Audit Processes
The audit processes and the requirements of the audit processes carried out by KGS Certification as described in detail.
Initial Certification Audit
The initial certification audit comprises of two stages;
- Stage 1: Readiness review
- Stage 2: Full initial assessment
Stage-1 Audit
The Stage 1 audit also known as the readiness review is a preliminary assessment of your organisation’s management system to confirm its readiness to proceed for a full assessment also known as Stage 2 audit. The Stage 1 audit is carried out at your location. For multi-site organisations, Stage 1 will be carried out at the site where the management system is being managed such as the main office/headquarters.
During Stage 1 audit, the following will be carried out:
- Confirm the validity of the information given during the application process.
- Document readiness review to confirm the implementation status as well as the degree of compliance of your organisation to the prescribed standard(s) which includes the review of the mandatory documented information and records as well as the system maturity
- Confirm the scope of certification and the degree of compliance to applicable legal and other requirements.
- Review of internal audit and management review
The output of a Stage 1 audit is as follows
- A Stage 1 audit report detailing the degree of compliance to the prescribed standard and areas of concern such as non-compliances or opportunities for improvements that could become non-conformities during the Stage 2 audit
- Scheduling and planning for the Stage 2 audit
You will receive a written report detailing the audit findings. In order to become certified, your organisation must demonstrate that its management system is functioning and the various control mechanisms are operable.
Before the Stage 1 audit is conducted:
- your management system should have been in effect for a minimum of three months;
- one complete internal audit cycle should have been completed;
- one management review should have been completed.
Stage-2 Audit
The Stage 2 audit which is the full assessment of your organisation’s management system determines if your company has successfully documented and implemented all of the requirements of the specified standard(s). This is accomplished via an in-depth review of your documented information in-accordance to the prescribed standard(s) such as manual, policy, procedures, work instruction, forms, records, etc. and the confirmation of their implementation as well as the degree conformance of your organisation to the prescribed standard(s).
The audit is performed in accordance with the requirements of ISO 17021, ISO 19011 and KGS procedures. This audit will involve on-site interviews, examinations of documents and records and observations to thoroughly determine the implementation of the standard(s). This stage also reviews the areas of concern identified during the Stage 1 audit, if any.
Any nonconformities will be documented and identified as major or minor nonconformities;
- A major nonconformity is the absence or total breakdown of a system to meet a clause or sub-clause of a standard. A number of minor nonconformities against one clause or sub-clause can represent a total breakdown of the system and thus be considered a major nonconformity. A situation that raises significant doubt about the ability of the client’s management system to achieve its intended outputs is also a major nonconformity. A major nonconformity will require evidence of closure of the nonconformity no later than 30 days upon receiving the non-conformance report. Evidence submitted will be reviewed by the lead auditor/audit team member who raised the non-conformance. If the evidence is deemed sufficient by the lead auditor/auditor raising non-conformity, the nonconformance is closed. However, if the evidence submitted is not sufficient and the auditor finding the understanding of the organisation on the nonconformity is poor or the nonconformity is feared may lead to a major issue or adverse condition a re-audit of the non-conformance(s) may be carried out via a Corrective Action audit. A successful re-audit of the applicable non-conformance or area of concern will lead to certification.
- A minor nonconformity might be a procedure that is not comprehensive enough, a person who did not follow the procedure, or a lack of a required record or a single observed lapse in the system. For a minor nonconformity a corrective action plan is required to be submitted to the lead auditor/auditor no later than 30 days upon receiving the nonconformance report. If the corrective action plan submitted is accepted by the lead auditor/auditor, the finding is closed. Depending on the standard, the lead auditor/auditor may request evidence of closure instead a just a corrective action plan.
A written audit report, containing any nonconformities, is issued after the audit.
Although KGS is constrained from consulting, and therefore cannot advise you on how to react to a nonconformity, our auditors are often able to offer a range of examples of actions that would meet the requirements of the standard, or examples of compliant (and non-proprietary) systems we have seen. Because only you know what is right for your business, our auditors cannot say what solutions will work best within your company. You must determine your own nonconformity resolution.
Corrective Action Audits
If a major nonconformity is found during any audit, and the evidence of corrective action submitted by your organisation is deemed unsatisfactory by the lead auditor/auditor and/or the corrective does not give the confidence that the non-conformance is solved, a corrective action audit or re-audit will be scheduled to verify the implementation of the action(s) to resolve the nonconformity. The scope of the audit is limited to the clause or sub clause where major nonconformities were found. Corrective Action audit is a type of special audit with the primary focus being to audit the non-conformances or the areas where the non-conformances were raised.
Issuance of Certification
Based upon the Lead Auditor’s recommendation and/or Technical report reviewer’s recommendation for certification and the Decision Maker/Certifier’s decision for certification, the Management System Certificate will be issued. The Lead Auditor’s recommendation will be based upon the successful completion of the Stage 1 and Stage 2 audits and resolution of all nonconformities identified. Certification is valid for three years, and is dependent upon your company’s maintenance of its management system and upon adherence to KGS’s Certification Regulations.
Surveillance Assessments
Surveillance audits may be conducted either every six months or annually, at your discretion. The re-certification is conducted three years after the Stage 2 audit, and at three year intervals thereafter. A surveillance audit is a mini-audit that reviews a portion of the standard to determine if your company has maintained its implementation of the standard. In addition, surveillance audits will review your use of KGS’s and the accreditation body’s certification mark, status and closure of audit nonconformities and your customers’ complaints. The requirements for non-conformities are the same as stated for the initial certification audit. A specific audit plan will be developed for the clauses found to have major nonconformities or showing discrepancies towards conformance with the standard(s) prescribed.
Recertification Audits
A recertification is conducted every three years to review the status of the applicable requirements. The recertification consists of an on-site audit. A documentation review will also be conducted if there have been major changes to the documentation since the previous document review. It must cover the interaction between all elements of the system, the overall effectiveness of the system, and commitment to maintain the effectiveness of the system. In practice, this means that the entire standard must be reviewed in a single audit at least once every three years, and that this shall be in addition to regularly scheduled surveillance audits. In general, a recertification requires less time than the original Stage 1 and Stage 2 audits. After successful completion of the recertification, surveillance audits will be conducted for the next consecutives two years, prior to another recertification audit on the third year and this three-year certification cycle goes on. The requirements for non-conformities are the same as stated for the initial certification audit.
Certification Transfer Audits
A Certification Transfer audit is an audit carried out if your organisation is already certified to a management system and you wish to transfer that particular management system from your current certification body to KGS.
A Certification Transfer audit may be a Transfer-Surveillance or Transfer-Recertification depending on your current certification cycle.
For a Certification Transfer Audit to be carried out the following is required to be submitted to KGS:
- Most recent audit report of the existing CAB,
- Copy of NCRs raised by the existing CAB during the most recent audit, if any,
- Copy of valid certificate of the management system that is being transferred.
If the Certification Transfer audit is a Transfer-Surveillance, then the certificate with validity of the remining of the certification cycle will be issued. For instance, if Transfer-Surveillance is the 1st Surveillance a certificate with two-year validity will be issued upon successful audit, whereas, if the Transfer-Surveillance is the 2nd Surveillance a certificate with a one-year validity is issued upon successful audit.
If the Certification Transfer audit is a Transfer-Recertification, then the certificate with a validity of three years is issued.
The requirements for non-conformities are the same as stated for the initial certification audit.
Special Audits
A Special Audit is an audit carried out against the standard certification cycle. This type of audit is carried out when changes to your organisation such as in-terms of location and activities/scope and you require your existing certification with KGS to reflect those changes. Hence, a Special Audit is performed to address those changes and a certificate is issued as applicable upon successful audit. Also a Special Audit may be performed on non-conformances or areas where non-conformances were observed, this type of audit is a Corrective Action audit.
The requirements for non-conformities are the same as stated for the initial certification audit.