
The responsibility for conducting the audit should remain with the assigned audit team leader (see 5.5.5) until the audit is completed (see 6.6). To initiate an audit, the steps in Figure 1 should be considered; however, the sequence can differ depending on the auditee, processes and specific circumstances of the audit.
6.2.2 Establishing contact with auditee
The audit team leader should ensure that contact is made with the auditee to:
a) confirm communication channels with the auditee’s representatives;
b) confirm the authority to conduct the audit;
c) provide relevant information on the audit objectives, scope, criteria, methods and audit team composition, including any technical experts; d) request access to relevant information for planning purposes including information on the risks and opportunities the organization has identified and how they are addressed;
e) determine applicable statutory and regulatory requirements and other requirements relevant to the activities, processes, products and services of the auditee;
f) confirm the agreement with the auditee regarding the extent of the disclosure and the treatment of confidential information;
g) make arrangements for the audit including the schedule;
h) determine any location-specific arrangements for access, health and safety, security, confidentiality or other;
i) agree on the attendance of observers and the need for guides or interpreters for the audit team;
j) determine any areas of interest, concern or risks to the auditee in relation to the specific audit;
k) resolve issues regarding composition of the audit team with the auditee or audit client.
6.2.3 Determining feasibility of audit
The feasibility of the audit should be determined to provide reasonable confidence that the audit objectives can be achieved. The determination of feasibility should take into consideration factors such as the availability of the following: a) sufficient and appropriate information for planning and conducting the audit; b) adequate cooperation from the auditee; c) adequate time and resources for conducting the audit.
NOTE Resources include access to adequate and appropriate information and communication technology.
Where the audit is not feasible, an alternative should be proposed to the audit client, in agreement with the auditee.
Return to the ISO 19011 PDCA Audit Process Diagram