3. System Audit (Audit Planning)

System Revision ID ASEMS Document Version Effective From State
3444 3.0 09/01/2017 - 00:15 Extant

3.1. Overview

3.1.0.1.

This procedure is the second in a set of four System Audit procedures and deals with the planning of the fieldwork phase of the audit.

3.1.1. Required Outputs

3.2. Procedure

3.2.1. Step 1 – Initial document review

3.2.1.1.

During the Audit Initiation phase the Lead Auditor should have identified and obtained any documents needing to be reviewed as part of the preparation for the audit. This documentation should include management system documents, records and any previous audit reports relevant to the scope of the audit. Previous audit reports should be examined to establish follow-up work which may be required and to ensure that the audit does not duplicate work that may have been completed in a recent audit

3.2.1.2.

If the initial document review reveals major non-conformances with the management system then the Lead Auditor may take the decision to postpone the audit until the documentation discrepancies have been resolved. This should be discussed with the Audit Client before a decision is made and communicated to the Auditee.

3.2.2. Step 2 – Prepare the Audit Plan

3.2.2.1.

The Lead Auditor should prepare an Audit Plan to ensure that the audit meets all the identified criteria and is carried out in a professional manner with efficient use of time and resources.

3.2.2.2.

The Audit Plan should be written so it is flexible enough to permit any minor changes which may be needed during the course of the audit, for example additional staff may have to be interviewed.

3.2.2.3.

The Audit Plan(s) should cover the following elements:

  1. Location of audit;
  2. Audit scope, objectives and criteria;
  3. Reference documents;
  4. Auditors’ details;
  5. Auditee’s names and contact details; and
  6. Audit date and timetable/on-site work agenda.

3.2.2.4.

The Audit Plan may also include:

  1. Areas and documents to inspect;
  2. Logistic arrangements (travel, on-site facilities, etc.);
  3. On site administrative arrangement (site access, security clearance);
  4. Health and safety issues associated with carrying out the audit; and
  5. Any security requirements including document confidentiality.

3.2.2.5.

Once the Audit Plan has been drawn up, it should be approved by the Audit Client and agreed by the Auditee before it is implemented. Any objections by the Auditee should be resolved between the Lead Auditor, the Auditee and the Audit Client. Any revisions should then be agreed among the parties concerned before continuing with the process.

3.2.3. Step 3 - Assign work to the audit team

3.2.3.1.

The Lead Auditor, in consultation with the Audit Team, should assign each team member with specific tasks. The competency and independence of the Auditor Team members should be taken into consideration.

3.2.3.2.

During this stage the Lead Auditor may identify the need to make changes to the composition of the Audit Team (e.g. all competences required are not covered in the Audit Team).

3.2.4. Step 4 - Prepare Audit Question Set(s)

3.2.4.1.

A key part of the planning stage should be to produce the Audit Question Set(s) that should be used by the Audit Team members in the completion of the assigned audit tasks. This should be generated with reference to the Audit Plan and should identify:

  1. The questions which are relevant to the audit;
  2. Any  tailoring of the model questions to suit the audit criteria; and
  3. Adding further questions, based on audit-specific issues, additional domain requirements (e.g. Airworthiness, OME) domain and/or current or historic knowledge of the project being audited.

3.2.4.2.

The use of an Audit Question Set has many benefits, including:

  1. Providing a structured set of questions, ensuring that no subject areas are inadvertently overlooked;
  2. Facilitating the smooth running of the audit, thereby causing minimal disruption to project work; and
  3. Providing a traceable and documented process of the generation of audit findings.

3.2.4.3.

One limitation of using a formulated question set is that this can easily become a ‘tick-box’ exercise which fails to provide any added value to the Auditee. Additionally, strict adherence to the question set may reduce opportunities for further evidence trails to be investigated.  Care should be taken to ensure that this does not happen. 

3.2.4.4.

All Audit Question Sets should be reviewed and approved by the Lead Auditor prior to use.

3.2.4.5.

During the audit, the Question Set should be used to record:

  1. Audit Findings:
    1. Questioning: How is the requirement satisfied?
    2. Evidence: What evidence is provided in support?
    3. Auditor’s Opinion: Draw conclusions from responses.
  2. Assessed level of compliance; and
  3. Notes (e.g. any recommendations that have been made as part of the audit).

3.2.4.6.

The ‘Level of compliance’ field should record the Audit Team’s judgement on whether the Auditee has satisfied the specific area under review. The response recorded will be one of the following:

  1. Assessed compliant: No weaknesses observed: the required system procedure or process has been adhered to;
  2.  Non-conformance: Example identified by the Audit Team where a required system procedure or process has not been adhered to (refer to AAP04 – Non-conformance and Corrective Action); or
  3. Observation: Written report by the Audit Team which does not relate to a conformance issue but may otherwise be of benefit to the Auditee or the Audit Client, e.g. possible improvements.

3.3. Responsibilities

3.3.1. Procedure Management and Procedure Completion

3.3.1.1.

The Lead Auditor is responsible for ensuring that this procedure is managed and completed appropriately. The Lead Auditor may delegate tasks to members of the Audit Team in regards to the management and completion of this procedure but retains responsibility.

3.4. When

3.4.0.1.

Immediately after completion of the Audit Management and Initiation Process.

3.5. Required Inputs

3.5.0.1.

  1. Audit Question Toolset;
  2. Audit Schedule;
  3. Audit Details, Team Composition and Competence Record Form;
  4. Other documents relevant to the scope and objective of the audit (e.g. POSMS / POEMS);
  5. Team’s Safety Management System and Environmental Management System documents and records; and
  6. Previous audit reports

3.6. Required Outputs

3.6.0.1.

  1. Audit Plan
3.6.1. Records and Project Documentation

3.6.1.1.

Where relevant, the outputs from this procedure should feed into the following:

  1. Assurance and Audit Procedure

3.7. Further Guidance

3.7.1. General

3.7.1.1.

Although audits of the Front Line Command are outside the scope of the system audits, any relevant information provided by the Front Line Command which relates to Safety Management System and Environmental Management System requirements or the safety and environmental performance of the equipment (e.g. objectives and targets and operational controls) should be included in the audit.

3.8. Version Control

3.8.1. Version 2.3 to 3.0 Uplift

3.8.1.1.

Major uplift from the Acquisition System Guidance (ASG) to online version. POEMS has undergone major revision. Refer to the POEMS Transition Document for details.