Key Points of Audit Scheme and Understanding, and the Differences and Connections with the Audit Plan

Audit is the core content of the certification process, a high-intensity technical work with strict requirements for both planning and implementation. The planned audit program should be based on risk considerations and be systematic, comprehensive, logical, interconnected, traceable, continuously monitorable, and sustainably improvable. Below we share: key points about audit programs and understanding, as well as the differences and connections with audit plans, along with the XXX laboratory's annual internal audit program and plan.

(1) Definition

A set of (one or multiple) audits planned for a specific period and with a specific purpose.

Note: The audit program includes all necessary activities for planning, organizing, and implementing the audit.

(2) Key Points of Understanding

1. Whether internal or external audits, to ensure that audit activities have appropriate resources and that audit conclusions are credible, the audit program should be planned and managed and followed during audit activities.

2. An audit program is a set of (one or multiple) audits, but it is not a simple accumulation of several audits; it is a set of related audits including all activities related to the audit. It can also be called a collection of audits and their related activities.

3. "Specific period" means an audit program can include one or multiple audits occurring within a certain time frame; the audit program covers this set of audits within that period.

4. "Specific purpose" means that a set of audit activities has an overall, common objective.

5. An audit program includes a set of audits and all necessary activities for planning, organizing, and implementing this set of audits; it should not be understood as a single document.

6. Examples of audit programs

(1) "Multiple internal audits covering the organization's quality management system within one year." In internal audits, the audit program covers multiple internal audits within one year, with the overall purpose of determining the conformity and effectiveness of the organization's quality management system.

(2) "A set of audits conducted on the quality management systems of key product suppliers within 6 months." In second-party audits, the audit program covers an audit every 6 months, aiming to identify potential suppliers of key products.

(3) "Certification and surveillance audits of the quality management system conducted by a third-party certification body within the contractually specified time cycle between the certification body and the client." In third-party audits, the audit program covers multiple audits (initial and surveillance audits) within the contractually specified time cycle (usually three years), aiming to maintain the organization's quality management system certification and registration qualification.

The differences and connections between audit programs and audit plans mainly include the following six aspects.

(1) A set of audits versus a specific single audit;

(2) Different management approaches;

(3) Different management personnel;

(4) The audit plan is a record of the audit program;

(5) Different competency requirements for management personnel.
　　1) Audit program management personnel are required to have a basic understanding of audit principles, auditor competence, and audit technology application, possess management skills, and understand the technology and business related to the audited activities.
　2) The audit team leader is required to have general and specific auditor competencies, as well as the ability to organize and lead the audit team.

(6) The content of the audit program and audit plan is different.