What is the key difference between Audit Programme and Audit Plan?

Develop the winning edge; small differences in your performance can lead to large differences in your results: Brian Tracy


If there is any difference between Autumn, Fall and Patjhad (Hindi)? Do we realize when winter is ending and Autumn/Fall/Patjhad starts? How often we are observant that a tree full of leaves turns into a bare tree?


We often use different words interchangeably without realizing its correct meaning. Something similar is true with Audit Programme and Audit Plan. Although they have a distinct meaning and purpose, we (internal and external auditors) often use them as if there is no difference to it. ISO/IEC 17021: 2015 Part 1 beautifully explains the key difference.  

Definitions: ISO 9000: 2015

Audit (Cl 3.13.1): Systematic, independent and documented process for obtaining objective evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.

Audit Programme (Cl 3.13.4): Set of one or more audits planned for a specific time frame and directed towards a specific purpose.

Audit Scope (Cl 3.13.5): Extent and boundaries of an audit  

Audit Plan (Cl 3.13.6): Description of the activities and arrangements for an audit

Audit Criteria (Cl 3.13.7): Set of policies, procedures or requirements used as a reference against which objective evidence is compared


Detailed Information

What is the Audit Programme (ISO 17021 Clause: 9.1.3)?

An audit programme is a set of one or more audits planned to occur within a specific time frame and with a common purpose.

What is the Audit Plan (ISO 17021 Clause: 9.2.3)?

An audit plan is prepared by the auditor before each audit and aims to inform auditees about the audit objectives, audit scope, audit criteria, auditors, date and schedule of activities.

The key difference between the Audit Programme and Audit Plan:

S.No. Audit Programme Audit Plan
1 At Macro Level At Micro Level (Subset of Audit Programme)
2 From Certification body perspective, for the initial certification, it will include a two-stage initial audit, surveillance audits in the first and second years following the certification decision, and a recertification audit in the third year before the expiration of certification An audit plan is established before each audit identified in the audit programme to provide the basis for agreement regarding the conduct and scheduling of the audit activities
3 Shall be prepared to take into the consideration the size of the client, the scope and complexity of its management system, products and processes as well as demonstrated level of management system effectiveness and the results of any previous audits The audit plan should include the following: a) the audit objectives; b) the audit criteria; c) the audit scope, including identification of the organizational and functional units or processes to be audited; d) the dates and sites where the on-site audit activities will be conducted, including visits to temporary sites and remote auditing activities, where appropriate; e) the expected duration of on-site audit activities; f) the roles and responsibilities of the audit team members and accompanying persons, such as observers or interpreters
4 Where the client operates in shifts, the activities that take place during shift working shall be considered when developing the audit programme Within each individual audit plan, each manufacturing process shall be audited on all shifts where it occurs including the appropriate sampling of the shift handover.


5 As per IATF 16949 Clause

– audit all quality management system processes over each three-year calendar period, according to an annual programme

– audit all manufacturing processes over each three-year calendar period to determine their effectiveness and efficiency

The audit plan shall be communicated and the dates of the audit shall be agreed upon, in advance, with the client.

Present Challenges:

  1. How often internal and external auditors are aware of the difference between the audit programme and audit plan?
  2. How often organizations prepare audit programme and audit plan?


ISO/IEC 17021: 2015 Part 1: Conformity assessment — Requirements for bodies providing audit and certification of management systems

IATF 16949: 2016

ISO 9000: 2015

ISO 19011: 2018: Guidelines for auditing management system

This is the 93rd article of this Quality Management series. Every weekend, you will find useful information that will make your Management System journey Productive. Please share it with your colleagues too.

Your genuine feedback and response are extremely valuable. Please suggest topics for the coming weeks.

0 0 votes
Article Rating
Notify of
newest most voted
Inline Feedbacks
View all comments
Anju Tyagi
Anju Tyagi
3 years ago

Very authentic and sincere article.