Unannounced SA8000 Audits
The SA8000 process requires all accredited Certification Bodies delivering SA8000 services to conduct a minimum of one unannounced audit in the 3-year SA8000 certification cycle. Unannounced audits are not necessarily conducted to "catch" certified organisations in wrongdoing - they can be a highly effective tool for verifying continuing compliance at an SA8000-certified organisation.
The purpose of the unannounced audit is to provide as little notice as possible to the certified organisation to preclude them from altering normal activities and practices in order that a more realistic view of the certified organisation be achieved. Advanced notice of any kind, regardless of the reason, will diminish the effect of such an audit and should be avoided to the extent possible.
See SAAS Procedure 200:2015 for normative requirements on the conduct of unannounced audits. The number of unannounced audits varies depending on the risk assessment for each country.
- The second surveillance audit will typically be the unannounced audit.
- A major non-conformity (or persistent issues) may indicate the need for additional unannounced audits during the period of certification.
SAAS requirements for unannounced audits by their very nature do not contemplate any notification of the organisation prior to the audit. The certified organisation should be aware that the unannounced audit will generally take place between 4-8 months after the first surveillance audit. The 4-8 month time period is key as the organisation should not be visited on the exact 6 months date after the last surveillance audit.
The unannounced audit is part the contractual arrangement with the certified organisation and should be fully explained to the client by the certification body prior to signing the contractual agreement. It is incumbent upon the SA8000-certified organisation that they make plans specifically for the undertaking of an unannounced audit in such a way that they anticipate possible eventualities that could arise should the key management resources not be available on the day(s) of the unannounced audit. In this way alternate management could be made available to be responsible for critical areas and to make necessary documents available.
Unannounced Audit Considerations
There may be situations where serious obstacles must be overcome in applying the policy of unannounced audits - and in certain situations, the conduct of such an audit will not be practical, situations which no amount of prior planning will overcome. Such situations described to SAAS include:
- a requirement for travel documents such as visas;
- the need for special travel arrangements such as armed guards;
- and no lodging facilities for auditors in remote areas, etc.
Again, the purpose of the unannounced audit is to maintain the credibility and transparency of the SA8000 system by assessing an organisation which has not received prior warning of the audit in order that the system is viewed in its natural state. It is therefore necessary that each certification body consider this requirement as one that is critical to the process and must be conducted to the extent possible. Exceptions will be allowed based upon individual circumstances, such as those described above, but each CB is required to maintain a system for formal approval of the exception given by the controlling certification office whenever such an exemption is undertaken.