Audit Criteria And Method Of Audit

Some of you can help me?
Recently, we have gone through first transition audit to ISO 9001-2000 standard. One major non-conformity raised was, in our audit procedure, we have not defined the audit criteria and method of doing internal audit. We have demonstrated that audit program takes into consideration of customer complaints/repetitive non-conformances etc. Also all our internal auditors are trained by external agency, and they know how to do the audit. Why should I tell them the method of audits? In the procedure, we have mentioned about the preparation of check list on need basis. But it is not mandatory that every auditor use the check list.

However, I could not convince the external auditor. I seek your inputs in this regard.

Thanks in advance,


M Greenaway

Hmmm tricky one.

The standard says that audit criteria and methods shall be 'defined'.

It then goes on to say 'responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records shall be defined in a documented procedure.'

Why are these two seperate sentences ? Can audit criteria and methods be 'defined' but not in a documented procedure ?

My guess is that your auditor is looking for the audit criteria and method in your documented procedure.

Strictly following the letter of the law he is incorrect.

If however he is just saying that it is 'not defined' he has a case. However if everyone appears to follow the same criteria and method you could argue that it is defined by 'custom and practice'.

This, in my opinion, is where ISO9001:2000 is weak compared to the 1994 standard in that it doesnt mandate procedural requirements. As such this kind of debate will undoubtedly be experienced by us all.
Thanks Greenway, for your comment!

Now I have to re-write the Internal Audit Procedure. Can you give me some hints, how I define audit criteria and method of audit? We talked about the use of checklist on need basis. The qualification of auditor is mentioned in our procedure. The status and the important of audit area have also been taken care of. What more to write?


Aaron Lupo

If I am understanding you, your procedure tells who has responsibility for your audit system, how the schedule is determined, how they are conducted (as far as contacting the manager of the area to be audited to set it up), how the results are reported to the responsible party and upper management, what standards you are using to do the audit, time frame for responding to issues from the audit by the responsible person, what happens if scheduled audits can’t be completed, and how they are trained. I would say that’s all you need.
Yes, in our audit procedure, we talked about audit plan, status and importance of area to be audited, selection of audit team, audit notification(name of auditor/auditee/department/time of audit/ISO clause), reporting audit finding in audit reporting form, collection of audit report, closing of audit findings, and auditor's qualification.

However, the ISO standard, specifically calls for criteria and method of audit to be defined. I feel the external auditor wants, some kind of heading, Audit criteria, and I should write something under this heading. My problem is that what I write under heading, audit criteria. Method , I understand, I shall write about the use of need base Check list etc. Though I feel making mandatory use of check list is redundant. We have been ISO certified from 1998 onwards. Our internal auditors were trained in ISO 9001-1994 standard and have carried out numerous audits. They have been trained specifically for ISO 9001-2000 standards. Why I should tell them how to do the audit?

I can close the non-conformity and send it to external auditor. However, it should not come back to me saying that closing of non-conformity is not satisfactory. That is the reason, I want inputs from this forum to re-write my procedure.




The audit criteria is basically what you are auditing against. There are various types of audit, such as system, process, product, contract, etc.

For Internal Quality Systems audits the criteria will be the same for all of them, and can be a bland statement in your auditing procedure, or a declaration on your audit reporting system.

Basically the criteria would be auditing of complaince to the requirements of ISO9001:2000 and other requirements detemined by the organisation, and to detemine the effectiveness fo the quality system.

I think your assessor is being a bit of a split ass on this one. The criteria for internal audits to ISO9001:2000 is obvious, but like you say the standard does require you to state this !!

M Greenaway (posting from home on a Saturday night - I must get a life).


Quite Involved in Discussions
Audit Criteria (9000-2000)-set of policies,procedures or requirements used as a reference. This of course is associated with planning. You must define the policies,procedures,standards to which the audit is conducted. What standard are you auditing to? What system procedures are you auditing against,of course you must audit to those mentioned in 4.2 and any others. If you had no porblem with 94,should not have none with 00
Thanks Greenaway, for your inputs!

I will make up something and send to auditor. Hope it will work.


barb butrym

Quite Involved in Discussions
don't make something up to please the auditor!!!!!! What ever you do needs to add value to your system NOT HIS AUDIT!!!!!!

Your report lists the standard and procedures/rev audited against doesn't it? then thats defining the audit criteria....thats where you define it...just say so. As for the method, your audit trail notes are the record of the method (where, who, what reviewed/ interviewed etc....). The auditor training gives you the expertise to plan and determine the method on an audit by audit basis.

its your system not the auditors!!!!!

my pet peeve, can you tell???????????

barb butrym

Quite Involved in Discussions
I just reread your initial post....A MAJOR?

Damn......A major is a total breakdown or absence of a system

You need to stand up for yourself.......
Thread starter Similar threads Forum Replies Date
M Audit Criteria Training Materials Internal Auditing 1
eule del ayre IATF 16949 / ISO 9001:2015 audit criteria IATF 16949 - Automotive Quality Systems Standard 17
M Internal Audit Assessment Criteria - ISO 13485:2016 Internal Auditing 21
V Process and Internal Audit Criteria matrix wanted Internal Auditing 8
K Internal Audit Scope and Criteria Internal Auditing 9
K ISO 9001:2015 clause 9.2.2 a. - Define the audit criteria and scope Internal Auditing 2
A Where can I find the NADCAP Audit Criteria for all the processes? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
JoCam Nadcap AC7120 (Audit Criteria for Circuit Card Assemblies) - Acceptance Criteria AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
A Acceptance Criteria - ISO 9001:2008 Clause 8.2.4 - Questionable Audit Finding? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 40
B FDA 21 CFR Part 820 Medical Device Audit Criteria US Food and Drug Administration (FDA) 5
R Should Internal Audit criteria be a Controlled Document? Internal Auditing 5
V SOPs and Internal Audit Criteria for Regulatory Affairs (Submissions Function) US Food and Drug Administration (FDA) 4
R AC7101/11 Nadcap Audit Criteria for Materials Test Laboratories ? Fastener Testing Various Other Specifications, Standards, and related Requirements 1
P Can CBs audit according to OHSAS 18001 criteria when they audit your QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
J Nissan Supplier Audit Criteria Customer and Company Specific Requirements 7
M Iso/ts 16949 Product Audit Auditor Criteria and Qualifications General Auditing Discussions 3
S Establishing Internal Audit Nonconformity Level Criteria - Major vs. Minor? Internal Auditing 46
W What is the major audit criteria of first party audit and second party audit? General Auditing Discussions 4
B Chrysler PFMEA Audit Criteria Checklist to evaluate your Process FMEA FMEA and Control Plans 7
M Audit Scope vs. Audit Criteria - What is the difference? General Auditing Discussions 2
S What standard/criteria do they use to audit OHSAS 18001? Occupational Health & Safety Management Standards 1
R Volkswagen Quality Systems Audit - What criteria did they use and how did you prepare Customer and Company Specific Requirements 18
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 0
A IRIS audit - Discussion about Special Processes General Auditing Discussions 11
J Internal audit random sampling methodology Internal Auditing 2
D Major NC from last audit not fixed not sure how to fix General Auditing Discussions 9
X Sample SOC2 audit report (or a redacted one) IEC 27001 - Information Security Management Systems (ISMS) 0
D Lead time to schedule an ISO 13485 audit Auditing Quality and Environmental Management Systems 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
S Does anyone have a checklist to prepare for ISO 13485, Stage I audit? ISO 13485:2016 - Medical Device Quality Management Systems 1
W How do you phrase your internal audit questions? Internal Auditing 3
Z Steps to take before an MDSAP audit for Canada Canada Medical Device Regulations 2
V Csv, excel format - audit trail file of HPLC system ( Empower, openlab, EZchrom or any other ) Qualification and Validation (including 21 CFR Part 11) 0
G Not accepting a non conformity during an audit General Auditing Discussions 11
K IATF audit day requirements table 5.2 IATF 16949 - Automotive Quality Systems Standard 6
Q ISO 9001/IATF 16949 Audit Finding Question - Document Retention IATF 16949 - Automotive Quality Systems Standard 10
M IATF - Internal Audit 3 year span Internal Auditing 4
Q Audit report template ISO 9001/14001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 4
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 11
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15

Similar threads

Top Bottom