Audit Criteria And Method Of Audit

Some of you can help me?
Recently, we have gone through first transition audit to ISO 9001-2000 standard. One major non-conformity raised was, in our audit procedure, we have not defined the audit criteria and method of doing internal audit. We have demonstrated that audit program takes into consideration of customer complaints/repetitive non-conformances etc. Also all our internal auditors are trained by external agency, and they know how to do the audit. Why should I tell them the method of audits? In the procedure, we have mentioned about the preparation of check list on need basis. But it is not mandatory that every auditor use the check list.

However, I could not convince the external auditor. I seek your inputs in this regard.

Thanks in advance,

Elsmar Forum Sponsor

M Greenaway

Hmmm tricky one.

The standard says that audit criteria and methods shall be 'defined'.

It then goes on to say 'responsibilities and requirements for planning and conducting audits, and for reporting results and maintaining records shall be defined in a documented procedure.'

Why are these two seperate sentences ? Can audit criteria and methods be 'defined' but not in a documented procedure ?

My guess is that your auditor is looking for the audit criteria and method in your documented procedure.

Strictly following the letter of the law he is incorrect.

If however he is just saying that it is 'not defined' he has a case. However if everyone appears to follow the same criteria and method you could argue that it is defined by 'custom and practice'.

This, in my opinion, is where ISO9001:2000 is weak compared to the 1994 standard in that it doesnt mandate procedural requirements. As such this kind of debate will undoubtedly be experienced by us all.
Thanks Greenway, for your comment!

Now I have to re-write the Internal Audit Procedure. Can you give me some hints, how I define audit criteria and method of audit? We talked about the use of checklist on need basis. The qualification of auditor is mentioned in our procedure. The status and the important of audit area have also been taken care of. What more to write?


Aaron Lupo

If I am understanding you, your procedure tells who has responsibility for your audit system, how the schedule is determined, how they are conducted (as far as contacting the manager of the area to be audited to set it up), how the results are reported to the responsible party and upper management, what standards you are using to do the audit, time frame for responding to issues from the audit by the responsible person, what happens if scheduled audits can’t be completed, and how they are trained. I would say that’s all you need.
Yes, in our audit procedure, we talked about audit plan, status and importance of area to be audited, selection of audit team, audit notification(name of auditor/auditee/department/time of audit/ISO clause), reporting audit finding in audit reporting form, collection of audit report, closing of audit findings, and auditor's qualification.

However, the ISO standard, specifically calls for criteria and method of audit to be defined. I feel the external auditor wants, some kind of heading, Audit criteria, and I should write something under this heading. My problem is that what I write under heading, audit criteria. Method , I understand, I shall write about the use of need base Check list etc. Though I feel making mandatory use of check list is redundant. We have been ISO certified from 1998 onwards. Our internal auditors were trained in ISO 9001-1994 standard and have carried out numerous audits. They have been trained specifically for ISO 9001-2000 standards. Why I should tell them how to do the audit?

I can close the non-conformity and send it to external auditor. However, it should not come back to me saying that closing of non-conformity is not satisfactory. That is the reason, I want inputs from this forum to re-write my procedure.




The audit criteria is basically what you are auditing against. There are various types of audit, such as system, process, product, contract, etc.

For Internal Quality Systems audits the criteria will be the same for all of them, and can be a bland statement in your auditing procedure, or a declaration on your audit reporting system.

Basically the criteria would be auditing of complaince to the requirements of ISO9001:2000 and other requirements detemined by the organisation, and to detemine the effectiveness fo the quality system.

I think your assessor is being a bit of a split ass on this one. The criteria for internal audits to ISO9001:2000 is obvious, but like you say the standard does require you to state this !!

M Greenaway (posting from home on a Saturday night - I must get a life).


Quite Involved in Discussions
Audit Criteria (9000-2000)-set of policies,procedures or requirements used as a reference. This of course is associated with planning. You must define the policies,procedures,standards to which the audit is conducted. What standard are you auditing to? What system procedures are you auditing against,of course you must audit to those mentioned in 4.2 and any others. If you had no porblem with 94,should not have none with 00
Thanks Greenaway, for your inputs!

I will make up something and send to auditor. Hope it will work.


barb butrym

Quite Involved in Discussions
don't make something up to please the auditor!!!!!! What ever you do needs to add value to your system NOT HIS AUDIT!!!!!!

Your report lists the standard and procedures/rev audited against doesn't it? then thats defining the audit criteria....thats where you define it...just say so. As for the method, your audit trail notes are the record of the method (where, who, what reviewed/ interviewed etc....). The auditor training gives you the expertise to plan and determine the method on an audit by audit basis.

its your system not the auditors!!!!!

my pet peeve, can you tell???????????

barb butrym

Quite Involved in Discussions
I just reread your initial post....A MAJOR?

Damn......A major is a total breakdown or absence of a system

You need to stand up for yourself.......
Thread starter Similar threads Forum Replies Date
eule del ayre IATF 16949 / ISO 9001:2015 audit criteria IATF 16949 - Automotive Quality Systems Standard 17
M Internal Audit Assessment Criteria - ISO 13485:2016 Internal Auditing 21
V Process and Internal Audit Criteria matrix wanted Internal Auditing 8
K Internal Audit Scope and Criteria Internal Auditing 9
K ISO 9001:2015 clause 9.2.2 a. - Define the audit criteria and scope Internal Auditing 2
A Where can I find the NADCAP Audit Criteria for all the processes? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
JoCam Nadcap AC7120 (Audit Criteria for Circuit Card Assemblies) - Acceptance Criteria AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
AshleyE Acceptance Criteria - ISO 9001:2008 Clause 8.2.4 - Questionable Audit Finding? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 40
B FDA 21 CFR Part 820 Medical Device Audit Criteria US Food and Drug Administration (FDA) 5
R Should Internal Audit criteria be a Controlled Document? Internal Auditing 5
V SOPs and Internal Audit Criteria for Regulatory Affairs (Submissions Function) US Food and Drug Administration (FDA) 4
R AC7101/11 Nadcap Audit Criteria for Materials Test Laboratories ? Fastener Testing Various Other Specifications, Standards, and related Requirements 1
P Can CBs audit according to OHSAS 18001 criteria when they audit your QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
J Nissan Supplier Audit Criteria Customer and Company Specific Requirements 7
M Iso/ts 16949 Product Audit Auditor Criteria and Qualifications General Auditing Discussions 3
S Establishing Internal Audit Nonconformity Level Criteria - Major vs. Minor? Internal Auditing 46
W What is the major audit criteria of first party audit and second party audit? General Auditing Discussions 4
B Chrysler PFMEA Audit Criteria Checklist to evaluate your Process FMEA FMEA and Control Plans 7
M Audit Scope vs. Audit Criteria - What is the difference? General Auditing Discussions 2
S What standard/criteria do they use to audit OHSAS 18001? Occupational Health & Safety Management Standards 1
R Volkswagen Quality Systems Audit - What criteria did they use and how did you prepare Customer and Company Specific Requirements 18
B IATF16949 audit requirement - Auditor request UCL and LCL must be show Xbar-R, IATF 16949 - Automotive Quality Systems Standard 7
T COVID, Furlough and ISO9001 Surveillance Audit Coffee Break and Water Cooler Discussions 2
R External Audit and Certificate prorogation due to the pandemic General Auditing Discussions 10
Dean Bell Implementation of Controls as per SOA for Stage 2 Audit IEC 27001 - Information Security Management Systems (ISMS) 0
G Logistic organization and controls - IATF/ISO 9001 audit Nonconformance and Corrective Action 2
Geoff Cotton Performing a Delta Audit General Auditing Discussions 12
N ISO 19011:2018 - 5.4.2 "...audit program should engage in appropriate continual development..." Training - Internal, External, Online and Distance Learning 4
G MSA check list to audit IATF 16949 - Automotive Quality Systems Standard 8
L Open Positions During AS9100 Audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
L Stage 2 audit - Requirement for 3 months of records ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
F Who can sit in/perform an API audit? Oil and Gas Industry Standards and Regulations 2
L Manufacturing Process Audit Help IATF 16949 - Automotive Quality Systems Standard 6
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 6
G Self Assessment Audit from a new potential customer General Auditing Discussions 3
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
M OEM asking for NC report after certification audit. IATF 16949 - Automotive Quality Systems Standard 3
Ooi Yew Jin Customer E audit preparation Quality Manager and Management Related Issues 2
N Audit non-compliance API Q1 - Use of External Documents 4.4.4 in Product Realization Oil and Gas Industry Standards and Regulations 5
J Remote Audit Experiences - June 2020 General Auditing Discussions 26
F Product audit sampling plans IATF 16949 - Automotive Quality Systems Standard 3
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
M Supplier Audit Report - Template for second party audit wanted Lean in Manufacturing and Service Industries 1
Stefan Mundt AS9100D Major nonconformity due to recurrence of a NC during a subsequent CB audit. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
Q ISO 9001:2015 man days for surveillance audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
F ISO 13485 - EU countries that could request another audit ISO 13485:2016 - Medical Device Quality Management Systems 2

Similar threads

Top Bottom