Definition

Audit program

An audit program is the set of audits planned for a time period, with defined objectives, scope and resources.

According to ISO 19011, the audit program establishes arrangements for a set of one or more planned audits. It includes objectives, scope, schedule, methods, resources and criteria. It must be based on risk-based thinking to prioritize critical processes.

Key aspects

Risk-based approach

The frequency and depth of each audit must be determined by the process risk level and results of previous audits.

Scope coverage

Must ensure all processes within the management system scope are audited within the certification cycle.

Program management

Requires a person with authority to manage resources, resolve conflicts and evaluate overall program effectiveness.

Frequently asked questions

At least annually, or when significant changes in scope, organizational structure or audit results require adjustments.

Top management must assign a responsible person with competence to manage the program, even if execution is delegated to qualified auditors.

Comparison

Ready to act on these findings?

Need an assessment in this area?

Request diagnosis→View research→

Loading content…

Audit program

Key aspects

Risk-based approach

Scope coverage

Program management

Frequently asked questions

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

Audit program

Key aspects

Risk-based approach

Scope coverage

Program management

Frequently asked questions

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

Audit program

Key aspects

Risk-based approach

Scope coverage

Program management

Frequently asked questions

Related content

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?

Audit program

Key aspects

Risk-based approach

Scope coverage

Program management

Frequently asked questions

Related content

ISO 27001 vs ISO 42001: key differences between information security and AI management

ISO 9001 vs ISO 27001: quality management vs information security

How to implement ISO 27001 in your organization

How to prepare for an ISO audit

Shadow AI: artificial intelligence use without formal governance

Personal data breach: exposure assessment and privacy controls

Ready to act on these findings?