Internal Audit Scope and Criteria

K

kylerf

#1
I am an internal auditor. ISO 9001 requires that an audit scope and criteria be set for each audit.

My question is... can you have one audit scope and criteria for all audits?
Here is an example of my generic audit scope/criteria that i put with my audit plan. Would this satisfy that requirement or do i need a different scope/criteria for each individual audit? thoughts and comments appreciated.

"Scope: The audit scope for each audit consists of process based auditing within the organizations QMS across all applicable shifts."

"Criteria: The audit criteria is to assess if the organization has met the requirements given in the respectable ISO 9001:2015, IATF16949, and AS9100D standards, as well as reviewing to which extent the organization adheres to its own requirements, while also meeting any statutory/regulatory requirements or customer requirements. Previous audit findings, external and internal will be reviewed for their conformity."
 
Elsmar Forum Sponsor
#2
I am an internal auditor. ISO 9001 requires that an audit scope and criteria be set for each audit.

My question is... can you have one audit scope and criteria for all audits?
Here is an example of my generic audit scope/criteria that i put with my audit plan. Would this satisfy that requirement or do i need a different scope/criteria for each individual audit? thoughts and comments appreciated.

"Scope: The audit scope for each audit consists of process based auditing within the organizations QMS across all applicable shifts."

"Criteria: The audit criteria is to assess if the organization has met the requirements given in the respectable ISO 9001:2015, IATF16949, and AS9100D standards, as well as reviewing to which extent the organization adheres to its own requirements, while also meeting any statutory/regulatory requirements or customer requirements. Previous audit findings, external and internal will be reviewed for their conformity."
Practically? No.
 
#3
To help a little further:
Audit scope can be:

A process, a contract/customer requirement, a project, a plan, an area, an activity (maintenance for example), the system, two (or more) processes, part of a process - basically, anything you want (and don't let ANYONE tell you it MUST be a process, because it can be what your organization NEEDS to have audited).

The audit criteria can be:

A standard, a contract/customer requirement, a process, a procedure, a work instruction, a regulation, or any other requirement which the organization has to implement.
 
K

kylerf

#4
Thanks for the response. Where/how should i identify my audit scope/criteria?
Should it be a paragraph or so at the beginning of the audit report?
 
#5
Thanks for the response. Where/how should i identify my audit scope/criteria?
Should it be a paragraph or so at the beginning of the audit report?
You plan your audit based on scope and criteria. The standard gives us a clue - the importance of the process(es) and changes. The old standard said "status and importance". Think "Squeaky wheels". Where in your organization are there squeaky wheels?
 
Last edited:
#7
I am an internal auditor. ISO 9001 requires that an audit scope and criteria be set for each audit.

My question is... can you have one audit scope and criteria for all audits?
Here is an example of my generic audit scope/criteria that i put with my audit plan. Would this satisfy that requirement or do i need a different scope/criteria for each individual audit? thoughts and comments appreciated.

"Scope: The audit scope for each audit consists of process based auditing within the organizations QMS across all applicable shifts."

"Criteria: The audit criteria is to assess if the organization has met the requirements given in the respectable ISO 9001:2015, IATF16949, and AS9100D standards, as well as reviewing to which extent the organization adheres to its own requirements, while also meeting any statutory/regulatory requirements or customer requirements. Previous audit findings, external and internal will be reviewed for their conformity."
This looks very much like what a CB/CB auditor would be proposing, and/or what a consultant might do as a gap or pre-assessment. It's highly unlikely that you'd be able to accomplish this as an internal auditor - especially starting out.
 

qualprod

Trusted Information Resource
#8
Andyn

Regarding an internal audit done by external auditor. a normal audit, scope, compliance with 9001 2015.

In case of findings, do all findings detected have to be mentioned by the auditor to the auditee when audit is finished in any process and both have to agreed on findings?
or can wait and be commented in the closure meeting?.

If after the audit report sent to us by the auditor, we detected that one Nonconformity declared, we think doesnt proceed because he didnt mention this nc to the auditee, the Nc was mentioned in the closure meeting but the auditee said nothing, didnt refused it, nor talked anything about it.

What can we do? just to say that does not proceed? or should we talk to the auditor and suggest him to change the original audit report?

Are there somewhere ISO rules to follow?

Thanks
 
#10
Andyn

Regarding an internal audit done by external auditor. a normal audit, scope, compliance with 9001 2015.

In case of findings, do all findings detected have to be mentioned by the auditor to the auditee when audit is finished in any process and both have to agreed on findings?
or can wait and be commented in the closure meeting?.

If after the audit report sent to us by the auditor, we detected that one Nonconformity declared, we think doesnt proceed because he didnt mention this nc to the auditee, the Nc was mentioned in the closure meeting but the auditee said nothing, didnt refused it, nor talked anything about it.

What can we do? just to say that does not proceed? or should we talk to the auditor and suggest him to change the original audit report?

Are there somewhere ISO rules to follow?

Thanks
Yes, if the CB and auditor are "professional". Audit findings should be presented to the client at the time of the audit.

There should be ZERO non-conformities reported after the audit is over.

Complain to the CB that a) NCs were NOT discussed at the time of the audit, b) that NCs were reported AFTER the audit was concluded and c) the report wasn't prepared and delivered at the time of the audit.

Be aware that this type of thing goes hand-in-glove with your selection of CB. If you weren't diligent in selection, chose "cheap" or "local", then this is likely to be the result. Also, if the CB doesn't ensure that their auditors DON'T do this type of unprofessional thing, then they may not handle your complaint every effectively, either. I would not pay for their audit until things are resolved to your satisfaction.
 
Thread starter Similar threads Forum Replies Date
a_bardi Is it possible to exclude internal audit from qms scope? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Internal Program audit Scope for NPI 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
F ISO/TS 16949 internal audit scope and annual plan Internal Auditing 2
P Internal Audit Scope - Company's KPI (Key Performance Indicators) Internal Auditing 7
R Internal Audit Scope Requirements - Audit Nonconformance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
M TS 16949 Clause 8.2.2.4 Internal Audit Plans - Requirement Scope? IATF 16949 - Automotive Quality Systems Standard 3
D Can we include internal audit (financial) in the scope of ISO 9001:2008? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
R Ideal Internal Audit Frequency and Scope - ISO 9001 Internal Auditing 6
Q AS9100:D Counterfeit internal audit questions AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
D ISO 9001:2015 Internal Audit Check Sheet ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
L Documenting internal audit of customer specific requirements IATF 16949 - Automotive Quality Systems Standard 7
R Looking for ISO 13485 Internal Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
G During internal audit - finding poor action plans ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
G Opening meeting - internal audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Mr Roo Discovered dishonesty after performing an internal audit General Auditing Discussions 4
W IATF 9.2.2.1 Internal Audit how to determine risk IATF 16949 - Automotive Quality Systems Standard 12
X Looking for 17025 auditor to perform internal audit on IT software testing laboratory ISO 17025 related Discussions 3
J 9001 Internal Audit of Client Onboarding process ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
B Internal audit checklist Internal Auditing 5
V Internal Audit Software IATF 16949 - Automotive Quality Systems Standard 5
J Internal Audit Schedule IATF Internal Auditing 4
C ISO 14001 Internal Audit - Opportunity for Improvement ISO 14001:2015 Specific Discussions 2
P Does FDA require certification for quality system internal audit for auditor? Qualification and Validation (including 21 CFR Part 11) 1
P Looking to outsource Internal Audit - MDSAP competent auditor needed Other Medical Device Regulations World-Wide 9
J Outsourced Internal Audit requirements for Aerospace Suppliers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 21
D Number of people to be interviewed during an internal audit? Internal Auditing 10
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
armani Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
C API Q1 internal audit report Internal Auditing 3
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 2
J Internal audit random sampling methodology Internal Auditing 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
W How do you phrase your internal audit questions? Internal Auditing 3
M IATF - Internal Audit 3 year span Internal Auditing 4
Q ISO 9001-2015 Internal audit finding Internal Auditing 14
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 20
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 8
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
salaheddine96 Internal audit planning Internal Auditing 2
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Internal Auditing 3
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2

Similar threads

Top Bottom