Audit plan outlines the audit scope1, audit objectives6 and approach to be taken in an audit.

Break
down organization into different sections of audit(like financial audit, information system audit,
operational audits), what type of audit to be conducted? nature and timing of audit, risk assessment

Determine the personnel responsible for conducting audits2 and people assisting them in tasks>set a
quarterly, monthly or yearly time-line for conducting audits3. Setup audit or board meetings to get
management’s input while reviewing audit plan, any risks that need to be addressed and proper
mitigation measures should be discussed.

Audit plan should cover Nature of procedures, time and extent of audit procedures. Audit plan should
also cover:

 Obtaining knowledge of client’s business i.e. policies, accounting system, internal control procedures etc.
 Ascertaining the nature, time and extent of the procedures of the audit

ISO 19011: The amount of detail provided in the audit plan should reflect the scope and complexity
of the audit, as well as the risk5 of not achieving the audit objectives.

In planning the audit, the audit team leader should consider the following:

 The composition of the audit team and its overall competence;

 the appropriate sampling techniques (see A.6);

 opportunities to improve the effectiveness and efficiency of the audit activities;

Audit planning should address or reference the following:

 the audit objectives;

 the audit scope, including identification of the organization and its functions, as well as processes to
be audited
 the audit criteria and any reference documented information;
 the locations (physical and virtual), dates, expected time and duration of audit activities to be
conducted, including meetings with the auditee’s management. 4
 the roles and responsibilities of the audit team members, as well as guides and observers or
interpreters

Audit Objectives

AUDIT PLAN

There can be risks5 associated with the following:

a) Planning, e.g. failure to set relevant audit objectives and determine the extent, number, duration, locations and
schedule of the audits;
b)Resources, e.g. allowing insufficient time, equipment and/or training for developing the audit programme or
conducting an audit;
c) Selection Of The Audit Team, e.g. insufficient overall competence to conduct audits effectively.
d)Communication, e.g. ineffective external/internal communication processes/channels;
e)Implementation, e.g. ineffective coordination of the audits within the audit programme, or not considering
information security and confidentiality;
f)Control Of Documented Information, e.g. ineffective determination of the necessary documented information
required by auditors and relevant interested parties, failure to adequately protect audit records to demonstrate
audit programme effectiveness;
g)Monitoring, Reviewing And Improving The Audit Programme, e.g. ineffective monitoring of audit
programme outcomes;
h)availability and cooperation of auditee and availability of evidence to be sampled.
j)Opportunities for improving the audit programme can include:
 allowing multiple audits to be conducted in a single visit;
 minimizing time and distances travelling to site;
 matching the level of competence of the audit team to the level of competence needed to achieve the audit
objectives;
 aligning audit dates with the availability of auditee’s key staff
 Audit objectives is finding the compliance
 Audit criteria is
Audit Time
0815-0845 Opening Meeting
0845-1145

Audit Objectives: Compliance check as per ISO 9001:2015 requirements

the audit scope: ABC Organization
Context of the Organization: Global electronic and electrical components distributor, supplying selected franchised
products to many major industries, including the consumer electronic products, PC peripherals, automotive,
automation, machinery, telecom, medical and power generation sectors.
Process Audit of its functional departments/verification of compliance against ISO 9001:2015
Audit criteria: ISO 9001:2015
Locations: XYZ
Date & time of audit: 4th March 2024
Audit Methods: checking test reports of products, incoming/outgoing inspection, risk analysis of product review
requirement(if any), sampling/corrective and preventive measures
Role of audit team members:
Role of guides:

TIME-LINE(YEARLY) 3
The responsibilities and requirements for planning and conducting audits, and for reporting and maintaining
records shall be defined.

Location /Date to conduct4

Risks Aud
1 Documented Information
Audit Scope Applicable ISO Identified
itor Activities to be audited
Audited 5
Clauses s2
Accounts Payable Te a. Check for Credit controlling.
Processing a b. Check Balance Sheet Accounts.
ABC-FIN-SOP-01 m c. Check Monthly Financial Statement
Financial Audit
A
Accounts Receivable d. Check monthly management report, variance analysis and
Processing budgeting
ABC-FIN-SOP-02

Clause 9.1.3: i. timely distribution and accurate quotations

Sales & Clause 9.1
ii. Implementing/Monitoring of sales strategy to achieve
Marketing
targeted goals &maximize business
Audit
iii. KPI Monitoring (RMA for number of returns/Quarantine
Reports/Lines Down)
Any customer Key Performance Index iv. Gauging customer satisfaction through timely response to
requirements (KPI) customers’ enquiry.
-ABC-MGT-SOP-01
differing from v. Looking for new business opportunities for Division
those
previously vi. Check BBB report, inventory report and quote summary.
expressed are
resolved

CSAT Form

SWOT Analysis
 HR & Admin  Medical/Emergency
 MIS Leaves HR Procedures
Record (ABC-HRA-SOP-01)
 Employees AttendanceSkills & Training Record
Record (ABC-HRA-SOP-02)

 Updating/maintaining
personnel file.
 Check Monthly Payroll
 Check Computerize
system
 Check for participation in
business
requirement
studies.
 Check for
Management
Review Risks Audit
Identified5 2
Meeting Management Review ors
Records ABC-MGT-SOP-02
Documented
Information Audited

Jan
Checking half-
Operational Audit yearly budgets
for logistics
and
 Logistics procurement

Check for
Release Of
Products &
Services,
Control Of
Non-
Conforming
Outputs

Customs clearance
documents
 Check for accurate
transaction entry
using ERP

 Ensuring the
Custom
Vendor Commercial
clearance
Assessment record
process on a
timely basis

 Check Logistics
Customer Service and PR (ABC-MKTG-SOP-02)
warehouse
records/proce
dures and
guidelines.

 Check for
expanding
vendors' base.

ABC-CS-SOP-02
 Check Purchase
Procurement Requisition.
 Check for
repeat orders.
 Check for non- PO Processing
 conforming ABC-PUR-SOP-01

product/qualit
y issues
 Check for any
outstanding ABC-PUR-SOP-02

payment
issues with
 QA customers. Verification, validation,
 Check for activities & criteria for
inquiries and product acceptance.
service
requirements,
including
amendments
or special
requests (if
any).
Corrective
 Check outgoing /preventive action
shipments ABC-QA-SOP-04
inspection
Handling of Non-Conforming
Products
ABC-QA-SOP-06
 Monitoring of
freight cost.
 Check Purchase
order and
shipment
arrangements.
 Check
Invoices/Inventory
Reports
 Check
incoming and
shipments
inspection

 Records
needed to
provide
Accepted Vendor
evidence that
List(AVL)
the realization
processes and
resulting
product meet
requirements.

 Check for
corrective/pre
ventive
measures and
the
investigation
of non-
conforming
product

 Check
documentatio
n and control
of records.

 Check the
environment
for the
operation of
processes (ESD
Control)
  Control of externally
provided processes,
products & services

 Check to
ensure the
purchased
product meets
the specified
requirements

 Check for
Conformity to
product
requirements,
characteristics
and trends of
processes and
products
including
opportunities
for preventive
action, and
vendors.

Audit criteria: iso standard 9001

provide relevant information on the audit objectives, scope, criteria, methods and audit team
composition, including any technical experts

request access to relevant information for planning purposes including information on the risks and
opportunities the organization has identified and how they are addressed

determine applicable statutory and regulatory requirements and other requirements relevant to the
activities, processes, products and services of the auditee

c) adequate time and resources for conducting the audit.

The amount of detail provided in the audit plan should reflect the scope and complexity of the audit,
as well as the risk of not achieving the audit objectives