UPDATE

ASI Certification: Third-Party Audit

The purpose of the independent third-party Audit is to verify that a Member’s Policies, systems, Procedures, processes and current performance conform to the requirements specified in the applicable ASI Standard. The process undertaken by Auditors is to collect Objective Evidence from a representative selection of the Member’s Certification Scope.

29 March 2023

The ASI Certification Process is underpinned by an independent third-party Audit conducted by ASI Accredited Audit Firms – this applies for both the ASI Performance Standard and ASI Chain of Custody Standard.

It features a few key components which are described in more detail below.

Pre-Audit Planning: Prior to the Audit, the Auditor works with the Member to plan the Audit process. This includes gathering and reviewing information, defining the Audit Scope, identifying the Audit Team, estimating Audit time requirements and developing the Audit Plan. For higher-risk audits, the Audit Team provides the audit plan and schedule to the ASI Secretariat for review and comment. The Secretariat reviews the risk setting of the Entity(ies) to be audited and undertakes a detailed risk assessment which is then shared and discussed with the Audit Team. If and as required, the Audit Team revises their plan to better align with the higher risks and other issues the Secretariat have raised.
Audit: The Audit process is risk-based and focused on obtaining and evaluating Objective Evidence. This involves inspections, verifications, and reviews of activities, review of documents and interviews with Workers and Affected Populations and Organisations to determine whether the Member’s practices conform to the requirements of the applicable ASI Standard. The fundamental objective of gathering Objective Evidence is that different Auditors working independently from one another should be able to reach similar conclusions in similar circumstances.
Audit Report:
- Following the Audit, the Auditor prepares a detailed Audit Report through elementAL to the Member and ASI that summarizes the findings of the Audit. The maximum amount of time it takes between completion of the On-Site portion of the Audit and issuing Certification is eight weeks. If this timeframe cannot be met by the Auditor, the ASI Secretariat should be notified as to the reasons why.
- Following submission of the Audit Report, the ASI Secretariat undertakes oversight of the audit report and provides queries back to the audit team for follow up. Certification cannot be issued until the oversight process has been completed and the Secretariat is satisfied that the audit report provides a fair, accurate and complete representation of the Entity(ies) performance against the Standard(s). The oversight process assesses the audit execution, the stakeholder engagement undertaken, the Conformance ratings, the statements made, the level of appropriateness of Objective Evidence reviewed, maturity ratings awarded as well as details around the Audit and Certification Scope to ensure these are clear and unambiguous to the reader.
- A Public Audit Report is published on the ASI website every time a Certification is issued. This Audit Report includes, amongst other information, the Conformance findings for each Criterion, supported by Public Headline Statements, which provide a succinct overview of the Auditor’s findings and evidence reviewed.
Periodic Reviews: After ASI Performance Standard or Chain of Custody Certification is granted, Surveillance (typically after 18 months) and Re-Certification Audits are conducted during/at the end of the Certification Period to verify continued Conformance and/or may assess other identified risks. Again, using a risk-based approach, the Audit Team will focus their efforts on any existing Non-Conformances to ensure they have been effectively closed out, and secondly focus their assessment on the areas of greater inherent risk.

Third-Party Audits are an important part of the ASI Certification Program. In conjunction with related initiatives such as Auditor and Registered Specialists’ training, the oversight process, witness assessments and Guidance documents, ASI is able to ensure continual improvement in the Program over time through making improvements and modifications to existing systems and processes (i.e., elementAL).

SHARE THIS ARTICLE

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
ARRAffinity	session	ARRAffinity cookie is set by Azure app service, and allows the service to choose the right instance established by a user to deliver subsequent requests made by that user.
ARRAffinitySameSite	session	This cookie is set by Windows Azure cloud, and is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.
ASI-Cookie-IE	1 day
connect.sid	session	This cookie is used for authentication and for secure log-in. It registers the log-in information.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_0QVGSE7SHK	2 years	This cookie is installed by Google Analytics.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Members

{{item.item.name}}

Pages

Files

Accredited Auditing Firms

{{item.item.name}}

Registered Specialists

{{item.item.name.title}} {{item.item.name.first}} {{item.item.name.last}}

ASI Certification: Third-Party Audit

ASI Certification: Third-Party Audit

Related articles