What is an Audit?
An audit is a structured assessment or inspection that verifies whether processes, systems, documents or products comply with established standards, legislation or internal guidelines.
Audits are carried out across IT, OT, quality, safety and compliance domains to manage risk, increase reliability and ensure regulatory compliance.
๐งพ Types of audits
| Audit type | Explanation |
|---|---|
| Internal audit | Carried out by the organisation itself to review internal processes |
| External audit | Carried out by an independent party, e.g. for certification |
| IT/OT audit | Focused on infrastructure, Cybersecurity, access, patch management, etc. |
| Compliance audit | Verifying adherence to laws and regulations (such as ISO 27001, GMP, FDA) |
| Process audit | Review of working processes and procedures |
| Product audit | Inspection of finished products against quality and specification |
๐ง What is being checked?
- Policies and procedures (e.g. Change Management, Incident Management)
- Logs and audit trails
- Documentation and version control
- Access and permission management (IAM, RBAC)
- Backup and Disaster Recovery procedures
- Physical and digital security
- Calibrations, validations and GxP compliance
๐ Preparing for an audit
- Ensure complete and up-to-date documentation
- Verify that all processes are actually followed
- Track changes and notifications carefully (CMDB, Version Control)
- Practise with mock audits or pre-assessments
- Involve relevant departments (IT, QA, production, security)
โ Purpose and benefits
- Insight into risks, gaps and improvement opportunities
- Assurance of quality, safety and compliance
- Trust from customers, regulators and certification bodies
- Avoiding fines, recalls or data breaches
๐ In summary
An audit is an essential tool for verifying that processes and systems meet the required standards, and contributes to continuous improvement, transparency and trust.