As an organisation in the construction industry, it seems that you are always going through some type of audit or another. Whether it is conducting an internal audit in preparation for certification, or simply assessing your existing process, it never really ends. The best way to approach with this fundamental ingredient for remaining compliant is to swim with the current, not against it. In other words, it needs to be incorporated into the fabric of your organisation, and the best place to start is gaining a firm understanding of what you are up against. To help with that, this article describes the various types of audits used in the construction industry, what they consist of, and when they are required.
First-party audits, also known as internal audits, are used by organisations when they want to audit themselves. First party audits must be impartial and objective, structured and planned. They should also be formal in nature. An organisation may plan to conduct a first-party audit for various reasons, including:
To prepare for management review
To determine the extent to which requirements are being met
For self-declaration purposes (when an organisation goes on record declaring that it meets the specified requirements)
To identify areas for improvement and best practice
for more information you can read about iso 27001 audit cost in Australia
First party audits are of two types:
This is when an employee is appointed by their employer to conduct and internal audit on a process or set of processes in a particular management system to ensure they meet the requirements specified. However, going this route may jeopardise the objectivity of the audit due to the natural bias an employee will have towards its employer. This option is not recommended for small and medium-sized organisations. Larger organisations with multiple departments have a better chance of maintaining objectivity, providing they can find someone with no personal or professional interest in the area being audited. Even then, maintaining a completely impartial and unbiased mindset can still prove to be a challenge.
This is when an organisation hires the services of a specialty consultant such as Edara Systems, to ensure their internal audit is conducted impartially and with the upmost objectivity. When selecting a consultancy, it important to ensure their auditors are experienced working with the standards your systems will be audited against. There are countless different standards, and no one consultancy covers them all. Edara Systems specialises in all construction industry standards (quality, safety, environment, information security) and employs Australia’s most qualified and knowledgeable auditors, with over 30 years of combined industry experience.
Second party audits are external audits typically requested by buyers, head contractors or any other stakeholder, from the organisation they are contracting to ensure that they meet their standard requirements. Second party audits may also be requested by regulators as part of a construction compliance blitz to ensure construction organisations are staying compliant.
Third party audits are also considered external audits. However, they are conducted by independent entities such as certification bodies, regulators, or registrars. Typically, they all follow the same auditing/certification cycle. The cycle is as follows:
Initial certification audit
The initial certification audit is where the auditor verifies that key elements of the management system are in place and confirms that key processes are functioning as stated in the documentation. These elements consist of records, documentation, processes, etc.
Typically conducted twice throughout the 3-years certification cycle, surveillance audits usually take place in years one and two after the initial certification. They tend to focus on key areas that were identified as areas of improvement. Their purpose is also to identify whether your management system functions as intended in practical terms, or not. The auditor will also check whether:
All the incidents are documented
All corrective and preventive actions are documented and effectively implemented
Top management is sufficiently supporting the system
A recertification audit occurs typically on a triannual basis as it is the case for International Organization for Standardization (ISO) standards and the Federal Safety Commissioner (FSC) Accreditation Scheme. However, FSC accreditation may be granted for up to 6 years for organisations deemed a ‘low risk’ of non-compliance. During the recertification audit a lead auditor will examine your prior documentation on management systems, review your internal auditing procedures and assess overall business performance before making relevant recommendations on how to improve your internal processes. If all goes well, you will be granted recertification for another cycle.
Other types of audits
ISO also identifies two different ways of auditing your management system processes when conducting an internal audit:
Horizontal auditing: consists of auditing one process against all departments of an organisation.
Vertical auditing: consists of auditing all the processes of one department against the requirements of the standard being sought.
We hope this article brought some clarity on this vast topic. If you have any questions, or would like to have a chat about working with us towards ISO, AEO, FSC, ASP, CM3 or any other construction industry related standard, speak to a member of our dedicated team by emailing us at firstname.lastname@example.org or give us a call for an appointment on (02) 8091 5777 / 0423 083 996.