The individual(s) managing the audit programme and the audit client should review the audit programme to assess whether its objectives have been achieved. Lessons learned from the audit programme review should be used as inputs for the improvement of the programme. The individual(s) managing the audit programme should ensure the following:
— review of the overall implementation of the audit programme;
— identification of areas and opportunities for improvement;
— application of changes to the audit programme if necessary;
— review of the continual professional development of auditors, in accordance with 7.6;
— reporting of the results of the audit programme and review with the audit client and relevant interested parties, as appropriate.
The audit programme review should consider the following:
a) results and trends from audit programme monitoring;
b) conformity with audit programme processes and relevant documented information;
c) evolving needs and expectations of relevant interested parties;
d) audit programme records;
e) alternative or new auditing methods;
f) alternative or new methods to evaluate auditors;
g) effectiveness of the actions to address the risks and opportunities, and internal and external issues associated with the audit programme;
h) confidentiality and information security issues relating to the audit programme.
Return to the ISO 19011 PDCA Audit Process Diagram
