ISO 19011:2018 Clause 5.5.2 Defining the objectives, scope and criteria for an individual audit

ISO 19011:2018 14 Minutes

Each individual audit should be based on defined audit objectives, scope and criteria. These should be consistent with the overall audit programme objectives. The audit objectives define what is to be accomplished by the individual audit and may include the following:

  1. determination of the extent of conformity of the management system to be audited, or parts of it, with audit criteria;
  2. evaluation of the capability of the management system to assist the organization in meeting relevant statutory and regulatory requirements and other requirements to which the organization is committed;
  3. evaluation of the effectiveness of the management system in meeting its intended results;
  4. identification of opportunities for potential improvement of the management system;
  5. evaluation of the suitability and adequacy of the management system with respect to the context and strategic direction of the auditee;
  6. evaluation of the capability of the management system to establish and achieve objectives and effectively address risks and opportunities, in a changing context, including the implementation of the related actions.

The audit scope should be consistent with the audit programme and audit objectives. It includes such factors as locations, functions, activities and processes to be audited, as well as the time period covered by the audit.
The audit criteria are used as a reference against which conformity is determined. These may include one or more of the following: applicable policies, processes, procedures, performance criteria including objectives, statutory and regulatory requirements, management system requirements, information regarding the context and the risks and opportunities as determined by the auditee (including relevant external/internal interested parties requirements), sector codes of conduct or other planned arrangements.
In the event of any changes to the audit objectives, scope or criteria, the audit programme should be modified if necessary and communicated to interested parties, for approval if appropriate.
When more than one discipline is being audited at the same time it is important that the audit objectives, scope and criteria are consistent with the relevant audit programmes for each discipline. Some disciplines can have a scope that reflects the whole organization and others can have a scope that reflects a subset of the whole organization.

Each individual audit should be based on defined audit objectives, scope and criteria. These should be consistent with the overall audit programme objectives.

  1. Defined Audit Objectives:
    • Clear Purpose: Each audit should have well-defined and clear objectives that articulate the purpose and focus of the audit. Objectives help guide the audit team in achieving specific outcomes and addressing the intended areas of concern.
    • Alignment with Program Objectives: Ensure that the objectives of each individual audit align with the broader objectives of the overall audit program. This alignment helps maintain consistency and coherence in the organization’s auditing efforts.
  2. Scope of the Audit:
    • Scope Definition: Clearly define the scope of the audit, outlining the boundaries and limits of what will be examined. The scope should be comprehensive enough to address the audit objectives but not so broad that it becomes unmanageable.
    • Consideration of Program Scope: Ensure that the scope of each individual audit is consistent with the overall scope of the audit program. This helps prevent discrepancies and ensures that all relevant areas are appropriately covered.
  3. Audit Criteria:
    • Establish Criteria: Define the criteria against which the audit will be conducted. Criteria serve as the benchmark for evaluating processes, activities, or systems. Criteria may include internal policies, industry standards, legal requirements, or best practices.
    • Consistency with Program Criteria: Ensure that the criteria for each individual audit align with the criteria set forth in the overall audit program. Consistency in criteria ensures a unified approach to assessing conformance and performance.
  4. Integration with Program Objectives:
    • Holistic Integration: Integrate the objectives, scope, and criteria of individual audits into the broader framework of the audit program. This integration ensures that each audit contributes cohesively to the overall goals of the program.
    • Alignment with Organizational Goals: Confirm that the audit program objectives align with the broader goals of the organization. This linkage ensures that audit efforts support the organization’s strategic direction and priorities.
  5. Communication and Understanding:
    • Clear Communication: Clearly communicate the objectives, scope, and criteria to all relevant stakeholders, including the audit team, auditees, and any other parties involved. Transparency in communication fosters a shared understanding of the audit’s purpose and expectations.
    • Team Understanding: Ensure that the audit team has a comprehensive understanding of the defined objectives, scope, and criteria. This understanding is crucial for conducting focused and effective audit activities.
  6. Documentation and Planning:
    • Documented Plans: Develop detailed audit plans that document the objectives, scope, and criteria for each audit. These plans serve as a reference for the audit team and provide a basis for assessing the audit’s progress and success.
    • Program-Level Planning: Ensure that the planning process at the individual audit level aligns with the overarching planning framework of the entire audit program.
  7. Risk Considerations:
    • Risk Alignment: Assess and align risk considerations at both the individual audit and program levels. Ensure that the identified risks and risk management strategies are consistent with the defined objectives, scope, and criteria for each audit.
  8. Flexibility for Adjustments:
    • Adaptability: Recognize that objectives, scope, and criteria may need adjustments based on emerging information, changes in organizational priorities, or unexpected events. Build flexibility into the audit program to accommodate necessary adjustments.
  9. Performance Measurement:
    • Performance Metrics: Establish metrics to measure the performance of each individual audit against its defined objectives. These metrics contribute to ongoing monitoring and help assess the effectiveness of audit activities.
  10. Continuous Improvement:
    • Feedback Incorporation: Collect feedback from each audit and use it to identify opportunities for improvement. Integrate lessons learned into the ongoing development and refinement of the overall audit program.

By ensuring consistency and alignment between the objectives, scope, and criteria of individual audits and the overarching audit program, organizations enhance the effectiveness of their auditing efforts. This approach promotes a structured and coherent approach to achieving audit goals and contributes to the organization’s commitment to quality, compliance, and continual improvement.

Audit objectives are fundamental in defining what an individual audit aims to accomplish. These objectives provide a clear and specific focus for the audit activities, guiding the audit team toward achieving meaningful outcomes. Here are key aspects to consider regarding audit objectives:

  1. Determination of Conformity:
    • Objective: Assess the extent to which the management system conforms to established audit criteria. This involves evaluating the organization’s adherence to internal policies, industry standards, legal requirements, and other relevant benchmarks.
  2. Statutory and Regulatory Compliance:
    • Objective: Evaluate the capability of the management system to assist the organization in meeting statutory and regulatory requirements, as well as other commitments. This involves ensuring compliance with laws, regulations, and any other obligations.
  3. Effectiveness in Achieving Intended Results:
    • Objective: Assess how effectively the management system is achieving its intended results. This includes evaluating whether the system is delivering the desired outcomes and meeting the organization’s goals and objectives.
  4. Identification of Improvement Opportunities:
    • Objective: Identify opportunities for potential improvement in the management system. This involves looking for areas where the organization can enhance its processes, performance, and overall effectiveness.
  5. Suitability and Adequacy with Organizational Context:
    • Objective: Evaluate the suitability and adequacy of the management system in relation to the organizational context. This includes assessing how well the system aligns with the organization’s strategic direction, goals, and the context in which it operates.
  6. Establishment and Achievement of Objectives:
    • Objective: Evaluate the capability of the management system to establish and achieve objectives. This involves assessing the organization’s ability to set clear objectives, work toward their achievement, and adapt to changes in the business environment.

These audit objectives collectively provide a thorough framework for assessing the management system. They address conformity, legal and regulatory compliance, effectiveness, improvement opportunities, contextual alignment, and the organization’s capability to set and achieve objectives in a dynamic environment. By focusing on these objectives, auditors can contribute to the organization’s continuous improvement and strategic success.By carefully defining and adhering to well-crafted audit objectives, organizations can enhance the effectiveness of their audit processes, drive improvements, and contribute to the achievement of broader organizational goals. Clear and focused objectives serve as a foundation for meaningful audit outcomes and a successful audit program.

The audit scope should be consistent with the audit programme and audit objectives. It includes such factors as locations, functions, activities and processes to be audited, as well as the time period covered by the audit.

  1. Consistency with Audit Program:
    • Alignment: Ensure that the scope of the individual audit aligns seamlessly with the broader audit program. This consistency contributes to a unified and coordinated approach to the organization’s audit activities.
  2. Adherence to Audit Objectives:
    • Objective Alignment: The audit scope should directly support the achievement of the audit objectives. The scope defines the boundaries within which the audit will operate to fulfill its specific goals.
  3. Factors Considered in Scope:
    • Locations, Functions, Activities, and Processes: Clearly specify the locations, functions, activities, and processes that fall within the scope of the individual audit. This definition provides clarity on the areas to be examined.
  4. Time Period Coverage:
    • Temporal Considerations: Define the time period covered by the audit. Whether the audit is retrospective, current, or forward-looking, the temporal aspect is essential for understanding the context and relevance of audit findings.
  5. Scope Flexibility:
    • Adaptability: While defining the scope, consider building in flexibility to adapt to unforeseen circumstances or changes during the audit process. This ensures that the audit remains relevant and responsive to evolving conditions.
  6. Relevance to Audit Criteria:
    • Alignment with Audit Criteria: Ensure that the scope is directly related to the audit criteria, whether they are internal policies, industry standards, legal requirements, or other benchmarks. This alignment supports the thorough evaluation of conformity.
  7. Communication of Scope:
    • Clear Communication: Clearly communicate the defined audit scope to all relevant stakeholders, including the audit team, auditees, and any other individuals involved. Transparent communication fosters a shared understanding of the audit’s boundaries.
  8. Risk-Focused Scope:
    • Consideration of Risks: Take into account the risks associated with the areas included in the audit scope. This involves assessing the significance of risks and ensuring that the audit scope adequately addresses areas of higher risk.
  9. Audit Team Competence:
    • Matching Competence: Ensure that the audit team possesses the necessary competence and expertise to effectively audit the specific areas within the defined scope. Matching team competence with the scope enhances the quality of the audit process.
  10. Comprehensive Coverage:
    • Holistic Approach: Strive for a comprehensive audit scope that covers all relevant aspects. This includes a thorough examination of processes, activities, and functions to provide a well-rounded assessment of the management system.
  11. Consideration of Organizational Context:
    • Contextual Relevance: Consider the organizational context when defining the audit scope. This involves understanding the organization’s structure, goals, and the external factors that may impact its operations.
  12. Documentation of Scope:
    • Documented Definition: Clearly document the defined audit scope in the audit plan and other relevant documentation. A well-documented scope serves as a reference point for the audit team and stakeholders.

By ensuring consistency between the individual audit scope, the broader audit program, and the specific objectives, organizations can conduct focused and purposeful audits. This approach contributes to the effectiveness of the audit process, facilitates communication, and supports the organization’s commitment to continuous improvement.

The audit criteria are used as a reference against which conformity is determined. These may include one or more of the following: applicable policies, processes, procedures, performance criteria including objectives, statutory and regulatory requirements, management system requirements, information regarding the context and the risks and opportunities as determined by the auditee (including relevant external/internal interested parties requirements), sector codes of conduct or other planned arrangements. The audit criteria serve as the benchmark against which conformity is assessed during an audit. The criteria provide a standard or reference point for evaluating various aspects of the audited management system. The audit criteria may encompass a range of elements, and they are essential for ensuring a systematic and objective assessment. Here are the key components that may be included in the audit criteria:

  1. Applicable Policies:
    • Definition: Policies established by the organization, such as quality policy, environmental policy, or health and safety policy, can be part of the audit criteria. The audit assesses whether the organization is conforming to its own stated policies.
  2. Processes and Procedures:
    • Evaluation: The effectiveness and adherence to documented processes and procedures within the organization are important criteria. This involves assessing whether the processes in place are well-defined, documented, and consistently followed.
  3. Performance Criteria, Including Objectives:
    • Measurement of Performance: Criteria related to the organization’s performance, including objectives and key performance indicators (KPIs), are assessed to determine whether the organization is meeting its intended results and goals.
  4. Statutory and Regulatory Requirements:
    • Compliance Assessment: Audit criteria may include legal and regulatory requirements applicable to the organization’s operations. Conformance is evaluated against these requirements to ensure compliance.
  5. Management System Requirements:
    • Adherence to Standards: Organizations often adopt management system standards (e.g., ISO 9001 for quality management, ISO 14001 for environmental management). Audit criteria may involve assessing adherence to these standards.
  6. Information Regarding Context:
    • Contextual Relevance: The organization’s context, including internal and external factors, is considered as part of the audit criteria. This involves evaluating whether the organization has identified and addressed relevant contextual factors.
  7. Risks and Opportunities:
    • Risk Assessment: The organization’s identification, assessment, and management of risks and opportunities are evaluated against predetermined criteria. This ensures that the organization is proactively addressing potential issues and opportunities.
  8. Requirements of Interested Parties:
    • External and Internal Stakeholder Requirements: Criteria may include compliance with the requirements of external parties, such as customers, regulatory bodies, or industry associations, as well as internal stakeholders.
  9. Sector Codes of Conduct:
    • Industry-Specific Standards: Some industries may have sector-specific codes of conduct or standards. The audit criteria may include assessing conformity with these industry-specific requirements.
  10. Other Planned Arrangements:
    • Additional Organizational Requirements: Any other planned arrangements or criteria set by the organization can be included. This could involve specific contractual obligations, agreements, or commitments made by the organization.
  11. Relevance and Objectivity:
    • Appropriateness: The audit criteria should be relevant, objective, and measurable. They provide a basis for objective assessment, allowing auditors to make informed judgments regarding conformity.
  12. Dynamic and Adaptive Nature:
    • Flexibility for Change: Audit criteria should be dynamic and adaptable to changes in the organization’s context, risks, and objectives. They need to remain relevant as the organization evolves.

Audit criteria are diverse and can include a combination of policies, processes, performance measures, legal requirements, management system standards, contextual factors, and specific arrangements made by the organization. The criteria provide a structured framework for the audit process, ensuring that assessments are systematic, objective, and aligned with the organization’s goals and obligations.

In the event of any changes to the audit objectives, scope or criteria, the audit programme should be modified if necessary and communicated to interested parties, for approval if appropriate. Any changes to the audit objectives, scope, or criteria should be carefully managed, and if necessary, the audit program should be modified accordingly. Communication of these changes to relevant stakeholders, and obtaining approval if needed, is a crucial aspect of maintaining transparency and ensuring that the audit process remains effective. Here’s a breakdown of the key steps involved:

  1. Assessment of Changes:
    • Regular Review: Periodically review the audit objectives, scope, and criteria to ensure their continued relevance and effectiveness.
    • Identification of Changes: Identify any changes in the organization, its processes, or external factors that may necessitate adjustments to the audit program.
  2. Modification of Audit Program:
    • Adjustment of Program Elements: Modify the audit program to reflect any changes in the audit objectives, scope, or criteria. This may involve updating audit plans, schedules, and resource allocations accordingly.
    • Consideration of Impacts: Assess the potential impacts of changes on the overall audit process, including any adjustments needed in terms of time, resources, or audit team composition.
  3. Communication with Stakeholders:
    • Transparent Communication: Communicate any modifications to the audit program to relevant stakeholders. This includes the audit team, auditees, management, and any other parties affected by the changes.
    • Clarity in Messaging: Provide clear and concise information about the reasons for the modifications and the expected impact on the audit process.
  4. Approval if Appropriate:
    • Stakeholder Approval: In some cases, especially if the changes are significant or may impact the overall audit plan, seek approval from relevant stakeholders. This may include obtaining approval from management or other designated authorities.
    • Documented Approval Process: Maintain a documented process for obtaining approvals, including records of who approves the changes and when.
  5. Revised Documentation:
    • Update Documents: Revise any relevant documentation, such as audit plans, procedures, and schedules, to reflect the approved changes. Ensure that all team members have access to the updated information.
  6. Training and Awareness:
    • Team Awareness: Ensure that the audit team is informed and trained on any changes to the audit program. This includes providing guidance on how the modifications will affect their roles and responsibilities.
  7. Monitoring and Control:
    • Ongoing Monitoring: Continuously monitor the implementation of the modified audit program. Assess whether the changes are effectively addressing the identified needs and contributing to the achievement of audit objectives.
  8. Feedback Mechanism:
    • Open Feedback Loop: Establish a mechanism for receiving feedback from the audit team and other stakeholders regarding the impact of changes. Use this feedback to make further adjustments if necessary.
  9. Documentation of Changes:
    • Record Keeping: Maintain clear records of any changes made to the audit program, including the reasons for the changes, approvals obtained, and the outcomes of the modifications.

By following these steps, organizations can ensure that changes to the audit objectives, scope, or criteria are managed in a systematic and transparent manner. This approach helps maintain the integrity of the audit process, aligns it with organizational needs, and contributes to the overall effectiveness of the audit program.

When more than one discipline is being audited at the same time it is important that the audit objectives, scope and criteria are consistent with the relevant audit programmes for each discipline. Some disciplines can have a scope that reflects the whole organization and others can have a scope that reflects a subset of the whole organization. When conducting audits across multiple disciplines simultaneously, it’s crucial to ensure consistency in the audit objectives, scope, and criteria with the relevant audit programs for each discipline. This ensures a coordinated and integrated approach to the audit process. Here are key considerations for managing audits across different disciplines:

  1. Consistency in Objectives:
    • Harmonization: Align the audit objectives across disciplines to ensure a harmonized approach. While specific objectives may vary based on the nature of each discipline, overarching goals should be consistent.
  2. Scope Alignment:
    • Comprehensive Scope Definition: Clearly define the scope for each discipline, considering whether it reflects the entire organization or a specific subset. Ensure that the scopes are well-defined and mutually exclusive when necessary.
  3. Criteria Relevance:
    • Discipline-Specific Criteria: Tailor audit criteria to be specific to the requirements and characteristics of each discipline. This involves considering industry standards, regulatory requirements, and discipline-specific best practices.
  4. Integration of Programs:
    • Overall Coordination: Integrate the various audit programs for different disciplines into an overarching audit framework. This allows for coordination, synergy, and efficiency in audit planning and execution.
  5. Holistic Understanding:
    • Cross-Disciplinary Understanding: Ensure that audit teams and relevant stakeholders have a holistic understanding of the audit program, recognizing how each discipline contributes to the organization’s overall performance.
  6. Resource Allocation:
    • Optimized Resource Allocation: Optimize the allocation of audit resources based on the specific requirements of each discipline. Consider the expertise needed for each area and allocate resources accordingly.
  7. Consistent Documentation:
    • Uniform Documentation Standards: Maintain consistent documentation standards for all disciplines. This includes audit plans, reports, and any other relevant documentation, facilitating a cohesive and standardized approach.
  8. Stakeholder Communication:
    • Transparent Communication: Communicate the multi-disciplinary nature of the audit to relevant stakeholders. Ensure transparency regarding the objectives, scope, and criteria for each discipline, addressing any potential overlap or interdependencies.
  9. Flexibility for Varied Scopes:
    • Adaptability: Acknowledge that some disciplines may have a scope that reflects the entire organization, while others may focus on specific subsets. Build flexibility into the audit program to accommodate these variations.
  10. Risk-Based Approach:
    • Risk Assessment Across Disciplines: Apply a risk-based approach that considers the unique risks and opportunities associated with each discipline. Tailor the audit program to address specific risk profiles within each area.
  11. Cross-Discipline Collaboration:
    • Collaborative Audit Teams: Foster collaboration among audit teams from different disciplines. This encourages the sharing of insights, best practices, and lessons learned, promoting a culture of continuous improvement.
  12. Feedback Mechanism:
    • Continuous Feedback Loop: Establish a mechanism for continuous feedback and improvement. Encourage audit teams to share feedback on the multi-disciplinary audit process, contributing to ongoing enhancement.

By carefully managing and aligning the audit objectives, scope, and criteria across multiple disciplines, organizations can ensure a comprehensive and cohesive approach to their audit activities. This integrated approach enhances the effectiveness of the audit program and supports the organization in achieving its overall objectives across diverse areas.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a ReplyCancel reply