Internal Audit Questionnaires

D

DrM2u

#11
I'd suggest to you that the checklist is only part of the issue. Have you defined the 'scope' and 'criteria' for each audit? IS there a clear objective? doing an audit isn't simply coming up with a bunch of questions - either on a check list or out of someone's head - it's about a fact finding 'mission' to determine a number of things about the process.

Audits don't start with a checklist and end with a report/ncs as so many people seem to believe. There are other things to consider. Why are you doing this audit? What are we auditing the process to/against? What's the result going to be used for?
These are very valid questions when establishing the audit plan, regardless if you audit one process or all. The fact-finding mission in most cases is to assess the level of effectiveness, efficiency and compliance of a process.
However, if you can say, "Well, we're auditing this process, because during November we had some scrap issues and we need to find out if we were following the process documentation/controls, etc", then you might have a fighting chance!
Usually a root cause analysis is much more effective than an audit when trying to solve scrap issues. The intent is not to see if the process FOLLOWED the documentation but to identify the failure modes and cause(s). Unless, of course, you have your documentation dictate your processes and therefore are hindering continuous improvement. A better example would have been "we are auditing this process to verify it it meets the planned goals and objectives (metrics) and to identify opportunities for improvement".
It should be a little easier then, to coach your people - small steps, since they aren't competent - to define and list the things they need to be aware of and have some ideas what the 'correct answers' are, before they go and interview and look at November's records etc. Let's face it, we've known how to phrase a question since we were 3 years old. But we're not 3 now, we just don't know what's important to ask questions about - or (at the risk of sounding dumb) what the answer should be!
The main thing to know and understand when auditing a process is the actual process concept. One does not need to know or understand the details of a specific process (although it helps) to be able to audit it. A good auditor should be able to audit and assess ANY process without knowing anything about it.
 
Elsmar Forum Sponsor
#12
These are very valid questions when establishing the audit plan, regardless if you audit one process or all. The fact-finding mission in most cases is to assess the level of effectiveness, efficiency and compliance of a process.

Usually a root cause analysis is much more effective than an audit when trying to solve scrap issues. The intent is not to see if the process FOLLOWED the documentation but to identify the failure modes and cause(s). Unless, of course, you have your documentation dictate your processes and therefore are hindering continuous improvement. A better example would have been "we are auditing this process to verify it it meets the planned goals and objectives (metrics) and to identify opportunities for improvement".

The main thing to know and understand when auditing a process is the actual process concept. One does not need to know or understand the details of a specific process (although it helps) to be able to audit it. A good auditor should be able to audit and assess ANY process without knowing anything about it.
Spoken as a true consultant! However, the auditors in question are internal auditors with little/no formal training!

I don't agree with you on your second point at all. Most internal auditors have no chance when it comes to 'continual improvement' - that's a pipe dream!

If anyone were supposed to be able to audit any process, how come CB auditors - who must be some of the most experienced auditors - are usually qualified by SIC/NAICS code etc? By your estimation, I should be able to audit both aerospace and automotive companies, but alas and alack, the governing bodies don't agree with you!
 
D

DrM2u

#13
If anyone were supposed to be able to audit any process, how come CB auditors - who must be some of the most experienced auditors - are usually qualified by SIC/NAICS code etc? By your estimation, I should be able to audit both aerospace and automotive companies, but alas and alack, the governing bodies don't agree with you!
The use of the code-qualification at the present time still puzzles me and makes me believe that the accreditation bodies do not understand the process concept too well either.:bonk: Seriously though, I do believe that my statement should hold true in theory. Practically, I have a split opinion. On one hand, it does help to have some knowledge about what you are auditing in order to reduce the learning curve and bring more value to the audit. On the other, having some knowledge about a process can bring some bias and superficiality to the audit. A good auditor should be able to overcome this, though.:confused:
 
Last edited by a moderator:
#14
The use of the code-qualification at the present time still puzzles me and makes me believe that the accreditation bodies do not understand the process concept too well either.:bonk: Seriously though, I do believe that my statement should hold true in theory. Practically, I have a split opinion. On one hand, it does help to have some knowledge about what you are auditing in order to reduce the learning curve and bring more value to the audit. On the other, having some knowledge about a process can bring some bias and superficiality to the audit. A good auditor should be able to overcome this, though.:confused:
You've confused the beetle-juice out of me, with these answers! It's not just the accreditation bodies who want the CB auditors qualified in a specific industry. It's a source of comfort for the client too, isn't it?

As you suggest, it's theory, plain and simple. Of course it helps to know the terminology, technology, methodology etc. Knowledge isn't bias and doesn't lead to superficiality, either. Lack of competency does!

Of course, a 'good' auditor isn't biased or superficial! A competent auditor is one who can "demonstrate the ability to apply skills and knowledge", so I'm not sure quite what you mean...
 
J

JaneB

#15
One does not need to know or understand the details of a specific process (although it helps) to be able to audit it. A good auditor should be able to audit and assess ANY process without knowing anything about it.
Huh? I strongly disagree. Yes, one can audit a process without 'knowing anything about it', but one will get far better results with an auditor who is also competent in the field.

Yes, I can do some auditing of certain manufacturing type processes up to a point, but I also know that I have huge gaps in my experience and knowledge, so I don't fully understand (for example) the risks or the important bits and my audit is flawed because of that. I'm not adequately competent (in my opinion); understanding processes very well indeed, as I do, just isn't enough to compensate for knowledge, experience and competency in domain knowledge. Service processes? I'm your consultant. Manufacturing? Nope.

Spoken as a true consultant!
Aww, Andy, must you? :whip: I actually take exception to your saying that this statement is the hallmark of a true consultant. I'd like to think that a really true consultant would be honest enough to say when they don't know stuff. I do.
If anyone were supposed to be able to audit any process, how come CB auditors - who must be some of the most experienced auditors - are usually qualified by SIC/NAICS code etc? By your estimation, I should be able to audit both aerospace and automotive companies, but alas and alack, the governing bodies don't agree with you!
And thank heaven for that.

Another example: I've been on site when an external auditor has come who clearly didn't have One Single Clue about what was important in an engineering consultancy business and its processes (vs straightforward engineering processes). Yikes. The result was a very sorry experience all around (and we demanded a change of auditor).

The use of the code-qualification at the present time still puzzles me and makes me believe that the accreditation bodies do not understand the process concept too well either.
Not the ones I know and respect.
On one hand, it does help to have some knowledge about what you are auditing in order to reduce the learning curve and bring more value to the audit. On the other, having some knowledge about a process can bring some bias and superficiality to the audit.
Wha-at??? :confused: :nope:

You've confused the beetle-juice out of me, with these answers! It's not just the accreditation bodies who want the CB auditors qualified in a specific industry. It's a source of comfort for the client too, isn't it?
Yes! and Yes again!

Of course it helps to know the terminology, technology, methodology etc. Knowledge isn't bias and doesn't lead to superficiality, either. Lack of competency does!
And yes again!
 
#16
Aww, Andy, must you? :whip: I actually take exception to your saying that this statement is the hallmark of a true consultant. I'd like to think that a really true consultant would be honest enough to say when they don't know stuff. I do.
It was posted in jest! :notme:;):lmao::bigwave: (I was one, remember?):lol:
 
#18
If anyone were supposed to be able to audit any process, how come CB auditors - who must be some of the most experienced auditors - are usually qualified by SIC/NAICS code etc? By your estimation, I should be able to audit both aerospace and automotive companies, but alas and alack, the governing bodies don't agree with you!
If I may take a shot at this, Andy. The reason (IMNSHO) CB auditors need to have industry specific qualifications is so they have some knowledge of the processes used by organizations. And that makes perfect sense. In internal auditing, because the auditors work at the organization, they probably will have some knowledge of their company's processes. But as you said, the post was about unknowledgable internal auditors. I think using internal auditors that do not understand your own processes is non-value added at best and dangerous at worst. One of the drawbacks of any internal auditor class is that it does not help new auditors understand their own processes. There really needs to be some continuation training for new auditors which focus on the processes of the company and how the company applies the requirements of the particular standard.
 
A

amariepsu

#19
The internal audit team sat down together and we formulated a basic checklist, making sure everyone's ideas were considered.

Ours could use some further customization to our processes, but for your purposes I think this example should help get you started.
 

Attachments

#20
If I may take a shot at this, Andy. The reason (IMNSHO) CB auditors need to have industry specific qualifications is so they have some knowledge of the processes used by organizations. And that makes perfect sense. In internal auditing, because the auditors work at the organization, they probably will have some knowledge of their company's processes. But as you said, the post was about unknowledgable internal auditors. I think using internal auditors that do not understand your own processes is non-value added at best and dangerous at worst. One of the drawbacks of any internal auditor class is that it does not help new auditors understand their own processes. There really needs to be some continuation training for new auditors which focus on the processes of the company and how the company applies the requirements of the particular standard.
Agreed, Dave. As we enter the second decade of the 21st century I believe it should be on IRCA and RABQSA's agendas to develop a set of requirements for accreditation of training courses for internal auditors and internal audit management which are substantially different from what is currently offered. We clearly see - here, every day - the confusion auditors are in as a direct result of being taught external audit techniques and methods in Lead and Internal Auditor courses all around the world. As I've mentioned before, the basic criteria and methods used in LA courses haven't been substantially changed since I took my LA course in 1987, from the originators of the LA course! So much for 'continuous improvement'....:mg:

Most organizations don't (naturally) have anyone who is qualified to manage an internal audit program, past basic blocking and tackling of doing simple audits. Yet, it is a complex task, not least of which is finding and coaching candidates to perform those internal audits in an effective manner. Where do they expect these people to develop their competencies to manage an effective, value added internal audit program - worse, they often default to emulating their CB activities, since this represents the only model against which they can seek validation of their efforts!

I believe it's time for a (quiet) revolution in this whole internal auditor qualification/training industry!
 
Thread starter Similar threads Forum Replies Date
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 7
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 5
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
salaheddine96 Internal audit planning Internal Auditing 2
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Internal Auditing 1
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 12
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5
O ISO13485 implementation - Are internal audits expected before stage 1 audit? Design and Development of Products and Processes 3
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Small Company - Internal audit process - Who does the audit? Internal Auditing 16
J Does anyone have an excel IATF 16949 Internal Audit checklist I could use? IATF 16949 - Automotive Quality Systems Standard 7
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
S Internal audit discrepancy - We missed a few audits that were scheduled Internal Auditing 12
Raffy ISO 14001 9.2.2 Internal Audit Programme Content Internal Auditing 10
N Internal Audit Schedule – Who gets to set the schedule? Internal Auditing 16
V IATF 16949 9.2.2.1 Internal Audit Program - "Process Changes" IATF 16949 - Automotive Quality Systems Standard 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
T Internal Audit Schedule when Hiring Out Internal Auditing 7
D ISO 9001:2015 Internal Audit Training Advice Internal Auditing 10
M Internal audit consultant ISO 13485 (English speaker) Consultants and Consulting 3
S Implementing a 45001 Health & Safety standard - Internal audit plan wanted Internal Auditing 1
F Internal Audit - Procedure example Internal Auditing 5
C Internal Audit - Process Clause Matrix / Audit Checklist ISO 13485:2016 - Medical Device Quality Management Systems 7
CPhelan Internal audit - Combine similar nonconformities in one or keep separate? Internal Auditing 6
M Internal Audit Plan in Retail Internal Auditing 10
D Management of NC after internal system audit IATF 16949 - Automotive Quality Systems Standard 7
A Purchasing - Internal Audit Questions Internal Auditing 8
N Comprehensive Compliance Matrix for Internal Audit Checklist Other Medical Device Regulations World-Wide 1
W Where to begin with an ISO 9001:2015 internal audit Internal Auditing 13
D Internal audit forms or checklists for a medical/veterinary laboratory General Auditing Discussions 5
E Informational Internal Audits - Wear multiple hats what can and can't I audit (so I'm not auditing my own work) Internal Auditing 149
E ISO 9001:2015 - Internal Audit Plan Clauses General Auditing Discussions 8
S Internal Audit Checklist for Application/Software development IEC 27001 - Information Security Management Systems (ISMS) 1
S Internal Audit - Risk and Opportunity (ISO 9001:2015 ) Internal Auditing 1
F API Spec Q1 9th Edition Surveillance Audit - Questions about internal audits. Oil and Gas Industry Standards and Regulations 22
Ashland78 IATF 16949 Internal Audit Checklist Manufacturing and Related Processes 11
Ed Panek Root Cause CAPAs from internal audit ISO 13485:2016 - Medical Device Quality Management Systems 16
K Student wanting Case Study about Internal Audit Report Internal Auditing 1

Similar threads

Top Bottom