Audits and Risk Identification

The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product.New types of integrated auditing become evident due to the increasing number of regulations and operational transparency in organizations. By adopting a risk-based audit methodology the focus is on identifying the SHE(Q) and Business risks of an organization.

Prime Link’s focus is to conduct audits according to the ISO 19011 Standard requirements but also use a risk based approach during the audit process. These results in audit findings provide the opportunity for an organization to prioritize the risks that have a high probability to cause high risk consequences. This strategy allows the organizational management team to make informed decisions relating to the SHE(Q) and business risks.

Our Audit Reports are comprehensive and accompanied by digital photo’s, evidence records and a graph report that indicate the organization’s Non-conformances.
Follow the guidance on our Gap Audit Report and be certain that you will be pass your Certification audit, Stage 1.

What is the difference  between a GAP Audit, Internal audit and a Pre-assessment done by a certification body?

GAP Audit Internal Audit Pre- assessment

A GAP Audit is mainly to determine the degree in which a company complies with a specification / ISO standard requirements.

The focus on a GAP audit is to identify the baseline status of an organization during the beginning phase of implementation.

The evaluation of documentation is merely the focused on during the GAP audit.

An Internal audit determines the implementation progress of the organization taking the baseline status in consideration.

The internal audit focuses on how well the system is developed and implemented.

The evaluation is done on both documentation and process effectiveness.

A pre-assessment is normally recommended after a serious of internal audits showed that the organization is ready for certification.

The aim of the pre-assessment is to confirm readiness for certification by a Certification body.

This evaluation is done by an external party and focus on the effective implementation of the requirements, documentation and process control.

Types of GAP AUDITS that PRIME LINK offers:

  • SHEQ (Safety, Health, Environmental and Quality) INTEGRATED AUDITS aligned with the following standards:
    • Quality Audits aligned with ISO 9001:2015
    • Information security aligned with ISO 27001:2015
    • Information security techniques aligned with ISO 27701:2019
    • Environmental Audits aligned with ISO 14001:2015
    • Laboratory Testing aligned with ISO 17025:2015
    • Occupational health and safety Audits aligned with ISO 45001:2018
    • Food Safety Management System ISO 22001:2018
    • Energy Saving Audits aligned with ISO 50001:2018
    • Risk management Audits aligned with ISO 31001:2018 – Not certifiable

We assist internal auditors to become competent and  guide and support them to conduct audits that are aligned with ISO 19011.
This ensure that they will be able to conduct OPERATIONAL AUDITS to identify Risks related to the production process.
Our  LEGAL AUDITS are conducted by our Attorney’s or Legal Consultants. Legal compliance audits is done on the OHS Act and Regulations as well as Environmental Legislation applicable to the site.

 

How to manage all internal and external audits

To ensure that resources are managed effectively, audits are not duplicated, all processes are audited and the measurement that corrective actions are effectively done, one need to simplify the auditing process.

Follow the steps below to see how we make it easier for you.

STEP 1

Our Software Audit Tool is an automated System that offer our clients the opportunity to conduct their own internal audits on an customized and audible system.

Identifying the requirements that your organisation must comply with, can be divided in a few categories:

  • Legal requirements
  • Client requirements
  • Stakeholder requirements
  • Supplier requirements
  • Contractor requirements
  • Product specific requirements
  • Standards, Example: like ISO 9001:2015 requirements

It is important that these requirements is defined and included in your Audit tools. Audit tools related to the ISO standards that we offer,  are already developed, so you don’t pay extra for these when you utilize our service.

 

Creating the Audit tool requires the skill to ask the correct questions. Audits are  NOT a tick box exercise, therefore, the Audit tool must only guide the auditor, not predict every single question.
Audit tools must be aligned with your Audit Objective. The types of questions you should ask is open ended questions, but on an automated platform, this might be difficult to calculate a real score.
Audit questions is therefore developed as Closed Ended questions with a “YES” or “NO” answer or “N/A”. There is not an answer like “PARTIAL”. Either you comply or you don’t.

 

Customize your audit checklists to evaluate compliance with internal procedures, supplier requirements or Client requirements.
Create comparative reports to evaluate whether you improved from the first time you conducted an audit.

Attend our Internal Auditing course to learn how to create these Audit tools as well as utilizing this amazing tool to your benefit.

Your Audit Schedule / Programme should include all Internal and External Audits in your organsisation. Audit teams should work together towards the same goal, being able to show compliance with Legal, Statutory and internal control requirements. In order to ensure that Employee’s (Audittee’s) are available for all audits that they are facing and production also continuous the Audit Manager should consider all Audits.

Therefore, ensure that your Audit programme includes the following:

  1. When your Management review meetings will be conducted
  2. When which internal processes (1st Party audits),  will be audited
  3. When externally provided processes (2nd Party audits),  will be audited, such as Contractors / Clients / Suppliers
  4. When external certification audits (3rd party) will be conducted

Over and above this, the Internal Auditors must be prepared to conduct and be Guides during these audits.

At Prime Link we strive to be an independent “eye” on your processes and ensure that Subject matter experts of all processes work with us to ensure that we conduct independant audits. If you really want to know if your systems are working, call us today for a2nd party or Gap audit.

Audit reports is the most tedious exercise of an Audit. It should not be like that. An experienced and well trained auditor should be finished with his/her audit report and the status of compliance should be able to be established at the Closing meeting.

Our internal auditor training shows you how. Don’t let audit reports be a nightmare.

Closing out findings is the responsibility of the Process Owners. The Auditor’s responsibility is to verify evidence that confirms conformance to a requirement. Ensure that you stipulate WHAT the requirements is and HOW the Auditee (Or organisation), did not comply with that requirement. It makes NO sense to just say what is wrong. In Internal Audits it is expected from the Auditor to “Consult”. To ensure that the Auditee know HOW to comply.

This however, is NOT allowed for 3rd party Audits from Certification bodies. The Auditor is NOT allowed to consult and advise while auditing.

The results of audits should always be part of the Risk Planning process of the organisation. A few notes about Risk and Opportunity identification are listed below. Risk Management are discussed in much more detail under the RISK MANAGEMENT page.

Identification of Risks and Opportunities

A RISK can be a potential occurrence that can have a positive or negative impact. An opportunity is a possible action that can be taken to either prevent a negative risk from occurring or preventing a positive risk from happening.
In context of ISO standards, 9001,14001.45001.27001,etc. Risks and Opportunities must be identified and controlled. This  is not a requirement to be taken lightly, because it impacts the Business Continuity of the organisation.

A guideline that can be used to address this requirement can be the ISO 31001 standard, but various Risk Methodologies can be used.

During or Executive Risk Workshops, we offer the following options to ensure that you address this requirement effectively:

  1.  Understand the Risks and Opportunities Types in your industry
  2.  Understand the 3 Stages of Risk management
  3.  Apply the 3C-i Strategy
  4.  Develop a Risk Treatment Plan
  5.  Know how to measure your Risk Profile

For more information on Risk Management, please call or send an email to: sales@primelinksheq.co.za.

Request a Quote