19011 Section 5: Managing an Audit Programme

Question 1

5.1

Answer 1

General

Question 2

5.2

Answer 2

Establishing audit programme objectives

Question 3

5.3

Answer 3

Determining and evaluating audit programme risks and opportunities

Question 4

5.4

Answer 4

establishing the audit programme

Question 5

5.5

Answer 5

Implementing the Audit Programme

Question 6

5.6

Answer 6

Monitoring Audit Programme

Question 7

5.7

Answer 7

Reviewing and Improving Audit Programme

Question 8

5.1. In order to understand the context of the auditee, the audit programme should take into account the auditee’s:

Answer 8

1. organizational objectives;
2. relevant external and internal issues;
3. the needs and expectations of relevant interested parties;
4. information security and confidentiality requirements.

Question 9

5.1 The audit programme should include information and identify resources to enable the audits to be conducted effectively and efficiently within the specified time frames. The information should include:

Answer 9

a) objectives for the audit programme;
b) risks and opportunities associated with the audit programme (see 5.3) and the actions to address them;
c) scope (extent, boundaries, locations) of each audit within the audit programme;
d) schedule (number/duration/frequency) of the audits;
e) audit types, such as internal or external;
f) audit criteria;
g) audit methods to be employed;
h) criteria for selecting audit team members;
i) relevant documented information.

Question 10

5.2 objectives can be based on consideration of the following:

Answer 10

a) needs and expectations of relevant interested parties, both external and internal;
b) characteristics of and requirements for processes, products, services and projects, and any changes to them;
c) management system requirements;
d) need for evaluation of external providers;
e) auditee’s level of performance and level of maturity of the management system(s), as reflected in relevant performance indicators (e.g. KPIs), the occurrence of nonconformities or incidents or complaints from interested parties;
f) identified risks and opportunities to the auditee;
g) results of previous audits.

Question 11

5.2 Examples of audit programme objectives can include the following:

Answer 11

1) identify opportunities for the improvement of a management system and its performance;
2) evaluate the capability of the auditee to determine its context;
3) evaluate the capability of the auditee to determine risks and opportunities and to
identify and implement effective actions to address them;
4) conform to all relevant requirements, e.g. statutory and regulatory requirements,
compliance commitments, requirements for certification to a management system
standard;
5) obtain and maintain confidence in the capability of an external provider;
6) determine the continuing suitability, adequacy and effectiveness of the management system;
7) evaluate the compatibility and alignment of the management system objectives with the strategic direction of the organization.

Question 12

5.4.1

Answer 12

5.4.1 Roles and responsibilities of the individual(s) managing the audit programme

Question 13

5.4.2

Answer 13

5.4.2 Competence of individual(s) managing audit programme

Question 14

5.4.3

Answer 14

5.4.3 Establishing extent of audit programme

Question 15

5.4.4

Answer 15

5.4.4 Determining audit programme resources

Question 16

5.5.1

Answer 16

5.5.1 General

Question 17

5.5.2

Answer 17

5.5.2 Defining the objectives, scope and criteria for an individual audit

Question 18

5.5.3

Answer 18

5.5.3 Selecting and determining audit methods

Question 19

5.5.4

Answer 19

5.5.4 Selecting audit team members

Question 20

5.5.5

Answer 20

5.5.5 Assigning responsibility for an individual audit to the audit team leader

Question 21

5.5.6

Answer 21

5.5.6 Managing audit programme results

Question 22

5.5.7

Answer 22

5.5.7 Managing and maintaining audit programme records