Process Flow for Audit Management (ISO 19001 - PDCA)
The extent of an audit programme should be based on the size and nature of the auditee, as well as on the nature, functionality, complexity, the type of risks and opportunities, and the level of maturity of the management system(s) to be audited.
The functionality of the management system can be even more complex when most of the important functions are outsourced and managed under the leadership of other organizations. Particular attention needs to be paid to where the most important decisions are made and what constitutes the top management of the management system.