We have been informed by auditing company, that they will be removing "Observation" as an audit finding, as this is requirement from certification bodies and that the auditors will report as results of the audit only Non-conformities (minor & major) and Opportunities for Improvement. Is there a change in the audit reporting mandated for these ISO standards globally? For example for ISO 27001 "Observations" will be still used by the auditors. Or is this rather a decision of the auditing company and they have a right to remove "Observations"?
Assign topic to the user
First, it is important to note that, considering ISO 19011, the standard used for auditing ISO management systems, audit findings can be classified as conformity, nonconformity, opportunities for improvement, and recommendations (i.e., there is no definition for observation in this standard as an audit finding). The term "recommendation" refers to results that are not a non-conformity but the organization must take a look at to see if they can lead or not to an opportunity for improvement. Additionally, ISO management systems standards, like ISO 27001, also do not prescribe “observations” as an audit finding.
Considering that, the removal of observation as an audit finding will not impact current management systems, because in future audits findings that would be classified as “observations” will either be reclassified as NCs, OFI, or recommendations or be dismissed at all from the audit report.
For further information, see:
- Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
This course can give you further information about internal audit:
- ISO 27001:2013 Internal Auditor course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Mar 07, 2023