The first step is to devise an audit plan, which will inform all steps and timing of the audit. It will also establish which sample activities or locations will be audited.
The steps include:
- 1. Initial Contact
- 2. Initial Document Review (Stage One Audit)
- 3. Audit Plan
- 4. Prepare Work Documents
- 5. Opening Meeting
- 6. Detailed Document Review
- 7. Collecting and Verifying Information
- 8. Generating Audit Findings
- 9. Preparing Audit Conclusions
- 10. Conducting Closing Meeting
- 11. Prepare Audit Report
Stage One:
- Verify the main elements of the management system
- Preliminary document review
- Indicate areas of concern (rather than non-conformities)
- Create a plan for Stage Two audit
Stage Two:
- Verify the management system against the requirements of the standard
- Specific documentation review (required documents of the standard and those procedures and documents deemed necessary by the organisation)
- Observe a sample event’s preparation, delivery and dismantlement.
- Interviews
- Produce an audit report with recommendation for certification or non-conformities for correction.
- Technical committee makes final certification decision.
Risk-based Auditing:
Priority and resources (time, personnel) should be given to those matters of significance within the management system. Read more on risk based auditing of ISO 20121 and concepts for consideration within various type of events, locations and organisations.