top of page

Audit Process

Now that you have your activities and processes in place and you are ready for an assessment visit, you will need to contact ForeFront to get a proposal for the cost and duration of your audits.

The Audit process consists of three steps.  A Gap analysis (optional) then a 2-stage audit.  If these are successful, you will accomplish your successful certificate.

The certificate will be valid for three years and will be reviewed regularly (typically annually) by your certification body.  These visits are known as surveillance visits.  We will agree on these dates with you ahead of time to ensure you have all you need in place.

Gap Analysis

A gap analysis is a document review or a “show me the evidence”.   It is your sanity check before you go too far.  It enables you to ensure you have everything in place before you commence the 2-stage audit process.

Stage 1

Stage 1 aims to establish that you understand the requirements of the standard and that you have got systems and procedures in place to comply with it.

The principal objective of this assessment is a readiness review to determine if the client is ready for a stage two audit. The audit will be carried out against the relevant standard, the documented processes within the management system. For example:

  • The auditor will review status and identify key performance measures in place, documented processes and review operations of the management system.

  • The auditor will review information regarding the scope of the management system, processes, use of equipment, controls in place and applicable statutory and regulatory requirements, including sites and any multi-site restrictions as appropriate.

The audit will be conducted at the client’s premises and may involve a visit to a remote site as necessary to determine whether the client has identified applicable processes, environmental aspects, legal requirements for verification.

We will explain to you with a report and an audit schedule for stage 2.  The report will identify any actions you are advised to take before the next phase. 

Stage 2

The objective of Stage 2 is to evaluate the implementation and effectiveness of the management system.  It looks to see if what you say you are doing and will involve the auditing of at least the following:

Evidence will be gathered to demonstrate the conformity of the management system or other applicable standards part of the scope. Audit evidence will be collected by, for example, interviews, observation of processes and activities, review of documentation and records etc.

  • The monitoring and measuring of performance objectives and targets

  • The organisations' ability to meet statutory, regulatory and contractual requirements.

  • Operational planning and control of processes

  • Internal auditing and management review

  • Management commitment to the organisations' policies

What happens if there are problems?

If during the audit, it becomes apparent that you are not satisfactorily meeting the required level, then this will be openly discussed and reviewed with the relevant people in your organisation.

The Audit report shall outline all findings from the Stage 2 assessment. This report shall include all positive observations, as well as opportunities for areas to improve, which do not adhere to the standard.
Depending on how severe the issues are will determine the action you need to take and your Forefront auditor shall discuss the results of the audit through the closing meeting how you need to close the issues before we recommend you for certification.  By the end of the review, the auditor will indicate you if you have been successful or what you need to do to achieve for ISO certification.  The suggestions are subject to a final check of audit report by the independent competent assessor.  Once they have approved that a satisfactory audit has taken place then this is when the final recommendation takes place, and the certificate is issued.

Surveillance Visits

Surveillance audits are undertaken periodically to see that you are continuing to operate and work to your management system and ensure that you are maintaining compliance with the chosen Standard throughout the three-year certification cycle.  Although usually on an annual basis the frequency and duration of surveillance depend on size of the organisation, complexity and risk.

Recertification Visits

At the end of the three-year certification cycle, a rectification visit takes place.  Recertification Visit will include a site audit covering the following:

  • A full review of the management system, taking into consideration internal and external changes and ensuring the scope of certification has continued relevance.

  • The commitment to ensuring the effectiveness and continual improvement to enhance the performance of the management system is maintained.

  • Effectiveness of the management system in achieving the set objectives

  • In cases of major non-conformities, We won’t be able to grant recertification until the corrective actions are verified during a further site visit and implemented before the certificate expiry.

bottom of page