When should a delta audit be performed?
Anyone commissioning a delta audit should think about the right time to conduct it. If the new requirements of a standard have been established, there is no such thing as too early a date. Conversely, a company must expect that a gap analysis will reveal a need for action. Sufficient time must therefore be allowed, for example until the planned changeover audit, in order to be able to implement any necessary measures.
How does a delta audit work?
A gap analysis is always performed individually for each company. Existing company structures are analyzed in order to determine, for example, the effort and costs required for certification. Depending on the requirements, the analysis can relate only to individual parts of a company or take into account all areas of the company. Among other things, the analysis includes the company's action plans, risk assessments or target definitions.
The audit is usually carried out in the following steps:
- Self-assessment by your company based on a list of questions
- Determination of the audit focal points in close consultation with the certification company
- On-site assessment of the current status by the auditor
- Evaluation of the self-assessment by the auditor with a view to the actual state determined on site
- Documentation of weak points and potential for improvement by the auditor.
However, it must be noted that there is no additional assessment by the auditor after the delta audit and a possible upcoming transition or certification audit. This means that it is not possible to show whether the potential for improvement that has been identified has also been implemented.
The procedure and approach clearly show that such a gap analysis is not a service in the sense of a consulting activity. It is a useful preparation for the certification audit with a view to possible need for action. It can precede certification, but is not part of ISO certification.
A delta audit (synonymously a gap analysis) is usually used when a standard is revised or completely reissued. Certification companies thus offer their customers a determination of the current status and a review of their self-assessment. These are compared with the new requirements in the company on site. The weaknesses (deltas / gaps) identified are documented and must be closed by the company before the actual system audit. However, the latter is not audited.
The main benefit is that no more significant deviations (non-conformities) are to be expected in the actual certification audit. This saves time and money.