Audits in Management Systems

Audits of management systems (such as quality, environment, occupational health and safety, information security, among others) are structured assessments that seek to verify whether a management system:

• Complies with criteria and requirements (ISO standards, legislation, internal policies).

• It works efficiently, being continuously maintained and improved.

They are systematic, documented, independent and objective processes, designed to collect evidence on how a management system operates, comparing it with established criteria.

Types of Audit

Internal: organized by the company itself (competent internal auditors) to assess continuity, effectiveness and compliance.

External: carried out by independent third parties (e.g. ISO certifiers), which issue a conformity report.

Regulatory framework

They are guided by the international standard **ISO 19011:2018**, adopted in Colombia (NTC-ISO 19011), which establishes principles, planning, execution, competencies, and monitoring. It also integrates with national decrees (such as Decree 1072 of 2015) and sector-specific standards.

Process phases (according to ISO 19011):

Planning: preparation of the annual program, definition of scope, frequency, criteria and assignment of auditors.

Execution: formal opening, document review, interviews, process observation and recording of findings.

Audit report: document with non-conformities, observations and opportunities for improvement.

Follow-up and closure: Verifies that the organization implemented corrective actions within the established timeframe and closes the findings to its satisfaction.