OCAP – Internal Audit

The OCAP “Risk Factor” criteria relating to internal audit performance is:

AS9104/1A, Table 5 - Internal audit program risk analysis
Internal Audit Program Risk Characteristics
High Performing Audit Program Low • Properly resourced audit program
• Multi-event audit program, audit full QMS annually
• Audit program driven by risk and data
• Effective corrective action program
Average Audit Program Medium • Limited resources for audit program
• Internal audit is an annual event
• Full QMS is covered annually
• Conforming corrective action program
Low Performing Audit Program High • Audit program is not properly resourced
• Primarily desktop audits
• Audit program does not prevent major nonconformities from third-party audits
• Full QMS not covered annually
• Ineffective corrective action program


  1. To ensure a “Properly resourced audit program”, have more than one qualified internal auditor. If your company has limited resources, then consider outsourcing either a portion or the entirety of the internal audit program to a company that specializes in quality auditing… and can support AS9100 internal auditing activities (e.g., Quality Auditing, LLC).
  2. The criterion relating to a “Multi-event audit program, audit full QMS annually” means that, in order to be classified as a low risk, the company must “spread out” their internal audits over the course of a year (e.g., Quarterly, Monthly). For small companies, this could be difficult, but with only two or three core processes, these could be broken out to be 2 or 3 separate audits (with separate audit reports).
  3. The criterion relating to an “Audit program driven by risk and data” is not defined AS9104/1A. For further guidance see Risk-Based Internal Audits. And use my free “Risk-Based Audit Planning Criteria” form (in MS Word).
  4. The best way to ensure that you have an “effective corrective action program”, is to avoid engaging in Corrective Action "Whac-A-Mole".

Source: https://www.pngrepo.com/svg/85966/road-with-broken-line If you’re ready for a path forward now…
Just click here to schedule your FREE Certification Strategy Meeting (via Zoom) with me. I’ll answer any questions you might have. No sales pitch. Just information.

Or, for my cell phone & e-mail address, visit the contact us page.

100% of our clients achieve certification on their first attempt.

This means that no CB has ever required a “follow-up” or “special” audit for any of our clients prior to being issued their certification.

We provide you with “peace of mind” that we'll take care of QMS certification!