Methodology
For all audit engagements, we reference the Plan–Do–Check–Act (PDCA) cycle as prescribed by ISO to evaluate the effectiveness of management systems. Where applicable, audits may cover multiple standards within an Integrated Management System (IMS) in accordance with applicable audit criteria.
PLAN
- Define audit scope
- Identify criteria
- Select audit methods
DO
-
Conduct audit activities
-
Collect audit evidence
-
Record observations
CHECK
- Review audit evidence
- Assess conformity
- Identify nonconformities
ACT
- Report audit findings
- Issue audit conclusions
- Close audit engagement
- Centralized audit communication
- Visibility into audit stages
- Defined audit status updates
- Transparent audit workflow
- Automated audit notifications
- Secure audit document management
- Coordinated audit team communication
Our audit methodology follows a defined five-step audit cycle. Each phase includes specified audit activities and outputs aligned with applicable audit criteria. Audit scope and procedures are determined in accordance with engagement requirements and professional auditing standards.
PROJECT KICK-OFF MEETING
The initial meeting is conducted to obtain an understanding of the organization’s business context relevant to the audit engagement. This includes discussion of applicable legal and regulatory requirements, organizational structure, functions, and processes within the defined audit scope. Information gathered is used solely for audit planning and determination of audit objectives, scope, and criteria in accordance with applicable auditing standards.
Audit conformity evaluation
A structured evaluation of existing processes and controls is performed to assess conformity with applicable compliance framework requirements, based on documented audit evidence and defined audit criteria, within the scope of the audit engagement and in accordance with established auditing standards.
Documentation review & reporting
Audit activities focus on the evaluation of processes and controls against applicable standard requirements based on documented audit evidence. Identified nonconformities and observations are documented and communicated in accordance with auditing standards. Documentation reviewed during the audit is limited to information provided by the organization, and auditor interactions are restricted to explaining audit criteria and reporting findings only.
Audit Evaluation & Reporting
Audit activities include the evaluation of processes and controls against applicable standard requirements based on documented audit evidence. Conformity and audit observations identified within the audit scope are documented and reported in accordance with auditing standards. Summary findings and conclusions are formally communicated to designated organizational management as part of audit reporting.
EXTERNAL AUDIT
A third-party external audit is conducted by a qualified audit team to evaluate processes and controls against applicable compliance framework requirements in accordance with established auditing standards. Audit findings and conclusions are documented and reported based on audit evidence. Where applicable, certification or attestation decisions are made by the authorized body following independent review of the audit report.