Audit findings should state what was observed and how it relates to requirements. Nonconformity reports should be evidence-based and clear enough to support corrective action planning and later evaluation by the auditor.
Writing audit findings and nonconformity reports is part of closing the audit, and the course dedicates Day 4 to drafting findings, documenting nonconformities, and performing documentation and quality review. The goal is to produce outputs that are traceable, defensible, and usable for corrective actions.A useful audit finding connects three elements: the relevant requirement, the observed evidence, and the conclusion. Evidence should be specific and verifiable. If the evidence is weak, the finding becomes arguable, and the audit result loses credibility. Evidence-based auditing, which is covered in the program, supports this discipline by requiring clear linkage between facts and requirements.Nonconformity reports should avoid ambiguity. They should describe what requirement was not met, where the problem was observed, and what evidence demonstrates the gap. This makes it possible for the auditee to build an action plan that addresses the real issue rather than a symptom. The course also includes evaluation of action plans by the auditor, which depends on having a clear nonconformity statement and a clear expectation of what will be reviewed in follow-up.Quality review matters because report clarity is part of audit professionalism. The agenda includes audit documentation and quality review before closing the audit, which suggests checking for consistency, completeness, and correct use of audit language. This is also where the audit team ensures the report aligns with the agreed scope and that conclusions reflect the evidence collected during stage 2 activities.Finally, findings should support audit program management. When findings are written consistently across audits, trend analysis and continual improvement become possible. That is why the course includes “beyond the initial audit” and managing an internal audit program as part of the closing-day scope.
Strong findings are short, specific, and referenced. If a finding cannot be traced back to a requirement and a concrete observation, it will not survive challenge. During drafting, keep asking: what did we see, which requirement does it relate to, and what does it mean for conformity?For nonconformities, avoid mixing multiple issues into one statement. Separate them so corrective actions can be planned, implemented, and evaluated without confusion.
“A nonconformity is only as strong as its evidence trail.”
Expert Trainer
Expert Trainer
ISO 37301 audits assess whether a compliance management system is designed, implemented, and maintained in line with defined requirements. The focus is on governance, controls, processes, and evidence supporting compliance activities.
Day 1 covers ABMS fundamentals and ISO 37001 context. Day 2 covers audit principles and initiation including stage 1, Day 3 covers stage 2 on-site activities and test planning, and Day 4 covers findings, nonconformities, quality review, and audit program management.
An Anti-bribery Management System (ABMS) is a set of management system controls designed to prevent, detect, and address bribery risks. ISO 37001 specifies requirements for implementing and maintaining that system.
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.