Are auditing checklists required for Internal Audits?

[markmeow]

Hello,

I have been doing internal audits at the company I am at for 2.5 years. I know the procedures very well as I created a number of them and have updated virtually all of them (I am the document control person as well).

When I am doing audits, I create a list of procedures and sections of ISO 9001 I need to audit, but because I know the procedures and ISO 9001 pretty well, I don't use create sub heading like "check for training records", "check how confirm competence" etc, I just go to the audit knowing what I have to look for, make notes and then report findings.

The other day I had someone who insisted I needed an audit checklist to work from, I explained how I work, but they still insisted I need a checklist in front of me with minute details of what to look for (this person used to be a ISO auditor many many years ago)

Does anyone else work like this? a basic checklist but doesn't really go in-depth because you know what to look for (having done it time and again?)

Thanks.

 

[dsanabria]

Re: Auditing checklists

Hello,

I have been doing internal audits at the company I am at for 2.5 years. I know the procedures very well as I created a number of them and have updated virtually all of them (I am the document control person as well).

When I am doing audits, I create a list of procedures and sections of ISO 9001 I need to audit, but because I know the procedures and ISO 9001 pretty well, I don't use create sub heading like "check for training records", "check how confirm competence" etc, I just go to the audit knowing what I have to look for, make notes and then report findings.

The other day I had someone who insisted I needed an audit checklist to work from, I explained how I work, but they still insisted I need a checklist in front of me with minute details of what to look for (this person used to be a ISO auditor many many years ago)

Does anyone else work like this? a basic checklist but doesn't really go in-depth because you know what to look for (having done it time and again?)

Thanks.

To your point, there are no requirements for internal audits to use a checklist.

During a process audit, must people would use a guideline to maintain focus and to collect objective evidence and to help writing the final report, observation, comments and non conformance.

 

[Jen Kirley]

Re: Auditing checklists

I agree with dsanabria and I appreciate your resisting depending on checklists so far.

There is nothing in the standard that requires checklists. Indeed, ISO 9001 wants a process approach and we can safely assume that also means the auditing process. How else can we determine if the system is effective?

I think the only rational purpose for a checklist here could be a means to make sure all the standard gets covered at some point in the audit schedule - of course some elements wouldn't get covered in some process audits, but wold wait for others. It is possible to make a long range plan to make sure the entire standard gets covered without checklists.

 

[AndyN]

Re: Auditing checklists

Hello,

I have been doing internal audits at the company I am at for 2.5 years. I know the procedures very well as I created a number of them and have updated virtually all of them (I am the document control person as well).

When I am doing audits, I create a list of procedures and sections of ISO 9001 I need to audit, but because I know the procedures and ISO 9001 pretty well, I don't use create sub heading like "check for training records", "check how confirm competence" etc, I just go to the audit knowing what I have to look for, make notes and then report findings.

The other day I had someone who insisted I needed an audit checklist to work from, I explained how I work, but they still insisted I need a checklist in front of me with minute details of what to look for (this person used to be a ISO auditor many many years ago)

Does anyone else work like this? a basic checklist but doesn't really go in-depth because you know what to look for (having done it time and again?)

Thanks.

Welcome: I think you've arrived at the stage of development where you need to change strategy from doing (simple) compliance audits to more "strategic" audits. To explain: If you are simply basing your internal audits on the various requirements of ISO and procedures, you will get to this place where you know everything you need to know (checklist or not). Where you need to get to is to evaluate the processes (as Jennifer correctly suggested) to the place where you take a look at new/changed things or performance. In your example, you're checking training. Why? Did anything change? Was anyone newly assigned? I'll find a paper I wrote about this and post in the attachments later today and post a link for you.

 

[db]

According to the Auditing Practices Group http://isotc.iso.org/livelink/livelink?func=ll&objId=3541460&objAction=browse&sort=name Checklists are just one tool in the auditor's tool box. I teach checklists can be in many different forms, not just the common thought of checklist. A checklist may be a turtle diagram, or even the procedure itself. What ever you use the main goal of a checklist is to make sure you have sufficient coverage of the audited area. Each process should have its own checklist covering process inputs, outputs, controls and metrics. Checklists can also have questions relating to continual improvement ideas. "If you had the power to change this process, how would you change it for the better?" Checklists should also be generated for non-process parts of the QMS (Quality Manual, Quality Policy, etc.).

my anyways. Hope it helps

 

[Kronos147]

I think a checklist can be a good training tool.

The other side of the coin is that dependence on checklists can lead to an ineffective audit.

 

[AndyN]

I think the use of checklists is confused and confusing. Let's get to the bottom of the real issue, which is auditors planning their audit. If a "canned" checklist is used which repeats, for example, the ISO 9001 requirements, paraphrasing them as questions, then the answer is likely to be that these don't do very much good. Once the system is established, going around and asking questions based on ISO aren't going to get you, the auditor very far. Furthermore, since they are "canned" there's little to no preparation or planning by the auditor to understand, beyond the checklist) what they are going to look for.

Then, there's the "shopping list" type of checklist, which is the product of the auditor's planning and preparation. These are invaluable - even if you *think* you know it all. Sure, you can mark up a document, annotate a process map etc. It doesn't *HAVE* to be on a specific form and look like a checklist.

The (most) important thing actually ISN'T the checklist - it's what the auditor does in planning and preparing for their assignment. So, in the OP's case, which is it? Canned checklists which are now so well used, they've been memorized or what?

 

[John Broomfield]

Given an audit objective it's a good idea to prepare by knowing what to look at, who to listen to and why.

Do this to prepare for each audit otherwise you are winging it and undermining the value of audit in the minds of the auditees.

It's also a good idea to review what was sampled in the audits before and whether it's worth sampling again or something different.

For people with excellent handwriting this suggests their notes should be part of the audit record.

For the rest of us we probably need to keep a typed record of what we sampled and what we found. You may call this a completed audit sampling form.

Avoid checked boxes in canned checklists at all costs.

 

[wileycomet]

I like to evaluate why I'm doing the audit and then use that as the basis to form my approach.

If you are just looking for compliance to a standard, then a simple checklist can make that a much easier task.

If you are doing an audit to add value to the company then a basic checklist probably wouldn't be suitable and an intensive process audit would be your best bet, with a thorough pre-audit done to ensure you have at least an idea of what you want to know and who might know it. Then follow where it leads.

 

[somashekar]

Auditing checklist is an Aid... Not an all in all
And if the checklist is made by someone else, then its a very poor aid.