Knowing how to plan IMS audits is an integral and fundamental part of any management systems professional’s work. This is because good audits are essential to ensure that the organization’s processes align with the requirements of the standards it aims to meet and that strategic objectives are achieved.
Thus, planning audits will involve a series of skills and activities, all aimed at coordinating the evaluation of different standards simultaneously – later, we will provide examples of standards and management systems. In addition, good planning requires a strategic and focused approach to ensure that all areas are audited efficiently, without redundancies or gaps.
Although it may seem like a herculean task, by following some basic steps it is possible to streamline this work and ensure that audits are conducted correctly—identifying nonconformities, suggesting improvements, and delivering excellent results for companies. In today’s content, we will discuss how to plan IMS audits and the main steps for effective planning. Let’s get started!
Step 1: Defining the Audit Scope
The first step in any good audit is defining its scope. At this stage, decisions are made about what will be audited, and we need to determine which management systems to focus on.
Generally, companies aim to audit all systems and standards at once, reducing costs and maximizing not only audit time but also the opportunity to identify flaws or improvement opportunities. For illustrative purposes, some examples of standards and management systems include:
- ISO 9001 – Quality Management Systems (QMS)
- ISO 14001 – Environmental Management Systems (EMS)
- ISO 45001 – Occupational Health and Safety Management Systems (OHSMS)
- ISO 37001 – Anti-Bribery Management Systems (ABMS)
- ISO 27001 – Information Security Management Systems (ISMS)
Among others.
A good scope definition also delineates which processes will be audited and sets the physical boundaries of the audit (e.g., the units being audited). It is essential to align the scope with the organization’s strategic objectives and the results the organization seeks.
Read more: Certification Audit: What It Is and How It Works?
Step 2: Selecting the Audit Team
Especially for integrated management systems, it is crucial to carefully select the audit team, as various areas of expertise may be required.
Choose qualified auditors with technical knowledge of the applicable management systems and standards. Generally, internal audits are conducted by the organization’s employees; in this case, it is important to remember that these employees cannot audit their own processes, necessitating a higher level of planning.
Additionally, instruct your auditors to remain impartial and ensure independence from the areas being audited. To achieve this, they must be properly trained in both the audited standards and the audit process (ISO 19011). For external audits, this responsibility lies with the certifying body, which employs qualified professionals and specialists.
Step 3: Developing the Audit Plan
When it comes to planning IMS audits, it is important to understand that the audit plan is the cornerstone of all planning.
In the audit plan, you define how the audit process will be executed by setting a clear schedule. Dates, times, and even the duration of the audit are established. At this point, you also create audit trails—the “path” the auditor will follow through the company (covering processes, areas, departments, etc.). This is essential not only to prepare the auditor but also to minimize the impact of the audit on daily operations.
It is also common at this stage to create checklists or verification lists based on the standards’ requirements and the organization’s processes, which facilitates future interviews and evaluations. Furthermore, you decide which methodologies will be used to best assess the company’s processes, such as interviews, document reviews, process observations, etc.
Step 4: Executing the Audit
With everything planned, it’s time to execute the audit. At this stage, all analyses, evaluations, and interviews are conducted. In external audits, part of this process is often carried out remotely, with auditors reviewing documents online. Nonetheless, the on-site portion of the process follows some basic steps, which include:
- Opening Meeting: Present the audit plan, confirm details with the audited team, and formally initiate the process with the company.
- Interviews and Evidence Collection: Conduct interviews, observations, and record reviews to gather audit findings.
- Recording Audit Findings: Document any deviations (nonconformities), observations, or opportunities for improvement identified.
- Closing Meeting: Present the preliminary audit results, highlighting nonconformities (and other findings), and address any questions.
Step 5: Writing the Audit Report
Finally, a detailed audit report must be issued, specifying the evidence collected. In this report, describe all findings, including process conformity, strengths, nonconformities, improvement opportunities, and observations.
This report will later serve as a basis for initiating corrective actions and action plans, ensuring that each identified issue is properly addressed. Therefore, the report must be clear and assertive. For nonconformities, for example, it should include the unmet requirement, evidence of non-compliance (or the lack thereof), and a description of the nonconformity.
How to Plan IMS Audits – An Art That Delivers Results
The five steps described here have been organized in a simple and didactic manner to ensure you know exactly what to do. Obviously, these steps can be broken down and customized to better suit your company, routine, and processes. However, regardless of any adaptations, the most important thing is to ensure that your audit is well planned and executed with technical rigor. This is because well-conducted audits are not only a regulatory requirement but also a powerful tool for the continuous improvement of the organization.
By following these five steps and adopting a strategic and proactive approach, your company can transform audits into a competitive advantage, boosting sustainability in the short, medium, and long term. After all, good planning not only ensures a quality audit but also strengthens organizational culture, increases process efficiency, and improves overall company results!
Thus, knowing how to plan IMS audits is a fundamental part of the art of managing systems. Metaphorically, it is like gathering the materials to paint a picture—each color represents a requirement, each brushstroke symbolizes an audit approach, and the final result should reflect conformity and continuous improvement.
