ASI Certification: Third-Party Audit
The purpose of the independent third-party Audit is to verify that a Member’s Policies, systems, Procedures, processes and current performance conform to the requirements specified in the applicable ASI Standard. The process undertaken by Auditors is to collect Objective Evidence from a representative selection of the Member’s Certification Scope.
29 March 2023
The purpose of the independent third-party Audit is to verify that a Member’s Policies, systems, Procedures, processes and current performance conform to the requirements specified in the applicable ASI Standard. The process undertaken by Auditors is to collect Objective Evidence from a representative selection of the Member’s Certification Scope.
It features a few key components which are described in more detail below.
- Pre-Audit Planning: Prior to the Audit, the Auditor works with the Member to plan the Audit process. This includes gathering and reviewing information, defining the Audit Scope, identifying the Audit Team, estimating Audit time requirements and developing the Audit Plan. For higher-risk audits, the Audit Team provides the audit plan and schedule to the ASI Secretariat for review and comment. The Secretariat reviews the risk setting of the Entity(ies) to be audited and undertakes a detailed risk assessment which is then shared and discussed with the Audit Team. If and as required, the Audit Team revises their plan to better align with the higher risks and other issues the Secretariat have raised.
- Audit: The Audit process is risk-based and focused on obtaining and evaluating Objective Evidence. This involves inspections, verifications, and reviews of activities, review of documents and interviews with Workers and Affected Populations and Organisations to determine whether the Member’s practices conform to the requirements of the applicable ASI Standard. The fundamental objective of gathering Objective Evidence is that different Auditors working independently from one another should be able to reach similar conclusions in similar circumstances.
- Audit Report:
- Following the Audit, the Auditor prepares a detailed Audit Report through elementAL to the Member and ASI that summarizes the findings of the Audit. The maximum amount of time it takes between completion of the On-Site portion of the Audit and issuing Certification is eight weeks. If this timeframe cannot be met by the Auditor, the ASI Secretariat should be notified as to the reasons why.
- Following submission of the Audit Report, the ASI Secretariat undertakes oversight of the audit report and provides queries back to the audit team for follow up. Certification cannot be issued until the oversight process has been completed and the Secretariat is satisfied that the audit report provides a fair, accurate and complete representation of the Entity(ies) performance against the Standard(s). The oversight process assesses the audit execution, the stakeholder engagement undertaken, the Conformance ratings, the statements made, the level of appropriateness of Objective Evidence reviewed, maturity ratings awarded as well as details around the Audit and Certification Scope to ensure these are clear and unambiguous to the reader.
- A Public Audit Report is published on the ASI website every time a Certification is issued. This Audit Report includes, amongst other information, the Conformance findings for each Criterion, supported by Public Headline Statements, which provide a succinct overview of the Auditor’s findings and evidence reviewed.
- Periodic Reviews: After ASI Performance Standard or Chain of Custody Certification is granted, Surveillance (typically after 18 months) and Re-Certification Audits are conducted during/at the end of the Certification Period to verify continued Conformance and/or may assess other identified risks. Again, using a risk-based approach, the Audit Team will focus their efforts on any existing Non-Conformances to ensure they have been effectively closed out, and secondly focus their assessment on the areas of greater inherent risk.
Third-Party Audits are an important part of the ASI Certification Program. In conjunction with related initiatives such as Auditor and Registered Specialists’ training, the oversight process, witness assessments and Guidance documents, ASI is able to ensure continual improvement in the Program over time through making improvements and modifications to existing systems and processes (i.e., elementAL).
SHARE THIS ARTICLE