R2 Guidance & Knowledge Base
Building An Internal Audit Program
Internal Audits are a critical part of the R2 certification process. The training videos in this series are designed to help facilities build an internal audit program and conduct a robust internal audit that will maximize the effectiveness of internal audits and ensure useful results.
The R2 Standard requires three different internal audits that must be conducted:
- Legal Compliance Audit – This audit is specific to the legal requirements applicable to each R2 Facility. The requirement for periodically conducting this internal audit is found in Core Requirement 4(d)(3).
- Data Security and Sanitization Audit – This audit is used to assess both the facility’s data security practices, as well as its data sanitization plan and procedures, to confirm that they are effective in conforming to the R2 Standard, legal requirements, and the data sanitization plan. The requirement for this internal audit is found in Core 7(c)(3).
- R2 Internal Audit – A comprehensive audit of conformance with all the R2 Core Requirements and any of the applicable Process Requirements included in the scope of the facility’s operations. The requirement for conducting an R2 internal audit at least annually is found in Core Requirement 3(b).
Many people think that an internal audit is nothing more than a rehearsal for a certification body audit, but it’s much more than that. An internal audit, which can be conducted by a competent staff member or a consultant, allows for a planned and structured internal examination of the facility’s processes and operations to determine:
- Whether the operations are being conducted in accordance with the facility’s defined procedures;
- Do those procedures align with the requirements in the R2 Standard as well as related legal or other requirements;
- Is there adequate evidence, such as any records of process activities and results, to clearly demonstrate conformance or compliance with the applicable requirements depending on which of three audits is conducted.
Whether you work with a consultant or use your own competent staff member to conduct your internal audits – or a combination of both – the videos in this series will help to ensure effective and beneficial results from your internal audits.
Once you’ve completed your Internal Audits, you’ll need to implement effective corrective actions. As a companion module to the Building Your Internal Audit series, we’ve also released the R2 Corrective Action video to help guide you through this process.
