Internal Audit Scope and Criteria

kylerf

Involved In Discussions
#1
I am an internal auditor. ISO 9001 requires that an audit scope and criteria be set for each audit.

My question is... can you have one audit scope and criteria for all audits?
Here is an example of my generic audit scope/criteria that i put with my audit plan. Would this satisfy that requirement or do i need a different scope/criteria for each individual audit? thoughts and comments appreciated.

"Scope: The audit scope for each audit consists of process based auditing within the organizations QMS across all applicable shifts."

"Criteria: The audit criteria is to assess if the organization has met the requirements given in the respectable ISO 9001:2015, IATF16949, and AS9100D standards, as well as reviewing to which extent the organization adheres to its own requirements, while also meeting any statutory/regulatory requirements or customer requirements. Previous audit findings, external and internal will be reviewed for their conformity."
 
Elsmar Forum Sponsor
#2
I am an internal auditor. ISO 9001 requires that an audit scope and criteria be set for each audit.

My question is... can you have one audit scope and criteria for all audits?
Here is an example of my generic audit scope/criteria that i put with my audit plan. Would this satisfy that requirement or do i need a different scope/criteria for each individual audit? thoughts and comments appreciated.

"Scope: The audit scope for each audit consists of process based auditing within the organizations QMS across all applicable shifts."

"Criteria: The audit criteria is to assess if the organization has met the requirements given in the respectable ISO 9001:2015, IATF16949, and AS9100D standards, as well as reviewing to which extent the organization adheres to its own requirements, while also meeting any statutory/regulatory requirements or customer requirements. Previous audit findings, external and internal will be reviewed for their conformity."
Practically? No.
 
#3
To help a little further:
Audit scope can be:

A process, a contract/customer requirement, a project, a plan, an area, an activity (maintenance for example), the system, two (or more) processes, part of a process - basically, anything you want (and don't let ANYONE tell you it MUST be a process, because it can be what your organization NEEDS to have audited).

The audit criteria can be:

A standard, a contract/customer requirement, a process, a procedure, a work instruction, a regulation, or any other requirement which the organization has to implement.
 

kylerf

Involved In Discussions
#4
Thanks for the response. Where/how should i identify my audit scope/criteria?
Should it be a paragraph or so at the beginning of the audit report?
 
#5
Thanks for the response. Where/how should i identify my audit scope/criteria?
Should it be a paragraph or so at the beginning of the audit report?
You plan your audit based on scope and criteria. The standard gives us a clue - the importance of the process(es) and changes. The old standard said "status and importance". Think "Squeaky wheels". Where in your organization are there squeaky wheels?
 
Last edited:
#7
I am an internal auditor. ISO 9001 requires that an audit scope and criteria be set for each audit.

My question is... can you have one audit scope and criteria for all audits?
Here is an example of my generic audit scope/criteria that i put with my audit plan. Would this satisfy that requirement or do i need a different scope/criteria for each individual audit? thoughts and comments appreciated.

"Scope: The audit scope for each audit consists of process based auditing within the organizations QMS across all applicable shifts."

"Criteria: The audit criteria is to assess if the organization has met the requirements given in the respectable ISO 9001:2015, IATF16949, and AS9100D standards, as well as reviewing to which extent the organization adheres to its own requirements, while also meeting any statutory/regulatory requirements or customer requirements. Previous audit findings, external and internal will be reviewed for their conformity."
This looks very much like what a CB/CB auditor would be proposing, and/or what a consultant might do as a gap or pre-assessment. It's highly unlikely that you'd be able to accomplish this as an internal auditor - especially starting out.
 

qualprod

Trusted Information Resource
#8
Andyn

Regarding an internal audit done by external auditor. a normal audit, scope, compliance with 9001 2015.

In case of findings, do all findings detected have to be mentioned by the auditor to the auditee when audit is finished in any process and both have to agreed on findings?
or can wait and be commented in the closure meeting?.

If after the audit report sent to us by the auditor, we detected that one Nonconformity declared, we think doesnt proceed because he didnt mention this nc to the auditee, the Nc was mentioned in the closure meeting but the auditee said nothing, didnt refused it, nor talked anything about it.

What can we do? just to say that does not proceed? or should we talk to the auditor and suggest him to change the original audit report?

Are there somewhere ISO rules to follow?

Thanks
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#9
#10
Andyn

Regarding an internal audit done by external auditor. a normal audit, scope, compliance with 9001 2015.

In case of findings, do all findings detected have to be mentioned by the auditor to the auditee when audit is finished in any process and both have to agreed on findings?
or can wait and be commented in the closure meeting?.

If after the audit report sent to us by the auditor, we detected that one Nonconformity declared, we think doesnt proceed because he didnt mention this nc to the auditee, the Nc was mentioned in the closure meeting but the auditee said nothing, didnt refused it, nor talked anything about it.

What can we do? just to say that does not proceed? or should we talk to the auditor and suggest him to change the original audit report?

Are there somewhere ISO rules to follow?

Thanks
Yes, if the CB and auditor are "professional". Audit findings should be presented to the client at the time of the audit.

There should be ZERO non-conformities reported after the audit is over.

Complain to the CB that a) NCs were NOT discussed at the time of the audit, b) that NCs were reported AFTER the audit was concluded and c) the report wasn't prepared and delivered at the time of the audit.

Be aware that this type of thing goes hand-in-glove with your selection of CB. If you weren't diligent in selection, chose "cheap" or "local", then this is likely to be the result. Also, if the CB doesn't ensure that their auditors DON'T do this type of unprofessional thing, then they may not handle your complaint every effectively, either. I would not pay for their audit until things are resolved to your satisfaction.
 
Thread starter Similar threads Forum Replies Date
a_bardi Is it possible to exclude internal audit from qms scope? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
Q Internal Program audit Scope for NPI 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
F ISO/TS 16949 internal audit scope and annual plan Internal Auditing 2
P Internal Audit Scope - Company's KPI (Key Performance Indicators) Internal Auditing 7
R Internal Audit Scope Requirements - Audit Nonconformance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
M TS 16949 Clause 8.2.2.4 Internal Audit Plans - Requirement Scope? IATF 16949 - Automotive Quality Systems Standard 3
D Can we include internal audit (financial) in the scope of ISO 9001:2008? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
R Ideal Internal Audit Frequency and Scope - ISO 9001 Internal Auditing 6
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 5
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 5
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
F Internal Audit - Procedure example Internal Auditing 5
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
CPhelan Internal audit - Combine similar nonconformities in one or keep separate? Internal Auditing 6
M Internal Audit Plan in Retail Internal Auditing 10
D Management of NC after internal system audit IATF 16949 - Automotive Quality Systems Standard 7
A Purchasing - Internal Audit Questions Internal Auditing 8
N Comprehensive Compliance Matrix for Internal Audit Checklist Other Medical Device Regulations World-Wide 1
W Where to begin with an ISO 9001:2015 internal audit Internal Auditing 13
D Internal audit forms or checklists for a medical/veterinary laboratory General Auditing Discussions 5
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 144
E ISO 9001:2015 - Internal Audit Plan Clauses General Auditing Discussions 8
S Internal Audit Checklist for Application/Software development IEC 27001 - Information Security Management Systems (ISMS) 1
S Internal Audit - Risk and Opportunity (ISO 9001:2015 ) Internal Auditing 1
F API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits. Oil and Gas Industry Standards and Regulations 23
Ashland78 IATF 16949 Internal Audit Checklist Manufacturing and Related Processes 11
Ed Panek Root Cause CAPAs from internal audit ISO 13485:2016 - Medical Device Quality Management Systems 16
K Student wanting Case Study about Internal Audit Report Internal Auditing 1
R How far apart can you schedule separate areas or departments in your internal audit? Internal Auditing 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
A API Spec Q1 9th Edition - 12 month Internal Audit Schedule Audit Nonconformance Oil and Gas Industry Standards and Regulations 10
J Microsoft Teams to manage Internal Audit System? Internal Auditing 3
tony s An organization's Internal Audit Office certified to ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 28

Similar threads

Top Bottom