5. System Audit (Reporting and Follow-Up)

System Revision ID ASEMS Document Version Effective From State
3277 3.0 09/01/2017 - 00:15 Extant

5.1. Overview

This procedure deals with the activities to be conducted after the completion of the audit fieldwork phase. It covers writing and issuing of the audit report and any follow up action that may be required.

5.1.1. Required Outputs

  1. Audit Report (based on an approved Audit Report Template);
  2. Non-conformance and Corrective Action Form(s), if relevant – (fully completed).

5.2. Procedure

5.2.1. Step 1 - Prepare the Audit Report

Once the fieldwork phase has been completed and all evidence has been collected, an Audit Report should be drafted as agreed between the Lead Auditor and Audit Client. The Lead Auditor is responsible for the preparation and content of this report.

An Audit Report should contain the following:

  1. Introduction and background to the audit;
  2. Audit dates and locations;
  3. Audit scope, criteria and objectives;
  4. Description of audit approach and methodology;
  5. Audit Client Details;
  6. Audit Team Details;
  7. Areas of strength and areas for improvement;
  8. Audit findings;
  9. Conclusions; 
  10. The confidential nature of the contents.

The Audit Report may also include the following, as appropriate and agreed with the Audit Client:

  1. Audit limitations (e.g. situations encountered during the audit that may decrease the reliance that can be placed on the audit conclusions; areas not covered, although within the audit scope);
  2. Any unresolved diverging opinions between the Audit Team and the Auditee;
  3. Recommendations for improvement, where the Audit Client has specified in the audit objectives that this is required as part of the audit;
  4. Agreed follow-up action plans, (e.g. follow-up meeting), where specified in the audit objectives; and
  5. Annexes;
    1. Audit Team Composition;
    2. Non-conformance and Corrective Action Forms.

The contents of the report should be easy to understand, concise and unambiguous and be objective, fair and constructive. It should contain only that information which is supportable by relevant audit evidence. The Lead Auditor should ensure that the report’s distribution includes appropriate stakeholders.

5.2.2. Step 2 - Approve and distribute the audit report

Upon completion of the draft Audit Report, the Lead Auditor should forward the report to the Auditee for review and comment. The purpose of this review is to check for factual errors and not to negotiate the report’s content. The Lead Auditor should propose a reasonable time by which to provide the comments. The final audit report should be ready for release within 2 weeks to 1 month of receiving comments on the draft.

Once the final audit report is released for issue, the Lead Auditor should forward a dated copy to the Auditee, Audit Client, and other stakeholders as necessary.

5.2.3. Step 3 – Implement corrective/preventive actions

After the final Audit Report has been issued, the Auditee should record non-conformance, observations, and (where specified in the audit objectives) recommended corrective and preventive actions.

Observations should be managed as follows:

  1. The Lead Auditor should review the corrective and preventive actions planned by the Auditee to ensure that they appropriately address the non-conformances raised. In the event that these are unacceptable, the Lead Auditor should contact the Auditee to agree an acceptable course of action.
  2. The Auditee should keep the Audit branch informed of the status of the progress of corrective and preventive actions.
5.2.4. Step 4 – Audit follow-up

The completion and effectiveness of corrective and preventive actions for identified non-conformances should be verified. This can be completed in a number of ways, for example the follow up could be:

  1. Part of the current audit;
  2. A separate task; or
  3. Integrated within the next appropriate audit.

The results of the verification should be filed with the Audit Report. On completion of the follow-up tasks, the Lead Auditor will arrange for a copy of the non-conformance close out report to be sent to the Auditee and any other persons to whom the original audit report was sent.

5.2.5. Step 5 – File audit records

Documents pertaining to the audit should be retained or destroyed in accordance with the management system(s) record procedure(s) and applicable statutory, regulatory and contractual requirements. Note the report forms part of the safety case evidence that supports the procured equipment.  

5.2.6. Step 6 – Audit schedule review and update

On completion of Step 5 above, the Audit Schedule should be reviewed and where necessary modified.

5.3. Responsibilities

5.3.1. Procedure Management and Procedure Completion

The Lead Auditor is responsible for ensuring that this procedure is managed and completed. The Lead Auditor may delegate tasks to members of the Audit Team in regards to the management and completion of this procedure but retains overall responsibility.

5.4. When

This procedure should be conducted once the audit fieldwork phase has been completed.

5.5. Required Inputs

  1. Audit Plan;
  2. Audit Checklists;
  3. Non-conformance and Corrective Action Form(s), if relevant (partly complete);
  4. Team’s documentation relevant to the audit;
  5. Audit meeting records.

5.6. Required Outputs

  1. Audit Report (based on an approved Audit Report Template);
  2. Non-conformance and Corrective Action Form(s), if relevant – (fully completed).

5.7. Version Control

5.7.1. Version from 2.3 to 3.0 Uplift

Major uplift from the Acquisition System Guidance (ASG) to online version. POEMS has undergone major revision. Refer to the POEMS Transition Document for details.