Are auditing checklists required for Internal Audits?

M

markmeow

#1
Hello,

I have been doing internal audits at the company I am at for 2.5 years. I know the procedures very well as I created a number of them and have updated virtually all of them (I am the document control person as well).

When I am doing audits, I create a list of procedures and sections of ISO 9001 I need to audit, but because I know the procedures and ISO 9001 pretty well, I don't use create sub heading like "check for training records", "check how confirm competence" etc, I just go to the audit knowing what I have to look for, make notes and then report findings.

The other day I had someone who insisted I needed an audit checklist to work from, I explained how I work, but they still insisted I need a checklist in front of me with minute details of what to look for (this person used to be a ISO auditor many many years ago)

Does anyone else work like this? a basic checklist but doesn't really go in-depth because you know what to look for (having done it time and again?)

Thanks.
 
Elsmar Forum Sponsor

dsanabria

Quite Involved in Discussions
#2
Re: Auditing checklists

Hello,

I have been doing internal audits at the company I am at for 2.5 years. I know the procedures very well as I created a number of them and have updated virtually all of them (I am the document control person as well).

When I am doing audits, I create a list of procedures and sections of ISO 9001 I need to audit, but because I know the procedures and ISO 9001 pretty well, I don't use create sub heading like "check for training records", "check how confirm competence" etc, I just go to the audit knowing what I have to look for, make notes and then report findings.

The other day I had someone who insisted I needed an audit checklist to work from, I explained how I work, but they still insisted I need a checklist in front of me with minute details of what to look for (this person used to be a ISO auditor many many years ago)

Does anyone else work like this? a basic checklist but doesn't really go in-depth because you know what to look for (having done it time and again?)

Thanks.
To your point, there are no requirements for internal audits to use a checklist.

During a process audit, must people would use a guideline to maintain focus and to collect objective evidence and to help writing the final report, observation, comments and non conformance.
 

Jen Kirley

Quality and Auditing Expert
Staff member
Admin
#3
Re: Auditing checklists

I agree with dsanabria and I appreciate your resisting depending on checklists so far. :agree1:

There is nothing in the standard that requires checklists. Indeed, ISO 9001 wants a process approach and we can safely assume that also means the auditing process. How else can we determine if the system is effective?

I think the only rational purpose for a checklist here could be a means to make sure all the standard gets covered at some point in the audit schedule - of course some elements wouldn't get covered in some process audits, but wold wait for others. It is possible to make a long range plan to make sure the entire standard gets covered without checklists.
:2cents:
 
#4
Re: Auditing checklists

Hello,

I have been doing internal audits at the company I am at for 2.5 years. I know the procedures very well as I created a number of them and have updated virtually all of them (I am the document control person as well).

When I am doing audits, I create a list of procedures and sections of ISO 9001 I need to audit, but because I know the procedures and ISO 9001 pretty well, I don't use create sub heading like "check for training records", "check how confirm competence" etc, I just go to the audit knowing what I have to look for, make notes and then report findings.

The other day I had someone who insisted I needed an audit checklist to work from, I explained how I work, but they still insisted I need a checklist in front of me with minute details of what to look for (this person used to be a ISO auditor many many years ago)

Does anyone else work like this? a basic checklist but doesn't really go in-depth because you know what to look for (having done it time and again?)

Thanks.
Welcome: I think you've arrived at the stage of development where you need to change strategy from doing (simple) compliance audits to more "strategic" audits. To explain: If you are simply basing your internal audits on the various requirements of ISO and procedures, you will get to this place where you know everything you need to know (checklist or not). Where you need to get to is to evaluate the processes (as Jennifer correctly suggested) to the place where you take a look at new/changed things or performance. In your example, you're checking training. Why? Did anything change? Was anyone newly assigned? I'll find a paper I wrote about this and post in the attachments later today and post a link for you.
 
#5
According to the Auditing Practices Group http://isotc.iso.org/livelink/livelink?func=ll&objId=3541460&objAction=browse&sort=name Checklists are just one tool in the auditor's tool box. I teach checklists can be in many different forms, not just the common thought of checklist. A checklist may be a turtle diagram, or even the procedure itself. What ever you use the main goal of a checklist is to make sure you have sufficient coverage of the audited area. Each process should have its own checklist covering process inputs, outputs, controls and metrics. Checklists can also have questions relating to continual improvement ideas. "If you had the power to change this process, how would you change it for the better?" Checklists should also be generated for non-process parts of the QMS (Quality Manual, Quality Policy, etc.).

my :2cents: anyways. Hope it helps
 

Kronos147

Trusted Information Resource
#6
I think a checklist can be a good training tool.

The other side of the coin is that dependence on checklists can lead to an ineffective audit.
 
#7
I think the use of checklists is confused and confusing. Let's get to the bottom of the real issue, which is auditors planning their audit. If a "canned" checklist is used which repeats, for example, the ISO 9001 requirements, paraphrasing them as questions, then the answer is likely to be that these don't do very much good. Once the system is established, going around and asking questions based on ISO aren't going to get you, the auditor very far. Furthermore, since they are "canned" there's little to no preparation or planning by the auditor to understand, beyond the checklist) what they are going to look for.

Then, there's the "shopping list" type of checklist, which is the product of the auditor's planning and preparation. These are invaluable - even if you *think* you know it all. Sure, you can mark up a document, annotate a process map etc. It doesn't *HAVE* to be on a specific form and look like a checklist.

The (most) important thing actually ISN'T the checklist - it's what the auditor does in planning and preparing for their assignment. So, in the OP's case, which is it? Canned checklists which are now so well used, they've been memorized or what?
 

John Broomfield

Staff member
Super Moderator
#8
Given an audit objective it's a good idea to prepare by knowing what to look at, who to listen to and why.

Do this to prepare for each audit otherwise you are winging it and undermining the value of audit in the minds of the auditees.

It's also a good idea to review what was sampled in the audits before and whether it's worth sampling again or something different.

For people with excellent handwriting this suggests their notes should be part of the audit record.

For the rest of us we probably need to keep a typed record of what we sampled and what we found. You may call this a completed audit sampling form.

Avoid checked boxes in canned checklists at all costs.
 
W

wileycomet

#9
I like to evaluate why I'm doing the audit and then use that as the basis to form my approach.

If you are just looking for compliance to a standard, then a simple checklist can make that a much easier task.

If you are doing an audit to add value to the company then a basic checklist probably wouldn't be suitable and an intensive process audit would be your best bet, with a thorough pre-audit done to ensure you have at least an idea of what you want to know and who might know it. Then follow where it leads.
 
Thread starter Similar threads Forum Replies Date
C List of MDSAP Auditing Organizations Medical Device and FDA Regulations and Standards News 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
cscalise Suggestions for MDR Auditing tools EU Medical Device Regulations 1
J Auditing of Support Function IATF 16949 - Automotive Quality Systems Standard 9
D ISO 13485, FDA 21 CFR 820 and Auditing the Accounting Department ISO 13485:2016 - Medical Device Quality Management Systems 5
S Risk based internal auditing Internal Auditing 6
Randy Remote auditing (for disaster, disease, disturbance etc...) during the Neo Coronavirus Pandemic and Social Distancing Registrars and Notified Bodies 7
K ANVISA B-GMP Auditing requirements for Contract Manufacturers Other Medical Device Regulations World-Wide 0
F AS9100D Internal auditing requirements Internal Auditing 3
R Does any here use an internal auditing tool that works on different platforms? Internal Auditing 3
W Does anyone have an API Q2 checklist for internal auditing? Oil and Gas Industry Standards and Regulations 1
G Best Practices for IT auditing - Is a session-id necessary for a complete audit trail? IEC 27001 - Information Security Management Systems (ISMS) 0
I Questions to ask when auditing for Organizational Leadership and Planning for the QMS? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C CE marking for general IVD (self-certified) & ISO 13485 QMS requirements - auditing EU Medical Device Regulations 6
blackholequasar Internal Auditing Inspiration - Getting volunteers to perform internal audits. Internal Auditing 22
W Internal Auditing carried out by a 3rd party - Review of previous audits AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
tony s What is the automotive process approach for auditing? IATF 16949 - Automotive Quality Systems Standard 2
S Internal Auditing for API Spec Q1 - auditor qualification requirements Oil and Gas Industry Standards and Regulations 6
R I've been auditing for a CB for 18 years General Auditing Discussions 10
P Consultant Auditing Qualifications Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 144
M We still have not received our certificate due to a 'backlog' with our auditing body Registrars and Notified Bodies 25
N Online Internal Auditing Course for ISO 13485 - Suggestions ISO 13485:2016 - Medical Device Quality Management Systems 8
A Agenda for 8D audit on Supplier's side - Auditing Corrective Actions General Auditing Discussions 5
U Internal auditing - Company employees or contract second party Internal Auditing 10
J Recomended Values - Auditing process in a supplier IATF 16949 - Automotive Quality Systems Standard 18
M Canada - Registrars that allow e-auditing for ISO 9001? Registrars and Notified Bodies 4
K Internal Auditing - Umbrella QMS and Multiple Standards Oil and Gas Industry Standards and Regulations 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
supadrai Auditing Organization dragging their heels on issuing our MDSAP Surveillance Audit Confirmation Letter - everyone is nervous ... are we the only ones? Canada Medical Device Regulations 7
Ed Panek Supplier Auditing - No purchases from our key suppliers in the last 24 months ISO 13485:2016 - Medical Device Quality Management Systems 5
P Auditing "process validation" process 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
qualprod Effective Auditing advice needed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
M Acceptance of remote auditing techniques - Can you help me with my research? General Auditing Discussions 0
GStough Auditing Against Criteria Unfamiliar to Auditee - Yea or Nay? General Auditing Discussions 11
qualprod Auditing Product and Services doubts ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
R Auditing support and management processes General Auditing Discussions 7
F It is acceptable moving remote locations staff to manufacturing plant for auditing? IATF 16949 - Automotive Quality Systems Standard 3
D MSDS / GHS Walk-through / Auditing Occupational Health & Safety Management Standards 6
Pmarszal Supplier Auditing Services (Audit Needed?) General Auditing Discussions 4
S ISO 9001 Audit Observations - Transitioning my career into auditing Career and Occupation Discussions 16
G AS9101 Rev F - Worksheets for internal auditing AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
N API Q2 clause 6.2.2.1 Auditing Outsourced Suppliers Oil and Gas Industry Standards and Regulations 5
M Auditing processes followed by employees placed on client's site Internal Auditing 4
S ISO 13485:2016 and MDSAP internal auditing ISO 13485:2016 - Medical Device Quality Management Systems 6
M Auditing a Contractor in EMS and Non Conformity Report General Auditing Discussions 1
Richard Regalado ISMS Auditing Guideline V2 (based from ISO/IEC 27001:2013) IEC 27001 - Information Security Management Systems (ISMS) 7
S ISO 9001:2015 - Internal Auditing - Audit to the Standard? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
B Auditing Senior Management to determine the Effectiveness of Management Processes IATF 16949 - Automotive Quality Systems Standard 6
R Internal Auditor auditing Internal Audit Procedure (AS9100) Internal Auditing 18

Similar threads

Top Bottom