Audit Authority – Internal and External Sources

Before you start preparing to conduct an audit, you need to check and make sure that you are authorized to conduct that audit. Ask yourself, who has given you the authority or the power to conduct that audit.

There are two broad sources of audit authority: Internal sources and external sources.

1. Internal Sources

A. Organization authority:

Typically driven by the policy and procedures of the organization. E.g. ISO 9001 or ISO 14000 Manuals authorized by quality or HSE management position.

B. Hierarchical authority:

Management could authorize an audit of areas needing improvement or the area having a problem. The auditor is then authorized to make recommendations for improvements in those areas. This type of audit would typically be done on a regular basis, e.g. once per year.

 

2. External Sources

A. Contract:

The contract between client and supplier could have audit requirements. These requirements give the Client the right to audit the contractor or supplier as defined in the contract.
Some contracts have a requirement that the supplier will regularly conduct an internal audit and will provide a copy of the audit report to the client.


B. Management System Standard (e.g. ISO 9001)

If the company is certified to ISO 9001 standard, then they are required to conduct periodic internal audits to meet the requirements of the standard. In addition, the company will go through a periodic third-party audit as well as a part of the ISO 9001 certification.

C. Regulatory bodies (e.g. OSHA, FDA and EPA)

Organizations need to meet the requirements of statutory and regulatory bodies. To assure that they meet certain organizations such as OSHA, FDA and EPA might conduct an audit of the company operations, to check if they are meeting the requirements. 

  • OSHA (Occupational Safety and Health Administration)
  • FDA (Food and Drug Administration)
  • EPA (Environmental Protection Agency)