The internal audit results and the audit report – the true story, according to the ISO 9001 and ISO 19011 Standard requirements – The internal audit’s findings
The documentation, during the audit, should include details about the processes sampled. The auditor should supply as much details as he can. These are the audit’s findings. For example, if he samples a construction plan, he should document:
- Who is the customer
- The planer
- Which employee is responsible
- The date of the plan
- The plan’s status
- The version or edition of the plan
This way, anyone who reads the report, would have as much information as possible. The goal is to make the picture clear. Remember who is assigned to read this report; the top management. They might seem far from the processes but once they hold the audit’s report they would be highly interested in any details written. And then, they would start asking questions… Any sampled process leads to the audit’s results. Is or not according to the specific relevant requirement, these results, later are stated.
The internal audit’s results
Any finding during the audit should be indicated as three classifications:
- Conformity – the process sampled was according to the relevant requirement – the audit’s criteria
- Opportunity for improvement (OFI) – the organization may or may not adopt this opportunity
- Non conformity – the process sampled, was not according to the requirements – the audit’s criteria
Now’ we are getting to the most thrilling part – The nonconformities! Nonconformities shall be documented three times during the audit. First time, within the audit’s report along with the audit’s findings. We can also refer it as the report itself. Second time, where it is suitable, as nonconformities. Any audit report should bear at the end a summary of the nonconformities. Third time, as a corrective action.
The internal audit report’s summit
Any audit’s report must have a summit. The auditor should gather all the non conformities and opportunities for improvement and present them together. The goal is to go over them during the next audit and to review whether they are closed. In the next stage the organization must eliminate the nonconformities. Nonconformity was revealed – the organization must introduce it into a controlled process in order to eliminate it. The auditor should also determine the time frame for conducting any corrective action. Want to know more about this subject? Turn to this section about the old famous CAPA. But the principle is very simple:
- The organization should prove to the auditor that a corrective action was taken over any nonconformity (revealed during the audit) within the time frame that was scheduled.
- The organization must prove t hat the corrective action was effective and that the nonconformities are closed and completed.
Internal audit summary
- The ISO 9001 Standard requires that the management would bear the responsible for the audit’s results.
- The audit’s main goal is to give a status report. The tactic of an audit (external or internal) is to evaluate the organization’s performances with reference to prior requirements.
- The main activity during the audit is sampling processes and documenting the findings.
- An opening meeting – the purpose is to gather information that can shed light on the audit’s report. This part is very important.
- The auditor must sample the processes in order to determine whether the process was performed according to prior requirements.
- The auditor must describe specifically what he had observed and document it.
- Any finding during the audit should be indicated as three states: Conformity, opportunity for improvement or Conformity
- The auditor should concentrate all the non conformities and opportunities for improvement and present them together.
- The organization must eliminate the nonconformities.
- The auditor should determine the time frame for conducting a corrective action.