Section 8: Audit reporting

Audit report format and contents

During the audit, the auditor should take notes based on a predefined checklist (or similar) and when the audit is completed, a report must be prepared as a record.

The audit report template should typically include:

  • Unique reference (which links to the audit programme or schedule)
  • Date(s) and location(s) of the audit
  • Auditor(s) details
  • Audit participant(s)
  • Details about the opening and closing meetings (attendees, points covered, location, etc.)
  • Auditor’s objective evidence
  • Executive summary
  • Nonconformities and observations

Clear and factual recording

When writing up the audit report it is critical that the contents are based on facts and linked to specified requirements (clauses of standards, regulations, procedures, etc.). Remember that the auditor’s report will ultimately need to be read and understood by other people in the organisation (and outside the organisation perhaps by certification bodies, regulators, etc.).

Some principles to remember when preparing audit reports:

  • Clear and factual recording
  • Fair evaluation
  • Accurate reporting
  • Good presentation

Before concluding the report, certain decisions need to be made based on the evidence observed during the audit:

  • Non-conformances and observations, etc.
  • Summary of conformance to requirements.

Nonconformities and observations

During the audit you may identify processes and/or activities which do not conform or comply with specified requirements and this case a nonconformance or observation is raised. The purpose of a nonconformity and/or observation includes:

  • to convey the nature of the findings based on objective evidence
  • advise the auditee (and other auditors) what was found
  • present a record of what was found which can be remotely understood by others
  • to initiate an investigation (root cause) and corrective action

When a nonconformity is identified, don’t tell the auditee what to do or how to resolve the issue – stay impartial!

  • The auditor must not provide instructions or take responsibility for corrective actions
  • If the auditor has knowledge of the process and has proposals, then the following approach may be adopted:
    • the auditee may wish to consider…
    • best practice or potential solutions were discussed with the auditee…

Definition of Non-conformance: Non-fulfilment of a specified requirement (ISO 8402):

  • Management system
  • ISO 9001 or other applicable Standard
  • Customer specification
  • Legislation
  • Regulatory body

Definition of Observation: A statement of fact based on objective evidence (ISO 8402):

  • Instances of best practice •Insignificant problem
  • Suspicions that need trailing
  • Feedback or prompt to the auditor
  • A practice which is compliant now, but if not adjusted could become non-compliant

Grading of nonconformities

Major

  • No evidence of adherence to a procedure or system element; or
  • Major risk to final product or service quality

Minor

  • Limited evidence of compliance with a procedure; or
  • No appreciable risk to final product or service quality

Corrective action

When a nonconformity has been identified, the corrective action process must be initiated. This includes:

  • Correction
  • Investigation (root cause)
  • Corrective action
  • Follow-up (verification)

Correction:
Immediate action to prevent the continuation of the nonconforming activities of process.

Investigation (root cause):
Investigation and/or analysis of the cause and extent of the nonconformity.

Corrective action:
Action implemented to prevent reoccurrence of the nonconformity.

Follow-up (verification):
After an appropriate timeframe following the implementation of corrective action, a follow-up assessment should be undertake to determine if the corrective action remains effective.

Typical corrective action process:

Course Content Navigation

Section 1: Understanding Annex SL and Management System Standards
Section 2: Audit requirements
Section 3: Audit objectives
Section 4: Auditor responsibilities
Section 5: Audit programming
Section 6: Pre-audit activities
Section 7: During the audit
Section 8: Audit reporting
Back to main menu