Surprisingly, one of the most asked questions we receive is ‘What is an audit’? This made me realise that as auditors, we take this for granted and just expect that the entire world also knows what we do!
The word itself comes from the latin root "to hear", referring to the hearing of oral evidence of a captain or cargo master shouting out the contents of a ship to auditors who were employed by the king to verify stated conditions.
The auditor was responsible for seeing that the cargo was properly recorded so appropriate taxes would be paid
It’s such a simple question however it did require some thought to come up with a simple explanation.
The formal answer as defined in ISO 19011 Guidelines for auditing management systems states that an audit is a
‘systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled’.
The Oxford dictionary defines the term ‘audit’ as
‘an official inspection of an organizations accounts, typically by an independent body’ or ‘a systematic review or assessment of something’.
But this dictionary definition is not the one we need – because this covers financial audits only - we’re only interested in the ISO definition for management system auditing.
Now, try explaining that to someone new to auditing and you can guess that they still might be a little confused? Interestingly we have all probably conducted an audit of some type, however it has just not been called an audit? Those of us, with children, ‘audit’ them all of the time! Have you done your homework? Did you do all of the tasks set in your assignment? Did you wash the dishes as I asked this morning!
So, basically an audit is simply checking what has been done against what should have been done. And as auditors, we are looking for evidence of this, either through documentation (records), observation of the task or activity, or statements of fact, And it’s important to point out that there is difference between a “statement of fact” and somebody just telling us something. So, our children had better present their evidence to us when we ask for it!
If we now return to the ISO definition, rather than the dictionary one, we can see it includes… to determine the extent to which the audit criteria are fulfilled.
So what is audit criteria? Audit criteria is what an auditor checks against and sometimes may be referred to as a requirement or requirements.
We can audit against any type of requirements or criteria, such as International, or local standards. ISO 9001 and ISO 14001 are international examples for Quality and Environmental management systems. Local standards are prefixed with AS in Australia , BS in Great Britain, CAN/CSA in Canada, ANSI in the USA. Other criteria that can be audited against include; internal organizational policies and procedures, supply contracts or agreements, legislation, codes of conduct.
An audit is simply checking whether these processes or tasks are being undertaken as per these set requirements.
Typically, when you tell someone that you are an auditor they instantly think financial or tax auditors, as per the dictionary definition. But being a management systems auditor we might be interested in much much more than just the organization’s accounts or finances.