How to audit the requirement “4.3 – Determining the scope of the quality management system” in ISO 9001:2015

Understand the importance of 4.3 – Determining the scope of the quality management system in ISO 9001:2015 and some important tips at the time of implementation.

Many auditors underestimate the importance of the requirement “4.3 – Determining the scope of the quality management system”, especially when it comes to internal auditing. In the latter case, it is very common for the auditor to just “check”, noting what the scope is, that is, he does not analyze to understand if the scope really matches the management system.

However, if you analyze it correctly, you will see that scope is critical to the audit, whether internal or external. I say this because the scope of the management system will define what should or should not be audited. Thus, everything in it must adhere to the good practices described in the standard (in the case of this article, in ISO 9001:2015).


An example of poor definition of the scope of the quality management system

For example, a company that provides security and building cleaning services. An outsourcing company specializing in condominiums and with projects all over the country.

In the scope, in addition to the services mentioned above, the company had also included “Building Maintenance”. Something very smart from a business point of view, since it was already in the market, and this is one of the needs of its customers. Until then, so good.

The problem is that during the audit, no processes aimed at this type of “Maintenance” service were found. Digging a little deeper, we understood that this was actually a strategic objective of the company, which was being implemented.

Although procedures were already being developed, services were not yet provided. Thus, obviously, it is not possible to ascertain whether the good practices of the quality management system were in effect in this part of the scope (since it did not exist yet).

Thus, the company was told that it would not be possible to audit this item and it was requested to remove it from the scope of the current management system.

Can a company have a Qualitative scope?

Another common case is the occurrence of qualitative scopes, that is, that somehow qualify the company or the product/service offered. However, under the international compliance system, this is prohibited. Thus, no certifier can attest to this type of scope.

For example, imagine a company that produces “office chairs”. Could this company have in its scope: “We produce the best office chairs in Brazil”? The answer is: it cannot!

This is because, first, auditors are not in the company to assess product quality. We will not do product tests, we do not carry out tests and so on. We evaluate the Quality Management System. We verify that this system contains good practices that are necessary for ISO 9001:2015 certification (or any other standard).

Furthermore, the quality of a product (now speaking qualitatively) varies according to what the customer expects from it. So, quality will be meeting the requirements of each client, and not something generalized as in the example I gave.


Are there differences in scope for internal or external audit?

The understanding of the item will be the same for internal or external auditors. The way to audit is the same.

What should be highlighted is that it is very important that problems in the scope of the quality management system are identified by the internal auditor. I say this because if these errors are only seen in the external certification audit, it will be necessary to change the scope, change the documentation. And that, of course, in addition to being a non-compliance, will slow down the process a little bit.

For the external auditor, it is worth remembering that this item will, in a way, direct their eyes throughout the audit. It is the scope that helps determine what will be audited and, thus, which processes need to adhere to the audited standard. In our case (ISO 9001:2015), for example, if a process affects the quality management system, it must be audited even if it is not in scope. And that makes all the difference.


Pay due attention to the Scope of the quality management system

This was today’s article, hope it helps you to audit better! As we said, this is an item somewhat “forgotten” by professionals, but it is very important for the progress of the audit.

For companies, it is also very important, as a well-defined scope helps to direct efforts and focus on what really matters. So, knowing how to audit this requirement is essential for any Lead Auditor!

QMS Certification

QMS Certification

QMS is an accredited third party certification body, it is currently present in 33 countries and focuses on the certification of management systems. QMS America is managed by the US office and has consistently grown in market recognition by technical level, customer satisfaction and competitive pricing.

Join the newsletter!

Subscribe to get latest content by email.

External Audits

Possible Challenges of External Audits (3rd Party Audits)

We are well aware that many of the challenges of external audits (3rd party audits) lead to a certain unease among professionals. This is because the audit is a serious and sensitive moment, aiming to assess process conformity and relating to the company’s certification.

The Importance of Management Systems in Achieving Results

The Importance of Management Systems in Achieving Results

Discover the secrets of business success! Understand the importance of management systems in achieving business results and reach the next level! Management systems (MSs) are, in summary, predefined organizational structures. They help build and manage a company’s processes, activities, and operations in the most effective and efficient

3 Risk Analysis Tools

3 Risk Analysis Tools

The use of risk analysis tools is of utmost importance for companies and organizations in various sectors. These tools, known as risk analysis tools, enable the identification, assessment, and management of risks associated with activities, projects, and processes, ensuring a proactive approach to mitigating potential negative impacts.

Scroll to Top