8.2.2 Internal Audit Checklist - Is an Audit Report Required?

  • Thread starter TiffanyMartinez
  • Start date
T

TiffanyMartinez

Hello!

This is my first time posting and am so thankful for stumbling across this forum!

I have a question about the internal audit checklist. I have searched countless threads but just need to double check: for an internal audit checklist, does it have to be something as detailed as the checklist attached that I often come across, or can it be general statements/questions that are specific to our processes? I am a bit confused on the requirements of how a checklist should be set up.

Also, is it required to have an internal audit report along with the checklist?

Thank you for your help!
 

Attachments

  • Audit Checklist - Generic ISO 9001-2000.doc
    287.5 KB · Views: 1,003
J0anne

J0anne

Joanne
First of all, you need to update your checklist as 9001:2000 was withdrawn in 2008.

The current standard is 9001:2008

Checkists can have as much or as little detail as you wish, but if you want to show you fulfil the requirements of a standard, each clause needs to be justified.
 
somashekar

somashekar

Leader
Admin
TiffanyMartinez said:
Hello!

This is my first time posting and am so thankful for stumbling across this forum!

I have a question about the internal audit checklist. I have searched countless threads but just need to double check: for an internal audit checklist, does it have to be something as detailed as the checklist attached that I often come across, or can it be general statements/questions that are specific to our processes? I am a bit confused on the requirements of how a checklist should be set up.

Also, is it required to have an internal audit report along with the checklist?

Thank you for your help!
Click to expand...
Welcome to the COVE Tiffany ~~~
Generic checklist as generic guidelines.
Based on these, statements/questions that are specific to your processes must be constructed. The whole premise of this is around your questioning of the PLANing, DOing, CHECKing and ACTing upon the findings of the check., at the process you audit by effective sampling. Also see, seek and record the effectiveness of the audited process in relation to its other process interactions.
Since internal audit is a planned activity, following can be your internal audit records.
The audit plan, The audit report (questions and responses, along with objective evidences or references to them), The audit findings if any (popularly as we all call it,the NC) .... further the correction / corrective action on the audit findings and its effectiveness.
Do not get stuck with checklist / canned checklists. Instead make your own checklist and as you audit, try going beyond the checklist.
I hope I have been able to help you to some extent.
 
A

AndyN

Moved On
TiffanyMartinez said:
Hello!

This is my first time posting and am so thankful for stumbling across this forum!

I have a question about the internal audit checklist. I have searched countless threads but just need to double check: for an internal audit checklist, does it have to be something as detailed as the checklist attached that I often come across, or can it be general statements/questions that are specific to our processes? I am a bit confused on the requirements of how a checklist should be set up.

Also, is it required to have an internal audit report along with the checklist?

Thank you for your help!
Click to expand...

Hi Tiffany and welcome.

Think of checklists as a bit like a shopping list for a dinner party you're throwing. The dinner party is like the "scope" of the audit. Unlike what you might be told, you don't need to worry about "ISO". The scope is likely to be a part of your QMS, first and foremost.

Use it to remind you want to get at the various stores (grocery, party etc) you need to visit. Some stuff you'll write down a simple description: "onions", others will be more specific "1/2 lb Vermont cheddar cheese"

Then once you use your list to do the audit, you are going to write a report on the result - like writing a report on how the dinner party went (well, almost) - mainly from the point of view of the partyers not too detailed (not "I drove to the stores at 30mph...")

Does that help?
 
P

PaulJSmith

Hi, Tiffany, and welcome to The Cove!

If you re-read clause 8.2.2 Internal audit, you'll find that there is no requirement to use any Checklist. Is it a good idea? Absolutely, and for all the reasons already listed in the above responses.

You will also note that the standard does required a documented procedure which defines, among other things, "establishing records and reporting results." How you do that, however, is up to you and your system.
 
W

Wilderness Woody

TiffanyMartinez said:
Hello!

This is my first time posting and am so thankful for stumbling across this forum!

I have a question about the internal audit checklist. I have searched countless threads but just need to double check: for an internal audit checklist, does it have to be something as detailed as the checklist attached that I often come across, or can it be general statements/questions that are specific to our processes? I am a bit confused on the requirements of how a checklist should be set up.

Also, is it required to have an internal audit report along with the checklist?

Thank you for your help!
Click to expand...

Rather than asking "is it required to have an internal audit report along with the checklist?", you should be asking "is it required that I have a checklist with the audit report?"... the answer is no. You do need to document the results of your audit, but you do not need to use or include a checklist. You MAY choose to for convenience sake for the benefit of the process owners and management.

The 25 page example you attached is rather long (regurgitating the clauses) and at the same time lacking in detailed questions that you would want to tailor to your specific needs.

My experience has been to create checklists for procedures as training tools and guides to coach inexperienced auditors and to provide specific feedback to process owners. While they may be included in audit summary reports, it tends to not be very useful when compliance is well in hand since most of the responses are within expected ranges.

Audit preparation allows you to set the scope of the audit and probe around to find strengths and weaknesses before you go out and interview staff. Checklists should be written as a prompting aid to cover all the bases that you planned to. Make sure to use open-ended questions and plenty of *show me* activities along with the Who, What, Where, When, How and Why questions.
:2cents:
 
B

Big Jim

Admin
Certification body auditors quit using a checklist back around early 2005.

What you attached is referred to as an element based checklist. It was simply a restatement of the standard, one shall at a time.

One of the problems with that sort of a checklist is that it tends to cause you to focus on the minutia. It is like putting a leaf under the microscope and forgetting that the leaf belongs to a tree and that there are several trees in the forest. In other words, there is a tendency to loose the big picture.

Certification body auditors now audit by auditing your processes. He determines what your processes are be looking at the description of the interaction of processes in the quality manual (one of the required items to be in the quality manual). He sets up an audit plan based on those processes.

Every organization has their own unique set of processes, but a typical set might be: Sales, Purchasing, Production Planning, Production, Shipping/Receiving/Warehouse, and Management Support.

Next he determines which elements of the standard apply to to each process.

Using an Audit Working Document, he then audits each process.

Using an element based checklist for internal audits has the same limitations. There is no requirement for internal audits to be process based, but it is strongly encouraged.

You can develop your own checklists if you desire them, and still use the process approach. You can come up with your own questions. You can select some of the questions from the old fashioned element based checklist and arrange them according to the processes. You can create some questions based on your written procedures. Skilled auditors don't need a checklist, but less experienced ones find comfort with them. It can provide structure to the audit.

The reason that you could only find an ISO 9001:2000 checklist is that certification bodies had moved away from them before ISO 9001:2008 came out.

Whatever you do with it, best of luck.
 
T

TiffanyMartinez

Thank you all for your feedback and advice, y'all have more than answered my concerns! I really appreciate it!
 
You must log in or register to reply here.

Similar threads

L
ISO 9001:2015 Audit checklist + scores for evaluation
Replies
4
Views
884
Randy
Randy
I
Internal audit report format for integrated QMS
Replies
2
Views
1K
Wolf.K
W
T
ISO 13485:2016 Internal Audits method
2
Replies
18
Views
1K
QCBOB
QCBOB
G
Responding to Customer Audit
2
Replies
16
Views
426
ED76
E
Q
IATF Internal Audit Non-Conformities
Replies
6
Views
400
Jen Kirley
Jen Kirley
Top Bottom