This page contains additional information and links to other web sites that provide information helpful for management system auditing.
Introduction to ISO Auditing Standards
ISO 19011:2011, Guidelines for management systems auditing is an international consensus standard that provides general auditing guidelines on the following topics:
- Audit principles
- Managing an audit program
- Conducting audit activities
- Competence and evaluation of auditors
Go to the Introduction to ISO 19011 page for more information about this standard and to download the ENLAR White Paper, Introduction to ISO 19011, Guidelines for Auditing Management Systems.
Registrars, organizations that provide 3rd party certification to management system standards, are required to conform to ISO 17021. For more information on ISO 17021, click here.
Other Auditing Standards
There are also auditing standards and guidelines that have been developed by other organizations – for compliance audits, management system audits and financial audits.
The United States Government Accountability Office (GAO) has issued standards for auditing conducted by governmental auditors in the U.S. Although these standards primarily apply to financial audits, they also cover performance audits. They include a detailed discussion of auditor independence and avoiding conflict of interest when auditing. Click here to access these GAO audit standards.
Pre-Audit Preparation and Planning
Good preparation is important to the performance of an effective audit.
Most organizations use a variety of resources to assist their auditors with audit planning.
One of the documents commonly used by EHS auditors are audit checklists or protocols. Creating your own customized audit protocols is important to an effective audit program.
There are a variety of resources available for creating audit checklists / protocols. Some are free; others are expensive.
Checklists come in different lengths, formats and depths of coverage. Some are long and complex; others are short and simple.
Some of the companies offering audit checklists / protocols you can purchase include:
A word of caution – don’t rely solely on a generic checklist for your audits – you need to customize it to your own organization and audit program objectives. Checklists that are prepared by others should be used as a starting point for developing ones of your own. You MUST include audits of your organization’s “planned arrangements” and no generic checklist can provide that for you.
Conducting an Internal Audit
The primary focus when an auditor is conducting an audit is the collection of audit evidence.
To download a copy of a handout that discusses Evidence-Based Auditing, click here.
Writing Audit Findings & Audit Reports
Writing good audit findings takes work. Using a template can help you write good findings.
Most organizations use a standard audit report template.
For some internal audit programs, a separate formal audit report may not actually be developed. Instead audit findings are developed and entered into directly into the corrective action database for follow-up action.
Whatever the form your audit documentation takes, the following issues need to be addressed:
- Information control and security
- Measuring and monitoring audit program effectiveness
Last revised 9/2/2016