"Stage 1" and "Stage 2" aren't terms ISO 55001 itself uses — they come from certification-body practice, but they're universally recognized. Stage 1 asks whether your asset management system is documented to conform. Stage 2 asks whether it actually works. Most asset-data nonconformities surface at Stage 2, and most of them are preventable.
Stage 1 vs Stage 2: the documented difference
Stage 1 is desk-based documentation review, roughly mapping to clauses 4-7 (context, leadership, planning, support). Auditors check that the asset register exists, its scope matches the AMS's declared scope, and procedures for maintaining it — additions, transfers, disposals, data-quality checks, and consistency between CMMS and financial ledgers — are documented. For 2024 audits, auditors also check whether the organization has produced the two new required artefacts: data/information specifications and a data-collection/quality-improvement plan (see our clause-level breakdown for the full detail).
Stage 2 is on-site implementation testing, roughly mapping to clauses 8-10 (operation, performance evaluation, improvement). Auditors reconcile the asset register to the general ledger (confirming net book value agrees to the balance sheet), physically verify a sample of assets for existence/location/condition, test data completeness against mandatory fields (asset ID, description, location, acquisition date, cost, depreciation method, useful life, owner, status), and target high-risk populations — zero-net-book-value assets still in use, fully depreciated assets still active, recent additions/disposals, and anything not verified in over twelve months.
Common nonconformities certification auditors document
| Nonconformity area | What it looks like |
|---|---|
| Unreconciled registers | Assets recorded in one system (FAR or CMMS) but not the other, signaling unrecorded additions or ghost assets. |
| Incomplete data fields | Missing location, acquisition date, or owner — impedes risk assessment and maintenance planning. |
| Ghost / unregistered assets | One of the most commonly documented finding classes — numerous or critical-asset cases can become major nonconformities. |
| Weak "line of sight" | Criticality ratings or risk data missing from the register, so planning can't actually use the data it depends on. |
| No predictive-action capability | No systematic trend analysis of asset data — a documented gap area under 2024's new clause 10.3. |
If a major nonconformity is found during an already-certified organization's surveillance audit, a corrective action plan is required.
The readiness checklist
- Reconcile the asset register to the general ledger before the audit — resolve discrepancies yourself, don't let the auditor find them first.
- Confirm mandatory data fields are populated for the full in-scope asset population.
- Have a documented, risk-based sampling methodology ready, with rationale for coverage of high-risk/high-value/critical assets.
- Run a physical verification pass covering at minimum the high-risk populations auditors target.
- Maintain an exception register showing every ghost or unregistered asset found, and its resolved disposition.
- If any verification work is outsourced, have your clause 8.3 documentation ready — see Physical Verification as ISO 55001 Evidence for the full depth on this.
- Show that CMMS/EAM KPI data is grounded in verified asset existence, not just self-reported system data.
CPCON's honest fit
CPCON's wall-to-wall verification, tagging, and reconciliation programs are exactly how an organization works through most of this checklist before the auditor arrives — producing the reconciled register, the exception log, and the sampling documentation. CPCON does not conduct the certification audit itself and does not decide what counts as a nonconformity — that's the certification body's judgment call. Our output is the evidence base a client walks into Stage 2 with. See also our ghost asset detection guide and reconciliation guide.
Frequently Asked Questions
What is the difference between an ISO 55001 Stage 1 and Stage 2 audit?
Stage 1 is a documentation review — is the asset management system designed to conform, and is the organization ready for Stage 2? Stage 2 tests implementation — does the system work in practice, verified through reconciliation, physical verification, and sampling. The terms come from certification practice, not the ISO 55001 text itself.
What does an ISO 55001 auditor check about our asset register?
At Stage 1, that the register exists, its scope matches the AMS, and procedures for maintaining it are documented. At Stage 2, that the register reconciles to the general ledger, mandatory fields are complete, and physical verification confirms sampled assets actually exist.
What are the most common ISO 55001 nonconformities related to asset data?
Unreconciled or incomplete asset registers, ghost and unregistered assets discovered during verification, weak linkage between asset data and planning objectives, and — for 2024 audits — no systematic trend analysis to support predictive action.
Can CPCON guarantee we pass our ISO 55001 audit?
No. Only the certification body decides the audit outcome. CPCON reduces audit risk by producing a reconciled register, exception log, and verification evidence base — it does not guarantee a certification result.
How far in advance should we prepare our asset register for a Stage 2 audit?
Reconciliation and physical verification should be complete well before the audit window, not discovered by the auditor. Many organizations run verification on a rolling quarterly cadence so the register is always audit-ready rather than scrambling beforehand.
Walk into your Stage 2 audit with a reconciled, evidence-backed register
CPCON's verification and reconciliation programs build the asset-data evidence base that reduces audit risk — before your certification body ever walks the floor.
Explore CPCON's fixed-asset count & tagging services


