8.2.2 Internal Audit Checklist - Is an Audit Report Required?

  • Thread starter TiffanyMartinez
  • Start date
T

TiffanyMartinez

#1
Hello!

This is my first time posting and am so thankful for stumbling across this forum!

I have a question about the internal audit checklist. I have searched countless threads but just need to double check: for an internal audit checklist, does it have to be something as detailed as the checklist attached that I often come across, or can it be general statements/questions that are specific to our processes? I am a bit confused on the requirements of how a checklist should be set up.

Also, is it required to have an internal audit report along with the checklist?

Thank you for your help!
 

Attachments

Elsmar Forum Sponsor
#2
First of all, you need to update your checklist as 9001:2000 was withdrawn in 2008.

The current standard is 9001:2008

Checkists can have as much or as little detail as you wish, but if you want to show you fulfil the requirements of a standard, each clause needs to be justified.
 

somashekar

Leader
Admin
#3
Hello!

This is my first time posting and am so thankful for stumbling across this forum!

I have a question about the internal audit checklist. I have searched countless threads but just need to double check: for an internal audit checklist, does it have to be something as detailed as the checklist attached that I often come across, or can it be general statements/questions that are specific to our processes? I am a bit confused on the requirements of how a checklist should be set up.

Also, is it required to have an internal audit report along with the checklist?

Thank you for your help!
Welcome to the COVE Tiffany ~~~
Generic checklist as generic guidelines.
Based on these, statements/questions that are specific to your processes must be constructed. The whole premise of this is around your questioning of the PLANing, DOing, CHECKing and ACTing upon the findings of the check., at the process you audit by effective sampling. Also see, seek and record the effectiveness of the audited process in relation to its other process interactions.
Since internal audit is a planned activity, following can be your internal audit records.
The audit plan, The audit report (questions and responses, along with objective evidences or references to them), The audit findings if any (popularly as we all call it,the NC) .... further the correction / corrective action on the audit findings and its effectiveness.
Do not get stuck with checklist / canned checklists. Instead make your own checklist and as you audit, try going beyond the checklist.
I hope I have been able to help you to some extent.
 
#4
Hello!

This is my first time posting and am so thankful for stumbling across this forum!

I have a question about the internal audit checklist. I have searched countless threads but just need to double check: for an internal audit checklist, does it have to be something as detailed as the checklist attached that I often come across, or can it be general statements/questions that are specific to our processes? I am a bit confused on the requirements of how a checklist should be set up.

Also, is it required to have an internal audit report along with the checklist?

Thank you for your help!
Hi Tiffany and welcome.

Think of checklists as a bit like a shopping list for a dinner party you're throwing. The dinner party is like the "scope" of the audit. Unlike what you might be told, you don't need to worry about "ISO". The scope is likely to be a part of your QMS, first and foremost.

Use it to remind you want to get at the various stores (grocery, party etc) you need to visit. Some stuff you'll write down a simple description: "onions", others will be more specific "1/2 lb Vermont cheddar cheese"

Then once you use your list to do the audit, you are going to write a report on the result - like writing a report on how the dinner party went (well, almost) - mainly from the point of view of the partyers not too detailed (not "I drove to the stores at 30mph...")

Does that help?
 
P

PaulJSmith

#5
Hi, Tiffany, and welcome to The Cove!

If you re-read clause 8.2.2 Internal audit, you'll find that there is no requirement to use any Checklist. Is it a good idea? Absolutely, and for all the reasons already listed in the above responses.

You will also note that the standard does required a documented procedure which defines, among other things, "establishing records and reporting results." How you do that, however, is up to you and your system.
 
W

Wilderness Woody

#6
Hello!

This is my first time posting and am so thankful for stumbling across this forum!

I have a question about the internal audit checklist. I have searched countless threads but just need to double check: for an internal audit checklist, does it have to be something as detailed as the checklist attached that I often come across, or can it be general statements/questions that are specific to our processes? I am a bit confused on the requirements of how a checklist should be set up.

Also, is it required to have an internal audit report along with the checklist?

Thank you for your help!
Rather than asking "is it required to have an internal audit report along with the checklist?", you should be asking "is it required that I have a checklist with the audit report?"... the answer is no. You do need to document the results of your audit, but you do not need to use or include a checklist. You MAY choose to for convenience sake for the benefit of the process owners and management.

The 25 page example you attached is rather long (regurgitating the clauses) and at the same time lacking in detailed questions that you would want to tailor to your specific needs.

My experience has been to create checklists for procedures as training tools and guides to coach inexperienced auditors and to provide specific feedback to process owners. While they may be included in audit summary reports, it tends to not be very useful when compliance is well in hand since most of the responses are within expected ranges.

Audit preparation allows you to set the scope of the audit and probe around to find strengths and weaknesses before you go out and interview staff. Checklists should be written as a prompting aid to cover all the bases that you planned to. Make sure to use open-ended questions and plenty of *show me* activities along with the Who, What, Where, When, How and Why questions.
:2cents:
 
#7
Certification body auditors quit using a checklist back around early 2005.

What you attached is referred to as an element based checklist. It was simply a restatement of the standard, one shall at a time.

One of the problems with that sort of a checklist is that it tends to cause you to focus on the minutia. It is like putting a leaf under the microscope and forgetting that the leaf belongs to a tree and that there are several trees in the forest. In other words, there is a tendency to loose the big picture.

Certification body auditors now audit by auditing your processes. He determines what your processes are be looking at the description of the interaction of processes in the quality manual (one of the required items to be in the quality manual). He sets up an audit plan based on those processes.

Every organization has their own unique set of processes, but a typical set might be: Sales, Purchasing, Production Planning, Production, Shipping/Receiving/Warehouse, and Management Support.

Next he determines which elements of the standard apply to to each process.

Using an Audit Working Document, he then audits each process.

Using an element based checklist for internal audits has the same limitations. There is no requirement for internal audits to be process based, but it is strongly encouraged.

You can develop your own checklists if you desire them, and still use the process approach. You can come up with your own questions. You can select some of the questions from the old fashioned element based checklist and arrange them according to the processes. You can create some questions based on your written procedures. Skilled auditors don't need a checklist, but less experienced ones find comfort with them. It can provide structure to the audit.

The reason that you could only find an ISO 9001:2000 checklist is that certification bodies had moved away from them before ISO 9001:2008 came out.

Whatever you do with it, best of luck.
 
Thread starter Similar threads Forum Replies Date
B Internal audit checklist Internal Auditing 5
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 8
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
N Comprehensive Compliance Matrix for Internal Audit Checklist Other Medical Device Regulations World-Wide 1
S Internal Audit Checklist for Application/Software development IEC 27001 - Information Security Management Systems (ISMS) 1
Ashland78 IATF 16949 Internal Audit Checklist Manufacturing and Related Processes 11
R AS 9100D internal audit checklist AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
K SOW Internal Audit Checklist Internal Auditing 1
dubrizo Internal Audit Value - What is the point of conducting internal audits to a checklist Internal Auditing 40
M Internal Audit checklist as per API Q1 ninth edition wanted ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
D Internal Audit Checklist for the latest ISO/TS 16949 standard IATF 16949 - Automotive Quality Systems Standard 11
C API Q1 9th Edition Internal Audit Checklist /Report Oil and Gas Industry Standards and Regulations 22
C ISO 27001:2013 ISMS Internal Audit Checklist/Questionnaire IEC 27001 - Information Security Management Systems (ISMS) 35
M IMS - Integrated ISO9001, ISO14001 & OHSAS 18001 Internal Audit Checklist Internal Auditing 3
A Is an Internal Audit Checklist required for TS16949? IATF 16949 - Automotive Quality Systems Standard 4
T Questions about an Internal Audit Checklist for our QMS Internal Auditing 41
S Internal Audit - Documentation Checklist Internal Auditing 13
M Risk Management (ISO 14971:2007) Internal Audit Checklist ISO 14971 - Medical Device Risk Management 7
L Request APQP Process Internal Audit checklist APQP and PPAP 2
P Japanese Pharmaceutical Affairs Law (JPAL) Internal Audit Checklist Quality Manager and Management Related Issues 4
G ISO 9001 Internal Audit Checklist ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
J ISO 9001 Checklist Type Internal Audit Forms? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
S Checklist for ISO 27001 ISMS Internal Audit IEC 27001 - Information Security Management Systems (ISMS) 3
B Checklist Standard for Internal Audit wanted Document Control Systems, Procedures, Forms and Templates 5
F Airport Internal Audit Checklist (Cleaning, Project Process, Maintenance, etc) Internal Auditing 3
B Can I use Internal Audit Checklist to do Process Audit? Process Audits and Layered Process Audits 9
G ISO14001 & OHSAS18001 Internal Audit Checklist ISO 14001:2015 Specific Discussions 2
D ISO TS 29001 (Petroleum Petrochemical Natural Gas) - Internal Audit Checklist example Other ISO and International Standards and European Regulations 3
GStough Internal Audit Checklist as a Controlled Document - Pros and Cons Internal Auditing 19
L Written Supervisory Procedures - Internal Audit Checklist Questions Internal Auditing 2
R Process Internal Audit Checklist for Service Organizations wanted ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
K ISO 28000 Internal Audit Checklist wanted Supply Chain Security Management Systems 11
O Internal Audit of Customer Specific Requirements Checklist - Where to start? Internal Auditing 9
A ISO 27001:2005 ISMS Internal Audit Checklist/Questionnaire IEC 27001 - Information Security Management Systems (ISMS) 14
P Internal ISO 9001 Audit - Process Audit Checklist Internal Auditing 31
B Internal Audit Checklist fo ISO 9001 Internal Auditing 1
E EASA Part 21 Internal Audit Checklist EASA and JAA Aviation Standards and Requirements 1
I ISO 20000 Checklist for Gap Analysis and Internal Audit Other ISO and International Standards and European Regulations 2
N All-or-Nothing Rating System - Internal Audit Checklist - ISO 9001 Internal Auditing 5
F Composite AutoClave Internal Audit Checklist - needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
S Internal Audit Checklist or a Protocol Guide wanted ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
N Question for internal audit (checklist) of all sections Training - Internal, External, Online and Distance Learning 8
E Internal audit checklist for beginner auditors Internal Auditing 3
Q MSA (Measurement Systems Analysis) Internal Audit checklist vs. TS 16949 Internal Auditing 4
N Internal Audit Questionaires - Checklist that is outside the box ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 40
M Does Anybody have an ISO 22000 internal audit checklist for sharing? Internal Auditing 11
S ISO 9001: 2000 - Internal Audit Checklist for Software Projects Internal Auditing 9

Similar threads

Top Bottom