ISO 9001 Lead Auditor Training

Module 7 - Audit Reporting

7.2 Approving and distributing the audit report
The audit report should be issued within the agreed time period. If this is not possible, the reasons for the delay should be communicated to the audit client and a new issue date should be agreed.

ISO 9000 Auditor Training - The audit report should be dated, reviewed and approved in accordance with audit program procedures. The approved report should then be distributed to recipients designated by the audit client.  The audit report is the property of the audit client. The audit team members and all report recipients should respect and maintain the confidentiality of the report.

7.3 Close out
7.3.1 Completing the audit
The audit is completed when all activities described in the audit plan have been carried out and the approved audit report is distributed.

Documents pertaining to the audit should be retained or destroyed by agreement between the participating parties and in accordance with the audit program procedures and applicable statutory, regulatory and contractual requirements.

Unless required by law, the audit team and those responsible for managing the audit program should not disclose the contents of documents, any other information obtained during the audit, or the audit report, to any other party without the explicit approval of the audit client and, where appropriate the approval of the auditee. If disclosure of the contents of an audit document is required, the audit client and auditee should be informed as soon as possible.

7.3.2 Conducting audit follow-up
The conclusions of the audit may indicate the need for corrective, preventive or improvement actions, as applicable. Such actions are usually decided and taken by the auditee within an agreed timeframe and are not considered part of the audit. The auditee should keep the audit client informed of the status of these actions.

ISO 9000 Lead Auditor Training - The completion and effectiveness of corrective action should be verified. This verification may be part of a subsequent audit. The audit program may specify follow-up by members of the audit team, which adds value by using their expertise. In such cases, care should be taken to maintain the independence in subsequent audit activities.

7.3.3 Auditee post-audit actions
The auditee might have a number of areas that were found to not conform to requirements. These nonconformities must be corrected, the actions verified as effective, and some kind of monitoring implemented to ensure things stay conforming.

If the company has only one set of audit results for which to verify corrective actions, its follow-up system may be quite basic. However, some companies may have several nonconformities from external audits, and more from their own internal audits, product reports, and customer complaints. A formal system is necessary to track each nonconformity as it goes towards “close out”. If the external body is returning to check on corrective action taken, the auditee needs a good system to ensure the action has been taken and was effective. 

"Understanding ISO 9001" provides a detailed explanation of each ISO 9001 clause (requirements).

ISO 9001 FAQ provides answers to commonly asked questions about the ISO 9000 family of quality management standards.