VI.  Audits

Proceed as follows to enter data of a new audit report, starting from the left menu:

1- Click on “Organisations”

2- Enter the organisation name in the filter field and click on “Filter”

3- Open the organisation

4- Click on “Audits” in the left-hand side menu

5- Click on “Add audit”

6- Choose “New audit” in the drop list

7- Click on “Create”

8- Assign the applicable standards

9- Browse the menus on the left-hand side and enter the corresponding data by editing/saving each page

10- Validate the audit. For more information about validation, see section Validate / unlock an audit report

The ViaSyst platform allows to retake some stable data from one audit report to the next one. This allows a lot of time saving by editing audit reports.

1- Reproduce all the 5 first steps of creating a new audit

2- Choose the “Name of previous audit” from which you need to retake data

3- Click on “Create”

Note: If there is already an audit report for the organisation on the database, you will preferably choose the last audit in the drop list. This brings advantage that all available and potentially stable data will be taken over from the last report – so that you spare a lot of time for entering the new report, by just checking existing data and updating as necessary.

The ViaSyst platform allows to generate an audit report from the planning and retake some data. This allows a lot of time saving.

1- Click on “Planning”

2- Open the planning linked to the audit that you will generate by clicking on the “eye” icon

3- Click on “Generate audit folder” on the top

4- Click on “Create” to add a new audit or use the droplist and hoose the “Name of previous audit” from which you need to retake data and “Create”

Notes :

• All existing subsites’ data (except the “Description” field) are automatically injected into the audit folder and the certificates module at the time of the creation of the audit folder.
• Any modifications of the subsites’ data after the creation of the audit folders will not impact on the data carried over in these existing audit folders.
• For more information about the required rights to do this action, see: Roles and access rights

Tips and recommendations :

Audit name recommendation:

• Specify the audit type (e.g. certification stage 2 or surveillance, recertification)
• Add the audit date yyyy/mm/dd
• Example: Certification audit stage 2 2012/04/17

Instructions :

The ViaSyst audit reporting platform

• is interactive with the audited/certified organisation, allowing them editing the CAPA and reading all other parts of the audit folder/report,
• allows to structure and track your exchanges with the audited organisation throughout the entire audit process, i.e. already prior the audit for audit preparation and audit plan.

Thus, it is necessary that the organisation’s contact accesses to the various parts of the audit folder can be managed selectively and progressively.

Proceed as follows to publish selected parts of the audit folder for the contact organisation, starting from the main left menu:

1- Click on “Organisations”

2- Enter the organisation name in the filter field and click on apply

3- Open the organisation

4- Click on “Audits”

5- Open the corresponding audit report

6- Click on “Edit”

7- In the menu “Publication”, select the applicable option, to make the corresponding section of the audit folder visible for the organisation’s contact(s)

8- Save

Notes :

• As long as the audit has not been validated by the CB reviewer, only the ticked sections of the audit folder will be accessible for the contact organisation. The access to all other pages will be denied.
• All selections will be ticked automatically (i.e. all audit folder sections will be visible for the contact organisation) upon audit report reviewer validation.

Tips and recommendations :

• During the audit preparation, the option “Publish « Message box »” allows either the back office or the auditor to communicate and share documents with the contact organisation, e.g. documents requested from the client (management review, internal audit, …) or documents sent to the client (audit plan). NOTE: The « Message box » is visible only for the contact organisation and the assigned CB users, not for the scheme owner.
• During audit closure or in the next days after it, the option “Publish « Audit findings »” allows the auditor to share specifically the audit findings (and not the rest of the draft report) with the contact organisation in order to validate and agree the raised findings.

Proceed as follows to draft, generate and share and audit plan, starting from the left menu:

1- Click on “Organisations

2- Enter the organisation’s name in the filter fields and click on apply

3- Open the organisation

4- Click on “Audits” in the left-hand side menu

5- Open the audit for which you will generate an audit plan

6- Click on “Audit plan” in the left-hand side menu

7- Click on “Add audit step”

8- Enter the audit step details, i.e.: Date, Start and End Time, Process/Department, Auditors, Auditees, Standard requirements (all mandatory fields are marked with a red star)

9- “Save”

Proceed as follows to edit an audit step:

1- Open the audit for which you will edit an audit step

2- Click on “Audit plan” in the left-hand side menu

3- Click on the edit sign at the right to open the audit step in edit mode

4- Edit the corresponding fields

5- “Save”

Proceed as follows to delete an audit step:

1- Open the audit for which you will delete an audit step

2- Click on “Audit plan” in the left-hand side menu

3- Click on the delete at the right

4- Confirm deleting

Proceed as follows to update the text proposed by default in the explanatory fields:

1. Click on “Edit” on the top of the audit plan
2. Modify the proposed text as necessary
3. “Save”

Proceed as follows to print the audit plan:

1. Click on “Print” on the top of the audit plan page

The audit plan will automatically be generated as a pdf which you can share or print

Notes :

• For more information about the required rights to do this action, see:  Roles and access rights
• It is possible to link each finding to an organisation’s Process/ Department. For more information see: Add Audit findings

To save time for repetitive or very similar audit plans, you can :

• Click on ‘RETAKE AUDIT PLAN’. This will propose you the list of existing audits in the organisations to which you have rights. In this list, you can sort by the name of the organisation, the name of the audit and the name of the standard
• Click on the “eye” to preview the selected existing audit plan and check the content.
• Click on the “copy” icon, a page will open.
• Enter the date of your new audit and tick the boxes for the type of content you want to copy (Process, Auditors, auditees, standards requirements).
• Save
• The selected content will be injected into your audit plan, saving you time.

Tips and recommendations :

• We recommend that you create a ‘library’ organisation and give your auditors access to this organisation, where you can generate all the audit plans you generally need. This allows you to copy them as and when you need them.
  This feature will save you a lot of time when entering new audit plans, as you will be able to copy them and simply update the existing data.

Instructions :

Proceed as follows to enter data in check-list, starting from the main left menu:

1- Click on “Organisations”

2- Enter the organisation name in the filter field and click on “Filter”

3- Open the organisation

4- Click on “Audits” in the left-hand side menu

5- Open the corresponding audit report

6- Click on “Check list”

7- As applicable, for each clause assign a grading (OK, non-audited, non-applicable, Finding) from the droplist, attach a document and edit objective evidence

Notes:

• The edition of the check-list on the platform will automatically increment the audit findings in the “Audit findings” page and vice versa.
• If “Finding” is selected in the drop list, you have to assign a grading

8- Save: It is possible to save finding by finding by clicking on the cross under each clause, or you can complete all the clauses and save all together by clicking on “Save” on the bottom of the page.

Tips and recommendations :

• The check-list tool is supporting and simplifying the auditor’s job as follows:

1. before the audit: helps the auditors planning the audit, consigns notes and presumptions arising from the preliminary document review, acts as a sampling plan and time manager, and ensures a consistent audit approach
2. during the audit: serves as a note taking tool and a memory aid ensuring that the audit is conducted in a systematic, harmonized and comprehensive manner, and adequate evidence is collected;
3. after the audit: gives an overview about the organisation’s management system performance and compliance in a single view;
4. by reporting: the edition of the check-list on the ViaSyst audit reporting platform automatically increments the audit findings in the “Audit findings” page.

Mistakes to avoid:

• Forget saving your work!

You can “RETAKE CHECKLIST”: To save time for repetitive or very similar checklists.

1. Click on ‘Retake Checklist’.
2. This will propose you the list of existing audits in the organisations to which you have rights. In this list, you can sort by the name of the organisation, the name of the audit and the name of the standard.
3. Click on the “eye” to preview the selected existing checklist.
4. Click on the “copy” icon, a page will open with confirmation message
5. Click on “Save” and the content of the selected checklist will be injected into your checklist.

Tips and recommendations :

1. We recommend that you create a ‘library’ organisation and give your auditors access to this organisation, where you can generate all the checklists you generally need. This allows you to copy them as and when you need them.
   This feature will save you a lot of time when entering new audit checklists, as you will be able to copy them and simply update the existing data.

If you need a PDF version:

1- Click on “Reports”

2- Click on “GENERATE CL”

3- From the list, tick the standard for which you need to extract a PDF check-list

4- The PDF check-list will automatically be downloaded

Notes :

• For more information about the required rights to do this action, see: Roles and access rights
• The “OK” grading is assigned by default to all the clauses against which no non-conformity has been raised.
• Possibility to identify a value per default in the settings of each checklist. This value is automatically assigned to all items with no assigned value upon the “Reviewer validation” of the audit folder
• The CL is frozen/validated upon the validation of the audit folder. To edit the CL, you need to first unlock the audit report (do not forget to re-validate after edition)

a. Add Audit findings by CB user

Instructions :

Proceed as follows to add audit findings, starting from the left menu:

1- Click on “Organisations”

2- Enter the organisation name in the filter field and click on “Filter”

3- Open the organisation

4- Click on “Audits” in the left-hand side menu

5- Open the audit report

6- Click on “Audit findings” on the left-hand side menu

7- Click on “Add finding”

8- Assign your finding to the corresponding clause of the standard and grade it

9- “Save”

10- Edit the finding to complete it

11- Enter the corresponding fields (such as the Process / Department)

12- “Save

a. Enter implemented corrective actions by Organisation Contact

Instructions :

Proceed as follows to complete corrective actions, starting from the left menu:

1- Click on “My organisation”

2- Click on “Audits” in the left-hand side menu

3- Open the audit report

4- Click on “Audit findings” on the left-hand side menu

5- Click on “See finding”

6- Click on “Edit” and complete the corresponding fields

7- “Save”

Notes :

• Files may be uploaded to prove the non-conformity completion. Any kind of file may be uploaded, e.g. records, pictures.
• Once created, the findings will be classified by:
  • First process or department if there is a department linked to the finding (alphabetic order) (process is retaken for “Audit plan” section)
  • Second, (and for the findings which are not linked to the processes) by grading (major first, minor second, observation last)
  • Third, by standard in alphabetical order (for combined audits)

Forth, according to the order number of the clause

Instructions :

Proceed as follows to establish a maturity profile, starting from the main left menu:

1- Click on “Organisations

2- Enter the organisation name in the filter field and click on apply

3- Open the organisation

4- Click on “Audits” in the left-hand side menu

5- Open the corresponding audit report

6- Click on “Check list”

7- Select the standard for which the maturity profile shall be established

8- For each line, select “Scoring” from the droplist

9- As applicable, for each new entry select a scoring from the second droplist

10- “Save”

Notes :

• Adding a scoring on the platform will not increment a finding in the “Audit findings” page, just recording the affected score. It is the difference between assigning a finding and scoring.
• Upon report validation, the maturity profile is frozen/validated.
• The signification of a scoring is accessible when you click on the item title.

Instructions :

Proceed as follows to edit an audit, starting from the left menu:

1- Click on “Organisations”

2- Enter the organisation name in the filter field and click on “Filter”

3- Open the requested organisation

4- Click on “Audits” in the left-hand side menu

5- In the appeared audit list select one to edit it

6- Click on “Edit”

7-  Update the audit title, lead auditor, publication to the client…

8- “Save”

9- Browse the menus on the left hand side and edit the corresponding data by editing/saving each page”

10- “Save”

Notes :

• For more information about the required rights to do this action, see: Roles and access rights
• It’s not possible to edit a validated audit. Is should be unlocked by the user who validated it before edition. For more information about unlocking an audit report, see section: Validate / Unlock an Audit report by a reviewer (CB Validation)

Instructions :

Proceed as follows to communicate or share documents within CB users assigned to an organisation, starting from the left-hand side menu:

1- Click on “Organiations

2- Enter the organisation name in the filter field and click on apply

3- Open the organisation

4- Click on “Audits” in the left-hand side menu

5- Open the audit concerned by the communication or the documents to send

6- Click on “Audits” in the left-hand side menu

7- Open the audit report, section “Audit folder”

8- Enter the message to send in the “Comment” section

9- Attach a file if needed

10- Notify the right persons in the section “Notify to”

11- “Save”

Notes :

• In the section “Notify to”, only the CB admin users or the users who are assigned to the organisation (Edit rights or Review rights) are proposed
• Access to documents and comments entered or uploaded here is strictly limited to the concerned assigned CB users: administrator, reviewer and auditor. The audited organisation does not have access to this information.
• The following roles are ticked by default: reviewer, lead auditor, auditor.

Tips and recommendations :

• Use this “Comment” section to communication or share documents with the team and guaranty exchange historization.

1. Assign a Lead Auditor to an Audit

Instructions :

To assign a Lead auditor to the audit, open the audit folder and proceed as follows:

1- Click on “Edit”

2- Assign a Lead auditor in the field “Lead auditor”

3- “Save”

If the user name does not appear in the “Lead auditor” field list, you have to assign him as the Lead auditor of this audit/organisation.

To assign a user as a Lead auditor, you have 2 possibilities:

A- From Auditor profile

4- Click on “Auditors” on the left menu

5- Select the user to assign as a Lead auditor by clicking on his auditor number

6- Click on “Access rights”

7- Click on “Edit”

Now, you can either choose to assign a user as an auditor for all the organisations (Edit/Write) and tick the box “1”, or, Assign an auditor per organisation and tick the box of the organisation this user will be responsible for.

8- “Save”

B- From organisation profile:

6- Click on “Organisations” on the left menu

7- Select the organisation you need to validate an audit for

8- Click “Edit”

9- Now you can assign the auditor for this organisation by assigning him “Edit/Write” rights”

10- “Save”

Notes :

• For more information about the required rights to do this action, see:  Roles and access rights

1. Validate the Audit report (Validation by the Lead Auditor)

Instructions :

Proceed as follows to validate an audit report, starting from the left menu:

1- Click on “Audits”

2- Select the corresponding audit

3- Open the audit folder

4- Click on “Validation by the Lead Auditor”

5- Complete the eventual missing obligatory fields listed in the displayed error box by clicking on the links

6- If applicable, click again on “Validation by the Lead Auditor” once completed

7- “Save”

Notes :

• For more information about the required rights to do this action, see: Roles and access rights
• If any required field for the applicable report format is missing, a red bar will appear, with links to complete the corresponding fields.
• To unlock an audit report, see instructions Unlock the audit report

1. Unlock the Audit report

Instructions :

Proceed as follows to unlock an audit report, starting from the left menu:

1- Click on “Audits”

2- Select the corresponding audit

3- Open the audit folder

4- Click on “Unlock lead auditor validation”

Notes :

• For more information about the required rights to do this action, see: Roles and access rights
• If you need to re-edit your report, click on “Unlock lead auditor validation”, edit the audit and click again on “Validation by the lead auditor”.
• If you need to re-edit your report, and the audit report is validated by the reviewer, the reviewer should first unlock the audit report, then you can edit the audit and click again on “Validation by the lead auditor”.
• All actions related to validation of the audit report are listed in the “Status history” in the audit folder
• Once unlocked, the status of the audit report is “Unlocked by lead auditor”
• Once unlocked, the report is no more shared with your contact organisation

a. Assign a user as a Reviewer:

Instructions :

To assign a user as a Reviewer you have 2 possibilities:

A- From Auditor profile

1- Click on “Auditors” on the left menu

2- Select the user to assign as a Reviewer by clicking on his auditor number

3- Click on “Access rights”

4- Click on “Edit”

Now, you can either choose to assign a user as a Reviewer for all the organisations (CB Reviewer) and tick the box “1”, or, Assign a Reviewer per organisation and tick the box of the organisation this user will be responsible for.

5- “Save”

B- From organisation profile

1- Click on “Organisations” on the left menu

2- Select the organisation you need to validate an audit for

3- Click “Edit”

4- Now you can assign the Reviewer for this organisation

5- “Save”

Notes :

• For more information about the required rights to do this action, see: Roles and access right

b. Validate the Audit report:

Instructions :

Proceed as follows to validate an audit report, starting from the left menu:

1- Click on “Audits”

2- Select the corresponding audit to validate

3- Open the audit folder

4- Click on “Reviewer validation”

5- Complete the eventual missing obligatory fields listed in the appeared error box by Clicking on the links

6- If applicable, click again on “Reviewer validation” once completed

7- “Save”

Notes :

• For more information about the required rights to do this action, see: Roles and access rights
• If any required field for the applicable report format is missing, a red bar will appear, with links to complete the corresponding fields.
• The validation is necessary in order to check and confirm the submitted data are correct
• The CB Reviewer function (and person) is not obligatorily the same as the person designated within the CB’s organisation for meeting certification decision

c. Unlock the Audit report

Instructions :

Proceed as follows to unlock an audit report, starting from the left menu:

1- Click on “Audits”

2- Select the corresponding audit

3- Open the audit folder

4- Click on “Unlock”

Notes :

• For more information about the required rights to do this action, see: Roles and access rights
• If you need to re-edit your report, click on “Unlock”, edit the audit and click again on “Reviewer validation”.
• All actions related to validation of the audit report are listed in the “Status history” in the audit folder
• Once unlocked, the status of the audit report is “Unlocked by reviewer”
• Once unlocked, the report is no more shared with your contact organisation

Instructions :

Proceed as follows to delete an audit, starting from the left menu:

1- Click on Organisations

2- Enter the organisation name in the search field and click on “Filter”

3- Open the organisation (by clicking on its name)

4- Click on “Audits” on the left-hand side menu

5- Click on the name of the audit to delete

6- Click on “Delete”

7- Confirm

Notes :

• For more information about the required rights to do this action, see: Roles and access rights

Necessary rights:

“Review” rights for “Audit”

Instructions :

Proceed as follows to proceed to an audit review, starting from the left main menu:
1- Click on “Audits”

2- Enter the audit name in the filter field and click on “Filter”

3- Open the audit

4- Click on “Edit” in the audit folder

5- Select the applicable check list for review in the section “Audit review”

6- “Save”

7- Select “Audit Review” from the left-hand menu

8- For each clause, assign a scoring from the droplist, attach a document and edit objective evidence

9- “Save”

Notes :

• The “Audit review” module is only available for some packages (Business, Premium)
• The CB must provide ViaSyst with the requirements of the desired review checklists as well as the applicable scores (if any).

Tips and recommendations :

• Only CB users with “Reviewer” rights can enter audit review data.
• Auditors have a read-only access to the audit review checklists related to their audits and see if they need to modify their audit report.
• Other CB users have read-only access to the data entered in the audit review checklist.
• Scheme owners, external users and contact organisations do not have access to the audit review data.
• The standards (or sets of requirements) selected for the conducting audit reviews are not visible in the reports or in the audit plans.
• Once the audit folder has been validated by the reviewer, it is impossible to modify the data entered in the audit review checklist.
• If necessary, it is possible to link several audit review checklists to the same audit folder (for example if the different schemes have different requirements for the audit review).

Instructions :

Proceed as follows to generate an audit report, starting from the left-hand side menu:

1- Click on “Organisations”

2- Enter the organisation name in the search field and click on “Filter”

3- Open the organisation (by clicking on its name)

4- Click on “Audits” on the left-hand side menu

5- Click on the name of the audit

6- Click on “Reports” on the left-hand side menu

7- Click on “Generate online Report”

8- The complete audit report is generated and displayed in a single page

9- If you need a PDF version, click on “Print”

10- The PDF report will automatically be downloaded

Notes :

• This means that ulterior changes within the audit data or validation process will not be updated in the generated audit report.
• In order to keep track of the validation history, you can generate a version of the audit report at each step of the data entry process. Each version will be displayed and saved (with the generation date) in a list accessible directly when you click on the page “Reports” of the audit
• Each user having edit rights on the organisation (CB admin, Reviewer, auditor) can generate audit reports

In the section “Audit findings”, the findings are classified by:

• First process or department if there is a department linked to the finding (alphabetic order) (process is retaken for “Audit plan” section)
• Second, (and for the findings which are not linked to the processes) by grading (major first, minor second, observation last)
• Third, by standard in alphabetical order (for combined audits)
• Forth, according to the order number of the clause

Instructions :

Proceed as follows to generate an audit report, starting from the left-hand side menu:

2- Click on “Organisations”

3- Enter the organisation name in the search field and click on “Filter”

4- Open the organisation (by clicking on its name)

5- Click on “Audits” on the left-hand side menu

6- Click on the name of the audit

7- Click on “Reports” on the left-hand side menu

8- Click on “Generate Word Report”

9- Select the applicable Word template in the list (if any)

10- The complete audit report is generated and automatically downloaded in world

11- Adapt the Word report if needed, then, prepare a pdf version with your own software

Notes :

• The Word report version is only available for the Premium package, with a one-time setting cost for implementation
• The CB must provide ViaSyst the desired Word template

Instructions :

Proceed as follows to upload an audit report, starting from the left-hand side menu:

1- Click on “Organisations”

2- Enter the organisation name in the search field and click on “Filter”

3- Open the organisation (by clicking on its name)

4- Click on “Audits” on the left-hand side menu

5- Click on the name of the audit

6- Click on “Reports” on the left-hand side menu

7- Click on “Upload report”

8- Complete the title of the report as it will be visible in the report list, select the pdf file and “save report”

9- The PDF report will automatically be downloaded and available for your clients in the list of reports.

Instructions :

Proceed as follows to generate a finding report, starting from the left-hand side menu:

1- Click on “Organisations”

2- Enter the organisation name in the search field and click on “Filter”

3- Open the organisation (by clicking on its name)

4- Click on “Audits” on the left-hand side menu

5- Click on the name of the audit

6- Click on “Reports” on the left-hand side menu

7- Click on “Generate Finding Report”

8- The complete finding report is generated and displayed in a single page

9- If you need a PDF version, click on “Print”

10- The PDF report will automatically be downloaded

Notes :

• An finding report is a forzen picture at the time it is generated of:
  • the entered data, and
  • the status of the validation process progress
• This means that ulterior changes within the finding data or validation process will not be updated in the generated finding report.
• In order to keep track of the validation history, you can generate a version of the finding report at each step of the data entry process. Each version will be displayed and saved (with the generation date) in a list accessible directly when you click on the page “Reports” of the audit
• Each user having edit rights on the organisation (CB admin, Reviewer, auditor) can generate audit reports
• Once generated, the finding report will be available for the client to consult and print.

Instructions :

Proceed as follows to communicate or share documents with the organisation’s contact, starting from the left-hand side menu:

1- Click on “Organisations”

2- Enter the organisation’s name in the filter fields and click on apply

3- Open the organisation

4- Click on “Audits” in the left-hand side menu

5- Open the audit concerned by the communication or the documents to send

6- Click on “Message box” on the left-hand side menu

7- Enter the message to send in the “Comment” section

8- Attach a file if needed

9- Notify the right persons in the section “Notify to”

10- “Save”

Notes :

• In the section “Notify to”, the user identified in “Team” is the lead auditor (ticked by defaut) and the user listed under “Read / Write” are the auditors.

Tips and recommendations :

• You can use this “Message box” section to share documents with the organisation’s contact

Instructions :

Proceed as follows to extract audit’s data, starting from the left menu:

1- Click on “Audits”

2- Click on “Extract” available under the filter fields

3- The Excel Extract will automatically be downloaded

4- Save the file as “Excel File” (drop list in excel)

Notes :

• The option “Extract” is available for all CB users but the content of the extraction is restricted to the organisations that are assigned to them
• The Extraction is a simple way to browse in a unique file the list of all the audits generated by the Certification Body on the Database: displays one line per audit which contains information such as scopes, status of the audit, last audit day…