Management system audit requirements may include reference to documents such as policies, objectives, processes, procedures, instructions, quality plans, which can when combined with an audit scope statement, deliver internal audits which can be either wide-ranging or focused on any aspect of the organization or part thereof and which has the potential to address risk performance.
ISO 19011 considers that there is a risk associated with delivering an audit program which addresses all the requirements of the various standard or the management system are covered within a year.
Why does this method of scheduling create a risk?
Essentially audit programs which are fitted into an annual 12-month calendar program rarely take risk into consideration.