audit plan

An audit plan is a documented description of the objectives, scope, criteria, methods, responsibilities, timing, and resources for a specific audit or series of audits. In industrial and regulated manufacturing environments, it typically covers internal audits, supplier audits, and external or certification audits related to quality, safety, environmental, cybersecurity, or regulatory standards.

What an audit plan includes

Although formats differ, an audit plan commonly specifies:

• Objective: Why the audit is being performed, such as verifying compliance with a standard, internal procedure, or regulatory requirement.
• Scope: Sites, departments, processes, products, time period, and systems to be audited, and what is explicitly out of scope.
• Criteria: The standards, regulations, procedures, and contracts the audit will measure against.
• Method: Techniques such as interviews, document review, records sampling, walkdowns, and system tests.
• Schedule and frequency: Dates, duration, and recurrence of audits, including surveillance or follow-up audits.
• Roles and responsibilities: Audit team members, auditees, and any required technical specialists.
• Resources and logistics: Access to systems, records, areas, and any required tools, data, or escorts.
• Reporting approach: How nonconformities, observations, and conclusions will be documented and communicated.

How audit plans are used in manufacturing

In manufacturing operations, an audit plan typically guides:

• Internal audits of quality management systems, production processes, OT/IT controls, or data integrity.
• Supplier and contractor audits to verify capability, quality, data handling, or compliance with technical and regulatory requirements.
• Certification and surveillance audits conducted by external bodies, including the planned frequency and coverage of surveillance visits.
• Regulatory inspections preparation by aligning required records, evidence, and responsible contacts with planned inspection focus areas.

Operationally, the audit plan acts as a reference for aligning MES, ERP, document management, and quality systems so that required records and evidence can be accessed during the audit window.

Common confusion

• Audit plan vs. audit program: An audit plan usually applies to a specific audit or short series of audits. An audit program is broader and covers the overall strategy, schedule, and governance for multiple audits over time.
• Audit plan vs. audit checklist: A checklist is a detailed set of verification points used during the audit. The audit plan defines the overall structure and conditions of the audit, which may reference one or more checklists.
• Audit plan vs. quality plan: A quality plan describes how quality will be managed for a product, project, or process. An audit plan describes how conformance to requirements, including quality requirements, will be examined.

Link to surveillance and certification audits

For certification and surveillance audits, the audit plan typically outlines the surveillance cycle, planned audit days, sites and processes to be visited in each cycle, and how follow-up on previous nonconformities will be handled. The plan is usually agreed between the organization and the certification body and may be adjusted based on risk, multi-site scope, and audit history.