What exactly are Audit Criteria and Audit Objectives?
Creating objectives and criteria is critical for the audit. These
elements define the audit's purpose, or what the organization will be tested
against. Your audit will lack authority, a goal, and unambiguous conclusions if
these are not clearly defined.
Audit criteria.
The audit criteria are simply the standards that are going
to be auditing against. For example, ISO 9001 or ISO 27001. Audit criteria
defined by the audit client and certification body. As an auditor, you should
be competent about the standards you will be auditing against. If you are
unfamiliar with your audit team, ensure that the members are also competent
about the standards they will be auditing.
Not every member of the team needs to be competent in every
standard when conducting combined audits that cover multiple standards. For
example, you can have one auditor competent in ISO 9001 and another auditor
competent in ISO 14001. Even as a lead auditor, you only need competency in one
of the standards.
Audit objectives.
Audit objectives describe what the audit aim to achieve. Audit objectives include determine as follows:
- How will the organization meet the requirements of the management system standards you are auditing against. For example, if it is meeting the requirements of ISO 14001.
- How will the organization's own management system be implemented? For example, the organization will have developed its own procedures in order to meet ISO 9001, but are those procedures being followed?
- How will the management system ensure compliance with the organization's compliance obligations? For example, it will have identified compliance obligations such as legal requirements through ISO 27001 processes, but is it in compliance with its legal requirements?
- How effective is the management system in meeting its objectives? For example, the organization may have established objectives as part of its ISO 9001 system, but are they met or missed?
- Whether there are areas for potential improvement of the management system. For example, are there opportunities to improve training so that staff are more competent.
Example of audit objectives.
The audit objectives are to confirm that management programs
are being implemented in accordance with the audit criteria and to deliver:
- Control of risk
- Understanding level of compliance with identified compliance and obligation
- Ongoing improvement in performance
The certification body will define a set of audit objectives
that you can use without modification. However, it is useful to understand the
purpose of the audit objectives. The audit objectives can be thought of as the
"why" of the audit.