audit program objectives

Establishing Audit Program Objectives

by J.P. Russell

To most, establishing program or department objectives seems like the normal thing to do. However, that isn’t always the case. Sometimes managers of programs or departments only focus on the purpose of their program or department. For example, the purpose of the audit program is to conduct audits. Therefore, all resources go into conducting as many audits as possible. Another example might be the shipping department where incoming material must be shipped ASAP. Establishing objectives or desirable outcomes goes beyond the purpose of a function. The aim is more about how the purpose is carried out and improved upon.

ISO 19011, Guidelines for auditing management systems, states that it is top management’s responsibility to ensure that audit program objectives are established. That doesn’t mean audit program managers should wait to hear from their boss before they establish objectives. On the contrary, audit program managers need to be proactive.

The audit program manager can start by determining the organization’s objectives and policies. An organization should have objectives to achieve their performance goals and obligations. Not all, but many policies may affect the audit department. Examples include safety, stewardship, ethics, and confidential information. A good starting point is to ensure audit program objectives are consistent with, and support, management system policies and objectives.

Next, audit program objectives can be established. There may be objectives for the entire function or specific audit program activities such as program management, plans, and performing audit services. Audit program objectives should relate to organizational objectives.

The program and individual audit objectives should also align with the needs and expectations of interested parties. For example, interested parties may include regulatory agencies, customers, suppliers, purchasing, and operations.

Audit program objectives direct program planning (department policy, procedures, guidelines, etc.). Plan what you do and do what you plan. Plans should align with objectives as well as the purpose of the function. One might ask, “Is this plan consistent with our objectives?” and “Is there anything we should change that would enhance our effectiveness to achieve our objectives?”

There should also be objectives for conducting audits. Providing an audit service is the purpose of the audit program. These objectives may relate to efficiency, safety, professionalism, and the code of conduct, and they should be consistent with audit program objectives. Perhaps an example objective would be to incorporate the seven lean wastes thinking when conducting the audit process to improve efficiency.

Audit program objectives can consider the following:

  • Management priorities
  • Commercial and other business intentions
  • Characteristics of processes, products, and projects and any changes to them
  • Management system requirements
  • Legal and contractual requirements and other requirements to which the organization is committed
  • Need for supplier evaluation
  • Needs and expectations of interested parties, including customers
  • Auditee’s level of performance, as reflected in the occurrence of failures, incidents or customer complaints
  • Risks to the auditee
  • Results of previous audits
  • Level of maturity of the management system being audited
  • Auditing organization risks

Examples of audit program objectives include:

  • To contribute to the improvement of a management system and its performance
  • To fulfill external requirements, e.g., certification to a management system standard
  • To verify conformity with contractual requirements
  • To obtain and maintain confidence in the capability of a supplier
  • To determine the effectiveness of the management system
  • To contribute to the identification of risks to the organization and verification of risk treatment actions
  • To implement an eAudit program to reduce costs
  • To evaluate the compatibility and alignment of the management system objectives with the management system policy, strategic direction, and overall organizational objectives

The objectives should be measurable. The idea here is to avoid vague generalizations such as “We will only use top-notch auditors or achieve performance excellence.” Plans for monitoring the achievement of program objectives will need to include determining the appropriate metrics. Some metrics will be obvious such as continued certification of the management system. Determining the metrics for other objectives such as the effectiveness of the management system may be more challenging. There may be some thought about appropriate metrics now or later as part of the monitoring performance process.

Plans should include how objectives are communicated. Objectives should be shared (note that there could be security exceptions). Informing people that need to know will only help the achievement of objectives. Communication of objectives could be done using several media options. For example, posters, intranet, emails, and virtual or face-to-face meetings.

Plans should take into account the need to update, delete, or replace certain objectives. Objectives need to be monitored and periodically evaluated and updated. For example, they may need to be updated due to changing organizational objectives or strategic direction or the results of monitoring the achievement of objectives. Typically, objectives are reviewed annually, but circumstances may require the objectives to be assessed more frequently.

When appropriate, objectives should consider the type of audit. For example, on-site versus remote and internal versus external. The audit function of an organization may provide many different audit services beyond management system audits. Process audits are becoming increasingly popular due to the value they add to the organization. An ever-expanding supply chain has stressed the need for greater supplier accountability.

About the author

J.P. Russell is the founder and managing director of eLearning provider QualityWBT Center for Education (www.qualitywbt.com). He is also an ASQ fellow, ASQ-certified quality auditor, member of the U.S. Technical Advisory Group (TAG) 302 for management system auditing, member of the U.S. TAG for ISO technical committee 176. Russell is a recipient of the Paul Gauthier Award from the ASQ Audit Division and author of several ASQ Quality Press books about auditing, standards, and quality improvement.

Leave a Reply