A Certification Audit is the first step for those organizations that have decided to undergo an assessment process with a Certification Body (CB) or Registrar to determine if their management system complies with the requirements of a given standard (ISO 9001, ISO 14001, OHSAS 18001, etc). This Certification Audit is divided into two stages: Stage 1 Audits and Stage 2 Audits.
These audits differ in many ways: their purpose, duration, information reviewed and sometimes even in the location where it will take place.
The objective of a Stage 1 Audit is to determine an organization’s readiness for their Stage 2 Certification Audit. Here the Registrar will review the management system documented information, evaluate the client’s site specific conditions and have discussions with employees. The auditor will look to see that objectives and key performance indicators or significant aspects are in place and understood. They will review the scope of the management system and obtain information on the organization’s processes and operations, the equipment being used, the levels of control that have been established as well as any applicable statutory or regulatory requirements. Internal audits and management reviews will be evaluated to ensure they are being planned and performed and the overall level of implementation of the management system to determine if they are ready to move forward with the Stage 2 Certification Audit.
The Registrar will use the Stage 1 Audit to complete Stage 2 Audit planning, including the review the allocation of resources and details for the next phase of the audit. Documented conclusions will be given to the organization that will outline the readiness as well as identifying any areas of concerns that could be classified as a nonconformance during the Stage 2 Audit.
Stage 1 Audit usually will be carried out in one or two days. This audit typically occurs onsite. For organization’s with more than one location the audit would usually be carried out at their head office location.
The Stage 2 Audit evaluates the implementation and effectiveness of the organization’s management system(s). During this audit, the Registrar will determine the degree of compliance with the standard’s requirements, and report any non-conformances or potential non-conformances that the organization will have to correct before the compliance certificate can be issued. If Stage 2 audit is successful, the organization’s management system(s) will be certified..
The Stage 2 Audit will include:
- All relevant documented information that evidences the management system’s conformity with all the standard’s requirements.
- Key performance objective and targets, looking at performance monitoring, measuring and reporting
- Evaluation of internal audits, management review and management responsibility for the organization’s policies
- All relevant processes, looking at operational control and the ability to carry them out as planned
The duration of the Stage 2 Audit is determined in accordance with IAF MD5. Depending on the size and complexity of the organization this audit can range anywhere from 1 to many days.
These are the main differences between Stage 1 and Stage 2 Audit. Nonetheless, every organization undergoing a certification process should maintain an open and clear communication with their Registrar in order to clarify any doubts that may arise before the audits take place.