Audits and Risk Identification

The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product.New types of integrated auditing become evident due to the increasing number of regulations and operational transparency in organizations. By adopting a risk-based audit methodology the focus is on identifying the SHE(Q) and Business risks of an organization.

Prime Link’s focus is to conduct audits according to the ISO 19011 Standard requirements but also use a risk based approach during the audit process. These results in audit findings provide the opportunity for an organization to prioritize the risks that have a high probability to cause high risk consequences. This strategy allows the organizational management team to make informed decisions relating to the SHE(Q) and business risks.

Our Audit Reports are comprehensive and accompanied by digital photo’s, evidence records and a graph report that indicate the organization’s Non-conformances.
Follow the guidance on our Gap Audit Report and be certain that you will be pass your Certification audit, Stage 1.

What is the difference  between a GAP Audit, Internal audit and a Pre-assessment done by a certification body?

GAP Audit Internal Audit Pre- assessment

A GAP Audit is mainly to determine the degree in which a company complies with a specification / ISO standard requirements.

The focus on a GAP audit is to identify the baseline status of an organization during the beginning phase of implementation.

The evaluation of documentation is merely the focused on during the GAP audit.

An Internal audit determines the implementation progress of the organization taking the baseline status in consideration.

The internal audit focuses on how well the system is developed and implemented.

The evaluation is done on both documentation and process effectiveness.

A pre-assessment is normally recommended after a serious of internal audits showed that the organization is ready for certification.

The aim of the pre-assessment is to confirm readiness for certification by a Certification body.

This evaluation is done by an external party and focus on the effective implementation of the requirements, documentation and process control.

Types of GAP AUDITS that PRIME LINK offers:

  • SHEQ (Safety, Health, Environmental and Quality) INTEGRATED AUDITS aligned with the following standards:
    • Quality Audits aligned with ISO 9001:2015
    • Environmental Audits aligned with ISO 14001:2015
    • Occupational health and safety Audits aligned with ISO 45001:2018
    • Food Safety Management System ISO 22001:2018
    • Energy Saving Audits aligned with ISO 50001:2018
    • Information security aligned with ISO 27001:2018
    • Risk management Audits aligned with ISO 31001:2018

We assist internal auditors to become competent and  guide and support them to conduct audits that are aligned with ISO 19011.
This ensure that they will be able to conduct OPERATIONAL AUDITS to identify Risks related to the production process.
Our  LEGAL AUDITS are conducted by our Attorney’s or Legal Consultants. Legal compliance audits is done on the OHS Act and Regulations as well as Environmental Legislation applicable to the site.


How to manage all internal and external audits

To ensure that resources are managed effectively, audits are not duplicated, all processes are audited and the measurement that corrective actions are effectively done, one need to simplify the auditing process.

Follow the steps below to see how we make it easier for you.


Our SoftLink Audit Tool is an automated System that offer our clients the opportunity to conduct their own internal audits on an customized and audible system.

Identifying the requirements that your organisation must comply with, can be divided in a few categories:

  • Legal requirements
  • Client requirements
  • Stakeholder requirements
  • Supplier requirements
  • Contractor requirements
  • Product specific requirements
  • Standards, Example: like ISO 9001:2015 requirements

It is important that these requirements is defined and included in your Audit tools. Audit tools related to the ISO standards that we offer,  are already developed, so you don’t pay extra for these when you utilize our service.


Creating the Audit tool requires the skill to ask the correct questions. Audits are  NOT a tick box exercise, therefore, the Audit tool must only guide the auditor, not predict every single question.
Audit tools must be aligned with your Audit Objective. The types of questions you should ask is open ended questions, but on an automated platform, this might be difficult to calculate a real score.
Audit questions is therefore developed as Closed Ended questions with a “YES” or “NO” answer or “N/A”. There is not an answer like “PARTIAL”. Either you comply or you don’t.


Customize your audit checklists to evaluate compliance with internal procedures, supplier requirements or Client requirements.
Create comparative reports to evaluate whether you improved from the first time you conducted an audit.

Checklist example:
In this example you can see the requirements on the left and the percentage of compliance. On the right you are able to indicate compliance with a YES and non-compliance with a NO.
While auditing, documents or photo’s can be added to confirm your answer with evidence. The Auditor can now immediately raise a Non-conformance with Proposed Corrective Actions and the relevant person will receive an email to action it.
This way, lengthy audit reports is not necessary and progress on actions can be followed. The evaluation of competency of auditors can also be done based on how the rating were done.

Attend our Internal Auditing course to learn how to create these Audit tools as well as utilizing this amazing tool to your benefit.

Identification of Risks and Opportunities

A RISK can be a potential occurrence that can have a positive or negative impact. An opportunity is a possible action that can be taken to either prevent a negative risk from occurring or preventing a positive risk from happening.
In context of ISO standards, 9001,14001.45001.27001,etc. Risks and Opportunities must be identified and controlled. This in itself is not a requirement to be taken lightly, because it impacts the Business Continuity of the organisation.

A guideline that can be used to address this requirement can be the ISO 31001 standard, but various Risk Methodologies can be used.

During or Executive Risk Workshops, we offer the following options to ensure that you address this requirement effectively:

  1.  Understand the Risks and Opportunities Types in your industry
  2.  Understand the 3 Stages of Risk management
  3.  Apply the 3C-i Strategy
  4.  Develop a Risk Treatment Plan
  5.  Know how to measure your Risk Profile


For more information on Risk Management, please call or send an email to:

Request a Quote