One of the requirements often missed when an organization initially implements a management system is the need for an internal audit program. Both audit procedures and an audit program are required. This is true of OHSAS 18001 and all of the ISO Management System Standards (Clause 9.2 in the ISO standards).
Simply having procedures is not enough.
So, what is an audit program and how does it differ from audit procedures?
ISO 19011 defines an audit program as “arrangements for a set of one or more audits planned for a specific time frame and directed towards a specific purpose”. According to www.dictionary.com, a program is a “planned, coordinated group of activities, procedures, etc., often for a specific purpose”.
A procedure is defined as “a specified way to carry out an activity or process”.
In other words, audit procedures are one component of an audit program.
In order to have an internal audit program, an organization must have the following:
- A defined purpose (established audit program objectives)
- Audit arrangements (audit procedures covering audit scheduling, responsibilities, methods and reporting)
- Scheduled audits (audits planned for a specific time frame)
NOTE – This first appears as a blog post on the OHSAS 18001 Expert Website on December 15, 2011. It has been updated to reflect changes made in ISO standards.