Module 5: Audit Models and Structures – Team-Based and Site-Based Certification Approaches
Updated on June 9, 2025

Module 5: Audit Models and Structures – Team-Based and Site-Based Certification Approaches #

Audit Models for ISO Certification: Team-Based vs Site-Based Structures #

 Audit Types Based on Audit Team or Scope

1. Joint Audit #

Definition:
An audit conducted by two or more certification/auditing bodies on a single auditee.

Characteristics:

  • Common, when a client is subject to certification by multiple CBs.
  • Each auditing organization assigns its own auditors.
  • May be due to cross-border certifications or accreditation requirements.

Example:
A Malaysian site is certified by both a local CB and an international CB (e.g. DQS and TÜV SÜD) for different markets. They conduct the audit jointly to save time and ensure consistency.

Benefits:

  • Reduces duplication
  • Harmonizes results from multiple CBs
  • Better coordination in international or regulatory contexts

2. Combine Audit #

Definition:
An audit where two or more management systems are audited together at the same time, but with individual outputs (i.e. reports and certificates).

Characteristics:

  • Systems are not fully integrated.
  • Audit is conducted simultaneously, reducing audit burden.
  • Results are documented separately.

Example:
A plantation is audited for ISO 9001 and ISO 45001 at the same time, but gets two separate reports and two certificates.

Benefits:

  • Saves time and cost
  • Allows partial integration of systems
  • Flexibility in certification timelines

Limitation:

  • Duplication in documentation and audit findings
  • No synergies between systems beyond scheduling

3. Integrated Audit #

Definition:
An audit of a fully integrated management system covering multiple ISO standards, resulting in one report and one certificate.

Characteristics:

  • One management system aligned to multiple standards.
  • Audit planning, execution, findings, and reporting are fully integrated.
  • Integrated audit team reviews common and standard-specific requirements in a unified way.

Example:
An organization integrates ISO 9001, ISO 14001, and ISO 45001 into a single management system and undergoes an integrated audit covering all requirements in one go.

Benefits:

  • Unified system improves consistency and efficiency
  • Single point of control
  • Reduces redundancies in processes and documentation

Limitation:

  • Requires strong internal alignment of processes and documentation
  • Audit complexity increases, requiring multi-skilled auditors

Audit Types Based on Organizational Structure

4. Single-Site Audit #

Definition:
An audit performed on an organization operating from a single location, where all processes are implemented.

Characteristics:

  • All departments and processes under one physical or virtual roof.
  • Simpler audit scope and planning.
  • Often seen in SMEs or local companies.

Example:
A logistics company operating only from a central warehouse in Selangor is audited for ISO 9001.

Benefits:

  • Easier audit planning
  • Direct engagement with all functions
  • Lower complexity

Limitation:

  • May not reflect scalability or diversified operations

5. Multi-Site Audit #

Definition:
An audit of a multi-site organization under a single management system, coordinated by a central function, with multiple permanent/temporary/virtual sites.

▪️ Multi-Site Without Sampling #

All sites are audited.
Used when:

  • Sites perform different processes
  • Sector or regulatory requirement exists
  • Client requests it

Example:
A manufacturing group has different factories (e.g. electronics, plastics, metalwork), each with unique processes.

Benefit: Full visibility
Limitation: Higher cost and effort

Multi-Site with Sampling #

Selected sites are audited based on similarity and sampling logic (as per ISO/IAF guidance).

Conditions:

  • All sites operate under one management system.
  • Sites perform similar activities (e.g. same SOP, same risk profile).
  • Central function must manage the whole system.

Sampling Calculation:
Uses √n formula or per DQS table (e.g., 9 sites = audit 3)

Example:
Retail chain with 25 stores across Malaysia; 5 sampled annually, central HQ audited every year.

Benefits:

  • Efficient
  • Representative of the system
  • Lower audit cost

Limitation:

  • Not allowed in IATF 16949, AS9100, etc.
  • Not suitable if site variability is high

Additional Multi-Site Variant:

TypeDescription
Extended SiteE.g., warehouse or lab nearby to main site, not performing core processes. Treated as part of parent site.
Campus SiteMultiple units on same premises with different addresses. Can be grouped as one site.
Virtual SiteFully online operation (e.g., design company in cloud environment). Treated as a single virtual site.
Unmanned SiteNot permanently occupied (e.g., satellite monitoring station). Tied to parent site for audit purposes.
Temporary SiteE.g., construction site for a limited time. Audited if significant to scope.

Summary Comparison Table #

Audit TypeAuditing EntitiesManagement SystemSites CoveredReport/Certificate
Joint AuditMultiple CBsOne or moreOne auditeeSeparate reports or joint
Combine AuditOne CBSeparate systemsOne locationSeparate reports/certs
Integrated AuditOne CBIntegrated systemOne or more sitesOne report/certificate
Single-SiteOne CBOne systemOne locationOne report/certificate
Multi-SiteOne CBOne system with CFMultiple sitesOne certificate + annex

Rate this article.