We have just completed a 3rd year re-accreditation audit against 9001:2008 one of the auditors observations was based upon our audit methodology, that may not determine whether the quality management system a) conforms to the planned arrangements, to the requirements of this International Standard and to the quality management system requirements established by the organization, and b) is effectively implemented and maintained. Our audit methodology is based on the the audit of ISO requirements within each business process as opposed to a person(s) (auditor) auditing a specific ISO requirement i.e. "4.2.3 Control of documents" as a separate and individual audit. Some ISO requirements such as document control will be applicable to ALL business processes while some i.e. 7.4.1 Purchasing process will only be audited during the scheduled audit for purchasing. Our external auditor view is that we should be auditing each specific ISO requirement as an individual audit. Any suggestions on the best approach?