Must the auditor review all the records that the auditee has?

The assertion that it is false that an auditor must review all records that the auditee has is correct because auditors typically focus on a representative sample of records rather than examining every document in detail. The purpose of an audit is to provide an overall assessment of the effectiveness and compliance of the quality management system, rather than to scrutinize every individual record.

Auditors select specific records based on factors such as risk assessment, past audit findings, and areas of concern within the quality management system. This targeted approach allows auditors to gather sufficient evidence to form a conclusion about the QMS without unnecessarily sifting through potentially extensive documentation.

In addition, the scope and objectives of the audit also play a crucial role in determining which records are reviewed. For instance, a more focused audit on a specific process might lead auditors to review only records related to that process, rather than the entire suite of records maintained by the auditee. Thus, a comprehensive review of all records is neither required nor practical within the framework of most audits.