Internal Audit Questionnaires

J

Jason PCSwitches

#1
Hello all, Merry Christmas. I could use some of your viewpoints in regards to internal audit questions. Let me give you the situation.

We have revamped out internal audit program as it was originally developed around clauses, not internal processes. The last task that remains is to rewrite the questionnaires that we use to provide a more effective audit. Currently the questions are vague and based on the main elements of the standard.

All of our internal auditors have complained about the current format, (the auditors sometimes have a hard time interpreting the questions, much less the auditees) and I'd like to revise the questions so that they are straightforward, comprehensible, yet touch on the key areas of the process. In doing this, what could you suggest as an approach to writing questions for the audits? I know you don't know our processes and I have searched the Cove, but found nothing to compare. I want to keep the question method due to it being consistent, we can revise as we proceed.

What I'm looking for is a good base that can 'guide' the auditors or direct them down the right path. Understanding processes are different, there has to be a core set of initial questions to get you started, any suggestions?

Keep in mind, we are not dealing with quality professionals or auditing experts. Our internal auditors have never been formally trained (nor is it an option at this time) and I need to keep it simple to start.
 
Elsmar Forum Sponsor
I

ISO 9001 Guy

#2
Use your new procedures as the basis of your internal audit. Ensure the procedures comply with the standard, and then audit working practice to the procedures. That way, you are auditing the process for conformity to the procedure AND auditing for conformity to the standard at the same time.
I suggest avoiding a checklist for each process audit. As procedures change, you will now need to update the checklists, too, when procedures change. Instead, consider creating a fresh checklist from the procedure for each audit. Devising a checklist from a procedure is not particularly time consuming, and it ensures that audits are being conducted to current requirements. Also, having auditors create their own checklists for each audit will also "scrub" the procedure from several perspectives over time.
 
Likes: db
#3
In addition, checklists can take many forms....
a flow chart, a turtle diagram.... you name it....

It is best that auditors don't ask questions just from the checklist. They are but a tool. Most of my questions aren't on the checklist, but are result of examining the evidence the auditee provides.
 
B

Brunetta

#4
It sounds like your auditors cannot translate the ISO 9001 requirements to the process. In my opinion this would be a concern and I would get them up to speed so they are competent to conduct an audit and answer if the processes of the QMS meet the applicable requirements of ISO 9001.

In saying that I do not mean to imply that your auditors should speak ISO-ese, or that their focus should soley be on compliance to the ISO 9001 standard.

As far as developing questions for your auditors to ask, this seems to be putting the cart before the horse in my opinion. If they don't know why they are asking the questions how can you be confident that their assessments of conformity/nonconformity, effective/noneffective, and efficient or inefficient are correct?

I think that if you provide the training in understanding the ISO 9001 requirements, and in conducting audits... your audits will truly develop into process audits and not an inspection checklist for compliance (which is not a process audit in my opinion).

If at all possible, try to find an internal auditor trainer that will incorporate your processes as they teach the various audit techniques used. Sometimes the local community colleges offer them (at least they did in our case) and I found this to be far better at helping auditors understand what they are really doing than test case examples.

All that being said....
We DO have a checklist, based on ISO 9001 clauses, our auditors use it as a tool in their working papers, they highlight what areas of ISO apply to the process and then explain in notes during their document review how the requirement is met in the document for the process. This establishes the base line for them to develop the questions for the interview stage.

Under no circumstances would our auditors EVER think to ask something like, "Does your design and development inputs include functional and performance requirements?":bonk:

Their questions (after the favorite opening question "tell me about what you do") would be more based on the process documentation, such as "With several writers working on a proposal, how do they know what requirements in the RFP pertain to the section they are writing?" probably followed by another open ended question "How do all these different writers end up with a finished document in one voice?"

These are just two examples that come to mind, but obviously the answer to one question may lead to a completely different open ended question. The point is to get the auditees not only to explain the process to you, but why it is done that way, and is it working for them and the customer.

The compliance to ISO 9001 is only one part of internal auditing, important, but in my opinion not the point (that is what the CB auditors do)

~Brunetta
 
S

sudwel

#5
I just took a process mapping course and have struggled similarly with brand new auditors that don't understand the processes... so I'm going to try, as a PP suggested, to do a "turtle" for each process - then they will know who to talk to, what procedures to review, what records they should see etc, etc. I'll likely still have the checklist, in some form, to send them off with - I'm thinking giving them the "map" will aid in them getting to the "destination"!!

Darlene
 

LUV-d-4UM

Quite Involved in Discussions
#6
Can you give me examples on how Quality Management System can be linked to monitoring of Carbon Footprints and Waste Elimination-TIMWOOD? Thank you.
 
#7
Hello all, Merry Christmas. I could use some of your viewpoints in regards to internal audit questions. Let me give you the situation.

We have revamped out internal audit program as it was originally developed around clauses, not internal processes. The last task that remains is to rewrite the questionnaires that we use to provide a more effective audit. Currently the questions are vague and based on the main elements of the standard.

All of our internal auditors have complained about the current format, (the auditors sometimes have a hard time interpreting the questions, much less the auditees) and I'd like to revise the questions so that they are straightforward, comprehensible, yet touch on the key areas of the process. In doing this, what could you suggest as an approach to writing questions for the audits? I know you don't know our processes and I have searched the Cove, but found nothing to compare. I want to keep the question method due to it being consistent, we can revise as we proceed.

What I'm looking for is a good base that can 'guide' the auditors or direct them down the right path. Understanding processes are different, there has to be a core set of initial questions to get you started, any suggestions?

Keep in mind, we are not dealing with quality professionals or auditing experts. Our internal auditors have never been formally trained (nor is it an option at this time) and I need to keep it simple to start.
I'd suggest to you that the checklist is only part of the issue. Have you defined the 'scope' and 'criteria' for each audit? IS there a clear objective? doing an audit isn't simply coming up with a bunch of questions - either on a check list or out of someone's head - it's about a fact finding 'mission' to determine a number of things about the process.

Audits don't start with a checklist and end with a report/ncs as so many people seem to believe. There are other things to consider. Why are you doing this audit? What are we auditing the process to/against? What's the result going to be used for?

If you - and the auditor don't know the answers to these basic of questions, then you and they are wasting their time - as well as everyone else's - coming up with a bunch of questions.

However, if you can say, "Well, we're auditing this process, because during November we had some scrap issues and we need to find out if we were following the process documentation/controls, etc", then you might have a fighting chance!

It should be a little easier then, to coach your people - small steps, since they aren't competent - to define and list the things they need to be aware of and have some ideas what the 'correct answers' are, before they go and interview and look at November's records etc. Let's face it, we've known how to phrase a question since we were 3 years old. But we're not 3 now, we just don't know what's important to ask questions about - or (at the risk of sounding dumb) what the answer should be!

It may look a bit like this:http://www.youtube.com/watch?v=yezUD8FU8qE
 
Last edited:
D

DrM2u

#8
I just took a process mapping course and have struggled similarly with brand new auditors that don't understand the processes... so I'm going to try, as a PP suggested, to do a "turtle" for each process - then they will know who to talk to, what procedures to review, what records they should see etc, etc. I'll likely still have the checklist, in some form, to send them off with - I'm thinking giving them the "map" will aid in them getting to the "destination"!!

Darlene
I strongly believe that you need to audit the process first then compare the procedure to see if the porcedure needs updating or not. I prefer to use a process mapping template to ensure that I look at all the components of a process. I also use the completed sheets to identify audit trails for other audits or to follow up on other processes (i.e. calibration, training, maintenance, etc). I have attached a sample of the sheet I use in another forum but you can look it up in the File Attachements Listing. The file is titled Process Audit Sheet and is a MSWord document. Hope it helps.
 
J

JaneB

#9
I'd suggest to you that the checklist is only part of the issue. Have you defined the 'scope' and 'criteria' for each audit? IS there a clear objective? doing an audit isn't simply coming up with a bunch of questions - either on a check list or out of someone's head - it's about a fact finding 'mission' to determine a number of things about the process.
Excellent post, Andy. I haven't quoted the whole thing, but all the questions you raise are excellent, as is the advice.

Process audits are very different, and demand more. They deliver much better results (than clause by clause), but very definitely take greater competency on the part of auditors. As you say, there's some learning to be done, small steps first.
 
#10
I strongly believe that you need to audit the process first then compare the procedure to see if the porcedure needs updating or not. I prefer to use a process mapping template to ensure that I look at all the components of a process. I also use the completed sheets to identify audit trails for other audits or to follow up on other processes (i.e. calibration, training, maintenance, etc). I have attached a sample of the sheet I use in another forum but you can look it up in the File Attachements Listing. The file is titled Process Audit Sheet and is a MSWord document. Hope it helps.
Given that the OP is talking about people who are untrained etc., I believe it's unlikely his approach will work. To audit the process, you have to have some idea of what was 'planned' (especially since this is basically what 'ISO' is about).

Planning is key to an effective audit - not which audit is done which month - the individual's preparation for auditing a scope etc.
 
Thread starter Similar threads Forum Replies Date
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
salaheddine96 Internal audit planning Internal Auditing 2
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Internal Auditing 1
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 12
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 10
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
F Internal Audit - Procedure example Internal Auditing 5
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
CPhelan Internal audit - Combine similar nonconformities in one or keep separate? Internal Auditing 6
M Internal Audit Plan in Retail Internal Auditing 10
D Management of NC after internal system audit IATF 16949 - Automotive Quality Systems Standard 7
A Purchasing - Internal Audit Questions Internal Auditing 8
N Comprehensive Compliance Matrix for Internal Audit Checklist Other Medical Device Regulations World-Wide 1
W Where to begin with an ISO 9001:2015 internal audit Internal Auditing 13
D Internal audit forms or checklists for a medical/veterinary laboratory General Auditing Discussions 5
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
E ISO 9001:2015 - Internal Audit Plan Clauses General Auditing Discussions 8
S Internal Audit Checklist for Application/Software development IEC 27001 - Information Security Management Systems (ISMS) 1
S Internal Audit - Risk and Opportunity (ISO 9001:2015 ) Internal Auditing 1
F API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits. Oil and Gas Industry Standards and Regulations 22
Ashland78 IATF 16949 Internal Audit Checklist Manufacturing and Related Processes 11
Ed Panek Root Cause CAPAs from internal audit ISO 13485:2016 - Medical Device Quality Management Systems 16
K Student wanting Case Study about Internal Audit Report Internal Auditing 1

Similar threads

Top Bottom