Internal Audit Checklist as a Controlled Document - Pros and Cons

GStough

GStough

Leader
Super Moderator
Would like a little bit of input here from the third-party auditors or those who have been third-party auditors, if I may....

I'm considering doing away with our current internal audit checklist and just allowing the auditors to develop their own checklists for the audits they do. Currently, we have a long checklist that is rather cumbersome and very detailed. Originally, this was a great tool with the auditor pool we had at the time. It has since served its purpose, IMO, and I feel that we can now evolve and move away from it to allow the auditors to use other tools which are just as effective.

As it is now, the auditors develop their own checklists as they do their desk audits and the questions are very well-thought out and detailed. Often, the responses lead them to look at other inputs to the process they are auditing, which is exactly what they should be doing.

Specifically, I'm interested to find out what the opinion is of those here who are third party auditors and have seen internal audit processes that are successful without the use of a 'prescribed' audit checklist. Unless I'm mistaken, there isn't a requirement for having a controlled document that is an audit checklist.

Any and all input is welcome....

Thanks! :bigwave:
 
Randy

Randy

Super Moderator
The only reason to control any document is if it is neccessary to ensure effective planning, operation and control just like it's stated in many standards.

As for your idea, go for it! I honestly feel like barfing when I see the same old, drab, "who-gives-a-$4it", pre-packaged, regurgitated, no brainer checklist used time after time after time. Fiddle...The auditor could sit at home and answer YES-NO-N/A
 
A

AndyN

Moved On
GS Tough - did I get that right?

I like the idea! Do you intend to go over the auditor's 'plan' for each audit with them - it appears you do that. So, why not sign off on the document as approved by you? That would do it wouldn't it? There's only going to be one of them, isn't there?
Of course, if you used my football© diagram, each will be unique, but the 'form' becomes the 'controlled doc.
 
GStough

GStough

Leader
Super Moderator
AndyN said:
GS Tough - did I get that right?

I like the idea! Do you intend to go over the auditor's 'plan' for each audit with them - it appears you do that. So, why not sign off on the document as approved by you? That would do it wouldn't it? There's only going to be one of them, isn't there?
Click to expand...

That works, Andy... :tg:

Currently, no, I don't review the auditors' plan for each audit with them beforehand. They do their own checklists, plans, scopes, and if they have questions they ask me. I do a review of all audit papers before the audit report is distributed, though, and I sign off on it before it goes out.

And yes, each checklist is unique and different, specific to the process being audited.
 
T

treesei

I support GSTough's idea. Correct me if I am wrong but I think that no audit guide including the ISO standard for auditing requires that a controlled checklist be used. Actually a very detailed and controlled checklist may even prevent the auditors from digging deeper or discovering related issues during an audit. I especially do not like the Yes/No/NA checklists because too often the reality is something in between. If a checklist will be used to standardize the audits, I would prefer one that only describes the aspects to be audited and leaves room for the auditors to fill in the details during the audit. Of course such checklist requires that the audit manager and the auditors be well trained.

Has anyone even seen an FDA inspector or ISO auditor come in with a checklist in hand? I have not.
 
A

AndyN

Moved On
GS, if you can, I'd review them with the auditors before they go off to audit. That way, the 'checklist' is reviewed and approved and you get an idea of where their heads are when it comes to the audit - I did this as a CB supervisor with new auditors. It was self preservation - I didn't want them coming up with something odd...
 
GStough

GStough

Leader
Super Moderator
AndyN said:
GS, if you can, I'd review them with the auditors before they go off to audit. That way, the 'checklist' is reviewed and approved and you get an idea of where their heads are when it comes to the audit - I did this as a CB supervisor with new auditors. It was self preservation - I didn't want them coming up with something odd...
Click to expand...

Good idea, Andy. We're meeting tomorrow, so this will come in handy. Thanks! :agree1:
 
Marc

Marc

Fully vaccinated are you?
Leader
GStough said:
<snip> allowing the auditors to develop their own checklists for the audits they do. <snip>
Click to expand...
Actually this is not unusual. When I worked with larger companies back in the 1990's it was pretty standard when we set up internal audit systems - Each auditor made up checklists specific for the audit(s) they were assigned and a list of questions to ask about specific procedures (etc.) as part of their planning. Some larger companies also had their own internal audit teams which was all they did so they weren't cannibalizing the work force for internal auditors.

The down side was it took up a lot of time so, especially in smaller companies, it wasn't working out time wise. In addition it took more auditor training so they better understood how to make up/plan their audit properly. I saw several abandon the practice because of the time involved as well as a large turnover in internal auditors necessitating a lot more internal auditor training classes.
 
SteelMaiden

SteelMaiden

Super Moderator
Trusted Information Resource
We don't use a specified checklist, although I do have some templates that the auditors can use. One of them is Andy's "Audit Football", and another is one that is similar to one that another Cover from back in the day had, Lucinda (hello wherever you might be). We also have copies of the gap analysis, and several templates from the nuclear utility type audits. I send them all to the audit team, and then we figure out some questions and pick the format that the team wishes to use. I find that they are much more hands on if I don't say "here, use this". And so, no checklist form for controlled documents, I just control the record of the audit in any form that it comes to me, along with the formal report.:bigwave:
 
Marc

Marc

Fully vaccinated are you?
Leader
Randy said:
<snip> Fiddle...The auditor could sit at home and answer YES-NO-N/A
Click to expand...
Well, there can be fraud as you say, but all the internal audits I was familiar with in one way or another at many different companies necessitated that they actually go out on the floor, that they interview auditees and to observe practices (not to mention taking samples of paperwork as evidence that people were doing what they were supposed to be doing such as completing forms and such that their job required). The only place I ever saw that someone could "...sit at home and answer YES-NO-N/A..." was in the case of "compliance to a standard" desk audits.
 
You must log in or register to reply here.

Similar threads

T
ISO 13485:2016 Internal Audits method
2
Replies
18
Views
1K
QCBOB
QCBOB
I
Internal Audit Questionnaire
2
Replies
16
Views
2K
FRA 2 FDA
FRA 2 FDA
G
QMS Manual / Procedure re-write & Internal Audits
Replies
5
Views
514
Rob_Kellock
Rob_Kellock
G
8D on Audit Non Conformance -- Incomplete Document
2 3 4 5 6
Replies
53
Views
5K
Randy
Randy
D
What are the rules regarding coverage in internal audits?
Replies
5
Views
646
malasuerte
malasuerte
Top Bottom