Internal Audit Checklists - Using the standard itself replace any checklist

M

Mark Smith

#1
During a previous ISO surveillance audit a nonconformance was identified for the fact that the checklist for internal audits did not cover the requirements in enough depth.
As a corrective action I stopped using the checklist and changed the auditing procedure to require that the ISO 9001 standard itself replace any checklist so that each element is addressed where appropriate.
Last week I had another surveillance audit and the auditor wrote a non-conformance because there was no way for him to verify that I was auditing all applicable elements of the standard (the checklist used to offer this verifiable evidence). What are some possible solutions people might have?
This is a small (20 person) company and people are getting audited fairly regularly. I currently audit each department twice during the year. Would it be wiser to audit by element appropriate departments and personnel or continue to audit each department for all applicable elements?
 
Elsmar Forum Sponsor
A

Aaron Lupo

#2
That is exactly how I do my audits. I break it down by Department, then I audit each Department to all the applicable elements. It shows on my audit schedule what elements have been audited. I think this should be able to allow you to eliminate the "checklist".
 
#3
Hi,

I'd be very wary about not using a checklist when auditing. It's too good a tool...

Just like ISO GUY I usually audit by department, but I guess there is no right or wrong there.. It rather depends on the nature of your buissness and how it's set up.

I put a unique cheklist together for every audit by going from the standard ( to avoid missing any gaps ), to the Quality Manual and the written procedures and records. I also refer every single question to one or a number of std elements.

/Claes
 
R

Rick Goodson

#4
You might consider a checklist that has a column for the ISO element reference, company procedure reference/requirement, and the method of audit (what you are going to do) in addition to the other boiler plate 'stuff' on the form. Typically when I teach internal auditing I want students to learn to reference to the ISO element first, the company documentation second. This will more closely replicate what the third party will do.
 
J

Jim Triller

#5
Mark,
A tool I have succesfully used has been an audit plan - a one page sheet that defines when & what locations/areas are going to be audited and what elements are to be covered. Senior management approves the plan and it is retained as a quality record. The audit report reiterates what was covered in the audit (per the plan) and lists any nonconformances to the ISO standard and/or the organization's procedures. This approach has worked well at seven companies I assisted in the registration process.
 
A

Al Dyer

#6
I also lead the internal audits for our company. We have broken the audit process down to two functions, product and process.

Process audits are verification of effectiveness to the elements of QS-9000. We had a checklist that was determined to be non-compliant so I requested that our auditor give us a copy of the checklists he used to audit us. He did and now there are no questions as to the validity of the checksheets.

Product audits are scheduled to determine the effectiveness of individual work stations. These checksheets cover all work station requirements as stated in procedures. In addition to the checksheet, all cell personnel are monitored using applicable control charts and instructions as guides. This type of product audit has proven very effective as it really gets cell personnel aware and involved. It also keeps the auditor happy when we show the review of these audits during management review.

ASD...
 
G

Gary Manion

#7
Stuck between a Registrar and a Consultant.

A few months ago during a surveillance audit we had a finding stating "Some audits do not audit the entire element," with a few examples as evidence. The Auditor wrote it was “due to an inadequate checklist” and that we did not audit the entire element to the standard.

The checklist I am using came from a registrar (not the one we are using). It covers ISO-9000, QS-9000 and AS9000. I was using this as a starting point and would generate additional questions based on our written system on a separate work sheet. After further reviewing the checklist item by item to all three standards I verified it is verbatim of all three. (It is easy to determine which item is ISO, QS or AS since one is Normal text, one Bold and the other Italics.)

Today I just talked to our consultant (QMS-LA) who has been involved in ISO/AS for some time and he said the role of the Internal Auditor is to audit the system (Manual, Procedures and Work Instructions including product etc…) only, not to see if the system meets the standard. He said that it is Management’s responsibility as part of Management Review to make sure that the system meets the standard. He said it is the registrars job also since they do the doc review and assessment audit, meaning they already said our written system meets the standard less any changes that may have been made of course.

What are your thoughts?
I would like to hear your opinions.
 
A

Alf Gulford

#8
Gary-
IMHO - I think that's right, but only in theory.

The reality that I see is that we have to make the decisions about conformance, investigate possibilities, suggest paths to take, write procedures and train people. This may not be in our job description (although it's usually there as 'other duties as required') but that's the only way it gets done.

I hear a few stories about management being 'wildly enthusiastic' about ISO, or compliance teams, but mostly it's just us.

No big deal. Just an observation about my job.

Alf



[This message has been edited by Alf Gulford (edited 18 October 2000).]
 

Marc

Fully vaccinated are you?
Staff member
Admin
#9
> Today I just talked to our consultant (QMS-LA) who has been involved
> in ISO/AS for some time and he said the role of the Internal Auditor
> is to audit the system (Manual, Procedures and Work Instructions
> including product etc...) only, not to see if the system meets the
> standard. He said that it is Management's responsibility as part of
> Management Review to make sure that the system meets the standard. He
> said it is the registrars job also since they do the doc review and
> assessment audit, meaning they already said our written system meets
> the standard less any changes that may have been made of course.

This is my 'opinion' as well. I'm too lazy right now to look up the threads, but I have argued this long and hard for several years (at least). The QS-9000 folks are, however, pushing this to the limit. They are the ones who started the "...lets certify internal auditors..." crusade.

There are lots of goofy-*** auditors who need some help. I do internal audits for several local companies. One auditor came into a client facility about a year ago (surveliance audit) and cited my client for 'ineffedctive internal audits' because I had found no problems at all for 2 years. Needless to say my client was upset. But -- luckily my client was well trained -- the Mgmt Rep pointed out that the registrar's auditors had themselves found no nonconformances and no 'opportunities for improvement' (used to be called 'minors') in 2 years. The auditor mumbled (my client's Mgmt Rep said he really enjoyed watching the little pr__k squirm on that one) and withdraw the finding prior to leaving with -- as you may have guessed by now - no findings!

Internal auditing has transmuted into a game.

Also see:

http://Elsmar.com/ubb/Forum13/HTML/000000.html and
http://Elsmar.com/ubb/Forum13/HTML/000005.html and
http://Elsmar.com/ubb/Forum13/HTML/000031.html

(to name a few found in a SEARCH for "internal audit".
 
Thread starter Similar threads Forum Replies Date
D Internal audit forms or checklists for a medical/veterinary laboratory General Auditing Discussions 5
R AS9100D Internal Audit Process Checklists ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
D "Simplified" AS9100 and ISO 9001 Internal Audit Checklists ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 43
M Should Internal Audit Checklists be Controlled Documents? Document Control Systems, Procedures, Forms and Templates 9
S Software Quality Audit - Internal Audit Checklists Software Quality Assurance 6
J Internal Audit schedule & Process Audit Checklists Internal Auditing 3
V Reference Number required in Internal Audit Checklists ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
T Internal audit checklists related to the software development process Internal Auditing 3
D The Internal Audit Plan, Checklists and Repercussions Internal Auditing 18
Gman2 ISO 9001 Internal Audit Checklists and Process Audits Process Audits and Layered Process Audits 31
L Internal Audit Plans and Checklists Internal Auditing 6
B Our QS9000 audit team has been using checklists to perform internal audits Internal Auditing 37
C ISO 14001 Internal Audit - Opportunity for Improvement ISO 14001:2015 Specific Discussions 2
P Does FDA require certification for quality system internal audit for auditor? Qualification and Validation (including 21 CFR Part 11) 1
P Looking to outsource Internal Audit - MDSAP competent auditor needed Other Medical Device Regulations World-Wide 9
J Outsourced Internal Audit requirements for Aerospace Suppliers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 21
D Number of people to be interviewed during an internal audit? Internal Auditing 6
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
A Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
C API Q1 internal audit report Internal Auditing 3
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 2
J Internal audit random sampling methodology Internal Auditing 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
W How do you phrase your internal audit questions? Internal Auditing 3
M IATF - Internal Audit 3 year span Internal Auditing 4
Q ISO 9001-2015 Internal audit finding Internal Auditing 14
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 18
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 8
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
salaheddine96 Internal audit planning Internal Auditing 2
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Internal Auditing 1
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 12
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 10

Similar threads

Top Bottom