Establishing the Audit Program Objectives

by JP Russell

To most, establishing program/department objectives seems like the normal thing to do. However, that is not always the case. Sometimes managers of programs/departments only focus on the purpose of their program/department. For example, the purpose of the audit program is to conduct audits. Therefore, all resources go into conducting as many audits as possible. Another example might be shipping department wherein incoming material must be shipped ASAP.  Establishing objectives or desirable outcomes goes beyond the purpose of a function. The aim is more about how the purpose is carried out and improved upon.

ISO 19011 Guidelines for auditing management systems states that it is top management’s responsibility is to ensure the audit program objectives are established. That does not mean audit program managers should wait to hear from their boss before they establish objectives. On the contrary, audit program managers need to be proactive.

The audit program manager can start by determining the organization’s objectives and policies. An organization should have objectives to achieve their performance goals and obligations. Not all, but many policies may affect the audit department. Examples include: safety, stewardship, ethics, confidential information, and so on. A good starting point is to ensure audit program objectives are consistent with, and support, management system policies and objectives.

Next, audit program objectives can be established. There may be objectives for the entire function. Or, there may be objectives for specific audit program activities such as program management, plans, and performing audit services. The audit program objectives should relate to the organizational objectives.

The program and individual audit objectives should also align with the needs and expectations of interested parties. For example, interest parties may include regulatory agencies, customers, suppliers, purchasing, operations, etc.

Audit program objectives direct program planning (department policy, procedures, guidelines, etc.). Plan what you do and do what you plan. Plans should align with objectives as well as the function purpose. One might ask, “Is this plan consistent with our objectives?” And, “Is there anything we should change that would enhance our effectiveness to achieve our objectives?”

There should also be objectives for conducting audits. Providing an audit service is the purpose of the audit program. These objectives may relate to efficiency, safety, professionalism, code of conduct and should be consistent with audit program objectives. Perhaps an example objective would be to incorporate the seven lean wastes thinking when conducting the audit process to improve efficiency.

Audit program objectives can consider the following1:

a) management priorities;

b) commercial and other business intentions;

c) characteristics of processes, products and projects, and any changes to them;

d) management system requirements;

e) legal and contractual requirements and other requirements to which the organization is committed;

f) need for supplier evaluation;

g) needs and expectations of interested parties, including customers;

h) auditee’s level of performance, as reflected in the occurrence of failures or incidents or customer complaints;

i) risks to the auditee;

j) results of previous audits;

k) level of maturity of the management system being audited;

l) auditing organization risks.

Examples of audit program objectives include the following:2:

— to contribute to the improvement of a management system and its performance;

— to fulfill external requirements, e.g. certification to a management system standard;

— to verify conformity with contractual requirements;

— to obtain and maintain confidence in the capability of a supplier;

— to determine the effectiveness of the management system;

— to contribute to the identification of risks to the organization and verification of risk treatment actions;

— to implement an eAudit program to reduce costs;

— to evaluate the compatibility and alignment of the management system objectives with the management system policy, strategic direction and the overall organizational objectives.

The objectives should be measurable. The idea here is to avoid vague generalizations such as “We will only use top notch auditors or achieve performance excellence.” Plans for monitoring the achievement of program objectives will need to include determining the appropriate metrics. Some metrics will be obvious such as continued certification of the management system.  Determining the metrics for other objectives such as the effectiveness of the management system may be more challenging. There may be some thought about appropriate metrics now or later as part of the monitoring performance process.

Plans should include how objectives are communicated. Objectives should be shared (note that there could be security exceptions). Informing people that need to know will only help in the achievement of objectives. Communication of objectives could be done using several media options. For example, posters, intranet, emails, virtual or face-to-face meetings, and so on.

Plans should take into account the need to update, delete or replace certain objectives. Objectives need to be monitored and periodically evaluated and updated. For example, they may need to be updated due to changing organizational objectives or strategic direction or the results of monitoring the achievement of objectives. Typically, objectives are reviewed annually, but circumstances may require more frequent assessment of objectives.

When appropriate, objectives should consider the type of audit. For example, on-site versus remote and internal versus external. The audit function of an organization may provide many different audit services beyond management system audits. Process audits are becoming increasingly popular due to the value they add to the organization. An ever-expanding supply chain has stressed the need for more accountability of suppliers.

About the author

J.P. Russell is the founder and managing director of QualityWBT Center for Education (www.Qualitywbt.com) an eLearning provider. He is also an ASQ fellow, ASQ-certified quality auditor, member of the US TAG 302 for management system auditing, member of the U.S. technical advisory group for International Organization for Standardization technical committee 176. Russell is a recipient of the Paul Gauthier Award from the ASQ Audit Division and author of several ASQ Quality Press books about auditing, standards, and quality improvement.

1 Taken from ISO 19011, clause 5.2 Establishing the audit program objectives with some additions
2 ibid