Delivering The Audit Report
The following stages are essential in Audit Report preparation process:
• Recording & Reporting
• The Closing Meeting
• Corrective Actions
Delivering the Results
Audit results are the outcome from the overall audit process and can be described as:
• Audit findings presented in the audit report
• Action items arising from the findings
• Corrective actions
• Value added to the business process
Before delivering the final results there is a need to go through a process wherein
• Relevant facts are agreed
• Record made of these facts and supporting evidence
• Results are evaluated
• Non-conformances and deficiencies are identified
The delivery of results (audit report), as with every other aspect of the audit activity, needs to be done in a professional manner. To do so, there needs to be complete disclosure of the information gathered during the audit. There is an onus on the audit team to facilitate understanding of the findings, and so any terminology used must be defined. It is unwise to make the assumption that the auditee will be completely familiar with the terminology used.
Terms need to be explained to prevent any misunderstanding. These include:
• Corrective Action Request
The key points to be taken from this section are:
• Be especially sensitive about and careful with the use of jargon
• Ensure that any acronyms used are fully explained and understood
Remember that the onus is on the audit team to make sure that the auditee understands the information being presented at the end of the audit and more importantly understands completely what corrective action (if any) needs to be taken.
Recording a Non-Compliance
Non-compliance with a standard must be explicitly stated and linked directly to the particular criterion where the issue has arisen. The auditor must present the auditee with information in a report format that details the following:
• The observation/evidence of the non-compliance
• The criteria/standard against which the non-compliance has been raised
• The location of the non-compliance
• The person with whom the non-compliance has been agreed
• Any corrective action that has been agreed – including time lines and responsibility for completion of the corrective action where necessary
The non-compliance must be fully described and be without any doubt before it is presented. This reinforces the need for full and objective evidence to be gathered by the auditor during the course of the audit.
Scaling the Non-Compliance
Not all non-conformances are of the same level. The impact of the non-conformances may vary according to the process or product affected. So, in order to help the auditee prioritize which issues raised in the audit need to be addressed in the first instance – non-compliances should be scaled as:
• Not meeting the requirements of the standard
• Not doing or ignoring what is stated in the documentation
• A significant gap in the quality management system
• Impacts on the product or service
• Occasional small lapses
• Doing more than the documentation says
• There is no impact on the product or service
This scaling brings a level of perspective into the process and gives better guidance to the auditee than presenting a non-scaled list of non-conformances. Remember that the audit is supposed to provide business guidance.
The Audit Report is what the Audit Team produces at the end of the audit. In order to make this an effective communication tool, the following issues need to be addressed in that the report must be:
• Structured in a usable manner
• Referenced / linked
The final report will most likely have two component formats:
Summary form which presents
• An overview of audit
• A list of non-conformities
Individual non-conformity reports which
• Provides details of non-conformity
• Can be used to document and track corrective action
The key issue is that the reports are seen as actionable documents that give a true record and interpretation of the situation as assessed against the audit standard. The requirement for objective evidence is paramount, as the report should not contain any opinions – only facts.
For detail on the non-conformances, these reports contain:
• Single non-conformance issue on each form
• A clear description of the issue but not the corrective action required
• Linkage / reference to the standard, procedure or specification
• Objective evidence included or referenced to confirm the finding
The non-conformance reports will be viewed both separately and together as a means of assessing the organization’s ability to ‘pass’ the audit. They also form the basis for setting out the corrective actions required and to assist in the prioritization of the implementation of such corrective actions. These reports form an essential component of the audit documentation and as such must be maintained in a secure location.
The closing meeting is designed to provide the opportunity for the audit team to present the findings to, and seek agreement on them with, the auditee. To do this effectively, it is important that all relevant personnel be present at a meeting which signals the end of the audit.
• Formal meeting
• Includes responsible manager
• Formal meeting
• Usually includes the whole senior management team
As for any effective meeting, minutes need to be taken during the meeting and distributed as soon as possible afterwards.
The closing meeting is probably the last chance personnel involved in the audit can seek clarification on issues raised while the auditors are still on site.
A typical agenda for such a closing meeting is outlined below:
• Overview (Disclaimer, Positive Points, Areas of Concern)
• Details on Non-conformances and Observations
• Corrective action – agree the need for the corrective action, not the action itself.
• Report and follow-up process including time lines
Control and the use of effective meeting techniques are as important in this meeting as in any other meeting during the audit process. It is important that the audit team leaves a good impression behind them when the audit is completed.
Corrective action is identified to allow the audit to improve the business activities. For the audit to be effective then in terms of corrective action:
• The auditee accepts responsibility
• There is a documented agreement
• Timescales for implementation need to be agreed
• Completion of corrective actions needs to be flagged and documented
The last thing that an auditor wants is for the auditee to pay only lip service to the corrective actions. It is therefore important that the auditee puts the corrective actions into a context that allows the auditee to see the direct benefit of implementing the corrective actions.
Follow up is necessary to show that the corrective action has been implemented and that the deficiency can be closed out:
• By having evidence of the corrected documents / records requested to be presented
• By re-audit (for the deficiencies only) to check the evidence
• On the next audit when the evidence of completion will be specifically asked for
Without follow-up, often the corrective actions remain only as action points in the audit report, nothing more. With follow up, there is some impetus for the corrective action to be carried through, thereby delivering benefit to the organization – benefit that is directly attributable to what the audit team performed – a successful audit.