Internal Audit - Grading Scheme?

E Wall

Just Me!
Super Moderator
Currently we hold internal audits and report results (good and bad) then take corrective action against the nonconformities and leave the (preventive action and continuous improvement) seeds we planted for process or systems management with the managers to discuss at mgmt review.
I have heard of others using a grading scheme, but do not like the idea of them being based on the number of nonconformities. Does anyone that has a grading system (not exclusively based on nonconformities) in place feel like sharing an outline of the system along with some of the pros/cons (regarding using a grading scheme)?

Grateful for a bit of help :)
Elsmar Forum Sponsor

Al Dyer


I'm not a fan of grading systems for internal audit. They seem to be too subjective in defining what result get what score and brings in too many variables. A pass/fail system works well and leaves very little room for the interpretation of scores and is simple to maintain.

Has anybody else had good results with a grading system?



I had to deal with a rating scheme in a former life until I could change it.

My experience was that there was more emphasis on the "score" than there was on addressing the nonconformance.

ISO Chick

Totally agree with what you are all saying about grading Internal Audits, management tends to get hung up on the numbers and reducing them without actually analysing exactly what the problems are and dealing with them..... bad idea

E Wall

Just Me!
Super Moderator
Thanks gang!
I'm printing this out so if it comes up - I can show them objective comments from other professionals.


Fully vaccinated are you?
Staff member
I've never seen a grading system. Maybe I'll have to consider addressing it in the Guide ( ).

Will someone describe a grading scheme for me? I'm hearing the Cons. Any 'Pro's?

E Wall

Just Me!
Super Moderator
Thanks Alf. Something we changed might help you...
We too had numerous delays in addressing C/PARs because when found they were addressed to the area supervisor - who might not be the best person to resolve the problem. So while combining what used to be separate CARs and PARs into CPARS we also set up a timeline for responses based on the quality impact (which must be determined by the QA Manager) and designating who the C/PAR goes to is up to the Plant and/or QA Manager (both if available).
The time lines we use are:
* Low Impact - within 4 weeks
* Moderate - within 3 weeks
* High - within 2 week
The Short term solution must be defined immediately.
The Root Cause and Long Term Action Plan must be turned in by the timeline above which is reviewed by the originator (usually an internal auditor, myself or the QA Manager).
If accepted, then the follow-up is scheduled from the datae of receipt (again using the same timeline).

Weekly open reports go to the QA Manager and copies to anyone associated with open C/PARs.

Alf Gulford

If you’re looking for ammunition, try this. I have to report major/minor/pass counts for each production supervisor each month and the results are generally inaccurate as well as skewed:

1. Everyone has a different idea about when the month ends for reporting purposes. Some of the count gets lost between the cracks.

2. Sometimes I find that I have to re-issue a non-compliance to another supervisor so the count for the previous month is (was?) wrong on two counts. The fewer N/Cs I write, the greater effect this has on their percentages.

3. A minor non-compliance for a very small issue is counted the same as a minor non-compliance for a larger issue.

4. There’s no recognition for supervisors that take quick, effective corrective action and even preventive action as a result (as opposed to those that are dragged kicking and screaming into compliance).

On the plus side…, well, I’ll have to get back to you on that one.


[This message has been edited by Alf Gulford (edited 26 June 2001).]


Fully vaccinated are you?
Staff member
Some thoughts from the ISO ListServe:


From: Nancy Jennejohn <[email protected]>
Date: Tue, 24 Jul 2001 14:44:29 -0500
Subject: Re: Internal Audit Reporting /VanDorp/Antonov

From: Boncho

Darryl asked:
> I am interested in determining what a common practice is for
> internal audit reporting. (apart from nonconformances or observations
> or findings) i.e. do internal auditors in general, create a
> formal "report" or is the output of their process just the
> observations/findings/nonconpliances?

Hi, Darryl,

I usually recommend the audit team to prepare official report. The report is addressed to the top management, Quality Manager, Head of the audited department and other interested internal parties/persons.

The report usually include:
- audit identification part (date, number, auditors, goals, audited
departments, other);
- the statement of the team - is the audit goals achieved;
- overall conclusion for the level of conformance of the audit area;
- brief description of NC detected and related CA prescriptions;
- other observations and remarques related to the audit performed, which are
not NC, but should be considered for the improvements in the affected area.

The report may include copies of NC notes as attachments.

As document the report usually should be written "in the language of management" - i.e. short and clear statements, clear suggestions and proposals, conclusions - they shell direct management for making appropriate decisions.

Hope this answers your question.

Boncho Antonov

Date: Tue, 24 Jul 2001 14:48:14 -0500
Subject: Re: Internal Audit Reporting /VanDorp/Naish

From: PNaish


I think the value in your internal audit process is what information you gain from it to make it better. Part of that is knowing not only what did not work right but also what is working well.

As a general rule the following items are the items we collect during an internal audit:

Person/people audited; area/dept.; auditor/s; date; documents audited such as section of QA manual, section or subsection of standard, procedure, work instruction or the like; quality records (normally being specific such as PO numbers), work order numbers, or date of receiving inspection report; equipment numbers where applicable; and what the findings were. Findings include that Karen has a good knowledge of the parts she purchases and follows the procedure exactly for steps 10 through 25 that I audited her on. Or Tom followed most of the steps but he skipped step 16 and 17 and said he did not know them. All the other people audited followed these steps exactly. Or Susy did not completely fill out PO 167825 and 167939 and photocopy and attach so the manager knows what she did not fill out. The other 15 I looked at were complete.

My feeling is that the more a manager or supervisor of an area know the more they have a better chance of determining what to fix. Since the other people followed the procedure and Tom did not, as a manager I can find out why Tom does not know and see if anyone besides the people audited did not know. If I simply say someone did not know as a manager I may never find out that it is Tom who did not know and I can not help him by getting him training.

For Susy I can see what part of the form was not completed. Then I can help Susy if she understands the importance of it or I may find it is not information needed any more and get the form changed.

I personally have seen a number of audits that did not specify the person or the steps in a process or the forms or the places on the form. By the time the manager went to fix the problem no one seemed to know exactly what the details were so the problem recurred due to incomplete problem solving information.

The other side of it is follow up. If I don't know who or what or where it is hard for me to ensure that particular situation was corrected. And per the examples not all of an area or all of the documents were incorrect so if I audit the ones that were correct before I will not be able to verify the non conformances have been corrected.


Date: Tue, 24 Jul 2001 14:51:01 -0500
Subject: Re: Internal Audit Reporting /VanDorp/Braaten

From: Scott

Darryl inquired:

> I am interested in determining what a common practice is for
> internal audit reporting. (apart from nonconformances or observations
> or findings) i.e. do internal auditors in general, create a
> formal "report" or is the output of their process just the
> observations/findings/nonconpliances?

I like to have each auditor record evidence of conformance. I review the evidence to ensure that the auditor understood the requirements and the intents of my checklist. I'll write a formal report including a summary of the sample taken, the nonconformances and observations, as well as percent conforming. The percent conforming can be more accurately calculated from the conforming evidence, discounting any requirements which the auditor determined to be "N/A" for the sample. If the conforming evidence is useful to the rest of the organization you can include it in the report, however most are too busy to go through 8 pages of "conformance" to see if they have any assignments.

The report and completed checklists are maintained as records of the audit, and I refer back to them when designing the next checklist for the same audit.

Hope this helps,

Date: Tue, 24 Jul 2001 14:52:29 -0500
Subject: Re: Internal Audit Reporting/VanDorp/Hoelker

From: Patricia

A report should be created stating the objective evidence used to arrive at the output of either positive observations, observations, minor or major noncompliance. The more detailed the report the easier it is for the process owner to know exactly what the issue is and to determine the correct actions to take.

Pat Hoelker

Date: Tue, 24 Jul 2001 14:56:01 -0500
Subject: Re: Internal Audit Reporting/VanDorp/Madden

From: Lori


We have an exit meeting after each internal audit which includes supervisors, VPs, President, and anyone else who wants to be there. In addition to presenting the findings, I write an Audit Report which includes the scope, the auditors, the findings, positive aspects and opportunities for improvement. Each attendee at the meeting gets a copy, and the report is also posted on our information bulletin board. If we just presented the findings alone, audits are perceived as all negative. But pointing out what people are doing right is a motivator.



Quite Involved in Discussions
Six Months ago, we had our surveillance audit and part of the recommendations coming from our Registrar, that we must do some grading scheme. Currently we are using a Rating System in one of our Checklist Form. And Here's how it works. During Our Internal Quality Audit. We use a Checklist Form (with three columns)wherein we list number of questions on the first column. Then, there answers on the second column. And on the third column, we list the rating. The Rating System is composed of numbers from 1-4. Each number has a corresponding equivalent.
1. - Element Fulfilled
2. - Element Partially Fulfilled
3. - Planning On stage
4. - Element Not Fulfilled.
But in our specs for Internal Quality Audit, we didn't mention on how to use this form. Our Registrar had said that we must develop this Rating System. I don't know if this could be the correct Rating System that we must used.
[email protected]
Thread starter Similar threads Forum Replies Date
C ISO 14001 Internal Audit - Opportunity for Improvement ISO 14001:2015 Specific Discussions 2
P Does FDA require certification for quality system internal audit for auditor? Qualification and Validation (including 21 CFR Part 11) 1
P Looking to outsource Internal Audit - MDSAP competent auditor needed Other Medical Device Regulations World-Wide 9
J Outsourced Internal Audit requirements for Aerospace Suppliers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 21
D Number of people to be interviewed during an internal audit? Internal Auditing 6
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
A Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
C API Q1 internal audit report Internal Auditing 3
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 2
J Internal audit random sampling methodology Internal Auditing 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
W How do you phrase your internal audit questions? Internal Auditing 3
M IATF - Internal Audit 3 year span Internal Auditing 4
Q ISO 9001-2015 Internal audit finding Internal Auditing 14
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 18
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 8
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
salaheddine96 Internal audit planning Internal Auditing 2
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Internal Auditing 1
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 12
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 10
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
F Internal Audit - Procedure example Internal Auditing 5
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
CPhelan Internal audit - Combine similar nonconformities in one or keep separate? Internal Auditing 6
M Internal Audit Plan in Retail Internal Auditing 10

Similar threads

Top Bottom