envelopesupport@pillarassociates.com phone(803) 622-4536

Upcoming Classes for ISO 9001

There are no up-coming events

Upcoming Classes for ISO 9001 & 14001 Combined

There are no up-coming events

Upcoming Classes for 14001

There are no up-coming events

Upcoming Classes for IATF 16949

There are no up-coming events

Upcoming Classes for 45001

There are no up-coming events

Upcoming Classes for ISO 9001 & 45001 Combined

There are no up-coming events

Upcoming Classes for ISO 14001 and 45001 Combined

There are no up-coming events

Upcoming Classes for AS9100D

There are no up-coming events

Our Certified Training - Click to See the Courses

There are no events in the selected category

dot actThe individual(s) managing the audit programme and the audit client should review the audit programme to assess whether its objectives have been achieved. Lessons learned from the audit programme review should be used as inputs for the improvement of the programme.

The individual(s) managing the audit programme should ensure the following:
— review of the overall implementation of the audit programme;
— identification of areas and opportunities for improvement;
— application of changes to the audit programme if necessary;
— review of the continual professional development of auditors, in accordance with 7.6;
— reporting of the results of the audit programme and review with the audit client and relevant interested parties, as appropriate.

The audit programme review should consider the following:

a) results and trends from audit programme monitoring;
b) conformity with audit programme processes and relevant documented information;
c) evolving needs and expectations of relevant interested parties;
d) audit programme records;
e) alternative or new auditing methods;
f) alternative or new methods to evaluate auditors;
g) effectiveness of the actions to address the risks and opportunities, and internal and external issues associated with the audit programme;
h) confidentiality and information security issues relating to the audit programme.


Return to the ISO 19011 PDCA Audit Process Diagram


dot plan6.2.1 General

The responsibility for conducting the audit should remain with the assigned audit team leader (see 5.5.5) until the audit is completed (see 6.6). To initiate an audit, the steps in Figure 1 should be considered; however, the sequence can differ depending on the auditee, processes and specific circumstances of the audit.

6.2.2 Establishing contact with auditee

The audit team leader should ensure that contact is made with the auditee to:

a) confirm communication channels with the auditee’s representatives;
b) confirm the authority to conduct the audit;
c) provide relevant information on the audit objectives, scope, criteria, methods and audit team composition, including any technical experts; d) request access to relevant information for planning purposes including information on the risks and opportunities the organization has identified and how they are addressed;
e) determine applicable statutory and regulatory requirements and other requirements relevant to the activities, processes, products and services of the auditee;
f) confirm the agreement with the auditee regarding the extent of the disclosure and the treatment of confidential information;
g) make arrangements for the audit including the schedule;
h) determine any location-specific arrangements for access, health and safety, security, confidentiality or other;
i) agree on the attendance of observers and the need for guides or interpreters for the audit team;
j) determine any areas of interest, concern or risks to the auditee in relation to the specific audit;
k) resolve issues regarding composition of the audit team with the auditee or audit client.


6.2.3 Determining feasibility of audit

The feasibility of the audit should be determined to provide reasonable confidence that the audit objectives can be achieved. The determination of feasibility should take into consideration factors such as the availability of the following: a) sufficient and appropriate information for planning and conducting the audit; b) adequate cooperation from the auditee; c) adequate time and resources for conducting the audit.

NOTE Resources include access to adequate and appropriate information and communication technology.
Where the audit is not feasible, an alternative should be proposed to the audit client, in agreement with the auditee.

Return to the ISO 19011 PDCA Audit Process Diagram


dot plan6.3.1 Performing review of documented information

The relevant management system documented information of the auditee should be reviewed in order to: — gather information to understand the auditee’s operations and to prepare audit activities and applicable audit work documents (see 6.3.4), e.g. on processes, functions; — establish an overview of the extent of the documented information to determine possible conformity to the audit criteria and detect possible areas of concern, such as deficiencies, omissions or conflicts. The documented information should include, but not be limited to: management system documents and records, as well as previous audit reports. The review should take into account the context of the auditee’s organization, including its size, nature and complexity, and its related risks and opportunities. It should also take into account the audit scope, criteria and objectives.

NOTE Guidance on how to verify information is provided in A.5.

6.3.2 Audit planning

6.3.2.1 Risk-based approach to planning

The audit team leader should adopt a risk-based approach to planning the audit based on the information in the audit programme and the documented information provided by the auditee. Audit planning should consider the risks of the audit activities on the auditee’s processes and provide the basis for the agreement among the audit client, audit team and the auditee regarding the conduct of the audit. Planning should facilitate the efficient scheduling and coordination of the audit activities in order to achieve the objectives effectively. The amount of detail provided in the audit plan should reflect the scope and complexity of the audit, as well as the risk of not achieving the audit objectives. In planning the audit, the audit team leader should consider the following: a) the composition of the audit team and its overall competence; b) the appropriate sampling techniques (see A.6); c) opportunities to improve the effectiveness and efficiency of the audit activities;
d) the risks to achieving the audit objectives created by ineffective audit planning; e) the risks to the auditee created by performing the audit. Risks to the auditee can result from the presence of the audit team members adversely influencing the auditee’s arrangements for health and safety, environment and quality, and its products, services, personnel or infrastructure (e.g. contamination in clean room facilities). For combined audits, particular attention should be given to the interactions between operational processes and any competing objectives and priorities of the different management systems.

6.3.2.2 Audit planning details

The scale and content of the audit planning can differ, for example, between initial and subsequent audits, as well as between internal and external audits. Audit planning should be sufficiently flexible to permit changes which can become necessary as the audit activities progress. Audit planning should address or reference the following: a) the audit objectives; b) the audit scope, including identification of the organization and its functions, as well as processes to be audited; c) the audit criteria and any reference documented information; d) the locations (physical and virtual), dates, expected time and duration of audit activities to be conducted, including meetings with the auditee’s management; e) the need for the audit team to familiarize themselves with auditee’s facilities and processes (e.g. by conducting a tour of physical location(s), or reviewing information and communication technology); f) the audit methods to be used, including the extent to which audit sampling is needed to obtain sufficient audit evidence; g) the roles and responsibilities of the audit team members, as well as guides and observers or interpreters; h) the allocation of appropriate resources based upon consideration of the risks and opportunities related to the activities that are to be audited. Audit planning should take into account, as appropriate: — identification of the auditee’s representative(s) for the audit; — the working and reporting language of the audit where this is different from the language of the auditor or the auditee or both; — the audit report topics; — logistics and communications arrangements, including specific arrangements for the locations to be audited; — any specific actions to be taken to address risks to achieving the audit objectives and opportunities arising; — matters related to confidentiality and information security; — any follow-up actions from a previous audit or other source(s) e.g. lessons learned, project reviews; — any follow-up activities to the planned audit; — coordination with other audit activities, in case of a joint audit.

Audit plans should be presented to the auditee. Any issues with the audit plans should be resolved between the audit team leader, the auditee and, if necessary, the individual(s) managing the audit programme.

6.3.3 Assigning work to audit team

The audit team leader, in consultation with the audit team, should assign to each team member responsibility for auditing specific processes, activities, functions or locations and, as appropriate, authority for decision-making. Such assignments should take into account the impartiality and objectivity and competence of auditors and the effective use of resources, as well as different roles and responsibilities of auditors, auditors-in-training and technical experts. Audit team meetings should be held, as appropriate, by the audit team leader in order to allocate work assignments and decide possible changes. Changes to the work assignments can be made as the audit progresses in order to ensure the achievement of the audit objectives.

6.3.4 Preparing documented information for audit

The audit team members should collect and review the information relevant to their audit assignments and prepare documented information for the audit, using any appropriate media. The documented information for the audit can include but is not limited to: a) physical or digital checklists; b) audit sampling details; c) audio visual information. The use of these media should not restrict the extent of audit activities, which can change as a result of information collected during the audit.
NOTE Guidance on preparing audit work documents is given in A.13.

Documented information prepared for, and resulting from, the audit should be retained at least until audit completion, or as specified in the audit programme. Retention of documented information after audit completion is described in 6.6. Documented information created during the audit process involving confidential or proprietary information should be suitably safeguarded at all times by the audit team members.

Return to the ISO 19011 PDCA Audit Process Diagram


dot do6.4.1 General


Audit activities are normally conducted in a defined sequence. This sequence may be varied to suit the circumstances of specific audits.

6.4.2 Assigning roles and responsibilities of guides and observers


Guides and observers may accompany the audit team with approvals from the audit team leader, audit client and/or auditee, if required. They should not influence or interfere with the conduct of the audit. If this cannot be assured, the audit team leader should have the right to deny observers from being present during certain audit activities. For observers, any arrangements for access, health and safety, environmental, security and confidentiality should be managed between the audit client and the auditee.

Guides, appointed by the auditee, should assist the audit team and act on the request of the audit team leader or the auditor to which they have been assigned. Their responsibilities should include the following:

a) assisting the auditors in identifying individuals to participate in interviews and confirming timings and locations;
b) arranging access to specific locations of the auditee;
c) ensuring that rules concerning location-specific arrangements for access, health and safety, environmental, security, confidentiality and other issues are known and respected by the audit team members and observers and any risks are addressed;
d) witnessing the audit on behalf of the auditee, when appropriate;
e) providing clarification or assisting in collecting information, when needed.

6.4.3 Conducting opening meeting

The purpose of the opening meeting is to:

a) confirm the agreement of all participants (e.g. auditee, audit team) to the audit plan;
b) introduce the audit team and their roles;
c) ensure that all planned audit activities can be performed.

An opening meeting should be held with the auditee’s management and, where appropriate, those responsible for the functions or processes to be audited. During the meeting, an opportunity to ask questions should be provided. The degree of detail should be consistent with the familiarity of the auditee with the audit process. In many instances, e.g. internal audits in a small organization, the opening meeting may simply consist of communicating that an audit is being conducted and explaining the nature of the audit. For other audit situations, the meeting may be formal, and records of attendance should be retained. The meeting should be chaired by the audit team leader. Introduction of the following should be considered, as appropriate:

— other participants, including observers and guides, interpreters and an outline of their roles;
— the audit methods to manage risks to the organization which may result from the presence of the audit team members. Confirmation of the following items should be considered, as appropriate:
— the audit objectives, scope and criteria;
— the audit plan and other relevant arrangements with the auditee, such as the date and time for the closing meeting, any interim meetings between the audit team and the auditee’s management, and any change(s) needed;
— formal communication channels between the audit team and the auditee;
— the language to be used during the audit;
— the auditee being kept informed of audit progress during the audit;
— the availability of the resources and facilities needed by the audit team;
— matters relating to confidentiality and information security;
— relevant access, health and safety, security, emergency and other arrangements for the audit team;
— activities on site that can impact the conduct of the audit.

The presentation of information on the following items should be considered, as appropriate:

— the method of reporting audit findings including criteria for grading, if any;
— conditions under which the audit may be terminated;
— how to deal with possible findings during the audit;
— any system for feedback from the auditee on the findings or conclusions of the audit, including complaints or appeals.

6.4.4 Communicating during audit


During the audit, it may be necessary to make formal arrangements for communication within the audit team, as well as with the auditee, the audit client and potentially with external interested parties (e.g. regulators), especially where statutory and regulatory requirements require mandatory reporting of nonconformities. The audit team should confer periodically to exchange information, assess audit progress and reassign work between the audit team members, as needed. During the audit, the audit team leader should periodically communicate the progress, any significant findings and any concerns to the auditee and audit client, as appropriate. Evidence collected during the audit that suggests an immediate and significant risk should be reported without delay to the auditee and, as appropriate, to the audit client. Any concern about an issue outside the audit scope should be noted and reported to the audit team leader, for possible communication to the audit client and auditee. Where the available audit evidence indicates that the audit objectives are unattainable, the audit team leader should report the reasons to the audit client and the auditee to determine appropriate action. Such action may include changes to audit planning, the audit objectives or audit scope, or termination of the audit. Any need for changes to the audit plan which may become apparent as auditing activities progress should be reviewed and accepted, as appropriate, by both the individual(s) managing the audit program and the audit client and presented to the auditee.

6.4.5 Audit information availability and access


The audit methods chosen for an audit depend on the defined audit objectives, scope and criteria, as well as duration and location. The location is where the information needed for the specific audit activity is available to the audit team. This may include physical and virtual locations. Where, when and how to access audit information is crucial to the audit. This is independent of where the information is created, used and/or stored. Based on these issues, the audit methods need to be determined (see Table A.1). The audit can use a mixture of methods. Also, audit circumstances may mean that the methods need to change during the audit.

6.4.6 Reviewing documented information while conducting audit


The auditee’s relevant documented information should be reviewed to: — determine the conformity of the system, as far as documented, with audit criteria; — gather information to support the audit activities.

The review may be combined with the other audit activities and may continue throughout the audit, providing this is not detrimental to the effectiveness of the conduct of the audit. If adequate documented information cannot be provided within the time frame given in the audit plan, the audit team leader should inform both the individual(s) managing the audit program and the auditee. Depending on the audit objectives and scope, a decision should be made as to whether the audit should be continued or suspended until documented information concerns are resolved.


6.4.7 Collecting and verifying information


During the audit, information relevant to the audit objectives, scope and criteria, including information relating to interfaces between functions, activities and processes should be collected by means of appropriate sampling and should be verified, as far as practicable.

NOTE 1 For verifying information see A.5.

NOTE 2 Guidance on sampling is given in A.6.

Only information that can be subject to some degree of verification should be accepted as audit evidence. Where the degree of verification is low the auditor should use their professional judgement to determine the degree of reliance that can be placed on it as evidence. Audit evidence leading to audit findings should be recorded. If, during the collection of objective evidence, the audit team becomes aware of any new or changed circumstances, or risks or opportunities, these should be addressed by the team accordingly. Figure 2 provides an overview of a typical process, from collecting information to reaching audit conclusions. .

iso 19011 6.4.7 verifying information figure 2

Methods of collecting information include, but are not limited to the following:

— interviews;
— observations;
— review of documented information.

NOTE 3 Guidance on selecting sources of information and observation is given in A.14.
NOTE 4 Guidance on visiting the auditee’s location is given in A.15.
NOTE 5 Guidance on conducting interviews is given in A.17.

6.4.8 Generating audit findings


Audit evidence should be evaluated against the audit criteria in order to determine audit findings. Audit findings can indicate conformity or nonconformity with audit criteria. When specified by the audit plan, individual audit findings should include conformity and good practices along with their supporting evidence, opportunities for improvement, and any recommendations to the auditee. Nonconformities and their supporting audit evidence should be recorded. Nonconformities can be graded depending on the context of the organization and its risks. This grading can be quantitative (e.g. 1 to 5) and qualitative (e.g. minor, major). They should be reviewed with the auditee in order to obtain acknowledgement that the audit evidence is accurate and that the nonconformities are understood. Every attempt should be made to resolve any diverging opinions concerning the audit evidence or findings. Unresolved issues should be recorded in the audit report. The audit team should meet as needed to review the audit findings at appropriate stages during the audit.

NOTE 1 Additional guidance on the identification and evaluation of audit findings is given in A.18.

NOTE 2 Conformity or nonconformity with audit criteria related to statutory or regulatory requirements or other requirements, is sometimes referred to as compliance or non-compliance.

6.4.9 Determining audit conclusions

6.4.9.1 Preparation for closing meeting

The audit team should confer prior to the closing meeting in order to:

a) review the audit findings and any other appropriate information collected during the audit, against the audit objectives;
b) agree on the audit conclusions, taking into account the uncertainty inherent in the audit process;
c) prepare recommendations, if specified by the audit plan; d) discuss audit follow-up, as applicable.

6.4.9.2 Content of audit conclusions

Audit conclusions should address issues such as the following:

a) the extent of conformity with the audit criteria and robustness of the management system, including the effectiveness of the management system in meeting the intended outcomes, the identification of risks and effectiveness of actions taken by the auditee to address risks;
b) the effective implementation, maintenance and improvement of the management system;
c) achievement of audit objectives, coverage of audit scope and fulfilment of audit criteria;
d) similar findings made in different areas that were audited or from a joint or previous audit for the purpose of identifying trends.

If specified by the audit plan, audit conclusions can lead to recommendations for improvement, or future auditing activities.

6.4.10 Conducting closing meeting


A closing meeting should be held to present the audit findings and conclusions.

The closing meeting should be chaired by the audit team leader and attended by the management of the auditee and include, as applicable:

— those responsible for the functions or processes which have been audited;
— the audit client;
— other members of the audit team;
— other relevant interested parties as determined by the audit client and/or auditee.

If applicable, the audit team leader should advise the auditee of situations encountered during the audit that may decrease the confidence that can be placed in the audit conclusions. If defined in the management system or by agreement with the audit client, the participants should agree on the time frame for an action plan to address audit findings.

The degree of detail should take into account the effectiveness of the management system in achieving the auditee’s objectives, including consideration of its context and risks and opportunities.

The familiarity of the auditee with the audit process should also be taken into consideration during the closing meeting, to ensure the correct level of detail is provided to participants.

For some audit situations, the meeting can be formal and minutes, including records of attendance, should be kept. In other instances, e.g. internal audits, the closing meeting can be less formal and consist solely of communicating the audit findings and audit conclusions.

As appropriate, the following should be explained to the auditee in the closing meeting:

a) advising that the audit evidence collected was based on a sample of the information available and is not necessarily fully representative of the overall effectiveness of the auditee’s processes;
b) the method of reporting;
c) how the audit finding should be addressed based on the agreed process;
d) possible consequences of not adequately addressing the audit findings;
e) presentation of the audit findings and conclusions in such a manner that they are understood and acknowledged by the auditee’s management;
f) any related post-audit activities (e.g. implementation and review of corrective actions, addressing audit complaints, appeal process).

Any diverging opinions regarding the audit findings or conclusions between the audit team and the auditee should be discussed and, if possible, resolved. If not resolved, this should be recorded.

If specified by the audit objectives, opportunities for improvement recommendations may be presented. It should be emphasized that recommendations are not binding.


Return to the ISO 19011 PDCA Audit Process Diagram


dot do6.5.1 Preparing audit report


The audit team leader should report the audit conclusions in accordance with the audit program. The audit report should provide a complete, accurate, concise and clear record of the audit, and should include or refer to the following:

a) audit objectives;
b) audit scope, particularly identification of the organization (the auditee) and the functions or processes audited;
c) identification of the audit client;
d) identification of audit team and auditee’s participants in the audit;
e) dates and locations where the audit activities were conducted;
f) audit criteria;
g) audit findings and related evidence;
h) audit conclusions;
i) a statement on the degree to which the audit criteria have been fulfilled;
j) any unresolved diverging opinions between the audit team and the auditee;
k) audits by nature are a sampling exercise; as such there is a risk that the audit evidence examined is not representative.

The audit report can also include or refer to the following, as appropriate:
— the audit plan including time schedule;
— a summary of the audit process, including any obstacles encountered that may decrease the reliability of the audit conclusions;
— confirmation that the audit objectives have been achieved within the audit scope in accordance with the audit plan;
— any areas within the audit scope not covered including any issues of availability of evidence, resources or confidentiality, with related justifications;
— a summary covering the audit conclusions and the main audit findings that support them;
— good practices identified;
— agreed action plan follow-up, if any;
— a statement of the confidential nature of the contents;
— any implications for the audit program or subsequent audits.

6.5.2 Distributing audit report


The audit report should be issued within an agreed period of time. If it is delayed, the reasons should be communicated to the auditee and the individual(s) managing the audit program. The audit report should be dated, reviewed and accepted, as appropriate, in accordance with the audit program.

The audit report should then be distributed to the relevant interested parties defined in the audit program or audit plan. When distributing the audit report, appropriate measures to ensure confidentiality should be considered.


Return to the ISO 19011 PDCA Audit Process Diagram


An audit is considered complete when all the activities are completed.
dot check

If an unexpected situation occurs that prevents the audit completion, it should be scheduled for resumption.

Based on the audit program's requirements, documented information should be retained or disposed of.

Confidentiality - unless required by law, the audit team and the individual(s) managing the audit program should not disclose any information obtained during the audit, or the audit report, to any other party without the explicit approval of the audit client.  The client and auditee should be informed If audit results and documentation disclosure is required.

Note - lessons learned can identify risks and opportunities for improvement for the audit program and the auditee.

Return to the ISO 19011 PDCA Audit Process Diagram


dot actDepending on the audit objectives, the outcome may indicate the need for corrective actions, or opportunities for improvement. Agreed upon time frames on these actions should be documented; and progress must be communicated.

Be sure to verify and document the effectiveness of these activities. The verification may be a component of future audits. Any and all outcomes should be reported to the audit program manager and the audit client for management review.


Return to the ISO 19011 PDCA Audit Process Diagram


INSTRUCTOR-MENTOR COURSEISO 45001 glossy ball blue

(prior auditing experience is required)

Course: OH&S ISO 45001 Lead Auditor Course (Modules OH, AU, TL) certified by Exemplar Global.

Description of Delivery:

  • Initial phone meeting to discuss meeting method (e.g. Zoom, GoToMeeting, WebEx, Skype, et.al.)

    exlemplar global certified trainer

  • Determine specific needs
  • 1-3 online meeting sessions (as needed) during a predetermined period, with Trainer
  • scheduled by either the trainer or the student to cover the material for comprehension.

Trainer Responsibilities:

  • Send the student the initiation package and prework
  • Be available to the student at scheduled trainings (initiates telephone calls).
  • Send training manual via Dropbox and make student evaluations available electronically (i.e. Word).
  • Grade student evaluations and provide feedback in order for the student to conduct and resubmit (as necessary) in order to determine competence.
  • Provide certificate at conclusion of successful training.

Cost / Date:

  • $1,595 for up to 50 employees
  • We are now preparing for our May schedule

Student Responsibilities:

  • Obtain the required standard
  • Be available at scheduled trainings
  • Complete the course evaluations for each module (OH, AU, TL) and return for grading (email or mail).
  • As necessary, resubmit evaluations to Pillar after feedback is provided.
  • Pre-Pay course fee of $1,595.
  • If you are a previous or existing customer, contact us for a discount code.

Pillar Management Associates
322 Poindexter Lane
Lexington, SC 29072
Tap (803) 622-4536

Contact Us

Contact Us

Please let us know your name.
Invalid Input
Invalid Input
Please let us know your email address.
Invalid Input
Invalid Input
Invalid Input
Invalid Input
Please let us know your message.
Are you human? (Enter Numbers Only)
Invalid Input
Page 2 of 2

Consulting Locations

Register for Training Class By City