Search the Elsmar Cove!
**Search ALL of Elsmar.com** with DuckDuckGo Especially for content not in the forum
Such as files in the Cove "Members" Directory

ISO 28000 Internal Audit Checklist wanted

#3
Hi !

I'm looking for a ISO28000 Internal Audit checklist. Anyone happen to have one ?

Cheers,
As with just about all other ISO standards which require internal audits, audit checklists based on the ISO standard have minimal benefit. You'd be best advised to develop your own, based on the actual management system policies, processes, procedures, risks etc that your organization has developed.

Taking the standard's requirements and turning them into 'yes' and 'no' type questions isn't a very effective audit toll, IMHO...
 

Marc

Captain Nice
Staff member
Admin
#4
I disagree. Checklists can easily be a part of internal audits.

The next time you board an airplane you should be happy the pilots use checklists. Vilifying check lists doesn't help. As a licensed pilot I wouldn't get in a cockpit without one.

Checklists can also be part of the learning experience. Not everyone has been working with (for example) ISO 9001 for 15 to 20 years.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#5
As with just about all other ISO standards which require internal audits, audit checklists based on the ISO standard have minimal benefit. You'd be best advised to develop your own, based on the actual management system policies, processes, procedures, risks etc that your organization has developed.

Taking the standard's requirements and turning them into 'yes' and 'no' type questions isn't a very effective audit toll, IMHO...
I disagree. Checklists can easily be a part of internal audits.

The next time you board an airplane you should be happy the pilots use checklists. Vilifying check lists doesn't help. As a licensed pilot I wouldn't get in a cockpit without one.

Checklists can also be part of the learning experience. Not everyone has been working with (for example) ISO 9001 for 15 to 20 years.
Both of you are correct. The usefulness of a generic checklist like the one Ted graciously shared depends pretty much on the stage of the journey the organization is.

If an organization just embarked on the journey of implementing ISO 28000, a generic checklist is very useful to basically determine glaring gaps. As the system matures, generic checklists lose their effectiveness, and, as Andy mentioned, it is critical for the organization to delve in terms of conformance and effectiveness of their own operational controls and specific processes.
 
#6
I disagree. Checklists can easily be a part of internal audits.

The next time you board an airplane you should be happy the pilots use checklists. Vilifying check lists doesn't help. As a licensed pilot I wouldn't get in a cockpit without one.

Checklists can also be part of the learning experience. Not everyone has been working with (for example) ISO 9001 for 15 to 20 years.
I'm not saying don't use a checklist - just that using one based solely on the ISO requirements isn't appropriate for an internal audit! I'm not vilifying checklists..I use them myself. The reality is that many audit programs begin with the ISO requirements and never get past that. Internal auditors go around asking questions which are the requirements rephrased as a question and no-one knows how to answer them! Result? Ineffective audits!
 

Marc

Captain Nice
Staff member
Admin
#7
That is the result of the auditor not being trained effectively. It has nothing to do with whether they use a checklist or not. A company expecting effective internal audits won't get them if the auditor isn't trained (or in some way qualified) to do internal audits.
 
#8
That is the result of the auditor not being trained effectively. It has nothing to do with whether they use a checklist or not. A company expecting effective internal audits won't get them if the auditor isn't trained (or in some way qualified) to do internal audits.
This is true - whatever tool you put in their hands will not be effective. I'm also reminded of the 'bad old days' of QS-9000, when good auditors were told to use the QSA, which was one of the sames 'turn-the-standard-into-questions' checklists - which drove good auditors into bad habits!

Hopefully, the OP will have had/get some training on effective auditing...
 
K

KTSiow

#9
Thank You for the prompt reply. Does anyone has a copy of the ISO19011 standard ? I'm trying to create an integrated audit checklist that addresses the ISO requirements for ISO9001, 14001 and 28000.

Cheers,
 

Marc

Captain Nice
Staff member
Admin
#10
The ISO 19011 standard is a copyrighted document. We do not allow sharing of, or even asking for, copies of copyrighted documents here.

Thank you.
 
Top Bottom