How can you prepare for your Certification Audit, and what should you expect?

Reading Time: 8 minutes

Published on: April 19, 2023

Preparing for a Certification Audit can be a daunting process for many businesses, regardless of their size or industry. Achieving Certification is a valuable way to demonstrate your commitment to quality management, customer satisfaction, and continual improvement in a number of disciplines. However, to go through the Certification Audits successfully, your organisation needs to effectively meet your chosen ISO Standard(s) requirements.

In this blog, we will cover the essential steps that businesses should take to prepare for Certification Audits, including what to expect during the audit process. Whether your business is getting certified for the first time or undergoing surveillance or re-certification audits, this blog will provide you with the knowledge and tools needed to succeed.

Let’s start with what a Certification Audit is.

What is a Certification Audit?

A Certification Audit is an independent evaluation process conducted by a third-party organisation – an Accredited Certification Body (formally called a Conformity Assessment Body – CAB) who verifies that an organisation’s Management System meets all the requirements of the business’ chosen ISO Management System Standard(s).

During the audit, the Certification Body assesses the organisation’s policies, processes, procedures, and relevant documentation to determine whether they meet the standard(s) requirements. If the organisation meets the requirements, the Certification Body issues a Certificate of Conformance – known informally as “ISO Certification”. The Certification is valid for a specific period of time (usually 3 years) and is subject to annual Surveillance Audits.

What are auditors looking for during a Certification Audit?

What auditors look for during a Certification Audit

During a Certification Audit, auditors are looking to verify that an organisation’s management system conforms to the requirements of the relevant standard(s). They are also looking to ensure that the system is effective in achieving the organisation’s objectives and meeting the needs of interested parties. Here are some of the specific things auditors will be looking for during a Certification Audit:

Conformance with Requirements: Auditors will verify whether the organisation has established a management system that meets the requirements of their chosen ISO Management System Standard(s) as well as the requirements of their own organisation. This includes sampling across the organisation’s processes, procedures, manuals etc to ensure they are documented and implemented effectively. The auditors will check the accuracy and currency, and also evaluate the effectiveness of the documented processes and procedures in achieving the organisation’s targets and objectives.
Evidence of Implementation: During the audit process, auditors look for specific evidence that demonstrates the effective implementation of the Management System. This may include checking documented records of completed forms, reports, logs, training records, meeting minutes, and other relevant documentation that show the implementation of the documented processes and procedures.
Management Commitment: The auditors will want to see evidence of management commitment to the management system, including active involvement by the leadership team, resource provision, and monitoring its effectiveness.
Continual Improvement: Auditors look for evidence of continual improvement in the management system, including regular reviews (indicating a proactive approach), corrective/preventive actions, and management of non-conformities. They will also look for evidence of corrective actions taken to address non-conformances or opportunities for improvement identified during previous audits.
Effective Performance Metrics: Auditors will seek evidence of effective performance metrics being established and used by the organisation to monitor and improve the management system’s effectiveness.
Employee Awareness and Competence: Auditors will look for evidence of employee awareness and competence in the management system, including roles and responsibilities and necessary competencies.

Overall, auditors are looking for evidence that the organisation has established an effective management system and is committed to continual improvement. They want to see that the system is being followed consistently and that it is achieving the intended outcomes for the organisation. It’s important to remember that they aren’t there to find mistakes, but rather to ensure effectiveness and help your management system improve!

How to prepare for your Certification Audit

Preparing for a Certification Audit can be a challenging and intimidating process for businesses, whether you are seeking Certification for the first time, or maintaining your existing Certification(s). However, with proper planning and preparation, businesses can ensure a successful Certification Audit and ultimately achieve their Certification goals.

Let’s run through the process for businesses who are going for Certification the first time, and also for businesses who are preparing for their Surveillance or Recertification Audits.

Businesses seeking Certification for the first time

This is what we call the Certification Readiness process. The first step is to determine the ISO Certification(s) you want or need to pursue. This depends on your business needs and the motivations to achieve Certification, and may involve conducting research, consulting with industry associations, or engaging a consultant with expertise in ISO Management System Standards and your industry.

Once the appropriate certification(s) have been identified, the business should buy the relevant licensed standard(s) and get familiar with the requirements. This interpretation of the requirements can be a very challenging task for many people that don’t have the expertise in this area, which is why many businesses choose to engage with a consultant to help.

The next step then is to implement a Management System that meets the requirements of the chosen ISO Standard(s). For a business that already has significant documentation in place, a gap analysis is recommended to identify any areas where they currently do not meet the Standard(s) requirements. With the Gap Analysis report at hand, the next step is to address the findings. If you’re not sure whether a gap analysis is the right first step for your business, or if you have enough documentation in place to justify one, check out this blog. However, for a business who is just starting out with little or no documentation in place, this is where you will need to develop a full Management System for Certification Readiness.

If you want to learn more about Management Systems, and how to develop and implement one, you can read more here.

Once the Management System is completed and implemented, in preparation for the Certification Audit, the business needs to conduct an Internal Audit to identify any potential issues and ensure that all requirements are now in place. The Internal Audit is different from the Certification Audit, but is also required by the ISO Management System Standards. This can be conducted by a professional consultant or internally by somebody who is trained and deemed competent.

The final step in the preparation is to conduct a Management Review to measure the effectiveness of the Management System, and ensure it accurately reflects the goals and objectives of the business. The business should also ensure that all relevant employees are aware of the upcoming audit and of their roles and responsibilities during the audit process.

Preparation for Surveillance and Recertification Audits of businesses already certified

The preparation process is similar, but will involve a greater focus on maintaining conformance and continual improvement. In this case, the main difference is that your Management System is already developed and implemented, meaning that the preparation for these audits is to ensure you’re keeping your Management System up to date all the time as part of your day-to-day operations, meeting the ongoing requirements of the ISO Management System Standard(s).

This includes regularly reviewing your policies, procedures, issues register, objectives and targets, and audit schedule, among others documents that could have changed. For example, quite often employees need to update the way they do things due to a variety of reasons, such as adapting to clients’ needs or technological advancements, among other factors. However, in many cases documented procedures are not updated as quickly, and as a result, the documented procedure may not accurately reflect the current practice. This is why it is important to include these reviews as part of your regular routine.

It’s also required that the business conducts regular Internal Audits to ensure ongoing conformance with the standard requirements and identify any areas for improvement. Issues that have been raised in the audit report from the Certification Audit should also be recorded to ensure that corrective actions are taken, and any non-conformances or opportunities for improvement are addressed. Evidence of those activities are checked in your next Surveillance or Recertification Audit by your ISO Auditor.

In addition, Management Reviews need to be conducted and documented at least annually. In this review you should revisit your business planning such as company objectives and targets, and other strategic and essential documentation such as interested parties analysis, SWOT/PESTLE analysis, as well as your business risk and opportunity assessments etc. You should ensure these documents are not only reviewed but also up-to-date.

We’ve achieved ISO Certification, what now?

To learn more about the ongoing activities required to maintain your Certification, you can read more here.

What should you do with the Certification audit report?

When you receive an audit report from your Certification Audit (or Surveillance Audit or Recertification Audit), it’s important to take several steps to make the most of the information provided. First, review the report thoroughly to understand the audit findings, including any non-conformances, observations, or opportunities for improvement.

Once you have a clear understanding of the findings, identify corrective actions for any non-conformities identified in the report. Develop and implement a comprehensive corrective action plan with specific steps, responsibilities, timelines, and success criteria. Note that the Certification Body will often give you a deadline for these corrective plans and actions to be done.

Finally, use the audit report to prepare for the next audit. Consider any areas of weakness or opportunities for improvement identified in the report and make adjustments to your management system accordingly. By taking these steps, you can ensure that your organisation is continually improving and delivering high-quality products and/or services to your customers.

In short, an audit report should be seen and used as a basis for continual improvement, highlighting from an external and fresh perspective, areas where your organisation can improve.

Our team of consultants are experts in developing effective management systems, and are passionate about helping businesses achieve, maintain and improve their Certifications. Since we started the business in 2007, every business that has followed our recommendations has achieved certification first time, and, as a result, we offer a Certification Readiness Guarantee – by following our proven planning process and advice, supported by our extensive industry experience, we can get you certified first time – Guaranteed!

With over 15 years of experience and a 5-Star Google Rating, our Consulting team can help you achieve and maintain your Certifications to the main ISO Management System Standards. Call us now on 1300 614 897, email us, or book your online FREE strategy session to solve any further questions about the Certification Process, or to discuss a tailored solution for your business.

About the author

Brooke Romer

Brooke is the Marketing Coordinator and Content Developer at ISO Certification Experts and ICExperts Academy. She is responsible for all of the communications with our audience, including well-researched content across our website, blogs, social media channels, and email marketing. Her passion revolves around simplifying complex topics, helping prospective clients to make well-informed decisions with ease.

All information on this blog site is for informational purposes only. As this information is based on our professional experience, opinion, and knowledge, we make no representations as to the suitability of this information for your individual business circumstances. Especiality Pty Ltd trading as ISO Certification Experts and all related businesses and brands will not be liable for any errors, omissions, legal disputes or any damage arising from its display or use. All information is provided as is, with no warranties and confers no rights.

We will not be responsible for any material that is found at the end of links that we may post on this blog site. The advice, ideas, and strategies should never be used without first assessing your own personal business situation or seeking professional and/or legal advice. Information may also change from time to time to suit industry and business needs, requirements and trends.