Home » ISO 9001:2008-Quality Management System » ISO 9000:2005 » Terms related to Audit in QMS


Terms related to Audit in QMS

We shall try to define and understand some of the terms used in quality management system. The standard ISO 9000:2005 is the basis on which the terms are defined.

9) Terms related to Audit

Terms related to Audit as defined in ISO 9000:2005 are:

9.1) Audit

ISO 9000 definition:

“Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine  the extent to which audit criteria  are fulfilled.”
NOTE 1 Internal audits, sometimes called first-party audits, are conducted by, or on behalf of, the organization itself for management review and other internal purposes, and may form the basis for an organization’s declaration of conformity.  In many cases, particularly in smaller organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited.
NOTE 2 External audits include those generally termed second- and third-party audits. Second-party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third-party audits are conducted by external, independent auditing organizations,such as those providing certification/ registration  of conformity to ISO 9001 or ISO 14001.
NOTE 3 When two or more management systems  are audited together, this is termed a combined audit,
NOTE 4 When two or more auditing organizations cooperate to audit a single auditee, this is termed a joint audit.


An audit is a systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled.Audits are structured and formal evaluations.The organization must plan and document its system for auditing. It must have management support and resources behind it.
Audits must be performed in an impartial manner.An audit is an evidence gathering process. Audit evidence is  used to evaluate how well audit criteria are being met. Audits must be objective, impartial, and independent, and the audit  process must be both systematic and documented.
There are three types of audits: first-party, second-party, and third-party. First-party audits are internal audits. Second and  third party audits are external audits.
Organizations use first party audits to audit themselves. First party audits are used to confirm or improve the  effectiveness  of management systems. They’re also used to declare that an organization complies with an ISO standard (this is called a  self-declaration). Of course, such a declaration is credible  only if first party auditors are genuinely independent and  free of bias. If you decide to use first party auditors to  make a self-declaration of compliance, make sure that they aren’t auditing their own work. Second party audits are external audits. They’re usually  done by customers or by others on their behalf. However, they can also be done by regulators or any other external  party that has a formal interest in an organization. Third party audits are external audits as well. However,they’re performed by independent organizations such  as registrars  (certification bodies) or regulators.
ISO 19011 2011 also distinguishes between combined  audits and joint audits. When two or more management systems of different disciplines are audited together at the same time, it’s called a combined audit; and when two or+ more auditing organizations cooperate to audit a single  auditee organization it’s called a joint audit.
ISO 19011 2011 should be used by those who carry out  first and second party audits. ISO/IEC 17021 2011 should be used by those who carry out third party audits.

9.2) Audit programme

ISO 9000 definition:

“Set of one or more audits planned for a specific time frame and directed towards a specific purpose”
NOTE An audit programme includes all activities necessary for planning, organizing and conducting the audits.


An audit programme is a set of one or more audits planned for a specific time frame and directed towards a specific purpose. It is set of arrangements that  are intended to achieve a specific audit purpose within a specific time frame. It includes all of the activities and resources needed  to plan, organize, and conduct one or more audits.ISO 19011 expects organizations to appoint audit program managers. They are responsible for setting objectives, assigning  responsibilities, allocating resources, and monitoring performance. Audit programme gives at a glance information about time frame, audit intervals, responsibility and resources. It  helps in adhering to audit frequency. It may include may include first, second and third party audit at,  if any.

9.3) Audit criteria

ISO 9000 definition:

“Set of policies, procedures or requirements.”
NOTE Audit criteria are used as a reference against which audit evidence is compared.


Audit criteria refers to Set of policies, procedures or requirements used as a reference. Audit criteria are used as a reference against which audit evidence is compared..  Audit evidence is used to determine how well audit criteria are being met. Audit evidence is used to determine how well policies are being implemented, how well procedures are being applied, and how well requirements are being followed.When requirements are used as audit criteria, auditors often use the terms conformity and nonconformity to indicate whether or not requirements are being met. However, when legal requirements are used as audit criteria, auditors tend to use the terms compliance and noncompliance (instead of conformity and nonconformity). for e.g during the audit of iso 9001:2008 standards, the requirements of ISO 9001:2008 becomes the audit criteria.

9.4) Audit evidence

ISO 9000 definition:

“Records, statements of factor other information which are relevant to the audit criteria and verifiable.”
NOTE Audit evidence can be qualitative or quantitative.


Audit evidence includes records, factual statements, and other verifiable information that is related to the audit criteria being used. Audit criteria include policies, procedures, and requirements. Audit evidence can be either qualitative or quantitative. Objective evidence is information that shows or proves  that something exists or is true. Audit evidence should be identified , recorded,  documented and evaluated against audit criteria to determine audit findings.

9.5) Audit findings

ISO 9000 definition:

“Results of the evaluation of the collected audit evidence  against audit criteria.”
NOTE Audit findings can indicate either conformity or nonconformity with audit criteria or opportunities for improvement.


Audit findings result from a process that evaluates audit  evidence and compares it against audit criteria. Audit findings can show that audit criteria are being met (conformity) or that  they are not being met (nonconformity). They can also identify  best practices or improvement opportunities. Audit evidence includes records, factual statements, and other verifiable information that is related to the audit criteria being used. Audit criteria include policies, procedures, and requirements.

9.6)  Audit conclusion

ISO 9000 definition:

“Outcome of an audit provided by the audit team after consideration of the audit objectives and all audit findings “


Audit conclusions are drawn by the audit team after the audit has been completed and after audit findings and audit objectives have been considered. Audit findings result from a process that evaluates audit evidence and compares it against audit criteria.

9.7) Audit client

ISO 9000 definition:

“Organization or person requesting an audit”
NOTE The audit client may be the auditee or any other organization that has the regulatory or contractual right to request an audit.


An audit client is any person or organization that requests an audit. Internal audit clients can be either the auditee or audit program manager whereas external audit clients can include  regulators or customers or any other parties that have a legal or contractual right or obligation to carry out an audit.

9.8) Auditee

ISO 9000 definition:
“Organization  being audited.”

An auditee is an organization (or part of an organization) that is being audited. Organizations can include companies, corporations, enterprises, firms, charities, associations,and institutions. Organizations can be either incorporated or unincorporated and can be privately or publicly owned.

9.9) Auditor

ISO 9000 definition:

“Person with the demonstrated personal attributes and competence to conduct an audit.”
NOTE The relevant personal attributes for an auditor are described in ISO 19011.


An auditor is a person who is trained and tasked to  carry out audits. Auditors collect evidence in order to evaluate how well audit criteria are being met. They must be objective, impartial, independent, and competent. ISO 19011 distinguishes between internal and external auditors. Internal auditors perform first party audits while external auditors perform second and third party audits.

9.10) Audit team

ISO 9000 definition:

“One or more auditors conducting an audit, supported if needed by technical experts.”
NOTE 1 One auditor of the audit team is appointed as the audit team leader.
NOTE 2 The audit team may include auditors-in-training.


An audit team is made up of one or more auditors, one of whom is appointed to be the Lead Auditor. The audit team may also include audit trainees. When necessary, audit teams are also supported by guides and technical experts. Guides and technical experts assist auditors  but do not themselves act as auditors.
The Lead Auditor is responsible for:

  • Leading the team and deciding on allocation of audit activities
  • Communicating with the auditee to confirm audit plans
  • Monitoring the performance of auditors within the team
  • Check for adequacy any checklists and other documented preparations of the audit team members
  • Authorising the final report before being provided to the auditee
  • Managing any conflicts between auditors and auditees
  • Lead team meetings to discuss progress at regular intervals throughout the audit
  • Decide upon any non-conformances or follow-up action required based on collated findings
  • Conducting the entry and exit meetings
  • Collating the findings of each auditor involved in the audit.

All other auditors are responsible for:

  • Participate in the planning of the audit
  • Prepare for the audits
  • Submit checklists to the Lead Auditor for review of adequacy
  • Report findings and perceived non-conformances to the lead auditor within sufficient timeframes
  • Provide any information requiring follow-up actions
  • Attend and participate in team meetings to report on progress
  • Conducting audit

9.11) Technical expert

ISO 9000 definition:

“(audit) Person who provides specific knowledge or expertise to the audit team.”
NOTE 1 Specific knowledge or expertise relates to the organization, the process or activity to be audited,or language or culture.
NOTE 2 A technical expert does not act as an auditor  in the audit team.


Technical experts support audit teams by providing specific expertise or knowledge about the organization, process, or activity being audited or about the auditee’s language or culture. They do not act as auditors.Technical experts should be under the supervision of an auditor, so as to meet the audit objectives in which an audit team may need to be supplemented by.To avoid Technical Experts to associate with the concerned auditee’ s competitors from the same industrial sector by other auditee; all technical experts should be required to sign a statement on avoiding conflicts of interest and on ensuring integrity, confidentiality before participating in the audit .

9.12) Audit plan

ISO 9000 definition:

“Description of the activities and arrangements for an audit.”


An audit plan specifies how you intend to conduct a particular  audit. It describes the activities you intend to carry out in order  to achieve your audit objectives. An audit is an evidence gathering process. Audit evidence  is used to evaluate how well audit criteria are being met.Audit planning is a vital area of the audit primarily conducted at the beginning of audit process to ensure that appropriate attention is devoted to important areas, potential problems are promptly identified, work is completed expeditiously and work is properly coordinated. “Audit planning” means developing a general strategy and a detailed approach for the expected nature, timing and extent of the audit. The auditor plans to perform the audit in an efficient and timely manner.
An Audit plan is the specific guideline to be followed when conducting an audit.It helps the auditor obtain sufficient appropriate evidence for the circumstances, helps keep audit costs at a reasonable level, and helps avoid misunderstandings with the client. It addresses the specifics of what, where, who, when and how:
What are the audit objectives?
Where will the audit be done? (i.e. scope)
When will the audit(s) occur? (how long?)
Who are the auditors? How will the audit be done?

9.13)  Audit scope

ISO 9000 definition:
“Extent and boundaries of an audit.”

NOTE The audit scope generally includes a description of the physical locations,organizational units, activities and processes, as well as the time period covered.


Audit Scope refers to the activities covered by an  audit. Audit scope includes, where appropriate: audit objectives; nature and extent of auditing procedures performed; Time period audited; and related activities not audited in order to delineate the boundaries of the audit.The range of activities that are the focus of an audit. The scope includes all areas of importance in an audit.The scope of an audit is a statement that specifies the focus, extent, and boundary of a particular audit. The scope can be specified by defining the physical location of the audit, the organizational units that will be examined, the processes and activities that will be included, and the time period that will be covered.

9.14) Competence

ISO 9000 definition:

“(audit) demonstrated personal attributes and demonstrated ability to apply knowledge and skills.”


Competence means being able to apply knowledge and skill  to achieve intended results. Being competent means having the knowledge and skill that you need and knowing how to apply it. Being competent means that you know how to do your job.Competence is the ability of an individual to do a job properly. A competency is a set of defined behaviors that provide a structured guide enabling the identification, evaluation and development of the behaviors in individual employees.Some scholars see “competence” as a combination of practical and theoretical knowledge, cognitive skills, behavior and values used to improve performance; or as the state or quality of being adequately or well qualified, having the ability to perform a specific role.Competency is sometimes thought of as being shown in action in a situation and context that might be different the next time a person has to act. In emergencies, competent people may react to a situation following behaviors they have previously found to succeed. To be competent a person would need to be able to interpret the situation in the context and to have a repertoire of possible actions to take and have trained in the possible actions in the repertoire, if this is relevant. Regardless of training, competency would grow through experience and the extent of an individual to learn and adapt.

Previous- Terms related to Examination.

Next- Terms relating to Quality Management for Measurement processes

 Back to Home Page

If you need assistance contact us at:  or call Pretesh Biswas at +919923345531

[contact-form-7 404 "Not Found"]

Leave a comment

Your email address will not be published. Required fields are marked *


Pretesh Biswas

Pretesh Biswas

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,346 other subscribers

%d bloggers like this: