Sometimes referred to as an 'audit programme', an 'audit schedule' is defined as a “set of one or more audits planned for a specific time frame and directed towards a specific purpose”. (Definition taken from ISO 9000:2015 – Fundamentals and Vocabulary*.)
However, to fully understand the purpose and use of an audit schedule we better take ourselves to ISO 9001:2015, Clause 9.2 Internal Audit, where we find much more specific detail about who the programme is to be managed and operated by. Clause 9.2.1 tells us that organisations have a mandatory obligation to conduct internal audits at planned intervals and this is what an audit programme shows. It goes on to tell us that, included amongst these aforementioned audits, must be audit(s) that provide information on whether the quality management system (QMS) conforms to:
The organisation’s own requirements and expectations of its QMS.
In other words, what did the organisation expect, set, resource, staff, monitor, measure, analyse and evaluate its management system to achieve?
The requirements of the International Standard.
It’s too late to wait for a recertification audit to find out the degree of conformance shown by the organisation! It must carry out its own audits to be sure its activities are in conformance with ISO 9001:2015.
The QMS must be effectively (the degree to which planned activities are realised and planned results are achieved) implemented (ensure what is in a plan is done) and maintained (kept going).
I’ve inserted some explanations of the words in this sentence to give it some context.
This tells us there is considerable thought and planning gone into the QMS, and what it is expected to do and deliver. The audit schedule should reflect audits that provide this information so that decisions and judgements can be made about how well the planning was done, how the implementation went, and any maintenance issues it flagged up.
So, the points noted above need to be on the audit programme. We then add to that the other requirements as stated in Clause 9.2.2 of ISO 9001, showing that areas of greatest importance and risk are audited more frequently, and in more depth as part of risk mitigation. Other areas to be audited more frequently are areas of change and areas brought to light through previous audits. Once this is added in, audits can be assigned to the auditors with the best fit of technical and auditing competence, along with availability.
Add in an objective, scope, and set of criteria for each audit, and there you have your audit schedule.
*Sign up for an SQMC ISO 9001 Internal Auditor or Lead Auditor course and receive a free, licensed copy of ISO's Fundamentals and Vocabulary; worth £230 if purchased from the British Standards Institute!
Photography: Domenico Loia