its purpose is to ensure that a business has been maintaining its Management System correctly and that all documented procedures comply with the ISO Standard.
This type of audit is in-depth and will look at all documented processes.
Businesses looking to maintain their certification must sit Recertification Audit as it is a requirement that certified bodies such as QMS ensure the ongoing compliance of a certified organisation against strict guidelines.
A Surveillance Audit is an onsite periodic review, usually performed once a year, of an organisation’s Management System.
This audit forms an important part of the certification cycle, ensuring that the certified business maintains compliance with the requirements of the Standard – confirmed by their Recertification Audit at the beginning of the next cycle.
Typically a Surveillance Audit focuses on a few sections of the Management System, aiming to cover the entire Management System by the end of the certification cycle.
A Remote Audit is an off-site Surveillance Audit – a periodic review of an organisation’s Management System, usually performed once a year. The audit is conducted using email and other resources to view and audit the necessary documentation.
As with the on-site version, a Remote Audit focuses on a few sections of the Management System, acting as one part of a plan to cover the entire Management System by the end of the certification cycle.
This type of audit isn’t appropriate for all businesses but for those who qualify it can be a more convenient option than an on-site Surveillance Audit.
Businesses who have a Management System, but no agreement for on-going audit support, may wish to confirm that their system is compliant with ISO Standards.
This is where the Compliance Audit comes in. This in-depth check of a Management System compares it against the ISO Standard, ensuring that it meets all of the requirements.
This type of audit isn’t appropriate for all businesses but for those who already have their Management System prepared, and the correct processes in place, it can be a convenient and affordable option.