Calculating Audit Time

How do you determine the number of audit days needed for an organization?

On the path to becoming ISO 9001 certified you will undergo external audits by your selected registrar (certification body). Audit time is determined by the size, complexity, risk, and nature of an organization. An accredited registrar will use the guidelines and requirements set forth by the International Accreditation Forum (IAF) to consider these factors and determine time required to audit clients.

The ISO 17021:2015 table below represents the guidelines provided by IAF to be used for calculating ISO 9001:2015 Audit Days based on number of employees.

When complexity, risk, and nature of the organization being audited are factored into the equation, the audit time listed in this table may be adjusted. IAF provides additional guidelines and requirements for considering these factors.

Every certification body will have their own process for determining ISO 9001:2015 audit time, but will need to account for these factors based on IAF requirements to maintain accreditation.

Audit time may fluctuate between the initial, surveillance and re-certification audits. A certification body could determine after an initial audit that more or less time is required for the surveillance audit.

Audit time may include remote auditing techniques such as web meetings, teleconferencing, and electronic verification of the client’s processes. This is not uncommon for certification bodies, especially for stage one audits.