ISO 19011:2011 Guidelines for auditing management systems, states that it is top management’s responsibility to ensure that audit program objectives are established. To support top management, a proactive audit program manager should review the organisation’s objectives and policies to achieve their performance goals and obligations. Many policies including safety, quality, environment, and community engagement may affect the audit department.
Next, audit program objectives can be established. Audit program objectives should be consistent with, and support, the management system policies and objectives. Program objectives go beyond verifying the purpose of a business function or department. For instance, accounts payable must pay all authorised invoices may be the purpose. The objective should be more about how the purpose is carried out and improved upon.
Audit program objectives may consider the following:
- Management priorities;
- Commercial and other business intentions;
- Characteristics of processes, products, and projects and any changes to them;
- Management system requirements;
- Legal and contractual requirements and other requirements to which the organisation is committed;
- Need for supplier evaluation;
- Needs and expectations of interested parties, including customers the needs and expectations of interested parties. Interested parties may include regulatory agencies, customers, suppliers, purchasing, and operations;
- Auditee’s level of performance, as reflected in the occurrence of failures, incidents or customer complaints;
- Risks to the auditee;
- Results of previous audits;
- Level of maturity of the management system being audited;
- Auditing organisation risks;
Examples of audit program objectives include:
- To contribute to the improvement of a management system and its performance;
- To fulfill external requirements, e.g., certification to a management system standard;
- To verify conformity with contractual requirements;
- To verify that customer requirements have been met. Customers may be internal or external;
- To obtain and maintain confidence in the capability of a supplier;
- To determine the effectiveness of the management system;
- To contribute to the identification of significant risks to the organisation and verification of risk treatment actions. Risks may be associated with, for example, quality, safety, environment, finance, security and reputation;
- To evaluate the compatibility and alignment of the management system objectives with the management system policy, strategic direction, and overall organisational objectives.
The objectives should be measurable and not vague generalisations.
Plans for monitoring the achievement of program objectives will need to include determining the appropriate metrics. Some metrics will be obvious such as continued certification of the management system. Determining the metrics for other objectives such as the effectiveness of the management system may be more challenging. There may be some thought about appropriate metrics now or later as part of the monitoring performance process.
Plans should include how objectives are communicated. Objectives should be shared (note that there could be security exceptions). Informing people that need to know will only help the achievement of objectives. Communication of objectives could be done using several media options eg, posters, intranet, emails, and meetings.
Plans should take into account the need to update, delete, or replace certain objectives. Objectives need to be monitored and periodically evaluated and updated. For example, they may need to be updated due to changing organisational objectives or strategic direction or the results of monitoring the achievement of objectives. Objectives may be reviewed annually, but circumstances may require the objectives to be assessed more frequently.
When appropriate, objectives should consider the type of audit eg on-site versus remote. The audit function of an organisation may provide many different audit services beyond management system audits. Process audits are becoming increasingly popular due to the value they add to the organisation. An ever-expanding supply chain has stressed the need for greater supplier accountability.
Objectives for the audit program
There should also be objectives for conducting audits. Providing an audit service is the purpose of the audit program. These objectives may relate to efficiency, safety, auditor competence, and they should be consistent with audit program objectives. Perhaps an example objective would be to incorporate the seven lean wastes thinking when conducting the audit process to improve efficiency.