According to ISO 19011:2018, clause 3.2, audit criteria are a set of policies, procedures or requirements used as a reference against which objective evidence is compared. Audit criteria are usually selected by the audit client or by agreement between the audit client and the auditee, and they should be appropriate for the audit scope and objectives1. Audit criteria may include, but are not limited to, the following sources2:
•ISO management system standards, such as ISO 9001, ISO 14001, ISO 45001, etc.
•Verbal statements by the general manager or other top management, as long as they are consistent with the documented policies and objectives of the organisation
•Verbal agreements with interested parties, such as customers, suppliers, regulators, etc., as long as they are documented and approved by the relevant authorities
•Health and safety notices, such as posters, signs, labels, etc., that communicate the organisation’s legal obligations, policies, or procedures
•Written agreements with interested parties, such as contracts, orders, specifications, etc., that define the requirements and expectations of the parties involved
•Organisation’s documented information, such as policies, procedures, manuals, records, etc., that describe the organisation’s management system and its processes
•Commitment to follow principles issued by an NGO, such as the United Nations Global Compact, the International Labour Organization, etc., as long as they are relevant to the organisation’s context and objectives
•Environmental aspects register, such as a list of the environmental impacts and risks associated with the organisation’s activities, products, and services
Therefore, the two options that are not potential audit criteria are F and H, as they are not reliable or verifiable sources of information, and they may not reflect the actual performance or conformity of the organisation’s management system. Commercial advertisements and claims made on the organisation’s website are forms of marketing communication that may be exaggerated, misleading, or inaccurate, and they are not subject to the same level of scrutiny or approval as the other sources of audit criteria.
[References: ISO 19011:2018(en), Guidelines for auditing management systems, What are audit criteria? - ISO Update, , , , ]
