Each individual audit should be based on documented audit objectives, scope and criteria. These should be defined by the person managing the audit programme and be consistent with the overall audit programme objectives.
The audit objectives define what is to be accomplished by the individual audit and may include the following:
- determination of the extent of conformity of the management system to be audited, or parts of it, with audit criteria;
- determination of the extent of conformity of activities, processes and products with the requirements and procedures of the management system;
- evaluation of the capability of the management system to ensure compliance with legal and contractual requirements and other requirements to which the organization is committed;
- evaluation of the effectiveness of the management system in meeting its specified objectives;
- identification of areas for potential improvement of the management system.
The audit scope should be consistent with the audit programme and audit objectives. It includes such factor as physical locations, organizational units, activities and processes to be audited, as well as the time period covered by the audit.
The audit criteria are used as a reference against which conformity is determined and may include applicable policies, procedures, standards, legal requirements, management system requirements, contractual requirements, sector codes of conduct or other planned arrangements.
In the event of any changes to the audit objectives, scope or criteria, the audit programme should be modified if necessary.
When two or more management systems of different disciplines are audited together (a combined audit), it is important that the audit objectives, scope and criteria are consistent with the objectives of the relevant audit programmes.
THIS NEEDS TO BE INTERPRETED FOR ISO 20121