The importance of gap assessments in auditing

Whether you are planning to make changes to an existing management system, integrating one with a previously implemented structure, or just starting out with a new management system, most consultants – as well as certification bodies (CB) – will tell you to do a gap assessment first. But what exactly is a gap assessment?  

Why is a gap assessment required? 

In simple terms, ‘gap’ refers to what is currently missing in your organisation. It could be a document or a record, a policy or an instruction, or even an environment that is required to achieve the intended result. If your intended result is geared towards fulfilling customer requirements, you must ensure that your organisation has all the gap(s) filled before you decide to try to meet customer requirements.  

An organisation cannot declare itself to be free of hazards unless it first determines the potential hazards of all those activities that it can control or influence. It must put in place actions that must be implemented effectively to eliminate or reduce the likelihood of occurrences. In the case of CBs, an organisation cannot declare it has been ‘certified’ unless all the gap(s) have been addressed in terms of conformity against the requirements of a standard, such as ISO.  

Inputs and outputs 

The inputs of the gap assessment process is a list of your activities, products and/or services. This includes resources – such as workers, contractors, hardware and software, tools and machinery – and the existing management of such, including leadership, performance evaluation and improvement, to ensure they gel together.  

“In simple terms, ‘gap’ refers to what is currently missing in your organisation. It could be a document or a record, a policy or an instruction, or even an environment that is required to achieve the intended result.”

Andy Lau, IRCA Lead Auditor

Outputs of the gap assessment process are, of course, the activities, documents/records, competency, tools, machinery and the environment necessary to achieve conformance with the requirements of ISO (or another) and its intended results.  

The process of conducting a gap assessment involves a person(s) checking existing documentation, interviewing workers and the management team, and observing how things get done in the organisation. ‘Evidences’ collected are then compared with the requirements of ISO and a judgement made by the person(s) as to the extent of conformance.  

Ensuring success 

The results of the gap assessment are used by the leadership of the organisation to plan actions so that any non-conformances are addressed as soon as practically possible. ISO certification by the CB cannot be given until the evidences show that all non-conformances determined by the gap assessment have been converted to conformances and that all conformances are being maintained as such.  

Sometimes, a consultant may be engaged by the organisation to provide knowledge on how to convert non-conformances to conformances. At the end of the day, however, the implementation of conformances must be demonstrated by the organisation itself.  

The table below outlines some key questions for leadership when conducting a gap assessment, as well as the type of answer that will indicate a gap in the system that must be addressed: