Internal Audit Checklists - Using the standard itself replace any checklist

M

Mark Smith

#1
During a previous ISO surveillance audit a nonconformance was identified for the fact that the checklist for internal audits did not cover the requirements in enough depth.
As a corrective action I stopped using the checklist and changed the auditing procedure to require that the ISO 9001 standard itself replace any checklist so that each element is addressed where appropriate.
Last week I had another surveillance audit and the auditor wrote a non-conformance because there was no way for him to verify that I was auditing all applicable elements of the standard (the checklist used to offer this verifiable evidence). What are some possible solutions people might have?
This is a small (20 person) company and people are getting audited fairly regularly. I currently audit each department twice during the year. Would it be wiser to audit by element appropriate departments and personnel or continue to audit each department for all applicable elements?
 
Elsmar Forum Sponsor
A

Aaron Lupo

#2
That is exactly how I do my audits. I break it down by Department, then I audit each Department to all the applicable elements. It shows on my audit schedule what elements have been audited. I think this should be able to allow you to eliminate the "checklist".
 
#3
Hi,

I'd be very wary about not using a checklist when auditing. It's too good a tool...

Just like ISO GUY I usually audit by department, but I guess there is no right or wrong there.. It rather depends on the nature of your buissness and how it's set up.

I put a unique cheklist together for every audit by going from the standard ( to avoid missing any gaps ), to the Quality Manual and the written procedures and records. I also refer every single question to one or a number of std elements.

/Claes
 
R

Rick Goodson

#4
You might consider a checklist that has a column for the ISO element reference, company procedure reference/requirement, and the method of audit (what you are going to do) in addition to the other boiler plate 'stuff' on the form. Typically when I teach internal auditing I want students to learn to reference to the ISO element first, the company documentation second. This will more closely replicate what the third party will do.
 
J

Jim Triller

#5
Mark,
A tool I have succesfully used has been an audit plan - a one page sheet that defines when & what locations/areas are going to be audited and what elements are to be covered. Senior management approves the plan and it is retained as a quality record. The audit report reiterates what was covered in the audit (per the plan) and lists any nonconformances to the ISO standard and/or the organization's procedures. This approach has worked well at seven companies I assisted in the registration process.
 
A

Al Dyer

#6
I also lead the internal audits for our company. We have broken the audit process down to two functions, product and process.

Process audits are verification of effectiveness to the elements of QS-9000. We had a checklist that was determined to be non-compliant so I requested that our auditor give us a copy of the checklists he used to audit us. He did and now there are no questions as to the validity of the checksheets.

Product audits are scheduled to determine the effectiveness of individual work stations. These checksheets cover all work station requirements as stated in procedures. In addition to the checksheet, all cell personnel are monitored using applicable control charts and instructions as guides. This type of product audit has proven very effective as it really gets cell personnel aware and involved. It also keeps the auditor happy when we show the review of these audits during management review.

ASD...
 
G

Gary Manion

#7
Stuck between a Registrar and a Consultant.

A few months ago during a surveillance audit we had a finding stating "Some audits do not audit the entire element," with a few examples as evidence. The Auditor wrote it was “due to an inadequate checklist” and that we did not audit the entire element to the standard.

The checklist I am using came from a registrar (not the one we are using). It covers ISO-9000, QS-9000 and AS9000. I was using this as a starting point and would generate additional questions based on our written system on a separate work sheet. After further reviewing the checklist item by item to all three standards I verified it is verbatim of all three. (It is easy to determine which item is ISO, QS or AS since one is Normal text, one Bold and the other Italics.)

Today I just talked to our consultant (QMS-LA) who has been involved in ISO/AS for some time and he said the role of the Internal Auditor is to audit the system (Manual, Procedures and Work Instructions including product etc…) only, not to see if the system meets the standard. He said that it is Management’s responsibility as part of Management Review to make sure that the system meets the standard. He said it is the registrars job also since they do the doc review and assessment audit, meaning they already said our written system meets the standard less any changes that may have been made of course.

What are your thoughts?
I would like to hear your opinions.
 
A

Alf Gulford

#8
Gary-
IMHO - I think that's right, but only in theory.

The reality that I see is that we have to make the decisions about conformance, investigate possibilities, suggest paths to take, write procedures and train people. This may not be in our job description (although it's usually there as 'other duties as required') but that's the only way it gets done.

I hear a few stories about management being 'wildly enthusiastic' about ISO, or compliance teams, but mostly it's just us.

No big deal. Just an observation about my job.

Alf



[This message has been edited by Alf Gulford (edited 18 October 2000).]
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#9
> Today I just talked to our consultant (QMS-LA) who has been involved
> in ISO/AS for some time and he said the role of the Internal Auditor
> is to audit the system (Manual, Procedures and Work Instructions
> including product etc...) only, not to see if the system meets the
> standard. He said that it is Management's responsibility as part of
> Management Review to make sure that the system meets the standard. He
> said it is the registrars job also since they do the doc review and
> assessment audit, meaning they already said our written system meets
> the standard less any changes that may have been made of course.

This is my 'opinion' as well. I'm too lazy right now to look up the threads, but I have argued this long and hard for several years (at least). The QS-9000 folks are, however, pushing this to the limit. They are the ones who started the "...lets certify internal auditors..." crusade.

There are lots of goofy-*** auditors who need some help. I do internal audits for several local companies. One auditor came into a client facility about a year ago (surveliance audit) and cited my client for 'ineffedctive internal audits' because I had found no problems at all for 2 years. Needless to say my client was upset. But -- luckily my client was well trained -- the Mgmt Rep pointed out that the registrar's auditors had themselves found no nonconformances and no 'opportunities for improvement' (used to be called 'minors') in 2 years. The auditor mumbled (my client's Mgmt Rep said he really enjoyed watching the little pr__k squirm on that one) and withdraw the finding prior to leaving with -- as you may have guessed by now - no findings!

Internal auditing has transmuted into a game.

Also see:

http://Elsmar.com/ubb/Forum13/HTML/000000.html and
http://Elsmar.com/ubb/Forum13/HTML/000005.html and
http://Elsmar.com/ubb/Forum13/HTML/000031.html

(to name a few found in a SEARCH for "internal audit".
 
Thread starter Similar threads Forum Replies Date
D Internal audit forms or checklists for a medical/veterinary laboratory General Auditing Discussions 5
R AS9100D Internal Audit Process Checklists ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
D "Simplified" AS9100 and ISO 9001 Internal Audit Checklists ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 43
M Should Internal Audit Checklists be Controlled Documents? Document Control Systems, Procedures, Forms and Templates 9
S Software Quality Audit - Internal Audit Checklists Software Quality Assurance 6
J Internal Audit schedule & Process Audit Checklists Internal Auditing 3
V Reference Number required in Internal Audit Checklists ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
T Internal audit checklists related to the software development process Internal Auditing 3
D The Internal Audit Plan, Checklists and Repercussions Internal Auditing 18
Gman2 ISO 9001 Internal Audit Checklists and Process Audits Process Audits and Layered Process Audits 31
L Internal Audit Plans and Checklists Internal Auditing 6
B Our QS9000 audit team has been using checklists to perform internal audits Internal Auditing 37
H AS9100 Checklist for Internal Audit needed AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 4
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 5
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 3
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
F Internal Audit - Procedure example Internal Auditing 5
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
CPhelan Internal audit - Combine similar nonconformities in one or keep separate? Internal Auditing 6
M Internal Audit Plan in Retail Internal Auditing 10
D Management of NC after internal system audit IATF 16949 - Automotive Quality Systems Standard 7
A Purchasing - Internal Audit Questions Internal Auditing 8
N Comprehensive Compliance Matrix for Internal Audit Checklist Other Medical Device Regulations World-Wide 1
W Where to begin with an ISO 9001:2015 internal audit Internal Auditing 13
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 144
E ISO 9001:2015 - Internal Audit Plan Clauses General Auditing Discussions 8
S Internal Audit Checklist for Application/Software development IEC 27001 - Information Security Management Systems (ISMS) 1
S Internal Audit - Risk and Opportunity (ISO 9001:2015 ) Internal Auditing 1
F API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits. Oil and Gas Industry Standards and Regulations 23
Ashland78 IATF 16949 Internal Audit Checklist Manufacturing and Related Processes 11
Ed Panek Root Cause CAPAs from internal audit ISO 13485:2016 - Medical Device Quality Management Systems 16
K Student wanting Case Study about Internal Audit Report Internal Auditing 1
R How far apart can you schedule separate areas or departments in your internal audit? Internal Auditing 4
D Auditing Our Outsourced 2nd-3rd Party Internal Audit Company ISO 13485:2016 - Medical Device Quality Management Systems 6
Similar threads


















































Top Bottom