Inspection verification is a fundamental tool that companies can—and must—adopt to assess whether their Quality Management System (internal audit) or that of their suppliers (second-party audit) is effective and efficient, compliant with applicable requirements, effectively implemented, maintained, and whether its constituent elements (Quality Manual, procedures, records, etc.) are known and correctly used by all personnel.
Audits must be appropriately scheduled within an audit program, and records of individual inspections conducted—including plans, reports, and any checklists used—must be retained.
Audit Program
The ISO 19011 standard—Guidelines for Auditing Management Systems defines the audit program as “arrangements for a set of one or more audits planned for a defined time frame and aimed at a specific purpose.” Thus, it is the document that establishes which and how many audits an organization intends to conduct over a specific period. The audit program includes both internal audits and any second-party audits conducted at suppliers.
The audit program is established periodically (usually annually, during Management Review) and should consider the status and importance of the processes and areas to be audited, the results of previous audits, the risks and opportunities associated with the program, and actions to address them, as well as criteria for selecting audit team members.
The program should include at least:
- Identification of the organization subject to the audit
- Processes/activities to be audited (scope of the audit)
- Scheduled dates and actual dates
- Audit team and audit team leader
When preparing the audit program, the organization must ensure that each process is periodically verified at planned intervals, and that audit priorities or their number depend on the number of non-conformities or corrective actions related to a specific business process.
Finally, for the selection of auditors responsible for conducting inspections, the concept of independence must be applied, meaning that the auditor should not verify a process under their direct responsibility.
The audit program may also include third-party audits based on information provided by the certifying body.
Audit Plan
The audit plan contains the description of the activities and arrangements related to an audit. In other words, it is the agenda for the audit day(s).
The audit plan must be prepared by the audit team leader for each inspection and delivered at least a few days prior to the audit start to the process owners for review and acceptance.
The audit plan should include at least:
- The purpose of the audit
- The scope, audit criteria, and identification of the areas to be audited
- The definition of the verification plan and an estimate of the time required for the assessment of each process (dates, locations, and times)
- The definition of any checklists to be used for the audit and all reference documents
- The definition of roles and responsibilities of the members of the audit team (including any technical experts providing specific knowledge to the audit team and/or observers)
Audit Report
At the end of the inspection, the audit team leader should report the findings and conclusions of the audit in a recording document that is complete, accurate, concise, and clear.
Everything identified during the audit that constitutes evidence must be assessed by the audit team and classified; typically, observations/recommendations for improvement and non-conformities (generally categorized as major or minor, depending on severity) are distinguished.
The audit report can ideally be divided into three main sections:
- Header: Defines the objectives of the audit, the scope, identification of the organization subject to the audit, dates and locations where the audit was conducted, the audit team, a reference to the audit plan, and any checklist used during the audit, as well as a list of interviewed individuals and their roles within the organization, audit criteria, evaluation criteria, and their definitions.
- Main Body: Dedicated to collecting evidence from the audit (through interviews with staff, analysis of documents and records provided, direct observation of business operations) and recording the findings—obtained by comparing the evidence with the audit criteria. It is essential to consider that evidence is collected through a sampling activity and must always be objective, demonstrable, and verifiable.
- Conclusions: Expresses a judgment regarding the compliance of the verified Quality Management System and its effectiveness in achieving the established objectives; any non-conformities identified during the inspection are reported here, stratified by criticality, along with suggestions that can guide the organization towards a continuous improvement process.
Audit Checklist
During the inspection, the auditor can use dedicated checklists (or control lists). These documents follow the audit criteria (e.g., points from a technical standard) and allow for systematic and complete evidence collection, enabling a final judgment on the system’s compliance. Within the checklist, the auditor can gather audit findings, while conclusions are recorded in the audit report. At the auditor’s discretion, the checklist may be integrated into the audit report, resulting in a single recording document.
