Auditing is a key component for becoming ISO certified. A company can appoint an internal auditor or seek guidance from an external agency to conduct audit. The primary objective behind an audit is to understand what the current performance of the company is, where the gaps are, what actions need to be taken to overcome those gaps and where the company should be, eventually.
An audit can be both internal and external. Internal audits, also known as first party audit, are audits that are performed by an auditor within the company and it is kind of self-examination of your organization’s current performance. It is however, necessary that the internal auditor must be independent of the area he is auditing to ensure that the results are not biased.
The purpose behind internal audits is to ensure conformity to standards, evaluate the effectiveness of processes and identify opportunities for improvement. This allows the top management to take corrective measures and make an effort to comply with the standards.
An external agency performs external audits or second party audit. They have qualified and trained auditors who perform the audit function in your company and offer a comprehensive report about their findings. After the audit, the auditor first discusses the issue with the top management and then implements a standard which is required to conform to the norms. Sometimes external auditors can be your customer or supplier too.
Certification audit or third-party audit are always carried out by a Certification Body auditor. These audits are solely to gain certification to the relevant ISO standard by an approved body. In such audits, the selected registrar will conduct to verify conformance against the particular ISO. It is usually conducted in two stages, the first one is conducted to check whether the organization is prepared for the second audit or not. If the first audit report confirms the meeting of standards, then second stage audit is performed. A surveillance audit is conducted to check whether the organization is adhering to the standards or not.
Audits are mandatory and they can be further divided into On-site and remote. While on-site refers to audits that are performed in full days depending upon the nature and size of the organization, remote audits may be performed via web meetings, teleconferencing or electronic verification of processes.