AUDIT FINDINGS TIP 2:
Dreams don't work unless you do.
Here are some points (TIPS) noted by an External Auditor.
Always look at the Baseline Risk Assessment as one of the organisations supporting documents and need to be reviewed and kept updated at frequent intervals. (The Baseline Risk Assessment is the main Document an auditor/organisation use). (Example: An organisation never realised that it was exposed to local regulations that could have the potential of imprisonment or fines.)
The Baseline Risk Assessment is only an overview of the main operations risks and hazards (Could be in detail, but keep it short and sweet). (Example: All other minor risks will be addressed in Issue Based Risk Assessments/ Continues Risk Assessments as the organisation continue its daily operations.)
When determining the Risk Rating (Depending on the Risk Methodology used by the organisation), Legal and Other Requirements to be rated as a Very High Risk on Risk Assessments as it puts the organisation at an unnecessary major Risk of not complying with the law. (Example: An organisation lowered their Risk and caused that it never checked or evaluated this Risk.)
When one or more procedures with the same output/ task can be merged it will minimise document management. (Example: An organisation that has a corrective action procedure, preventative Action Procedure and a Non-Conformance Procedure can combine these 3 procedures into one General used procedure.)
Depending on the organisation procedure layout, process flows can be added as an Annexure to Summaries the complete procedure stated in the procedure document. (Example: Organisation with a complex procedure can narrow it down to a one-pager in document Procedure Annexures.
Always Annalise new risks to the organisation especially when an organisation starts working outside of the country of its origin. (Example: Fuel Increases, Logistics, Product Application, Money transfers from international markets, Site Establishment, Mechinising Risks, availability of electricity etc.)