Audit Definition in ISO 9000:2000 includes "documented process"?


lou hannigan

Audit Definition

Does anyone know why the definition of "audit" in ISO 9000:2000 includes "documented process"? The definition in ISO 10011 omits "documented." A strict application of this definition introduces a questionable situation…

ISO 9001:2000 requirements by reference include the definitions of ISO 9000:2000; therefor any audit activities claimed by the organization to part of the ISO 9001 quality system must, by definition, be a documented process. For internal audit activities both the standard and the definitions require the activity to be a documented process or procedure. There is no problem for internal audits.

However, do audits of other types, such as supplier audits, have to be supported by a documented procedure? The standard does not require the other types of audits to be supported by a documented procedure, however the definition of audit does.

Take an example: An organization prides itself, as described in their quality manual, in the conduct of supplier audits. However there is no documented process as per the ISO 9000 definition of audit. The undocumented process works, evidence exists, and the results are reviewed and action taken. The process simply is not documented.

Can this organization claim that supplier audits are part of their ISO quality system in the absence of a documented process?

Could a registrar auditor raise a nonconformity, and if so on what element?

Or am I missing something?

Any guidance on this query is gratefully appreciated.



Good one Lou!

This is an excellent topic to stretch our brains on!

You are absolutely correct that the definition of audit includes the word "documented". Now I'm going to play semantics. It says that it is a documented "process" - not "procedure". It is a slight distiction, but we can make it work. So how do we document a *process *without using a documented procedure? Well, a process can be documented by the use of the forms and reports that may be generated, the actions that are taken based on the audit, the records that are kept. These provide documentation of the process.

Internal audit is the only one that requires a documented procedure for the process. The others just need documentation of the process.

That's my story if an auditor brings this up! How does it play to everyone else's ears?:)
Top Bottom