Internal Audit Scope and Criteria

K

kylerf

I am an internal auditor. ISO 9001 requires that an audit scope and criteria be set for each audit.

My question is... can you have one audit scope and criteria for all audits?
Here is an example of my generic audit scope/criteria that i put with my audit plan. Would this satisfy that requirement or do i need a different scope/criteria for each individual audit? thoughts and comments appreciated.

"Scope: The audit scope for each audit consists of process based auditing within the organizations QMS across all applicable shifts."

"Criteria: The audit criteria is to assess if the organization has met the requirements given in the respectable ISO 9001:2015, IATF16949, and AS9100D standards, as well as reviewing to which extent the organization adheres to its own requirements, while also meeting any statutory/regulatory requirements or customer requirements. Previous audit findings, external and internal will be reviewed for their conformity."
 

AndyN

Moved On
I am an internal auditor. ISO 9001 requires that an audit scope and criteria be set for each audit.

My question is... can you have one audit scope and criteria for all audits?
Here is an example of my generic audit scope/criteria that i put with my audit plan. Would this satisfy that requirement or do i need a different scope/criteria for each individual audit? thoughts and comments appreciated.

"Scope: The audit scope for each audit consists of process based auditing within the organizations QMS across all applicable shifts."

"Criteria: The audit criteria is to assess if the organization has met the requirements given in the respectable ISO 9001:2015, IATF16949, and AS9100D standards, as well as reviewing to which extent the organization adheres to its own requirements, while also meeting any statutory/regulatory requirements or customer requirements. Previous audit findings, external and internal will be reviewed for their conformity."

Practically? No.
 

AndyN

Moved On
To help a little further:
Audit scope can be:

A process, a contract/customer requirement, a project, a plan, an area, an activity (maintenance for example), the system, two (or more) processes, part of a process - basically, anything you want (and don't let ANYONE tell you it MUST be a process, because it can be what your organization NEEDS to have audited).

The audit criteria can be:

A standard, a contract/customer requirement, a process, a procedure, a work instruction, a regulation, or any other requirement which the organization has to implement.
 
K

kylerf

Thanks for the response. Where/how should i identify my audit scope/criteria?
Should it be a paragraph or so at the beginning of the audit report?
 

AndyN

Moved On
Thanks for the response. Where/how should i identify my audit scope/criteria?
Should it be a paragraph or so at the beginning of the audit report?

You plan your audit based on scope and criteria. The standard gives us a clue - the importance of the process(es) and changes. The old standard said "status and importance". Think "Squeaky wheels". Where in your organization are there squeaky wheels?
 
Last edited:

AndyN

Moved On
I am an internal auditor. ISO 9001 requires that an audit scope and criteria be set for each audit.

My question is... can you have one audit scope and criteria for all audits?
Here is an example of my generic audit scope/criteria that i put with my audit plan. Would this satisfy that requirement or do i need a different scope/criteria for each individual audit? thoughts and comments appreciated.

"Scope: The audit scope for each audit consists of process based auditing within the organizations QMS across all applicable shifts."

"Criteria: The audit criteria is to assess if the organization has met the requirements given in the respectable ISO 9001:2015, IATF16949, and AS9100D standards, as well as reviewing to which extent the organization adheres to its own requirements, while also meeting any statutory/regulatory requirements or customer requirements. Previous audit findings, external and internal will be reviewed for their conformity."

This looks very much like what a CB/CB auditor would be proposing, and/or what a consultant might do as a gap or pre-assessment. It's highly unlikely that you'd be able to accomplish this as an internal auditor - especially starting out.
 

qualprod

Trusted Information Resource
Andyn

Regarding an internal audit done by external auditor. a normal audit, scope, compliance with 9001 2015.

In case of findings, do all findings detected have to be mentioned by the auditor to the auditee when audit is finished in any process and both have to agreed on findings?
or can wait and be commented in the closure meeting?.

If after the audit report sent to us by the auditor, we detected that one Nonconformity declared, we think doesnt proceed because he didnt mention this nc to the auditee, the Nc was mentioned in the closure meeting but the auditee said nothing, didnt refused it, nor talked anything about it.

What can we do? just to say that does not proceed? or should we talk to the auditor and suggest him to change the original audit report?

Are there somewhere ISO rules to follow?

Thanks
 

AndyN

Moved On
Andyn

Regarding an internal audit done by external auditor. a normal audit, scope, compliance with 9001 2015.

In case of findings, do all findings detected have to be mentioned by the auditor to the auditee when audit is finished in any process and both have to agreed on findings?
or can wait and be commented in the closure meeting?.

If after the audit report sent to us by the auditor, we detected that one Nonconformity declared, we think doesnt proceed because he didnt mention this nc to the auditee, the Nc was mentioned in the closure meeting but the auditee said nothing, didnt refused it, nor talked anything about it.

What can we do? just to say that does not proceed? or should we talk to the auditor and suggest him to change the original audit report?

Are there somewhere ISO rules to follow?

Thanks

Yes, if the CB and auditor are "professional". Audit findings should be presented to the client at the time of the audit.

There should be ZERO non-conformities reported after the audit is over.

Complain to the CB that a) NCs were NOT discussed at the time of the audit, b) that NCs were reported AFTER the audit was concluded and c) the report wasn't prepared and delivered at the time of the audit.

Be aware that this type of thing goes hand-in-glove with your selection of CB. If you weren't diligent in selection, chose "cheap" or "local", then this is likely to be the result. Also, if the CB doesn't ensure that their auditors DON'T do this type of unprofessional thing, then they may not handle your complaint every effectively, either. I would not pay for their audit until things are resolved to your satisfaction.
 
Top Bottom