Demystifying Audit - Part 2

Published: 30 November, 2016
Demystifying Audit - Part 2

The Audit

Despite having done quite a lot of ground work before getting to this stage, it’s this point where the real work starts.  The audit itself can be either planned (you’ve let the audit subjects know what will be happening) or unannounced (you turn up unexpected).   My personal preference is for a planned audit, I just think it’s generally good manners to let someone know in advance, plus there’s always that chance the person and/or information you need won’t be available if you just rock up.

Regardless if the audit is planned or unannounced, always introduce yourself to the people you’ll be working with and fully explain what you’ll be doing.  Also try to put them at ease, as per the opening paragraph of this blog, people fear the word audit.  Explain why the audit is been undertaken.   There’s a very good chance you will need to ask these people questions throughout the audit so you might as well get off to a good footing now.

When collecting the data, make sure you standardise your results.  I use Yes, No, N/A as my go to answers simply because it’s easier to analyse the results and most importantly easier for the person reading the final report.  No-one wants to see an audit result that says something like

15.00% - Yes
5.00% - Sort of yes
30.00% - Dunno
40.00% - No
10.00% - Couldn’t read what I put

Don’t make the results more complicated than it needs to be.  Ultimately you’re looking to see if something is compliant with the standard or not, hence Yes/No.

That’s not to say you can’t make notes.  It is good practice to offer further insight into the results so if you spot something that would benefit from being raised, make a note of it and include it in your report.

Never, ever be afraid to ask questions.  This is your opportunity rather than waiting for a few weeks and then raising it.   Not only will you have forgotten what the question was about, it’s also unfair on the audit subject.

Finally, always make sure you share the initial findings with the people involved in the audit.  You might not have the full results available but go through anything of note so the final results aren’t a complete surprise to them.

The Results

Let’s cut to the chase.  People will read headlines, they will read snippets of information.  They won’t (generally speaking) read lines and lines to get one single piece of information.   Where possible, put percentages for compliance on your results and use tables, it’s easier to read and is great for doing any benchmarking comparison later on.  It’s an absolute pet-hate of mine when I see results displayed as 9 of 25, it’s just lazy.  Yes it’s not that difficult to work out that 9 of 25 is about one-third.  But if the result is displayed as 35.00% straight away it’s far more effective.  Support these percentages with some commentary by all means, but try to avoid overcomplicating what the results0000 already tell us.

I’m a big fan of RAG (Red Amber Green) rating when it comes to audit results.  Set your guidelines accordingly and match the result up to the colours.  I always use 100.00% as Green so whenever anyone reads my reports they know if they see green, everything is fully compliant.  Depending on the nature of the audit I may say anything between 85.00% and 99.99% is Amber, which would indicate need for improvement.  Red would be anything under 75.00% and something that requires immediate attention.  As long as you set out your criteria, you can use this however you see fit.   As above, this makes reading the results a lot easier and any issues that need highlighting will stand out even more.


As a rule of thumb, anything that didn’t meet compliance (or was raised as an observational note) should have an action attached to it.  This goes back to why we audit, for quality improvements. Something isn’t working – let’s correct that.  Each action should have an identified action owner which is usually the person who will carry out that action and an agreed deadline for this.  Please don’t put someone down for an action without agreeing it with them first.  That’s really, bad form.  Some actions you will be able to provisionally agree with them immediately after the audit, some you will have to re-open the conversation at a later date.   Below is a sample Action template to show what is included in an Action.


Or High


Non-conformance or opportunity for improvement identified.

Corrective or preventative action


(for ensuring each action happens)







The really important thing with these actions is that they’re followed up.  There’s not a lot of point in identifying a shed load of actions, agreeing them and then no-one following them up.  The Auditor should follow these up at the agreed dates (deadline) to see if they’re satisfied the action is complete. 

The Audit Cycle

Audits follow a cycle of four key stages that’s called Plan Do Check Act, made popular by a really clever chap called W.E Deming after WWII.  For my money this is the most crucial piece of information you can remember when it comes to audits and as long as you stick true to it, you won’t go too wrong.

Plan – Establish what it is you’re wanting to audit, how and when you’re going to collect the data, what do you need for this etc.

Do – The actual auditing.  Collect the data.

Check – What does the data tell you?  Analyse the results.

Act – Issues that were raised in the Do and Check stage, put something in place to rectify them.


View all blog articles

Written by: Paul Holmes

Email Sign Up

Subscribe to our mailing list for news & update information