Management systems auditing


What is a business management system?

Organizations of all sizes need to manage risk, meet customer and societal demands, satisfy legislative requirements, and all in a world where change in those requirements is the only constant. The business management system is the way that successful organizations meet these challenges and ensure they set out principled programmes of change and improvement to address risk and opportunity.

In simple terms a business management system does the following:

  • Ensures that the stakeholder and regulatory requirements that the organization must meet to survive and prosper are identified: customer, health, safety, security, environmental, ethical etc
  • Ensures these requirements are captured in corporate policy and that these are owned within the organization
  • Ensures that policy is embedded in business process and practice through appropriate communication, objectives and controls through appropriate planning and risk mitigation
  • Ensures that performance is monitored, measured and evaluated
  • Ensures that performance is reviewed
  • Ensures that risk and opportunity identified is translated into its change programmes

What are management systems standards?

National standards bodies, such as BSI in the UK, work with the International Organization for Standardization (ISO) to develop management systems standards documents and associated guidance. These documents are all based on the business management system approach above but distil internationally agreed good practice on how to address the increasing range of stakeholder aspects:

  • ISO 9001 Customer requirements (products and service)
  • ISO 14001 Environmental aspects
  • OHSAS 18001 Health & safety aspects
  • ISO 22000 Food safety aspects
  • ISO 27001 Information security aspects
  • ISO 20000 Provision of IT services
  • BS 25999 Business continuity aspects
  • ISO 50001 Energy management aspects

A number of industry sectors have established their own versions of ISO management systems standards and guides to meet particular needs and sometimes to support industry controlled third party certification and supplier audit schemes:

  • AS 9100 Aerospace quality
  • ISO/TS 16949 Automotive quality
  • ISO 13485 Medical devices quality
  • ISO 26000 Corporate responsibility
  • TickIT Plus Software quality

With the growth in stakeholder requirements placed on organisations and the associated growth of standards, many organizations now seek to integrate or combine the range of aspects they must address into a single business management system.

IRCA provides auditor certification in most ISO management systems disciplines.

What is a business management systems audit?

An audit determines whether an organization’s activities and related results comply with planned arrangements to deliver customer, stakeholder and regulatory requirements. It determines whether these arrangements are implemented effectively, and are suitable to achieve the stated objectives. And it provides the organization with an understanding of risk and opportunity to inform future change and improvement.

There are three types of audit:

1. First party audits

Audits conducted by an organization’s own personnel (internal audits) and mainly directed at improving the management system, and checking compliance of the organization’s employee’s work practices and procedures. A properly conducted internal audit programme is recognized as an effective management tool.

2. Second party audits

Audits conducted of a supplier’s or contractor’s management system by a customer (external audit). This type of audit is often used to establish how the customer’s contract is being handled by an organization.

3. Third party audits

Audits conducted for certification purposes, usually by certification bodies accredited by a national accreditation body. Certificates issued by accredited certification bodies are recognized by international trading groups. This means that certified organization’s have better access to markets globally, and that their customers are provided with a level of confidence in their suppliers’ capability to meet requirements.

Business management system audit provides the following benefits:

  • Value for the users and stakeholders who rely on management systems certification to establish if the client organization’s management system can consistently meet customer and applicable regulatory requirements
  • Value for the auditee by:
    1. Providing management with information regarding the organization’s ability to meet its management system related business objectives
    2. Identifying problems that may prevent the client from meeting its management system related business objectives
    3. Identifying meaningful opportunities for improvement and areas of risk that are not identified or managed

What is an IRCA certified auditor?

With so much riding on the outcome of an audit the competence of management systems auditor is vital. And, as with any professional activity, it is important that auditors adhere to professional standards.

IRCA certification is the international gold standard for management systems auditors which indicates that an IRCA certified auditor:

  • Has met the required standards of training, technical experience, work experience and audit experience
  • Has committed to working to the professional standards set out in the IRCA code of conduct
  • Has committed to and undertakes on-going professional development to keep up to date with developments in standards, auditing methodology and industry requirements.

What is the link with IRCA certified auditor training courses?

IRCA also provides the international benchmark for initial training of auditors. Over 90 IRCA approved training providers have voluntarily met the strict requirements for course design, tutor competence and delegate examination and assessment. This provides confidence that delegates will benefit from a standard introduction to management systems audit and have their achievement of the learning objectives assessed consistently and fairly.

Passing an IRCA certified training course is only the first step to achieving the full professional recognition as an IRCA certified auditor. Aspiring auditors will also need to meet the education, work experience and audit experience requirements to achieve IRCA certified auditor status.

Member Services

IRCA members can log in here to access resources, update your details and pay subscriptions.


Log in

See Also

Have you been on an IRCA-certified training course?

Record your certificate to access a range of benefits from IRCA:

Find out the latest news

Follow our LinkedIn, Twitter and Blog:

Linkedin      Blog