TC/22/02
Proposed
IAF Guidance on Accreditation Body Witnessing of Certification/Registration Body
Audits, and Witnessed Audit Report
Charter: To develop specific guidance on the content of a witness audit report by a
witnessing accreditation body that would provide another accreditation body the
reasonable evidence of conformance with accreditation requirements and confidence in
the competence of the witnessed CRB so that the receiving accreditation body may grant
accreditation (or extension of a scope category) to the CRB without requiring additional
witnessing of an audit. The charter of this project was to also state the purpose of
witnessing audits, and the justification for each required element of the witness audit
report.
Undertaking this project, the project team first reviewed existing requirements as stated
in ISO/IEC Guide 61: 1996 and IAF Guidance.
ISO/IEC Guide 61: 1996, Clause 3.3.2, states that “…an accreditation body shall witness
fully the on-site activities of one or more assessments or audits conducted by an applicant
body before an initial accreditation is granted for any function requiring on-site activity
by the applicant.”
IAF Guidance on the Application of ISO/IEC Guide 61: 1996, has five clauses related to
witness audits: Clause G.3.3.2, G.3.3.3, G.3.5.9, G.3.5.10, and G.3.5.11
G.3.3.2 states, “The accreditation body shall require the [certification/registration] body
subject to the accreditation assessment to conform to the decision of the accreditation
assessment team as to the assessors of the applicant body (chosen from those the
applicant body deems competent in a particular scope sector) it wishes to see in action.”
G.3.3.3 states, “In witnessing the on-site activities of the applicant body, as required by
clause 3.3.2 of ISO/IEC Guide 61, the accreditation body should if possible witness at
least one initial assessment or a re-assessment. If it is not possible to witness an initial
assessment or re-assessment then a minimum of two surveillance assessments should be
witnessed, in which case the witnessed surveillance should cover key requirements of the
assessment standard including at least process control and, where applicable, design and
development.”
G.3.5.9 states, “The accreditation body should define the basis on which it evaluates
performance and utilized witness audits. The extent and character of the witnessing
should be based on the number and complexity of the accredited scope categories, taking
into account the volume of relevant business and any other significant factors.”
G.3.5.10 states, “Accreditation bodies shall evaluate the performance of
certification/registration body audit teams on a regular basis, in order to evaluate the
continued effectiveness of the certification/registration body’s audit program
TC/22/02
management. This can be done through a combination of techniques, such as witnessing,
analysis of client feedback, post-audit reviews, auditor interviews, auditee interviews.”
G.3.5.11 states, “Witnessing is a required part of the surveillance program, although not
necessarily at every surveillance. The extent and character of the witnessing should be
based on the number and complexity of the accredited scope categories, taking into
account the historical data, organizational changes and any other relevant factors.
Accreditation bodies shall develop a program of full and partial witness audits in order to
develop and maintain confidence in the performance of certification/registration bodies.
The accreditation body shall define a program of full or partial observation that enables
the accreditation body to assess the planning, management and conduct of
certification/registration audits.”
ISO/IEC Guide 61: 1996, Section 3.4 states the requirements for the assessment report,
which “…shall contain as a minimum
1) the date(s) of the audit(s),
2) the name(s) of the person(s) responsible for the report,
3) the names and addresses of all sites audited,
4) the assessed scope of accreditation or reference thereto,
5) comments on the conformity of the applicant body with the accreditation
requirements and, where applicable, any useful comparisons with the results of
previous assessments of the body,
6) an explanation of any differences from the information presented to the body at
the closing meeting…
report shall take into consideration
a) the qualification, experience and authority of the staff encountered;
b) the adequacy of the internal organization and procedures adopted by the
body to give confidence in the quality of its services;
c) the actions taken to correct identified nonconformities including, where
applicable, those identified at previous assessments.”
IAF Guidance on the Application of ISO/IEC Guide 61: 1996 has five clauses related to
accreditation assessment reports of audits: G.3.4.1, G.3.4.2, G.3.4.3, G.3.4.4, and
G.3.5.8.
G.3.4.1 states, “Clause 3.4.1 b) of ISO/IEC Guide 61 requires more than a generic
summary statement. The report of findings provided to the accreditation body shall be of
sufficient detail to facilitate and support an accreditation decision and should include:
 Areas covered by the assessment (e.g. areas of the accreditation requirements and
locations/units/departments/processes of the certification/registration body subject
to assessment) including significant audit trails followed;
 Observations made, both positive and negative (e.g. noteworthy features) and
negative (e.g. potential non-conformities);
 Report (details) of any nonconformities identified supported by objective
evidence.
TC/22/02
Completed questionnaires/checklists/observation logs/assessor notes might form an
integral part of the report that covers the above. If these methods are used, these
documents shall be submitted to the accreditation body as evidence to support the
accreditation decision.
G.3.4.2 states, “The first element of clause 3.4.1.e5) ISO/IEC Guide 61 requires the
report to contain comments on the conformity of the applicant body with accreditation
requirements. This can be satisfied by a brief ‘written’ statement summarizing the
overall findings (conclusion) of the assessment and a statement of the judgement as to the
body’s capability of systematically meeting the requirements.
G.3.4.3 states, “The final element of clause 3.4.1.e5)…results of previous
assessments…does not apply to initial assessments…”
G.3.4.4 states, “In addition to the requirements for reporting in clause 3.4.1e)…this
information should cover:…
 A summary of the most important observations, positive as well as negative,
regarding the implementation and effectiveness of the applicants’s procedures and
system,
 The conclusions reached by the audit team.”
G.3.5.8 states, “…reports of surveillance and reassessment visits should contain a report
on the clearing of each nonconformity revealed previously.”
Conclusions.
Witnessing audits of CRB audit teams is a requirement for accreditation (ISO/IEC Guide
61: 1996, Clause 3.3.2)
The purpose of witness audits is the same as any audits of a CRB, which is “…to give
confidence in the certifications or registrations of the body.” (ISO/IEC Guide 61: 1996,
Clause 3.2.5).
This is reinforced by current IAF Guidance:
 “Accreditation bodies shall evaluate the performance of certification/registration
body audit teams on a regular basis, in order to evaluate the continued
effectiveness of the certification/registration body’s audit program management.
(G.3.5.10)
 “…Accreditation bodies shall develop a program of full and partial witness audits
in order to develop and maintain confidence in the performance of
certification/registration bodies…(G.3.5.11)
The following is suggested as additional IAF guidance to Clause 3.3 of ISO/IEC Guide
61: 1996:
G.3.3.3. The purpose of a witness audit is to confirm that a CRB’s audit team conducted
an effective audit and made an appropriate recommendation for registration based on a
TC/22/02
determination that the audited organization was substantially in conformance with the
requirements of the management systems standard.
It is not possible for an accreditation body to determine, solely from a review of a file of
the registrar’s client, if the registrar’s audit team satisfactorily pursued audit trails to
obtain the audit evidence to confirm substantial conformance with the management
system standard; and it is not a reasonable expectation that a CRB’s audit report will have
full documentation of the questions, answers, audit trails, and observed audit evidence.
Therefore, it is necessary for an accreditation body audit team to observe a CRB audit
team conducting an audit; to confirm effective audit planning, and to observe audit
technique, attributes and demonstrated knowledge, in order for the accreditation body to
gain confidence in the effectiveness of the CRB’s audit program management.
The following is suggested as additional definition for IAF guidance to ISO/IEC Guide
61: 1996:
Witness audit report: The report by an accreditation body of observing a CRB’s audit
team conducting a certification/registration audit of one of the CRB’s clients.
The following is suggested as additional IAF guidance for Clause 3.4 of ISO/IEC Guide
61: 1996:
G.3.4.5. The witness audit report shall include, in addition to the audit report
requirements of ISO/IEC Guide 61 and related IAF guidance, as a minimum:
1. the name of the CRB being witnessed,
2. the date(s) of the accreditation witness audit,
3. the name, qualification, and role of each member of the AB’s audit team,
including industry experts, translators and observers,
4. the name, qualification, and role of each member of the CRB’s audit team,
including industry experts, translators and observers,
5. a copy of the CRB’s audit report for the witnessed facility,
6. the scope and a description of the activities of the witnessed facility (if not
included in the CRB’s audit report),
7. the CRB’s audit plan showing what elements were audited (if not included in the
CRB’s audit report)
8. the AB audit team’s comments on the adequacy of the audit preparation and
planning by the CRB audit team,
9. the AB audit team’s comments on the impartiality and competence of the CRB’s
audit team,
10. the AB audit team’s agreement or disagreement with the
recommendation/conclusion of the CRB audit team related to
certification/registration of the witnessed facility, and
11. the AB audit team’s comments on the CRB’s audit report
TC/22/02
12. records about nonconformities the AB audit team had about the CRB’s audit
team, and the subsequent correction and corrective action and disposition of the
nonconformities.
Note: Some of the items 1-12 may not be a part of the AB’s report, but should be
information the AB has on file.
Justification for the additional requirements for a witness audit report:
1. For an AB (to be known as a “Receiving AB”) to accept a witness audit report by
another AB (to be known as the “Originating AB”), the receiving AB must have
reasonable information about the originating AB’s audit team.
2. For a receiving AB to accept the witness audit report of the originating AB for a
sensitive industry sector, it will need reasonable information about the
qualifications of the CRB’s audit team as well as the professional judgement by
the originating AB audit team of the CRB audit team’s competence.
3. The receiving AB needs the copy of the CRB’s audit report in order to have
sufficient information about audited organization, and the scope of the audit by
the CRB, in order for the receiving AB to determine that this audit satisfies the
receiving AB’s criteria, especially for a sensitive industry sector.