Introduction to the Internal Audit Procedure for an Operations Manual:

Internal Audit Procedure for an Operations Manual

An operations manual can be a wonderful document, centralizing information on processes, procedures, company hierarchy, important business policies, and the like.

However, operation manuals can also be useless if they're not written, managed, and used properly.

Therefore, you need to audit your operations manual to ensure it's the best it can be.

That's why the team at Process Street - which is state-of-the-art BPM software - created this Internal Audit Procedure for an Operations Manual. This audit procedure is best practice and made in line with ISO 9001 and the broader ISO annex L framework.

Here's how it works.

First, you'll enter the basic details of the audit program manager and auditee. Then, the audit will be prepared for and the auditing team will be defined and assigned to their tasks.

Once that's out of the way, the audit procedure will get into full flow, and specific sections such as leadership, planning, support, operations, and performance will be assessed

The audit findings will then be reviewed, a report prepared, and a meeting held. Any changes that should be made can then be.

It's as easy as that.

The team at Process Street recommends auditing an operations manual regularly. This could be every 3-6 months, given the ever-changing nature of business operations, business processes, and business procedures.

For best results, users are encouraged to edit the checklist and modify the contents to best suit their use cases, as this procedure cannot provide specific guidance on the particular risks and controls applicable to every situation.

By using Process Street as your tool for creating, auditing, and improving your processes, procedures, and overall operations, you're:

1. Creating a culture of processes in your company
2. Iterating and improve processes quickly (seeing as live processes are updated for all members immediately whenever process changes are made)
3. Tracking progress and pull integral data incredibly easily, especially with features such as the checklist dashboard 

To boot, this very checklist template has had superpowered thanks to Process Street's in-built features. These include (but aren't limited to):
- Stop tasks
- Conditional logic
- Dynamic due dates
- Task permissions
- Task assignments
- Role assignments
- Embed widget
- Webhooks
- Approvals

To use this checklist template, get access to Process Street's other free templates, and create your own processes, sign up today.

Enter basic details

Before beginning preparations for the audit, enter some basic details using the form fields below.

Audit program manager information

Auditee information

Seeing as this process may involve multiple people, you can use Process Street's workflow automation feature members form field to allow the person running this checklist to select and assign additional individuals.

For instance, if management is running this checklist, they may wish to assign the lead internal auditor after completing the basic audit details.

Preparing for the audit:

In this section, you'll follow steps to help you establish the context, objectives, scope, criteria, and the monitoring systems of the audit that are in place.

Stop tasks have been attached to this section - and many others in this checklist - to ensure task order. 

To learn more about stop tasks, watch the video below.

Establish context of the audit

In order to understand the context of the audit, the audit program manager should take into account the auditee’s:

  • 1
    Business goals and objectives
  • 2
    Relevant external and internal issues
  • 3
    The needs and expectations of relevant interested parties
  • 4
    Information security and confidentiality requirements of the operations manual

Record the context of the audit in the form field below.

Establish objectives of the audit

The audit program manager needs to establish objectives of the operations manual audit.

Individual audit objectives need to be consistent with the context of the auditee, including the following factors:

  • 1
    Extent of the operations manual to be audited
  • 2
    Capacity of the operations manual to help the organization to meet relevant regulatory requirements
  • 3
    Effectiveness of the operations manual in producing its intended results
  • 4
    Opportunities for operations manual improvements
  • 5
    Suitability of the operations manual with respect to overall strategic context and business objectives of the auditee

Establish scope of the audit

Audit scope should be consistent with the context of the auditee.

Consider the several following factors, then define the audit scope in the text box form field.

  • 1
    Audit location
  • 2
    Audit function
  • 3
    Audit activities
  • 4
    Processes to be audited
  • 5
    Audit time-frame

Establish criteria of the audit

For individual audits, criteria should be defined to be used as a reference against which conformity will be determined.

Individual audit criteria might include:

  • 1
    Relevant policies
  • 2
    Processes and standard operating procedures
  • 3
    Performance objectives and KPIs
  • 4
    Statutory and other relevant regulatory requirements
  • 5
    Operations manual requirements
  • 6
    Risks and opportunities as determined by the auditee
  • 7
    Internal codes of conduct

Record individual audit criteria in the form field below:

Ensure audit monitoring systems are in place

Audit program managers should also make sure that tools and systems are in place to ensure adequate monitoring of the audit and all relevant activities.

Relevant activities to be monitored might include any of the following:

  • 1
    Timeliness of the audit (whether deadlines and schedules are being met)
  • 2
    Performance of the audit team members (including lead auditor)
  • 3
    Successful implementation of audit plans
  • 4
    Feedback from auditee and other relevant parties
  • 5
    Documentation of audit activities

Request documented information from auditee

Request all existing relevant operations manual documentation from the auditee

To make this easier (and faster) for you, you can use the form field below to directly request this information.

Assign audit roles and responsibilities:

In this next section, you'll be considering and then assigning your audit team and audit team lead. 

Assign audit team

Audit program managers should assign audit team members.

When deciding on your audit team, consider the following:

  • 1
    Overall competence required by the audit team
  • 2
    Audit complexity
  • 3
    Combined or joint audit?
  • 4
    Audit methods
  • 5
    Ability of the audit team to work and interact effectively with the auditee
  • 6
    Relevant internal and external issues (e.g. auditee language barriers)
  • 7
    Type and complexity of processes to be audited (do they require specialized knowledge?)

Use the members fields below to assign audit team members.

If you require fewer or more audit team members, then simply edit this template to your requirements.

Assign audit team lead

Audit program managers should be responsible for assigning the audit team leader.

This should be done well ahead of the scheduled date of the audit, to be sure that planning can take place in a timely manner.

Process Street's workflow automation feature dynamic due dates have been set for this task, for one month before the scheduled start date of the audit. To change when this due date should be set for, just edit this checklist template.

Use the below form fields to record the details of the lead auditor.

Reviewing documented information:

Now that you've decided who will do what, why, and when, the next step is to review documented information.

The next steps will guide you through doing this in an easy, unconfusing way.

Review auditee's documented information

The lead auditor should obtain and review all documentation of the auditee's operations manual.

Why?

Because it will help to prepare for individual audit activities, and will serve as a high-level overview from which the lead auditor will be able to better identify and understand areas of concern or nonconformity.

Documented information is an umbrella term that could refer to:

  • Processes (either recorded on paper or with software)
  • Operations manual documents and records
  • Previous audit reports

The above list is by no means exhaustive. The lead auditor should also take into account individual audit scope, objectives, and criteria.

Reference material, such as individual ISO standards, could be useful at this point.

Using the form-fields below, record any issues of nonconformities observed.

(Conditional) Resolve documented information issue(s)

This step is a conditional step. This means, thanks to conditional logic, this step appears because you said "Yes, there are issues with the documented information" in the previous task.

Follow this task as normal and then move onto the rest of the checklist.

Using the form field below, describe the issue(s) with documented information so far, and the steps taken to resolve the issue(s). 

Prepare an audit plan

The lead auditor should prepare an audit plan for the individual audit.

The plan should involve the following components and considerations, so make sure to read through and consider appropriately:

  • 1
    Roles and responsibilities of each audit team member
  • 2
    Risk-based approach to audit planning
  • 3
    Scheduling and coordination of audit activities
  • 4
    Scope and complexity of the audit
  • 5
    Sampling techniques for collecting evidence
  • 6
    Opportunities for improvement
  • 7
    Risks of inadequate planning
  • 8
    Impact of the audit on auditee activities

Assign work to audit team

The lead auditor should now assign work to the audit team.

Work to be assigned should be outlined in the audit plan.

You can use Process Street's task assignment and role assignments features to assign specific tasks in this checklist to individual members of your audit team.

To learn more about role assignments in Process Street, check out the following webinar.

Initiating the audit:

The tasks in the following section will help you complete the last steps before the nitty-gritty gets underway and the audit begins.

For extra tips on the audit process, you may want to read Process Street's article Internal Audit Basics: What, Why, and How to Do Them (5 Audit Checklists).

Make arrangements with the auditee

The lead auditor should make contact with the auditee and ensure the following:

  • 1
    Basic introduction and clear outline of lead auditor roles and responsibilities
  • 2
    Clarify the methods of communication
  • 3
    Permission has been granted to proceed with the audit
  • 4
    The auditee understands the audit program so far
  • 5
    Relevant information is accessible to all parties involved with the audit
  • 6
    Request access to additional relevant information
  • 7
    Determine if there are any additional regulatory requirements that will impact audit activities
  • 8
    Confirm information security policies
  • 9
    Confirm audit scheduling
  • 10
    Location-specific arrangements are made
  • 11
    Auditee understands requirements for additional observers/guides etc.
  • 12
    Risk areas of note are communicated
  • 13
    Outstanding issues are resolved

Any scheduling of audit activities should be made well in advance.

For example, the dates of the opening and closing meetings should be provisionally declared for planning purposes.

Conduct open meeting

An opening meeting between the auditee and all relevant parties should be held.

It's advised that the opening meeting should be led by the lead auditor.

The scheduling for this meeting should have already been determined earlier in the checklist.

During the opening meeting, confirm the following with all relevant parties:

  • 1
    Audit program plans
  • 2
    Individual audit scope
  • 3
    Individual audit objectives
  • 4
    Individual audit criteria
  • 5
    Individual audit plans
  • 6
    Roles and responsibilities of the audit team
  • 7
    That all planned activities can be performed, and proper authorization is acquired
  • 8
    Language of the audit
  • 9
    Information security protocol
  • 10
    Relevant access and arrangements for the audit team
  • 11
    Notable on-site activities that could impact audit process

Typically, such an opening meeting will involve the auditee's management, as well as crucial actors or specialists in relation to processes and procedures to be audited.

This meeting is a great opportunity to ask any questions about the audit process and generally clear the air of uncertainties or reservations.

Depending on the size and scope of the audit (and as such the organization being audited) the opening meeting might be as simple as announcing that the audit is starting, with a simple explanation of the nature of the audit.

Familiarity of the auditee with the audit process is also an important factor in determining how extensive the opening meeting should be.

During the opening meeting, the following items should be clearly communicated:

  • 1
    Methods for reporting and communicating audit progress
  • 2
    Conditions of audit termination
  • 3
    Procedures for dealing with audit findings during the audit
  • 4
    Procedures for receiving feedback from the auditee in response to findings during the audit

Ensure relevant audit information is accessible

Where, when, and how information is accessible is a crucial factor during the audit.

It's essential to make clear where all relevant interested parties can locate important audit information.

Ensure important information is readily accessible by recording the location in the form fields of this task.

You may want to consider uploading important information to a secure central repository (URL) that can be easily shared with relevant interested parties.

Use the form fields below to note down this information.

Collecting evidence (context of the organization):

The operations manual audit itself is about to get underway, starting by collecting evidence related to the context of the organization.

For extra info on how to get your audit right, read through Process Street's article Audit Process: 5 Expert Steps for You to Get Your Audit Right.

Assess the organization and its context

Understanding the context of the organization is necessary when developing an operations manual in order to identify, analyze, and understand the business environment in which the organization conducts its business and realizes its product.

Record information pertaining to the organization and its context in the form fields below.

Assess needs and expectations of interested parties

You will need to assess the needs and expectations of interested parties and note this information.

Provide a record of evidence gathered relating to the needs and expectations of interested parties in the form fields below.

Assess scope of the operations manual

The scope of the operations manual is, essentially, a description of the processes, procedures, services, and information that the operations manual applies to.

Provide a record of evidence gathered relating to the operations manual scope in the form fields below.

Collecting evidence (leadership):

Here, you'll be collecting information regarding the operations manual's leadership, its customer focus, its quality policies, and the associated organizational roles and responsibilities. 

Process Street has a wealth of reading material related to organizational leadership and the like, including:

- Behavioral Theory of Leadership: How to Be a Better Leader
- Leadership Theories: How to Be the Perfect Leader for Your Team
- Effective Team Management at a Busy Software Company

Assess leadership of the operations manual

Provide a record of evidence gathered relating to the operations manual leadership in the form fields below.

Assess customer focus

Provide a record of evidence gathered relating to the operations manual's customer focus in the form fields below.

Assess quality policy

Provide a record of evidence gathered relating to the operations manual quality policy in the form fields below.

Assess organizational roles and responsibilities

Provide a record of evidence gathered relating to the organizational roles, responsibilities, and authorities of the operations manual in the form fields below.

Collecting evidence (operations manual planning):

The tasks in this section help you to collect evidence regarding operations manual planning.

In this context, 'planning' is to do with what's in the operations manual that's related to risk and risk mitigation, change-related procedures, and quality assurance objectives. 

Process Street's writers have expertly written on the above topics. Read their informative work and pick up some additional tips here:

The Ultimate Risk Management Guide: Everything You Need to Know
Risk Mitigation: What It Is and How to Implement It (Free Templates)
- Business Risk: The 3 Main Threats to Your Business and How You Can Manage Them
- What is Quality Management? The Definitive QMS Guide (Free ISO 9001 Template)
ISO 9001: The Ultimate QMS Guide (Basics, Implementation, ISO Templates)

Assess documentation of risks and opportunities

Provide a record of evidence gathered relating to the documentation of risks and opportunities in the operations manual using the form fields below.

Assess quality objectives

Provide a record of evidence gathered relating to the operations manual quality objectives in the form fields below.

Assess procedures for changes to operations manual

Provide a record of evidence gathered relating to the operations manual procedures for implementing changes in the form fields below.

Collecting evidence (support):

The tasks in this section guide you through assessing and collecting evidence related to the operations manual and support.

Essentially, you'll think about how how the operations manual is supported and how the operations manual supports other people in its current state. 

Assess organization and allocation of operations manual resources

Provide a record of evidence gathered relating to the operations manual organization and allocation of resources in the form fields below.

Assess HR integration with operations manual

Provide a record of evidence gathered relating to the integration of HR within the operations manual using the form fields below.

Assess operations manual infrastructure

Provide a record of evidence gathered relating to the operations manual infrastructure in the form fields below.

Assess operations manual work environment

Provide a record of evidence gathered relating to the operations manual work environment in the form fields below.

Assess systems for monitoring and measurement of resources

Provide a record of evidence gathered relating to the operations manual systems for monitoring and measuring resources using the form fields below.

Assess organizational knowledge of the operations manual

Provide a record of evidence gathered relating to the operations manual organizational knowledge in the form fields below.

Assess operations manual competence

Provide a record of evidence gathered relating to the operations manual competence in the form fields below.

Assess operations manual awareness

Provide a record of evidence gathered relating to the operations manual awareness in the form fields below.

Assess communication of operations manual within the organization

Provide a record of evidence gathered relating to the communication of the operations manual within the organization using the form fields below.

Assess documented information

Provide a record of evidence gathered relating to the documented information of the operations manual in the form fields below.

Collecting evidence (operation):

Continuing on with assessing and collecting evidence, the tasks in this section will help you with elements related to control.

Specifically, looking at development inputs, outputs, and controls, at production control, preservation procedures, and so on.

If you haven't already, read these posts related to operations and SOPs:

How to Create an Operations Manual for Your Business (and Avoid Nuclear War)
What is an SOP? 16 Essential Steps to Writing Standard Operating Procedures (With Templates)
30+ Free SOP Templates to Make Recording Processes Quick and Painless

Assess process control

Provide a record of evidence gathered relating to the operations manual process control in the form fields below.

Assess determination of requirements for products and services

Provide a record of evidence gathered relating to the determination of specific requirements for products and services within the operations manual in the form fields below.

Assess design and development of products and services

Provide a record of evidence gathered relating to the development and design of products and services within the operations manual in the form fields below.

Assess design and development inputs

Provide a record of evidence gathered relating to the design and development inputs of the operations manual in the form fields below.

Assess design and development controls

Provide a record of evidence gathered relating to the design and development controls of the operations manual in the form fields below.

Assess design and development outputs

Provide a record of evidence gathered relating to the design and development outputs of the operations manual in the form fields below.

Assess design and development changes

Provide a record of evidence gathered relating to the design and development changes of the operations manual in the form fields below.

Assess control of externally provided products and services

Provide a record of evidence gathered relating to externally provided products and services within the operations manual using the form fields below.

Assess type and extent of control

Provide a record of evidence gathered relating to type and extent of control in the operations manual using the form fields below.

Assess information for external providers

Provide a record of evidence gathered relating to the information for external providers of the operations manual using the form fields below.

Assess control of production and service provision

Provide a record of evidence gathered relating to the control of production and services provision of the operations manual using the form fields below.

Assess identification and traceability of production control

Provide a record of evidence gathered relating to the identification and traceability of production control of the operations manual using the form fields below.

Assess control of external provider/customer property

Provide a record of evidence gathered relating to the control of external provider (or customer) property in the operations manual using the form fields below.

Assess preservation procedures

Provide a record of evidence gathered relating to the preservation procedures documented and implemented by the operations manual using the form fields below.

Assess post-delivery activities

Provide a record of evidence gathered relating to the post-delivery activities documented and implemented by the operations manual using the form fields below.

Assess control of changes

Provide a record of evidence gathered relating to the documentation and implementation of control of changes in the operations manual using the form fields below.

Assess release of products and services

Provide a record of evidence gathered relating to the documentation and implementation of release of products and services in the operations manual using the form fields below.

Assess control of nonconforming outputs

Provide a record of evidence gathered relating to the documentation and implementation of control of nonconforming outputs in the operations manual using the form fields below.

Collecting evidence (performance evaluation):

The tasks here concern how the operations manual is performing. Is it performing well? What does a performance analysis show? What are the management review procedures?

You'll gather evidence to questions such as these and add them to the relevant fields.

Assess operations manual performance evaluation

Provide a record of evidence gathered relating to the documentation and implementation of performance evaluation in the operations manual using the form fields below.

Assess customer satisfaction

Provide a record of evidence gathered relating to the documentation and implementation of customer satisfaction in the operations manual using the form fields below.

Assess performance analysis and evaluation procedures

Provide a record of evidence gathered relating to the documentation and implementation of performance analysis and evaluation procedures in the operations manual using the form fields below.

Assess internal audit procedures

Provide a record of evidence gathered relating to the documentation and implementation of internal audit procedures in the operations manual using the form fields below.

Assess management review procedures

Provide a record of evidence gathered relating to the documentation and implementation of management review procedures in the operations manual using the form fields below.

Collecting evidence (improvement):

The two upcoming tasks are to do with the operations manual, corrective action, and continuous improvements.

The team at Process Street know a deal about process improvements and continuous improvement. Read the following articles and think about adding the following process template to your account which, inevitably, will bolster the processes and procedures in your operations manual.

Process Improvement: Stop Bad Processes Killing Your Business
Process Improvements: Your Ultimate Toolkit With 17 Free Templates
What Continuous Improvement Is (and How to Use It)
PDCA: How to Eliminate Error in Your Processes and Products

Assess procedures for nonconformity and corrective action

Provide a record of evidence gathered relating to the documentation and implementation of procedures for nonconformity and corrective action in the o using the form fields below.

Assess procedures for continuous improvement

Provide a record of evidence gathered relating to the documentation and implementation of procedures for continuous improvement in the operations manual using the form fields below.

Audit findings:

Well done - the audit is now complete. This means the operations manual doesn't have to be assessed in any other way (until the next audit starts, of course).

The next task concerns reviewing the findings of the audit.

Review audit evidence and findings

You'll have made records of the auditee's documentation and implementation of operations manual policies and procedures using the form fields in the completed tasks (audit evidence).

You should also have made notes on both conformities and nonconformities alongside relevant suggestions for corrective action or opportunities for improvement (audit findings).

The audit should now be reviewed, especially by the audit program manager. (This task is a stop task, meaning a continuation of this Internal Audit Procedure For an Operations Manual is not possible until the audit's evidence has been read through.)

Below is an overview of the audit. 

Make any additional notes in the form fields at the bottom, in addition to confirming whether any follow-up actions (i.e. changes) need to be made to the operations manual.


Context of the organization


Organization and its context

Internal issues: {{form.Internal_issues_information}}

External issues: {{form.External_issues_information}}

Relevant interested parties: {{form.Relevant_interested_parties_information}}

Any nonconformities?: {{form.Nonconformity_with_organization_and_its_context?}}

Recorded conformities: {{form.Record_conformities_for_organization_and_its_context}}

Recorded nonconformities: {{form.Record_nonconformities_for_organization_and_its_context_2}}

Suggestions: {{form.Suggestions_for_organization_and_its_context}}

Needs and expectations of interested parties

Information: {{form.Needs_and_expectations_of_interested_parties_information}}

Any nonconformities?: {{form.Nonconformity_with_needs_and_expectations_of_interested_parties?}}

Recorded conformities: {{form.Record_conformities_for_needs_and_expectations_of_interested_parties}}

Recorded nonconformities: {{form.Record_nonconformities_for_needs_and_expectations_of_interested_parties_2}}

Suggestions: {{form.Suggestions_for_needs_and_expectations_of_interested_parties}}

Operations manual scope

Information: {{form.Operations_manual_scope_information}}

Any nonconformities?: {{form.Nonconformity_with_operations_manual_scope?}}

Recorded conformities: {{form.Record_conformities_for_operations_manual_scope}}

Recorded nonconformities: {{form.Record_nonconformities_for_operations_manual_scope}}

Suggestions: {{form.Suggestions_for_operations_manual_scope}}


Leadership


Operations manual leadership

Information: {{form.Operations_manual_leadership_information}}

Any nonconformities?: {{form.Nonconformity_with_operations_manual_leadership?}}

Recorded conformities: {{form.Record_conformities_for_operations_manual_leadership}}

Recorded nonconformities: {{form.Record_nonconformities_for_operations_manual_leadership}}

Suggestions: {{form.Suggestions_for_operations_manual_leadership}}

Customer focus

Information: {{form.Operations_manual_customer_focus_information}}

Any nonconformities?: {{form.Nonconformity_with_operations_manual_customer_focus?}}

Recorded conformities: {{form.Record_conformities_for_operations_manual_customer_focus}}

Recorded nonconformities: {{form.Record_nonconformities_for_operations_manual_customer_focus}}

Suggestions: {{form.Suggestions_for_operations_manual_customer_focus}}

Quality policy

Information: {{form.Operations_manual_quality_policy_information}}

Any nonconformities?: {{form.Nonconformity_with_operations_manual_quality_policy?}}

Recorded conformities: {{form.Record_conformities_for_operations_manual_quality_policy}}

Recorded nonconformities: {{form.Record_nonconformities_for_operations_manual_quality_policy}}

Suggestions: {{form.Suggestions_for_operations_manual_quality_policy}}

Organizational roles and responsibilities

Information: {{form.Operations_manual_roles_and_responsibilities_information}}

Any nonconformities?: {{form.Nonconformity_with_operations_manual_roles_and_responsibilities?}}

Recorded conformities: {{form.Record_conformities_for_operations_manual_roles_and_responsibilities}}

Recorded nonconformities: {{form.Record_nonconformities_for_operations_manual_roles_and_responsibilities}}

Suggestions: {{form.Suggestions_for_operations_manual_roles_and_responsibilities}}


Operations manual planning


Documentation of risks and opportunities

Risks information: {{form.Operations_manual_risks_information}}

Procedures for risk mitigation information: {{form.Procedures_for_risk_mitigation_information}}

Opportunities information: {{form.Operations_manual_opportunities_information}}

Procedures for engaging opportunities information: {{form.Procedures_for_engaging_opportunities_information}}

Any nonconformities?: {{form.Nonconformity_with_documentation_of_operations_manual_risks_and_opportunities?}}

Recorded conformities: {{form.Record_conformities_for_operations_manual_risks_and_opportunities}}

Recorded nonconformities: {{form.Record_nonconformities_for_operations_manual_risks_and_opportunities}}

Suggestions: {{form.Suggestions_for_operations_manual_risks_and_opportunities}}

Quality objectives

Information: {{form.Operations_manual_quality_objectives_information}}

Any nonconformities?: {{form.Nonconformity_with_operations_manual_quality_objectives?}}

Recorded conformities: {{form.Record_conformities_for_operations_manual_quality_objectives}}

Recorded nonconformities: {{form.Record_nonconformities_for_operations_manual_quality_objectives}}

Suggestions: {{form.Suggestions_for_operations_manual_quality_objectives}}

Procedures for change to operations manual

Information: {{form.Procedures_for_change_information}}

Any nonconformities?: {{form.Nonconformity_with_procedures_for_change?}}

Recorded conformities: {{form.Record_conformities_for_procedures_for_change}}

Recorded nonconformities: {{form.Record_nonconformities_for_procedures_for_change_2}}

Suggestions: {{form.Suggestions_for_procedures_for_change}}


Support


Organization and allocation of operations manual resources

Information: {{form.Organization_and_allocation_of_resources_information}}

Any nonconformities?: {{form.Nonconformity_for_organization_and_allocation_of_resources?}}

Recorded conformities: {{form.Record_conformities_for_organization_and_allocation_of_resources}}

Recorded nonconformities: {{form.Record_nonconformities_for_organization_and_allocation_of_resources_2}}

Suggestions: {{form.Suggestions_for_organization_and_allocation_of_resources}}

HR integration

Information: {{form.HR_integration_information}}

Any nonconformities?: {{form.Nonconformity_with_HR_integration?}}

Recorded conformities: {{form.Record_conformities_for_HR_integration}}

Recorded nonconformities: {{form.Record_nonconformities_for_HR_integration_2}}

Suggestions: {{form.Suggestions_for_HR_integration}}

Operations manual infrastructure

Information: {{form.Operations_manual_infrastructure_information}}

Any nonconformities?: {{form.Nonconformity_with_operations_manual_infrastructure?}}

Recorded conformities: {{form.Record_conformities_for_operations_manual_infrastructure}}

Recorded nonconformities: {{form.Record_nonconformities_for_operations_manual_infrastructure}}

Suggestions: {{form.Suggestions_for_operations_manual_infrastructure}}

Operations manual work environment

Information: {{form.Operations_manual_work_environment_information}}

Any nonconformities?: {{form.Nonconformity_with_operations_manual_work_environment?}}

Recorded conformities: {{form.Record_conformities_for_operations_manual_work_environment}}

Recorded nonconformities: {{form.Record_nonconformities_for_operations_manual_work_environment}}

Suggestions: {{form.Suggestions_for_operations_manual_work_environment}}

Systems for monitoring and measurement of resources

Information: {{form.Systems_for_monitoring_and_measuring_resources_information}}

Any nonconformities?: {{form.Nonconformity_with_systems_for_monitoring_and_measuring_resources?}}

Recorded conformities: {{form.Record_conformities_for_systems_for_monitoring_and_measuring_resources}}

Recorded nonconformities: {{form.Record_nonconformities_for_systems_for_monitoring_and_measuring_resources_2}}

Suggestions: {{form.Suggestions_for_monitoring_and_measuring_resources}}

Organizational knowledge of the operations manual

Information: {{form.Organizational_knowledge_of_operations_manual_information}}

Any nonconformities?: {{form.Nonconformity_with_organizational_knowledge_of_operations_manual_information?}}

Recorded conformities: {{form.Record_conformities_for_organizational_knowledge_of_operations_manual_information}}

Recorded nonconformities: {{form.Record_nonconformities_for_organizational_knowledge_of_operations_manual_information}}

Suggestions: {{form.Suggestions_for_organizational_knowledge_of_operations_manual_information}}

Operations manual competence

Information:
{{form.Operations_manual_competence_information}}

Any nonconformities?: {{form.Nonconformity_with_operations_manual_competence?}}

Recorded conformities: {{form.Record_conformities_for_operations_manual_competence}}

Recorded nonconformities: {{form.Record_nonconformities_for_operations_manual_competence}}

Suggestions: {{form.Suggestions_for_operations_manual_competence}}

Operations manual awareness

Information: {{form.Operations_manual_awareness_information}}

Any nonconformities?: {{form.Nonconformity_with_operations_manual_awareness?}}

Recorded conformities: {{form.Record_conformities_for_operations_manual_awareness}}

Recorded nonconformities: {{form.Record_nonconformities_for_operations_manual_awareness}}

Suggestions: {{form.Suggestions_for_operations_manual_awareness}}

Communication of operations manual within the organization

Information: {{form.Communication_of_operations_manual_information}}

Any nonconformities?: {{form.Nonconformity_with_communication_of_operations_manual?}}

Recorded conformities: {{form.Record_conformities_for_communication_of_operations_manual}}

Recorded nonconformities: {{form.Record_nonconformities_for_communication_of_operations_manual}}

Suggestions: {{form.Suggestions_for_communication_of_operations_manual}}

Documented information

Information: {{form.Documented_information_notes}}

Any nonconformities?: {{form.Nonconformity_with_documented_information?}}

Recorded conformities: {{form.Record_conformities_for_documented_information}}

Recorded nonconformities: {{form.Record_nonconformities_for_documented_information_2}}

Suggestions: {{form.Suggestions_for_documented_information}}


Operation


Process control

Information: {{form.Process_control_information}}

Any nonconformities?: {{form.Nonconformity_with_process_control?}}

Recorded conformities: {{form.Record_conformities_for_process_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_process_control_2}}

Suggestions: {{form.Suggestions_for_process_control}}

Determination of requirements for products and services

Information: {{form.Determination_of_requirements_for_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_determination_of_requirements_for_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_determination_of_requirements_for_product_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_determination_of_requirements_for_product_and_services_2}}

Suggestions: {{form.Suggestions_for_determination_of_requirements_for_product_and_services}}

Design and development of products and services

Information: {{form.Design_and_development_of_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_of_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_of_products_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_of_products_and_services_2}}

Suggestions: {{form.Suggestions_for_design_and_development_of_products_and_services}}

Design and development inputs

Information: {{form.Design_and_development_inputs_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_inputs?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_inputs}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_inputs_2}}

Suggestions: {{form.Suggestions_for_design_and_development_inputs}}

Design and development controls

Information: {{form.Design_and_development_controls_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_controls?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_controls}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_controls_2}}

Suggestions: {{form.Suggestions_for_design_and_development_controls}}

Design and development outputs

Information: {{form.Design_and_development_outputs_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_outputs?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_outputs}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_outputs_2}}

Suggestions: {{form.Suggestions_for_design_and_development_outputs}}

Design and development changes

Information: {{form.Design_and_development_changes_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_changes?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_changes}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_changes_2}}

Suggestions: {{form.Suggestions_for_design_and_development_changes}}

Control of externally provided products and services

Information: {{form.Control_of_externally_provided_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_externally_provided_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_control_of_externally_provided_products_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_externally_provided_products_and_services_2}}

Suggestions: {{form.Suggestions_for_control_of_externally_provided_products_and_services}}

Type and extent of control

Information: {{form.Type_and_extent_of_control_information}}

Any nonconformities?: {{form.Nonconformity_with_type_and_extent_of_control?}}

Recorded conformities: {{form.Record_conformities_for_type_and_extent_of_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_type_and_extent_of_control_2}}

Suggestions: {{form.Suggestions_for_type_and_extent_of_control}}

Information for external providers

Information: {{form.Information_for_external_providers_information}}

Any nonconformities?: {{form.Nonconformity_with_information_for_external_providers?}}

Recorded conformities: {{form.Record_conformities_for_information_for_external_providers}}

Recorded nonconformities: {{form.Record_nonconformities_for_information_for_external_providers_2}}

Suggestions: {{form.Suggestions_for_information_for_external_providers}}

Control of production and service provision

Information: {{form.Control_of_production_and_service_provision_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_production_and_service_provision?}}

Recorded conformities: {{form.Record_conformities_for_control_of_production_and_service_provision}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_production_and_service_provision_2}}

Suggestions: {{form.Suggestions_for_control_of_production_and_service_provision}}

Type and extent of control

Information: {{form.Type_and_extent_of_control_information}}

Any nonconformities?: {{form.Nonconformity_with_type_and_extent_of_control?}}

Recorded conformities: {{form.Record_conformities_for_type_and_extent_of_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_type_and_extent_of_control_2}}

Suggestions: {{form.Suggestions_for_type_and_extent_of_control}}

Information for external providers

Information: {{form.Information_for_external_providers_information}}

Any nonconformities?: {{form.Nonconformity_with_information_for_external_providers?}}

Recorded conformities: {{form.Record_conformities_for_information_for_external_providers}}

Recorded nonconformities: {{form.Record_nonconformities_for_information_for_external_providers_2}}

Suggestions: {{form.Suggestions_for_information_for_external_providers}}

Control of production and service provision

Information: {{form.Control_of_production_and_service_provision_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_production_and_service_provision?}}

Recorded conformities: {{form.Record_conformities_for_control_of_production_and_service_provision}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_production_and_service_provision_2}}

Suggestions: {{form.Suggestions_for_control_of_production_and_service_provision}}

Identification and traceability of production control

Information: {{form.Identification_and_traceability_of_production_control_information}}

Any nonconformities?: {{form.Nonconformity_with_identification_and_traceability_of_production_control?}}

Recorded conformities: {{form.Record_conformities_for_identification_and_traceability_of_production_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_identification_and_traceability_of_production_control_2}}

Suggestions: {{form.Suggestions_for_identification_and_traceability_of_production_control}}

Control of external provider/customer property

Information: {{form.Control_of_external_provider/customer_property_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_external_provider/customer_property?}}

Recorded conformities: {{form.Record_conformities_for_control_of_external_provider/customer_property}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_external_provider/customer_property_2}}

Suggestions: {{form.Suggestions_for_control_of_external_provider/customer_property}}

Preservation procedures

Information: {{form.Preservation_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_preservation_procedures?}}

Recorded conformities: {{form.Record_conformities_for_preservation_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_preservation_procedures_2}}

Suggestions: {{form.Suggestions_for_preservation_procedures}}

Post-delivery activities

Information: {{form.Post-delivery_activities_information}}

Any nonconformities?: {{form.Nonconformity_with_post-delivery_activities?}}

Recorded conformities: {{form.Record_conformities_for_post-delivery_activities}}

Recorded nonconformities: {{form.Record_nonconformities_for_post-delivery_activities_2}}

Suggestions: {{form.Suggestions_for_post-delivery_activities}}

Control of changes

Information: {{form.Control_of_changes_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_changes?}}

Recorded conformities: {{form.Record_conformities_for_control_of_changes}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_changes_2}}

Suggestions: {{form.Suggestions_for_control_of_changes}}

Release of products and services

Information: {{form.Release_of_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_release_of_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_release_of_products_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_release_of_products_and_services_2}}

Suggestions: {{form.Suggestions_for_release_of_products_and_services}}

Control of nonconforming outputs

Information: {{form.Control_of_nonconforming_outputs_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_nonconforming_outputs?}}

Recorded conformities: {{form.Record_conformities_for_control_of_nonconforming_outputs}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_nonconforming_outputs_2}}

Suggestions: {{form.Suggestions_for_control_of_nonconforming_outputs}}


Performance evaluation


Operations manual performance evaluation

Information: {{form.Operations_manual_performance_evaluation_information}}

Any nonconformities?: {{form.Nonconformity_with_operations_manual_performance_evaluation?}}

Recorded conformities: {{form.Record_conformities_for_operations_manual_performance_evaluation}}

Recorded nonconformities: {{form.Record_nonconformities_for_operations_manual_performance_evaluation}}

Suggestions: {{form.Suggestions_for_operations_manual_performance_evaluation}}

Customer satisfaction

Information: {{form.Customer_satisfaction_information}}

Any nonconformities?: {{form.Nonconformity_with_customer_satisfaction?}}

Recorded conformities: {{form.Record_conformities_for_customer_satisfaction}}

Recorded nonconformities: 
{{form.Record_nonconformities_for_customer_satisfaction_2}}

Suggestions: {{form.Suggestions_for_customer_satisfaction}}

Performance analysis and evaluation procedures

Information: {{form.Performance_analysis_and_evaluation_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_performance_analysis_and_evaluation_of_procedures?}}

Recorded conformities: {{form.Record_conformities_for_performance_analysis_and_evaluation_of_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_performance_analysis_and_evaluation_of_procedures_2}}

Suggestions: {{form.Suggestions_for_performance_analysis_and_evaluation_of_procedures}}

Internal audit procedures

Information: {{form.Internal_audit_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_internal_audit_procedures?}}

Recorded conformities: {{form.Record_conformities_for_internal_audit_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_internal_audit_procedures_2}}

Suggestions: {{form.Suggestions_for_internal_audit_procedures}}

Management review procedures

Information: {{form.Management_review_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_management_review_procedures?}}

Recorded conformities: {{form.Record_conformities_for_management_review_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_management_review_procedures_2}}

Suggestions: {{form.Suggestions_for_management_review_procedures}}


Improvement


Procedures for nonconformity and corrective action

Information: {{form.Procedures_for_nonconformity_and_corrective_action_information}}

Any nonconformities?: {{form.Nonconformity_with_procedures_for_nonconformity_and_corrective_action?}}

Recorded conformities: {{form.Record_conformities_for_procedures_for_nonconformity_and_corrective_action}}

Recorded nonconformities: {{form.Record_nonconformities_for_procedures_for_nonconformity_and_corrective_action_2}}

Suggestions: {{form.Suggestions_for_procedures_for_nonconformity_and_corrective_action}}

Procedures for continuous improvement

Information: {{form.Procedures_for_continuous_improvement_information}}

Any nonconformities?: {{form.Nonconformity_with_procedures_for_continuous_improvement?}}

Recorded conformities: {{form.Record_conformities_for_continuous_improvement_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_continuous_improvement_procedures_2}}

Suggestions: {{form.Suggestions_for_continuous_improvement_procedures}}

Closing the audit:

With the audit's evidence reviewed, the audit will begin to be wrapped up by preparing a report, issuing it, and preparing and conducting a closing meeting.

The following tasks will guide you through these steps.

Process Street knows a thing or two about meetings - both virtual and in-person. Use the following resources to help you have and hold productive audit meetings:

How to Run Business Meetings That Aren’t a Useless Waste of Time

Prepare audit report

The audit report is the final record of the audit — the high-level document that clearly outlines a complete, concise, clear record of everything of note that happened during the audit.

Audit reports should be issued within 24 hours of the audit to ensure the auditee is given the opportunity to take corrective action in a timely, thorough fashion.

If the report is issued several weeks after the audit, it will typically be lumped onto the "to-do" pile, and much of the momentum of the audit, including discussions of findings and feedback from the auditor, will have faded.

The lead auditor should prepare the audit report.

This task has been assigned a dynamic due date set to 24 hours after the audit evidence has been evaluated against the criteria.

Use the sub-checklist below to check off important items included within the audit report:

  • 1
    Audit program objectives
  • 2
    Individual audit objectives
  • 3
    Individual audit scope
  • 4
    Individual audit criteria
  • 5
    An overview of the auditee & their context
  • 6
    Roles and responsibilities of the audit team
  • 7
    Key dates and locations of the audit
  • 8
    Complete audit findings and corresponding evidence
  • 9
    Audit conclusions
  • 10
    Assessment of audit criteria
  • 11
    Unresolved conflicts of opinion between audit team and auditee

Use the form field below to upload the completed audit report.

Issue audit report

As stressed in the previous task, the audit report being distributed in a timely manner is one of the most important aspects of the entire audit process.

Use the email widget below to quickly and easily distribute the audit report to all relevant interested parties.

By default, the widget will send the report to:

  • The auditee main point of contact (Auditee main point of contact)
  • The audit program manager (Audit program manager email)
  • The lead auditor (Lead auditor email)

Should you want to distribute the report to additional interested parties, simply add their email addresses to the email widget below:

(Conditional) Prepare for audit follow-up

Depending on the outcome of the audit, there may be a need for follow-up action.

Follow-up action might include:

  • Corrective action in response to nonconformities
  • Opportunities for improvement
  • Actions to address risks and opportunities

A time-frame should be agreed upon between the audit team and auditee within which to carry out follow-up action.

As part of the follow-up actions, the auditee will be responsible for keeping the audit team informed of any relevant activities undertaken within the agreed time-frame. The completion and effectiveness of these actions will need to be verified - this may be part of a subsequent audit.

In any case, recommendations for follow-up action should be prepared ahead of the closing meeting and shared accordingly with relevant interested parties.

Use the form fields below to record follow-up action suggestions.

Prepare for closing meeting

Before the closing meeting, the audit team should make adequate preparations.

Make sure the following items are resolved ahead of the closing meeting:

  • 1
    All audit findings are reviewed against audit objectives
  • 2
    Audit conclusions are agreed upon
  • 3
    Recommendations are prepared, if necessary
  • 4
    Follow-up action has been discussed and agreed upon

Conduct closing meeting

Just like the opening meeting, it's a great idea to conduct a closing meeting to orient everyone with the proceedings and outcome of the audit, and provide a firm resolution to the whole process.

The main point of the closing meeting should be to present audit findings and conclusions.

Lead auditors should be responsible for presenting audit findings and conclusions.

You can use the sub-checklist below as a kind of attendance sheet to make sure all relevant interested parties are in attendance at the closing meeting:

  • 1
    Auditee management
  • 2
    Audit program manager
  • 3
    Individuals responsible for the processes and procedures being audited
  • 4
    The audit client
  • 5
    All members of the audit team
  • 6
    Other relevant interested parties, as determined by the auditee/audit program

Once attendance has been taken, the lead auditor should go over the complete audit report, with special attention placed on:

  • 1
    If applicable, first addressing any special occurrences or situations that might have impacted the reliability of audit conclusions
  • 2
    Making sure all present are familiar with or have access to the complete audit report
  • 3
    Making sure the auditee is familiar with the audit process
  • 4
    Confirming the time-frame for audit follow-up actions
  • 5
    Diverging opinions / disagreements in relation to audit findings between any relevant interested parties
  • 6
    Opportunities for improvement

Depending on the situation and context of the audit, formality of the closing meeting can vary.

For more formal audits, minutes and records of attendance can be kept.

For more informal (e.g. internal) audits, it can be sufficient to simply communicate audit findings and audit conclusions.

In any case, during the course of the closing meeting, the following should be clearly communicated to the auditee:

  • 1
    That audit evidence is based on sample information, and therefore cannot be fully representative of the overall effectiveness of the processes being audited
  • 2
    The specific methods of audit reporting used
  • 3
    Complete audit findings and conclusions
  • 4
    Advice for how to proceed in light of audit findings
  • 5
    Consequences if audit findings are not addressed
  • 6
    Recommendations for post-audit follow-up activities
  • 7
    The fact that recommendations are not binding

Complete the audit

The audit is to be considered formally complete when all planned activities and tasks have been completed, and any recommendations or future actions have been agreed upon with the audit client.

All information documented during the course of the audit should be retained or disposed of, depending on:

  • The nature of the information (sensitive, proprietary, etc.)
  • Requirements for particular management system standards
  • Any other agreements between relevant interested parties

It should be assumed that any information collected during the audit should not be disclosed to external parties without written approval of the auditee/audit client.

However, it may sometimes be a legal requirement that certain information is disclosed. Should that be the case, the auditee/audit client must be informed as soon as possible.

Sources:

Disclaimer:

  1. Process Street is not affiliated or in partnership with the International Organization for Standardization (ISO). The materials on Process Street’s website are provided on an as-is basis and are for educational purposes. Process Street makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties including, without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights.

  2. Further, Process Street does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its website or otherwise relating to such materials or on any sites linked to this site.

Sign up for a FREE account and
search thousands of checklists in our library.

Sign up for a FREE account and search thousands of checklists in our library.