ISO 10011-1 1990 Audit Standard in Plain English

Guidelines for Planning and Performing Quality Audits

Also check out our Plain English ISO Audit Programs

ISO 10011-1: 1990

Quality audit objectives 

• Quality audits are intended to achieve 
  the following kinds of objectives:

  • To determine to what extent your quality system:

    • Achieves its objectives. 

    • Conforms to your requirements. 

    • Complies with regulatory requirements. 

    • Meets customers' contractual requirements. 

    • Conforms to a recognized quality standard. 

  • To improve the efficiency and effectiveness
    of your quality management system. 

  • To list your quality system in
    registry of an independent agency. 

  • To verify that your quality system
    continues to meet requirements.

ISO 10011-1: 1990

Professional conduct 

• Auditors must behave in a professional manner. Auditors must:

  • Have integrity and be independent and objective. 

  • Have the authority they need to do a proper job. 

  • Avoid compromising the audit by discussing 
    audit details with auditees during the audit.

ISO 10011-1: 1990

The lead auditor's job 

• A lead auditor's job is to:

  • Manage the audit. 

  • Assign audit tasks. 

  • Help select auditors. 

  • Orient the audit team. 

  • Prepare the audit plan. 

  • Define auditor qualifications. 

  • Clarify quality audit requirements. 

  • Communicate audit requirements. 

  • Prepare audit forms and checklists. 

  • Review quality system documents. 

  • Report major nonconformities immediately. 

  • Interact with auditee's management and staff. 

  • Prepare, submit, and discuss audit reports.

ISO 10011-1: 1990

Auditor's job 

• An auditor's job is to:

  • Evaluate the quality system.

  • Carry out assigned audit tasks. 

  • Comply with audit requirements. 

  • Respect all confidentiality requirements. 

  • Collect evidence about the quality system. 

  • Document audit observations and conclusions. 

  • Safeguard audit documents, records, and reports. 

  • Determine whether quality policy is being applied.

  • Find out if the quality objectives are being achieved.

  • See whether quality procedures are being followed.

  • Detect evidence that might invalidate audit results. 

ISO 10011-1: 1990

Client's job 

• A client's job is to:

  • Initiate the audit process.

  • Select the auditor organization. 

  • Decide whether an audit needs to be done. 

  • Define the purpose and scope of the audit. 

  • Ensure that audit resources are adequate. 

  • Determine how often audits must be done. 

  • Specify which follow-up actions
    the auditee should take. 

  • Indicate which standards should
    be used to evaluate compliance. 

  • Select the elements, activities, and
    locations that must be audited. 

  • Ensure enough evidence is collected
    to draw valid conclusions. 

  • Receive and review the
    reports prepared by auditors.

NOTE: A " client" is the organization that asked for the audit. The client 
could be an auditee, a customer, a regulatory body, or a registrar.

ISO 10011-1: 1990

Auditee's job 

• An auditee's job is to:

  • Explain the nature, purpose, and
    scope of the audit to employees. 

  • Appoint employees to accompany
    and assist the auditors. 

  • Ensure that all personnel cooperate
    fully with the audit team. 

  • Provide the resources the audit
    team needs to do the audit. 

  • Allow auditors to examine all
    documents, records, and facilities. 

  • Correct and prevent problems
    that were identified by the audit.

NOTE: An " auditee" is the organization being 
audited or a member of that organization.

ISO 10011-1: 1990

When to do an audit 

• A client may initiate an audit because:

  • A regulatory agency requires an audit. 

  • A previous audit indicated that
    a follow-up audit was necessary. 

  • An auditee has made important changes in:

    • Policies or procedures.

    • Technologies or techniques.

    • Management or organization. 

• An auditee may carry out audits on a regular basis to improve 
  quality system performance or to achieve business objectives.

ISO 10011-1: 1990

Prepare an audit plan 

• The auditor should begin planning the audit by reviewing documents (e.g. manuals) that both describe the quality system and explain how it is attempting to meet quality requirements.

  • If this preliminary review shows that the quality system is
    inadequate, the audit process should be suspended until 
    this inadequacy is resolved.

• Prepare an audit plan. The plan should be prepared by the lead
  auditor and approved by the client before the audit begins. The 
  audit plan should:

  • Define the objectives and scope of the audit. 

  • Explain how long each phase of the audit will take. 

  • Specify where and when the audit will be carried out. 

  • Introduce the lead auditor and his team members.

  • Identify the quality elements that will be audited.

  • Identify the groups and areas that will be audited.

  • List the documents and records that will be studied. 

  • List the people who are responsible for quality and 
    whose areas and functions will be audited.

  • Explain when meetings will be held with 
    auditee's senior management. 

  • Clarify who will get the final audit 
    report and when it will be ready.

ISO 10011-1: 1990

Perform the quality audit 

• Start the quality audit. Start the audit by having an opening meeting with the auditee's senior management. This meeting should:

  • Introduce the audit team.

  • Clarify scope, objectives, and schedule. 

  • Explain how the audit will be carried out. 

  • Confirm that the auditee is ready
    to support the audit process. 

• Prepare audit working papers.

  • Prepare checklists (use to evaluate
    quality management system elements). 

  • Prepare forms (use to record
    observations and collect evidence). 

• Collect evidence by:

  • Interviewing personnel. 

  • Reading documents. 

  • Reviewing manuals. 

  • Studying records.

  • Reading reports.

  • Scanning files.

  • Analyzing data. 

  • Observing activities. 

  • Examining conditions. 

• Confirm interview evidence. Evidence collected
  through interviews should, whenever possible,
  be confirmed by more objective means. 

• Investigate clues. Clues that point to possible
  quality management system nonconformities
  should be thoroughly and completely investigated. 

• Document observations. Auditors must study the
  evidence and document their observations. 

• List nonconformities. Auditors must study their observations
  and make a list of key nonconformities. They must ensure that nonconformities are:

  • Supported by the evidence. 

  • Cross-referenced to the standards that are being violated. 

• Draw conclusions. Auditors must draw conclusions about how 
  well the quality system is applying its policies and achieving 
  its objectives. 

• Discuss results. Auditors should discuss evidence, observations,
  conclusions, recommendations, and nonconformities with auditee
  senior managers before they prepare a final audit report. 

ISO 10011-1: 1990

Prepare the audit report 

• Prepare the final audit report. The audit report should be dated 
  and signed by the lead auditor. This report should include:

  • The detailed audit plan. 

  • A review of the evidence that was collected.

  • A discussion of the conclusions that were drawn. 

  • A list of the nonconformities that were identified.

  • A judgment about how well the quality system 
    complies with all quality system requirements. 

  • An assessment of the quality system's ability to achieve 
    quality objectives and apply the quality system policy. 

• Submit the audit report. The lead auditor should send the audit 
  report to the client, and the client should send it to the auditee.

ISO 10011-1: 1990

Follow-up steps 

• Take remedial actions. The auditee is expected to take whatever
  actions are necessary to correct or prevent nonconformities. 

• Schedule follow-up audit. Follow-up audits should be scheduled in
  order to verify that corrective and preventive actions were taken.

ISO 10011-1: 1990

Disclaimer and Limitation of Liability

The publisher and authors have used their best efforts in designing and developing this electronic publication. We make no representation or warranties with respect to accuracy or completeness of the contents of this publication and specifically disclaim any implied warranties or merchantability or fitness for any particular purpose and shall in no event be liable for any loss of profit or any other commercial damage, including but not limited to special, incidental, consequential, or other damages.

Legal Restrictions on the Use of this Page

Thank you for visiting this page. You are, of course, welcome to view our material as often as you wish, free of charge. And as long as you keep intact all copyright notices, you are also welcome to print or make one copy of this page for your own personal, noncommercial, home use.  But, you are not legally authorized to print or produce additional copies.