External auditor agenda

  • Thread starter Thread starter little__cee
  • Start date Start date
L

little__cee

I would like to know if anyone obtains a list of what will be audited by their external auditor in advance.

For example, I am creating our Internal Audit Schedule for 2004. I think it would be very helpful to know what the external auditor will be auditing in our March and October Surveillance Audits so that I can schedule internal audits accordingly. I don't want to look like an idiot asking him what he plans on auditing at our headquarters and our two branches if this is not common practice in the industry. On the other hand, if everyone else knows 4 months in advance what they'll be audited on, I want to know too!

Hope this makes sense. Thanks for any help you can provide.
 
Download Free White Paper
Elsmar Forum Sponsor
We get a "schedule", but I don't think it's sent to us until a week or two before the audit. I, honestly, don't know that the auditor would send it out any sooner just from the perspective that your (our) system should be "audit ready" at any time.

Bill
 
little__cee:

I am not sure, which period of time you mean with "in advance".

First at all, it depends, if it is a certification-audit, or a surveillance-audit.

In the first case, you should be aware, that an auditor puts his nose into all areas covered by the specification or standard.

In case of a surveillance-audit there are some areas which are more or less mandatory and others are picked randomly.

But I do not think, that you would get the audit-schedule more than 1 month in advance.

regards~ghw
 
Thank you

Thank you for the input.

I think our system is ready for the surveillance audits at any given time. I would just thought it would make sense if I knew that Branch 2 would be audited on Contract Review in March, then I'd make sure we did an internal audit of Contract Review in February. That was my thinking but I guess that would be in a perfect world, eh?
 
FWIW, our external auditor gives us a 3-year schedule when we renew our cert. However, if something comes up in an audit that leads off of the adgenda, its fair game.

So, the whole system needs to be ready.
 
If you have your 2nd surveillance audit, you can guess, which topic your auditor might point at (that ones, he skipped in the 1st surv. audit ;)

Some Chapters, like 4, 5, 8.2.2, 8.4, 8.5 are often adressed in each audit.

Re-certification audits should cover the whole scope again.

regards~ghw
 
I don't know whether it's common practice or not, but in my last company where we used to have 3 surveillance audits per year we used to agree during the closing meeting what would be covered during the next audit, i.e which areas would be looked at in addition to the mandatory clauses (9002:1994) BSI were the auditors.

At my current company we only have 2 audit days per year , so cover just about everything during one audit ( one of these has been deferred till next year due to the "stampede" for 9000:2000 :rolleyes: )
 
Craig H. said:
FWIW, our external auditor gives us a 3-year schedule when we renew our cert. However, if something comes up in an audit that leads off of the adgenda, its fair game.

So, the whole system needs to be ready.
Click to expand...

This is quite common. I have seen many that only give a one-year schedule, but they should give you something. Ask for a scheudle.

:topic: Well, not really off-topic, but loosly related. I recommend that you do not audit the same activities just before the survellience. Not only does it look bad to the auditor, it minimizes using both internal and external audits for continual improvement.
 
NSF-ISR used to have a standard 3 year audit matrix. They audited some elements every audit and some every other audit. I also received an itinerary for the day from our auditor a couple of weeks in advance. (From 1996-1999 I worked with PJ and they did the same thing.) This did help out alot because I could inform people in certain areas of the shop that we would be in their area at such and such a time. This is not so we would be "audit ready", but just to inform area leaders of the possible disruption so they could suggest a better time of the day or work around it. That's not to say that a little last minute housekeeping and fixing things didn't happen as a result of them knowing the auditor would be in their area - but hey, the objective is improvement.

I did not receive such a matrix with the upgrade to 9k2k, and I did not receive an itinerary in advance for our first 9k2k surveillance, so I don't really know how it works now for NSF. We're a pretty mature system these days so I'm not sweating it, but I did used to align our audit schedule with their matrix as best as I could.
 
Cari Spears said:
I did not receive such a matrix with the upgrade to 9k2k, and I did not receive an itinerary in advance for our first 9k2k surveillance, so I don't really know how it works now for NSF. We're a pretty mature system these days so I'm not sweating it, but I did used to align our audit schedule with their matrix as best as I could.
Click to expand...

This may because of the shift to process-based auditing. Because the focus is no longer on the standard, but on processes, it might take a while for the registrars to get a handle on survellience schedules. My guess anyway.
 
You must log in or register to reply here.

Similar threads

V
Accounting Department and Internal Auditing
2
Replies
12
Views
921
normzone
N
G
Registrar recommendations for New England
2
Replies
12
Views
874
LUFAN
L
S
Internal Audit Plan using Risk Assessment for ISO 17025
Replies
1
Views
856
Jen Kirley
Jen Kirley
D
What is the order of priority, Standard, Customer Specific Requirements or QMS Documents?
2 3
Replies
23
Views
2K
Dianne
D
P
Late Certificates? When is it worth an AB complaint?
2
Replies
10
Views
540
Randy
Randy
Back
Top Bottom