ABSTRACT
Lead auditors must have a clear view of the risk-based auditing process, and know how to prepare for and perform in each stage. Selection of a sample of potential risks for our review and verification during the conduct stage of the audit is made by the lead auditor and their audit team members together, and independent of the auditee's view. The audit team can of course take account of site risk registers, and things they hear during early interactions with site staff, but the selection of risks for the work plan should be their own. The draft terms of reference document (ToR) will usually have been prepared when the audit was added to the organization's audit plan. The auditee is normally the most senior manager at the location being audited. Completed ToR documents often also include logistical information such as the audit team membership, planned start and finish dates, and the dates for the presentation of the agreed deliverables.
