Internal Audit of a Plan or other document - Closure Plan

[QC Dave]

I apologize if this is answered elsewhere, I searched and could not find it.
How do you audit a plan or other document?

Background:

I've been the QC Manager for less than a year. I inherited the department with little to no training on Internal Audits, other than conducting them as the Lead Auditor. This is a small, 3PL (3rd Party Logistics) company.

We are ISO 9001:2008 certified (9001:2015 next year). We just had our upgrade audit from ISO 14001:2004 to ISO 14001:2015. One of the minor NCs were in part as follows:

"Internal Audit Process does not include all processes of the system; such as Management, Planning, Closure Plan, Data Destruction, Security, etc"

The Internal Audit process I inherited "simply" involves my Lead Auditor interviewing people from each of the departments. I have an Opening Meeting and then a Closing Meeting with the Lead Auditor, the Guide and Department Manager to discuss any findings.

In regards to the "Closure Plan", which is simply a document detailing out how this would be done, if needed. My question is how do you audit a "document"?

Excuse my ignorance and thank you in advance.

Respectfully,

QC Dave

 

[Sidney Vianna]

Dave, you don't audit a document per se. You audit the process. If the document contains criteria and requirements for something to happen, you normally verify that the people involved in the process defined by the document are aware of it and can demonstrate conformance in following it.

You audit the process and the document serves the purpose of defining the process important activities. If there are records to be kept, the document should also define them and the auditor verifies such records exist and demonstrate effective process deployment.