Good day
@Willhele007 ;
Obviously you have already received some great council in this thread. It has been assumed that your organization is "just starting" and preparing for initial registration . Please advise if that assumption is correct.
Specific to your question, the standard does not specify a frequency, but allows/requires the organization to determine frequencies based on "importance...", "changes...", results of previous audits....", BUT if this is your organizations initial preparation for 3rd party registration, then it is important to include all processes for a full "round" of audits.
One thing that I have done for "new" teams in the past is as follows...
a) Create a matrix with each of your organizations determined processes (e.g. Buy ingredients- Assemble Pizza- Bake- Cut- Deliver) across the top of the columns.
b) Associated with each of the process columns, identify the aspects (clauses) of the standard that apply to each of those determined processes
c) Now consider and confirm the items in "b" when you are auditing the processes in "a'".
While check lists can certainly be helpful (especially for new auditors), ensure your people are taught HOW to audit before they look at the checklist.
e.g.:
To the auditee (process owner),.... "what are you doing?", "why are you doing it?" "how do you know what to do?", "how do you control what you do"? , "how do you manage changes to what you do?" "how do you know how well you're doing (i.e. what's the score) "?
....THEN the auditor will have a clear understanding of what is and what is not being taken care of by the auditee and now the auditor can refer to the checklist as a safety net to make sure nothing was overlooked..
As mentioned above, focus on YOUR organization's processes and reverse engineer the expectations into the audit plan.
Hope this helps.
Be well.
