When reviewing a quality management system, what should the IS auditor primarily focus on collecting evidence for?

Focusing on continuous improvement targets as the primary evidence in a quality management system review is essential due to its direct impact on the effectiveness and efficiency of processes. Continuous improvement signifies a commitment to ongoing enhancement of products, services, or processes, which is a fundamental principle in quality management. By monitoring these targets, an IS auditor can determine how well the organization is performing in terms of quality metrics and whether it is proactively seeking ways to improve.

Additionally, the monitoring of continuous improvement targets can reveal insights into the organization's quality culture, its responsiveness to feedback, and its adaptability to changes in the market or industry standards. Evidence in this area can shed light on whether the management system is dynamic and operationally effective, pointing to a commitment not just to maintain quality but to exceed standards through ongoing refinement.

While compliance with good practices, updates of standard operating procedures, and definitions of key performance indicators all play significant roles in a quality management system, they are often more static and may not provide the same depth of insight into the organization's commitment to improvement as continuous monitoring of improvement targets does. The focus on continuous improvement inherently encompasses the need for compliance, updates, and performance definitions, making it a more comprehensive area for the auditor to examine.