What is an audit?

In the broadest sense, an audit is an objective analysis for the improvement of a company's organization - based on observations, examinations, questioning, and insight into the relevant documents. An audit always serves to compare a target and the actual situation, a target and its fulfillment. Audits thus provide clarity. They serve as a performance assessment or diagnosis to identify strengths and potential for improvement, and provide important feedback on changes and the effectiveness of measures introduced.

In the auditing of management systems the guideline is ISO 19011 is authoritative. In chapter 3.1, it defines the audit as a "systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which audit criteria have been met".

The term audit comes from the Latin word "audire" - to listen or hear. Listening, in the sense of "listening to the interlocutor," is an essential task of an auditor, but by no means the only one. For the auditor asks questions, observes and analyzes in an audit. Ultimately, the aim is to find out and evaluate whether, and to what extent, the organization to be audited has succeeded in implementing the specifications and requirements set out, e.g. in a management system standard. To this end, the auditor also examines the interaction of processes, among others.

A characteristic feature of all our audits is that an independent industry expert takes a look at your management system and processes. Our standards always begin where audit checklists end. Take us at our word.

Why is an audit useful?

Regular audits provide your company with information on whether measures and processes are effective, appropriate and suitable for meeting specifications and requirements. In addition, potential for improvement and risks can be identified. The documented results provide your top management with important findings for control measures.

Audits serve to:

  • Further develop your organization in a way that adds value
  • Obtain a comprehensive target/actual comparison
  • Identify strengths and improvement potential for your company
  • Uncover risks and errors and derive measures to avoid them
  • Provide executives with a well-founded basis for decision-making
  • Uncover blind spots and weak points in the company
  • Learn from proven working methods and processes
  • Proceed systematically and consistently
  • Provide objective evidence of your performance

What types of audits are there?

First, a distinction is made between internal and external audits.

An internal audit (also called self-audit or first party audit) is planned within the company. As a rule, a specially trained employee, i.e. an internal auditor such as the quality management representative, carries out the audit. Internal audits are also a regular part of the company's own management system.

An audit by an external third party can be carried out, for example, by customers (second party audit) or by an accredited certification body such as DQS (third party audit). Then the company decides which areas it wants to look at. Is it about certain standards, as in a management system audit, or about certain processes, products, innovations, or compliance topics? If it is a question of suppliers, second party audits by the customer's quality rep are just as feasible as placing an order with DQS.

Or maybe the company aims at a full certification audit of its management system by external auditors from a certification company? Or perhaps partial aspects are to be the focus of a gap or delta audit? And then there is the question of what form the audit will take: an on-site audit or a remote audit?

 

What is audit planning?

Audits are not carried out at random. Careful planning is always a prerequisite for the success of an audit. This is especially true for audits within the scope of external certification. Certification audits are carefully planned, especially when it comes to accredited procedures. The ISO 17021 standard describes what needs to be taken into account in chapter "9.2 Planning audits" as well as requirements specific to the rules and regulations. Planning is the responsibility of the lead auditor appointed by the certification body.

ISO/IEC 17021-1:2015-11 - Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 1: Requirements

Another standard - DIN ISO/IEC 17065:2012 - formulates requirements for "bodies that certify products, processes and services".

Requirements for the correct planning and execution of audits can therefore differ - depending on whether the certification of management systems or, for example, of products is involved.

ISO/IEC 17065:2013-01 - Conformity assessment — Requirements for bodies certifying products, processes and services

The standards are available from the ISO website.

Audit planning includes the determination of

  • Audit objectives
  • Audit scope
  • Audit criteria (requirements to be met) and, if necessary, significant changes
  • Significant changes that have an impact on your management system

Apart from the audit objectives, the determinations are made in close consultation with you as the client. ISO 17021 sets specific requirements for these determinations, which must be included in the audit planning.

What does audit time mean?

Since the 2015 edition of ISO 17021, the old term audit duration has been referred to as audit time. This is defined as the "time needed to plan and accomplish a complete and effective audit of the client organization's management system."  

As an accredited certification body, DQS determines audit time according to the requirements set by the respective international standard(s).  A whole range of aspects have to be taken into account, such as i.a.: 

  • Standard whose requirements are to be audited
  • Complexity of your business activities and your management system
  • Number of employees
  • Size, number and location of sites 
  • Risks associated with products, activities or processes etc.

The way an audit is conducted - on-site or as a so-called remote audit, can also have an impact on audit time and must be taken into account.

What is the job of a Lead Auditor?

A lead auditor is an auditor who is appointed to this position by the certification body on the basis of their special qualifications according to a defined process. They are responsible for the proper execution of the audit assignment, i.e. the audit planning and the audit itself. If a team of several auditors is auditing, they have - in their function as audit team leader - the task of forming, scheduling, and instructing the audit team. They must also manage the audit program and the audit process, including time management.

The lead auditor usually moderates the opening meeting, and is the primary contact person for the client. They exchange information with the team members, evaluates the progress of the audit at regular intervals, and inform the client of the current status. This may include, for example, any non-conformities discovered or a need to change the scope of the audit. In this context, the audit manager may also have to look for solutions to conflicts.

Finally, together with the audit team, the lead auditor draws conclusions from the audit results, discusses them in the final meeting, and prepares the audit report.

What is an audit report?

An audit report is a written summary of the audit findings made by the lead auditor during their audit. This includes conclusions based on evaluation of the audit evidence, in view of the audit criteria (i.e. requirements to be met). The audit report of an external certification audit is the basis for the decision to issue a certificate.

The audit report focuses on statements about the extent to which the audit criteria have been met, whether or which non-conformities have been identified, and how serious these are. In detail, it deals with the documentation of identified strengths, weaknesses, risks and opportunities, but also whether immediate measures or a follow-up audit may be necessary. The audit report is also the basis for implementing improvement measures. Information on the implementation of corrective actions for non-conformities identified in previous audits may also need to be provided. In addition, any deviation from the audit plan must be documented.

The audit report contains formal details of the audit, such as the name of the certification body and the auditors of the audit team. Also, the name and address of your company, date, location, audit type, audit criteria, audit objectives and scope, audit time spent, and more. Important to know: The contents of an audit report are generally confidential, and ownership of the report remains with the certification body.

What is an audit finding?

Audit findings are relevant findings from the analysis of information and evidence obtained by the audit team during the audit. They are an integral part of the audit report. The audit findings are evaluated by the audit team, which draws appropriate audit conclusions. In an external certification audit, the conclusions are decisive for the certification decision. In the opening meeting for the audit, the audit manager must already explain the criteria according to which the audit findings will be categorized.

Audit findings are documented. They include both the concise presentation of conformities (compliance with the underlying standard) and the comprehensive presentation and classification of non-conformities. A highly beneficial variant of the audit findings for your company is the targeted uncovering of improvement potential. The ISO 17021 standard does not require this, but it is considered beneficial. This procedure is a sign of special professional competence. However, the discovery of improvement potential may not include a solution. Improvement potential may not be evaluated and recorded as a non-conformity. Conversely, a non-conformity cannot be treated as improvement potential.

The DQS certification process  

The DQS certification process starts with getting to know each other and exchanging initial information for a meaningful proposal. Together we define the objectives of auditing and/or certification, including the applicable standards and regulations. In doing so, we take into account your individual company situation, special processes, and the maturity of your management system.

A pre-audit can be helpful as a first performance evaluation. This provides you with information about the maturity level of your management system and identifies possible gaps for certification at an early stage. For larger auditing and certification projects, a project planning meeting is a valuable opportunity to get to know your DQS auditor as well as to develop an individual audit program.

In the system audit (stage 1 and stage 2), our auditors assess whether your management system meets all the requirements of the relevant standard on site. This is followed by the system evaluation with the preparation of an audit report. The DQS certificate documents your successful implementation. An annual monitoring serves the process stability and risk minimization. Recertification takes place after three years.

DQS: Because not all audits are the same

Our audits have many facets and, depending on the objective, follow very different criteria, e.g. national and international standards, laws, and guidelines to be complied with, the requirements of your customers or the goals your organization has set for itself. Whether certification or process audits, compliance, supplier or integrated system audits - with us, the entire range of audit services and certifications is available to you in order to sustainably increase the performance of your company. And that is true across all industries.

By the way: If an audit is associated with the issuance of a certificate, the name DQS is also a visible sign of quality, efficiency, and customer-oriented processes - for your customers, for market participants and other interested parties.