Section 4 - ISO 19011

ISO 19011 Section 4 - Document the Audit Program:

Audit program implementation needs to be carefully planned and then documented. Why? The standards require certain things in the audit program be documented. And, if your company is going for it's certification, the certification body auditors will need to review these issues. Here are a few of the things that need to be considered:

a) Communicating the audit program to relevant parties;

b) Coordinating and scheduling audits and other activities relevant to the audit program;

c) Establishing and maintaining a process for the evaluation of the auditors and their continual professional development;

d) Ensuring the selection of audit teams;

e) Providing necessary resources to the audit teams

ISO 19011:2002 contains a more extensive description and should be reviewed before implementing the audit program. It's better to plan for all contingencies than have to fix something after it goes bad.

Audit program records:

You need to keep records of the program implementation for your third party auditors to review, as well as your management team. Be sure to keep the audit plans, audit reports, nonconformity reports, corrective action reports, audit follow-up reports.

Don't forget, the audit program also needs to be audited. This audit should be performed by an auditor that has NOT performed other audits in the program that could possibly bias the results. Keep the records of the audit program review.

You should have records related to auditor competence and performance, audit team selection and, maintenance and improvement of competence.

These records should be retained and safeguarded from damage for at least 3 years.

Audit program monitoring and reviewing:

The implementation of the audit program needs to be monitored and reviewed to assess whether its objectives have been met and to identify opportunities for improvement. The results must be reported to top management.

Some of the performance indicators that a company can use include:

- the ability of the auditors to implement the individual audit plans  they are assigned

- overall conformity with the audit program and schedule, and

- feedback from audit clients, auditees and auditors

The audit program review should consider, for example:

- Results and trends from monitoring

- Conformity with procedures

- Evolving needs and expectations of interested parties

- Audit program records

- Alternative or new auditing practices, and

- Consistency in performance between audit teams in similar situations.

The reviews of the audit program can lead to corrective or preventive action and improvement of the audit program. It is always better that the company find any weaknesses in their audit program in lieu of their 3rd party auditor finding the weaknesses.

Section 1. ISO 19011 Scope reference and definitions

Section 2. ISO 19011 Principles of auditing

Section 3. ISO 19011 Managing an audit program

Section 4. ISO 19011 Audit program implementation

Section 5. ISO 19011 Audit activities

Section 6. ISO 19011 Preparing for onsite activities

Section 7. ISO 19011 Conducting onsite activities

Section 8. ISO 19011 What the auditor is looking for

Section 9  ISO 19011 Audit reporting

Section 10. ISO 19011 Audit techniques

Section 11. ISO 19011 Audit path

Section 12. ISO 19011 Effective communications

Section 13. ISO 19011 Sampling

Section 14. ISO 19011 Audit completion and follow-up

Section 15. ISO 19011 Competence and evaluation of auditors

This represents a summary of the section in ISO 19011:2002. It's suggested that you obtain an copy of "ISO 19011 Explanations and Definitions".