Tips and worksteps to ensure audits go as smoothly as possible.

1. Complete the Pre-Audit Checklist
2. Identify component(s) with greatest amount of change/updates, and new, key feature(s) of greatest interest to the customer:
• Perform sample audit (pull a few threads)
• Create a report to share at the audit

1. At the beginning of the audit, set the stage for being cooperative and open to suggestions for process improvements; express gratitude for auditors finding defects.
2. Let the auditor(s) do the talking.
3. Designate a Lead to do all the talking for DDC-I; all other DDC-I attendees should only speak when asked.
4. Answers should be stated in terms of documented plans and procedures.
5. Answers should be limited to project information that is directly related to official audit discussion.
6. Emphasize that all life cycle data are controlled (configuration management, change control, etc.).
7. Recognize when a discussion would benefit from a later agenda item and consider deferring the discussion.
8. When there are differences of interpretation of the regulatory basis, don’t proselytize, instead come to a mutual understanding of each other’s positions; if agreement cannot be reached, defer the discussion.
9. Avoid contentious responses that may result in an auditor becoming entrenched in their position.
10. Avoid using the following words: informal, not documented, ad-hoc, in my opinion, I guess.
11. Avoid abstract or philosophical arguments.
12. Don’t get emotional, don’t take anything personally, don’t get defensive(personally or on behalf of the project or company), don’t debate or otherwise comment except to ask for clarification, and don’t be contentious about minor issues or observations.
13. Don’t have side conversations or work in the discussion room if it’s distracting.
14. Be cognizant of customer presence; don’t mention other customers or competitor’s systems.
15. Be aware of political issues between certification authorities that may have a bearing on audit activities.
16. Understand the difference between findings and observations.
17. Get agreement from auditors if a deviation from a normal practice is necessary to facilitate a demonstration (e.g. different server used for speed).
18. No data is better than out-of-date data - move this item to the checklist (ensure all data on slides are current).