Understanding Stage 1 and Stage 2 Audits

5:06

During the certification process, Stage 1 and Stage 2 audits serve different purposes and provide distinct benefits.

Here’s an overview of what to expect with each stage, and how your organisation can prepare to become certified.

Stage 1 Audit: Documentation Review

The Stage 1 audit typically involves a review of the organisation’s management system documentation, including policies, procedures, and records.

This is a high level overview of the documentation and the system to make sure all the policies and procedures are in place.

It can be helpful to understand what the auditor is looking for during a Stage 1 Audit.

Gap Identification

The auditor will assess the organisation’s management system documentation against the requirements of the relevant standard (e.g., ISO 9001, ISO 14001). This helps identify any gaps or areas where the organisation’s documentation does not align with the standard’s requirements, and enables the organisation to rectify those gaps and prepare for the Stage 2 audit.

Familiarisation

The Stage 1 audit is also the time where the auditor becomes acquainted with the organisation’s management system, processes, and operations. It allows the auditor to gain an understanding of the organisation’s context, objectives, and key areas of focus. This familiarity helps the auditor plan the Stage 2 audit effectively.

Initial Assessment

The Stage 1 audit provides an initial assessment of the organisation’s readiness for the Stage 2 audit, and helps the auditor determine if you are adequately prepared for the comprehensive on-site assessment in Stage 2.

“When you’ve got your system developed and implemented enough, you can use Stage 1 to identify what you need to address before the Stage 2 audit.”

Jeremy Fisher, Southpac Certifications

Stage 2 Audit: On-site Assessment

The Stage 2 audit involves an on-site assessment of the organisation’s management system implementation and effectiveness.

This is the main part of the certification audit process, generally carried out at the clients’ premises, where the auditor will meet and interview staff, as well as go through all the documentation. During this stage, the auditor is seeking to verify the organisation’s implementation of the management system against the requirements of the standard – evaluating the effectiveness of their processes, controls, and procedures.

A Stage 2 audit is primarily focused on the following:

Process Evaluation

The auditor will assesses the organisation’s key processes, their interdependencies, and their alignment with the management system requirements. This evaluation helps identify areas of strength, as well as opportunities for improvement and optimisation.

Identification of Nonconformities

During the Stage 2 audit, the auditor may identify nonconformities or deviations from the standard’s requirements. This provides the client with specific feedback on areas that need corrective actions or improvements before certification can be granted.

Continuous Improvement

The Stage 2 audit is designed to promote a culture of continuous improvement within the organisation. It highlights areas for enhancement and encourages the organisation to identify opportunities for further development and refinement of its management system.

Does re-certification require Stage 1 and Stage 2 Audits?

The dual audit process (Stage 1 and Stage 2) occurs when an organisation begins the initial certification process. A Stage 1 audit only takes place when an organisation is first certified.

After the organisation is certified, a surveillance audit will be scheduled in 12 months time. A second surveillance audit will be held in another 12 months. Following this three-year cycle, each client will need to be re-certified, starting the cycle again.

The re-certification audit is an opportunity to take a fresh look at the organisation’s system and identify any new gaps that may have emerged as a result of changing processes or growth within the business.

How long does each stage take?

Depending on the size, scope and complexity of the company, Stage 1 usually takes around half a day to a full day.

The Lead Auditor will provide a brief report of the findings and then determine whether the client is prepared to go to Stage 2 or if they still have work to do. If that’s the case, the dates can be extended by a couple of weeks to ensure everything is in place for the Stage 2 audit.

A Stage 2 Audit is longer than Stage 1, with audit duration determined by the size, scope and complexity of the company, personnel numbers and number of site visits. During the Stage 2 audit, the auditor will spend time meeting and interviewing staff, as well as going through all the documentation.

Want more detail? Get a full run down of the ISO certification audit process.