Auditing

Two types of auditing are required to become registered to the standard: auditing by an
external certification body (external audit) and audits by internal staff trained for this
process (internal audits). The aim is a continual process of review and assessment, to
verify that the system is working as it's supposed to, find out where it can improve and to
correct or prevent problems identified. It is considered healthier for internal auditors to
audit outside their usual management line, so as to bring a degree of independence to
their judgments.
The auditing process could be adequately addressed by performing "compliance
auditing":

Tell me what you do (describe the business process)

Show me where it says that (reference the procedure manuals)
Prove that that is what happened (exhibit evidence in documented records)

How this led to preventive actions was not clear.

The latest standard uses the process approach. While auditors perform similar functions,
they are expected to go beyond mere auditing for rote "compliance" by focusing on risk,
status and importance. This means they are expected to make more judgments on what is
effective, rather than merely adhering to what is formally prescribed. The difference from
the previous standard can be explained thus:
Under the 1994 version, the question was broadly "Are you doing what the
manual says you should be doing?", whereas under the 2000 version, the question
is more "Will this process help you achieve your stated objectives? Is it a good
process or is there a way to do it better?".
The ISO 19011 standard for auditing applies to ISO 9001 besides other management
systems like EMS ( ISO 14001), FSMS (ISO 22000) etc.
Audit :
The most general definition of an audit is an evaluation of a person, organization, system,
process, project or product. Audits are performed to ascertain the validity and reliability
of information, and also provide an assessment of a system's internal control. The goal of
an audit is to express an opinion on the person/organization/system etc. under evaluation
based on work done on a test basis. Due to practical constraints, an audit seeks to provide
only reasonable assurance that the statements are free from material error. Hence,
statistical sampling is often adopted in audits. In the case of financial audits, a set of
financial statements are said to be true and fair when they are free of material
misstatements - a concept influenced by both quantitative and qualitative factors.

Traditionally audits were mainly associated with gaining information about financial
systems and the financial records of a company or a business (see financial audit).
However recently auditing has begun to include other information about the system, such
as information about environmental performance. As a result there are now professions
that conduct environmental audits.
In financial accounting, an audit is an independent assessment of the fairness by which a
company's financial statements are presented by its management. It is performed by
competent, independent and objective person or persons, known as auditors or
accountants, who then issue an auditor's report on the results of the audit.
Such systems must adhere to generally accepted standards set by governing bodies that
regulate businesses. It simply provides assurance for third parties or external users that
such statements present 'fairly' a company's financial condition and results of operations.

Quality audits
Quality audits are performed to verify the effectiveness of a quality management system.
This is part of certifications such as ISO 9001. They are essential to verify existence of
objective evidence of processes, to assess how successfully processes have been
implemented, for judging the effectiveness of achieving any defined target levels, provide
evidence concerning reduction and elimination of problem areas, and are a hands-on
management tool for achieving continual improvement in an organisation.
For the benefit of the organization, quality auditing should not only report nonconformances and corrective actions, but also highlight areas of good practice. In this
way other departments may share information and amend their working practices as a
result, also enhancing continual improvement.

Types of auditors
There are two types of auditors:

Internal auditors are employees of a company hired to assess and evaluate its
system of internal control. To maintain independence, they present their reports
directly to the Board of Directors or to Top Management. They provide functional
operation to the concern. Internal auditors are employees of the company so that
they can easily find out the frauds and any mishappening.

External auditors are independent staff assigned by an auditing firm to assess

and evaluate financial statements of their clients or to perform other agreed upon
evaluations. Most external auditors are employed by accounting firms for annual
engagements. They are called upon from the out side of the company.