Registrar Audit Report Length

L

LesPiles

Is there a standard to guide the presentation of external audit reports by the registrars?


I do not believe that ISO 19011 standard provides guidance on this aspect, but I could be wrong ...;)


The report of my registrar has only 2 pages ... It may well be "direct", I think it's a little short, isn?t ?

Les Piles
 

RoxaneB

Change Agent and Data Storyteller
Super Moderator
Re: Audit Report Length

You want something that will add value to the recipient(s) of the report. If they work better with a 100 page report, complete with appendices and annotations and captioned tables, so be it. If they resonate with 2 pages, awesome. If they think some handwritten notes on a napkin are meaningful, that's the route for you to take. :)

You also need to consider what are you attempting to convey with the report. If you only want to highlight the gaps, it can be a short report. If you wish to provide encouragement by showcasing what their strengths are, go for it. You can also discuss next steps, timelines, etc..

The audit report is, to me, a summary of the audit...the good, the bad, the ugly.

Our internal assessment program includes scoring, so I include a graph that shows where they scored this time around...where they previously scored...and where the benchmark (presuming it's not them) is scoring.
 

AndyN

Moved On
Re: Audit Report Length

Is there a standard to guide the presentation of external audit reports by the registrars?


I do not believe that ISO 19011 standard provides guidance on this aspect, but I could be wrong ...;)


The report of my registrar has only 2 pages ... It may well be "direct", I think it's a little short, isn?t ?

Les Piles

2 pages? A summary? Were there nc statements/reports?

Was this a surveillance audit?
 
L

LesPiles

Re: Audit Report Length

Yes Andy, it was a surveillance audit ...
 

Randy

Super Moderator
2 pages...Horsebagels!:horse: There can't be anything there but the date, your address and not much more . I just did 1.5 days on a QMS surveillance and had a 9 page report.
 

AndyN

Moved On
Re: Audit Report Length

Yes Andy, it was a surveillance audit ...

I'm not sure I'd suggest that Randy's experience was typical (I've seen some registrar's reports and , man, they're a bureaucracy) but my company have 5 pages, without the actual ncrs. Under today's requirements to report audits, it's very difficult to see just 2 pages being anywhere near adequate.

But then it depends on how close the CB wants to sail to the accreditation requirements...
 

Sidney Vianna

Post Responsibly
Leader
Admin
Is there a standard to guide the presentation of external audit reports by the registrars?
Yes, there is. In addition to the reporting requirements from ISO 17021:2011, ISO 17022:2012 has requirements and recommendations for the contents of a third-party audit report. Unfortunately the latter is not made a mandatory requirement.

Many registrars have been downsizing their audit report. They want to minimize the amount of time auditors have to spend reporting the audit results. That's part of the assembly line approach to auditing. Pop in, ask a bunch of questions, pop out and report as little as possible.

The good thing is that you are the registrar's customer. If you're not happy with what you're getting, if you don't think you're getting value for your money, you can make that very clear to your registrar and, you could even invoke ISO 17022:2012 as a contractual requirement for your registrar. very likely, their come back would be: well, if you want a thorough report, we will have to charge you more. That's when the magic words "we'll invite other registrars to bid on our certification program contract" seem to work miracles.:magic:
 
Last edited:
Top Bottom