The purpose of a mock audit is to determine how well prepared an organization is for a full Stage II audit against a specified standard by a 3rd party Certified Body (CB).
Unlike our initial “readiness assessment” which has a compliance/certification roadmap as the final deliverable a Mock Audit is an “audit” with a specific objective related to the verification of an implemented system. It’s a trial run in order to see if the organization is “ready” for a 3rd party registration audit. In addition, this will also serve as a rehearsal for the actual 3rd party audit.
This mock audit ensures that your company is prepared for an actual formal audit engagement. It ensures that your organization continually operates in accordance with the specified policies, procedures and external requirements in meeting company goals and objectives to and to ensure that improvements to the management system are identified, implemented and suitable to achieve objectives.
During this phase, the auditor determines the main area/s of focus for the audit and any areas that are explicitly out-of-scope, based normally on an initial risk-based assessment plus discussion with appropriate stakeholders and management.
During the fieldwork phase, audit evidence is gathered by the auditor/s working methodically through the audit plan providing insight to an actual drawbacks, for example interviewing staff, managers and other stakeholders, reviewing relevant documents, printouts and data (including records of activities such as security log reviews), observing processes in action and checking system security configurations etc. Audit tests are performed to validate the evidence as it is gathered. Audit work papers are prepared, documenting the tests performed.
The accumulated audit evidence is sorted out and filed, reviewed and examined in relation to the risks and control objectives. Sometimes additional analysis identifies gaps in the evidence or indicates the need for additional audit tests, in which case further analysis may be performed unless scheduled time and resources have been exhausted. However, we prioritize audit activities by risk, which implies that the most important areas should have been covered already. Detailed audit findings and analysis, sometimes with extracts from the supporting evidence in the audit files where this aides comprehension.
The audit conclusions and recommendations, perhaps initially presented as tentative proposals to be discussed with management and eventually incorporated as agreed action plans depending on standard practices. A formal statement by the auditors of any reservations, qualifications, scope limitations or other caveats with respect to the audit.