Audit Criteria And Method Of Audit

Some of you can help me?
Recently, we have gone through first transition audit to ISO 9001-2000 standard. One major non-conformity raised was, in our audit procedure, we have not defined the audit criteria and method of doing internal audit. We have demonstrated that audit program takes into consideration of customer complaints/repetitive non-conformances etc. Also all our internal auditors are trained by external agency, and they know how to do the audit. Why should I tell them the method of audits? In the procedure, we have mentioned about the preparation of check list on need basis. But it is not mandatory that every auditor use the check list.

However, I could not convince the external auditor. I seek your inputs in this regard.

Thanks in advance,

Elsmar Forum Sponsor

M Greenaway

Hmmm tricky one.

The standard says that audit criteria and methods shall be 'defined'.

It then goes on to say 'responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records shall be defined in a documented procedure.'

Why are these two seperate sentences ? Can audit criteria and methods be 'defined' but not in a documented procedure ?

My guess is that your auditor is looking for the audit criteria and method in your documented procedure.

Strictly following the letter of the law he is incorrect.

If however he is just saying that it is 'not defined' he has a case. However if everyone appears to follow the same criteria and method you could argue that it is defined by 'custom and practice'.

This, in my opinion, is where ISO9001:2000 is weak compared to the 1994 standard in that it doesnt mandate procedural requirements. As such this kind of debate will undoubtedly be experienced by us all.
Thanks Greenway, for your comment!

Now I have to re-write the Internal Audit Procedure. Can you give me some hints, how I define audit criteria and method of audit? We talked about the use of checklist on need basis. The qualification of auditor is mentioned in our procedure. The status and the important of audit area have also been taken care of. What more to write?


Aaron Lupo

If I am understanding you, your procedure tells who has responsibility for your audit system, how the schedule is determined, how they are conducted (as far as contacting the manager of the area to be audited to set it up), how the results are reported to the responsible party and upper management, what standards you are using to do the audit, time frame for responding to issues from the audit by the responsible person, what happens if scheduled audits can’t be completed, and how they are trained. I would say that’s all you need.
Yes, in our audit procedure, we talked about audit plan, status and importance of area to be audited, selection of audit team, audit notification(name of auditor/auditee/department/time of audit/ISO clause), reporting audit finding in audit reporting form, collection of audit report, closing of audit findings, and auditor's qualification.

However, the ISO standard, specifically calls for criteria and method of audit to be defined. I feel the external auditor wants, some kind of heading, Audit criteria, and I should write something under this heading. My problem is that what I write under heading, audit criteria. Method , I understand, I shall write about the use of need base Check list etc. Though I feel making mandatory use of check list is redundant. We have been ISO certified from 1998 onwards. Our internal auditors were trained in ISO 9001-1994 standard and have carried out numerous audits. They have been trained specifically for ISO 9001-2000 standards. Why I should tell them how to do the audit?

I can close the non-conformity and send it to external auditor. However, it should not come back to me saying that closing of non-conformity is not satisfactory. That is the reason, I want inputs from this forum to re-write my procedure.




The audit criteria is basically what you are auditing against. There are various types of audit, such as system, process, product, contract, etc.

For Internal Quality Systems audits the criteria will be the same for all of them, and can be a bland statement in your auditing procedure, or a declaration on your audit reporting system.

Basically the criteria would be auditing of complaince to the requirements of ISO9001:2000 and other requirements detemined by the organisation, and to detemine the effectiveness fo the quality system.

I think your assessor is being a bit of a split ass on this one. The criteria for internal audits to ISO9001:2000 is obvious, but like you say the standard does require you to state this !!

M Greenaway (posting from home on a Saturday night - I must get a life).


Quite Involved in Discussions
Audit Criteria (9000-2000)-set of policies,procedures or requirements used as a reference. This of course is associated with planning. You must define the policies,procedures,standards to which the audit is conducted. What standard are you auditing to? What system procedures are you auditing against,of course you must audit to those mentioned in 4.2 and any others. If you had no porblem with 94,should not have none with 00
Thanks Greenaway, for your inputs!

I will make up something and send to auditor. Hope it will work.


barb butrym

Quite Involved in Discussions
don't make something up to please the auditor!!!!!! What ever you do needs to add value to your system NOT HIS AUDIT!!!!!!

Your report lists the standard and procedures/rev audited against doesn't it? then thats defining the audit criteria....thats where you define it...just say so. As for the method, your audit trail notes are the record of the method (where, who, what reviewed/ interviewed etc....). The auditor training gives you the expertise to plan and determine the method on an audit by audit basis.

its your system not the auditors!!!!!

my pet peeve, can you tell???????????

barb butrym

Quite Involved in Discussions
I just reread your initial post....A MAJOR?

Damn......A major is a total breakdown or absence of a system

You need to stand up for yourself.......
Thread starter Similar threads Forum Replies Date
M Audit Criteria Training Materials Internal Auditing 1
eule del ayre IATF 16949 / ISO 9001:2015 audit criteria IATF 16949 - Automotive Quality Systems Standard 17
M Internal Audit Assessment Criteria - ISO 13485:2016 Internal Auditing 21
V Process and Internal Audit Criteria matrix wanted Internal Auditing 8
K Internal Audit Scope and Criteria Internal Auditing 9
K ISO 9001:2015 clause 9.2.2 a. - Define the audit criteria and scope Internal Auditing 2
A Where can I find the NADCAP Audit Criteria for all the processes? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
JoCam Nadcap AC7120 (Audit Criteria for Circuit Card Assemblies) - Acceptance Criteria AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
A Acceptance Criteria - ISO 9001:2008 Clause 8.2.4 - Questionable Audit Finding? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 40
B FDA 21 CFR Part 820 Medical Device Audit Criteria US Food and Drug Administration (FDA) 5
R Should Internal Audit criteria be a Controlled Document? Internal Auditing 5
V SOPs and Internal Audit Criteria for Regulatory Affairs (Submissions Function) US Food and Drug Administration (FDA) 4
R AC7101/11 Nadcap Audit Criteria for Materials Test Laboratories ? Fastener Testing Various Other Specifications, Standards, and related Requirements 1
P Can CBs audit according to OHSAS 18001 criteria when they audit your QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
J Nissan Supplier Audit Criteria Customer and Company Specific Requirements 7
M Iso/ts 16949 Product Audit Auditor Criteria and Qualifications General Auditing Discussions 3
S Establishing Internal Audit Nonconformity Level Criteria - Major vs. Minor? Internal Auditing 46
W What is the major audit criteria of first party audit and second party audit? General Auditing Discussions 4
B Chrysler PFMEA Audit Criteria Checklist to evaluate your Process FMEA FMEA and Control Plans 7
M Audit Scope vs. Audit Criteria - What is the difference? General Auditing Discussions 2
S What standard/criteria do they use to audit OHSAS 18001? Occupational Health & Safety Management Standards 1
R Volkswagen Quality Systems Audit - What criteria did they use and how did you prepare Customer and Company Specific Requirements 18
J Help to understand and response to API AAR during the re-certification audit Oil and Gas Industry Standards and Regulations 14
B Internal audit checklist Internal Auditing 5
V Internal Audit Software IATF 16949 - Automotive Quality Systems Standard 5
J Internal Audit Schedule IATF Internal Auditing 3
Mikey324 External calibration - Finding in our 3rd party audit General Measurement Device and Calibration Topics 58
C ISO 14001 Internal Audit - Opportunity for Improvement ISO 14001:2015 Specific Discussions 2
P Does FDA require certification for quality system internal audit for auditor? Qualification and Validation (including 21 CFR Part 11) 1
J Stage 2 audit initial cert, few data points ISO 13485:2016 - Medical Device Quality Management Systems 4
S Corrections not allowed during audit ISO 13485:2016 - Medical Device Quality Management Systems 7
P Looking to outsource Internal Audit - MDSAP competent auditor needed Other Medical Device Regulations World-Wide 9
R GFE Audit - Violation? GFE Location Controls AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
D Help Me. Non conformitty in External Audit IATF 16949 - Automotive Quality Systems Standard 13
M How to answer ISO9001:2015 audit finding of old revisions of documents being used? Document Control Systems, Procedures, Forms and Templates 8
B UKRP to what level should you audit Class I Technical Documentation? UK Medical Device Regulations 0
I Audit is tomorrow but I refused to participate Misc. Quality Assurance and Business Systems Related Topics 16
I ISO 17025:2017 / ANAB 3125 - Articulating / Communicating Risks vis-a-vis Audit Findings ISO 17025 related Discussions 2
D Verify Audit Trail of SaaS system Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 3
D Re-labeler - audit the supplier EU Medical Device Regulations 2
J Outsourced Internal Audit requirements for Aerospace Suppliers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 21
A PPAP question for audit APQP and PPAP 16
D Number of people to be interviewed during an internal audit? Internal Auditing 10
B Gamma Quarterly Audit Medical Device and FDA Regulations and Standards News 1
A Anxiety - ISO Re-registration Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 69
Ed Panek Auditor MDR (Presub audit) finding EU Medical Device Regulations 2
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
D Question and advice for a supplier self audit questionnaire ISO 13485:2016 - Medical Device Quality Management Systems 6
S Quarterly Dose Audit Medical Device and FDA Regulations and Standards News 5
H When is a SOC 2 audit necessary? IEC 27001 - Information Security Management Systems (ISMS) 5

Similar threads

Top Bottom