The Best Way to Make an Internal Audit Checklist

J

Jamie

#1
Internal Audit Checklist?

I tried to perform a search to see if I could find something to help me with this. I didn't have much luck finding what I needed. If I overlooked a thread, I apologize in advance.

I am getting ready to start performing our internal audits. We used to use Internal Audit software by Harrington. I hated the software so I "removed it from service". In creating our new audit process, I have put the responsibility of creating the questions on the checklist to the auditors. In reading some of the threads from my search there were some suggestions made to take a copy of the procedure with you and make notes and questions on it along the way. I hate the idea of using a "canned" checklist. We've been that route before. I just can't figure out another way do to this.

First you ensure our system meets the standard....if it does you proceed to see if what they are doing is compliant to the documented procedures and work instructions. There was also talk in some threads along the way of using checkmarks.

This is what I had in mind....

On the front page of the checklist have a place for the auditor to identify which clauses they are auditing against (these are identified on the audit schedule) and to the right have a place to check if the system satisfied the clause, same with the QMS. If there are any areas unsatisfactory you identify the findings or any observations below.

My boss really liked the idea of an Audit Summary Report. When we used Harrington, my boss at the time had me submit a copy of the checklist to All departmetal supervisors involved. There was no "report". To be honest they didn't read them half the time they'd look for any findings and that was it. If you don't do a checklist, just what do you do? How do you document and have a record of your audit?

If you audit against the standard and the QMS and everything is hunky dorey...What and Why would you want to go into all the detail of documenting what you compared it to and what you found I've already said in my auditing procedure that we audit the standard and our own QMS. Would this satisfy the standard.

People were talking about an audit trail in some of the threads I was reading on as well. I'm not sure how all this is coming into play.

Can anyone help me "see" the light? Knowing me, I'm making this much harder than it is.

You all have a GREAT weekend!
:bigwave:

Jamie
 
Elsmar Forum Sponsor
J

Jamie

#2
I meant to attach a copy of what I had created so far for our report and checklist. I hope I have them attached to this message right. If I do, what do you think?

Jamie
 

Attachments

E

energy

#3
Re: Internal Audit Checklist?

Originally posted by Jamie
First you ensure our system meets the standard....if it does you proceed to see if what they are doing is compliant to the documented procedures and work instructions. There was also talk in some threads along the way of using checkmarks.

If you audit against the standard and the QMS and everything is hunky dorey...What and Why would you want to go into all the detail of documenting what you compared it to and what you found I've already said in my auditing procedure that we audit the standard and our own QMS. Would this satisfy the standard.
:bigwave:
Jamie
Jamie,

We do not intend to let our Internal Auditors audit to the standard. They will audit approved procedures written with the standard in mind, by a Steering Committee of (7) Department Heads and Managers. These meetings are often contentious, argumentative and eventually end up in agreement regarding interpretations. If seven us find it difficult to agree on what the standard means, what chance does an Auditor have in coming to a conclusion on what meets the intent? That does not preclude them from using a checklist to perform their audits. Again, the checklist will be developed with the standard in mind by the Committee. While the Internal Auditors have had auditor training by an outside consultant, the limited time (2 man days) is not enough to become familiar with a document that they never saw before. They are also not being paid to spend hours reading the standard before beginning their audits. All Auditors have a copy of the standard and are encouraged to read it. Certainly, as they mature and become more familiar with the standard, they have the right through the Document Control System to suggest changes to procedures and explain why. But not now.
So, documents/procedures approved and released by the Committee are binding and only subject to arbitration with our Consultant and/or our eventual Registrar. While everybody on the committee is recognized for their individual expertise, the standard (or intent) causes a lot of confusion as to what a section really means. Look at the differing opinions that we see here at the Cove. If you allow your Internal Auditors to question anything that doesn’t agree with what they perceive to be the correct meaning of a particular section of the standard, you can be in for a long day. I’m a firm believer in that old saying, “Give a man a hammer and he will bang it”.


:ko: :smokin:

Oh I forgot. We have 8 auditors for a Company of 45 people. 4 of them are on the Steering Committee. That leaves 3 that are not auditors. Conflict of interest? Not. We're all in this together. JMHO
 
Last edited by a moderator:
M

M Greenaway

#4
Energy

It is a requirement of ISO9001:2000 that your internal audits are conducted against the requirements of the standard.

Your internal audit system as you describe it would be non-compliant with ISO9001:2000, and doubtless ineffective also.

Love

Martin
 
#6
Nope... I insist

Aha... Debate.. I like that :D
It depends on your priorities. Who cares if you miss a requirement? Don't you pay a registrar to look after that?
Nope. We have to do it ourselves:

8.2.2 a (Internal audit): determine whether the QMS: conforms to the requirements of this standard.
Besides, The registrar spends two days/year here. Our internal auditors are here all the time. Thus they are able to dig up things the registrar would never find.
You could look at 9001 compliance separately
Why? That would mean doing the same thing twice.
why involve all those excellent busy people trying to do their work? Keep it away from them. Expose them to the organization's system, not to ISO 9000
I agree with that apart from the auditors. It's their job to do just that.

/Claes
 
M

M Greenaway

#7
Jim

Internal audits must address the organisations compliance with the requirments of ISO9001:2000. You can slice and dice it anyway you want - and you may seperate the compliance to ISO9001 audit (even if you call it an annual desk top review - or any other name) from the compliance to our own procedures, from the effectiveness of the system - but you have to cover all these points.

The system you describe does not do away with the ISO9001 compliance audit - you have just seperated it from the other audit criteria and called it a different name.
 
#8
I still insist

You quote 8.2.2. I submit that there is a much more relevant and important clause: 8.2.1.3. Tell me if you can't find it
Sure. 8.2.1.3 is certainly relevant (No worries about finding it either), and it reflects my main reason for doing audits at all: To find input for improvement. However, that cannot be used to negate 8.2.2. Exactly how an audit is performed is beside the point, clipboards and deskchecks or not. We still have to use them to make certain that we conform to 9001.

Besides, we never go out waving the 9000 flag during audits. We ask questions designed to tell us whether we can improve the way we work. If we find that we don't fulfil the requirements in the standard, that's one of the things we need to fix....
There are alternatives. You could, and this is JUST AN EXAMPLE, meet the 'conform to 9001' requirement by having one person do a deskcheck and then have managers audit their own departments or processes with no reference to ISO 9001 at all.
Err... I certainly want them to work with improvement in their own areas, no argument there. But: Bearing in mind that you're not supposed to audit yourself that is continual improvement, not part of the audit system. And yes, you could have one person do a deskcheck to see if you fulfill the standard. I just fail to see the point in having a number of trained auditors do only part of the job and leave the rest to this one person when they are perfectly able to do it themself?

/Claes
 
E

energy

#9
Love you, too!

Originally posted by M Greenaway
Energy
It is a requirement of ISO9001:2000 that your internal audits are conducted against the requirements of the standard.
Your internal audit system as you describe it would be non-compliant with ISO9001:2000, and doubtless ineffective also.
Love
Martin
I believe that my post says that they will audit to procedures that are written with the standard in mind. We stand by our procedures that they meet the standard. Auditors do not need to have a copy of the standard to do internal audits. They can use the checklist that the Registrars use and ask the same questions. The auditees have to demonstrate that they are aware of the procedures and I consider that effective. The standard is poured over in detail by the Committee and all areas will be addressed in some form or other. We will not have people reading into the standard and interpreting at will. We leave that to you guys. If we have done our job correctly, we're golden. If not, well, shame on us. The relevant sections of the standard are shown on the "references" portion of the procedures. Auditors are free to look at their copy if they determine that there is a N/C. They will not cite the standard. They can suggest changes if they feel that the procedure is causing a problem with their interpretation of the standard. We do not intend to muffle any concerns the auditors may have. And I also said that the auditors make up the majority of the Steering Committee, so they are in the driver's seat when it comes to approving and releasing procedures/documents. How you interpreted that we are non compliant in respect to internal auditing eludes me. But then, I'm not an acredited Auditor. I do have the feeling though that you would cite us because our auditors would not reference the standard when issuing a N/C. They would be referencing our procedure, by paragraph, etc.. I promise to study that more carefully, as your posts usually contain some thought provoking subjects and are usually right on. Are you one of those auditors that are so sure that they are correct that there is no way you can see an alternative method? You question everything as evidenced by your initiated topics. I'm a little surprised at your response and will investigate further. Thanks for the input.
 
Last edited by a moderator:
#10
Absolutley...

Claes

I think we are in agreement!

If we want the badge, we must meet the requirements. But we can meet them any way we choose.
Absolutley Jim,

Nice to have a bit of a discussion every now and then. It sparks the old creativity. And believe me: Just like you I'm doing my level best to cut down on the crap in the QMS and concentrate on what should be there.

/Claes :agree:
 
Last edited:
Thread starter Similar threads Forum Replies Date
G Internal Audit Planning - We are not getting the best out of our Internal Audits ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K When is the best time to Audit the Internal Audit Process? Internal Auditing 25
D Number of Internal Auditors Best Practice Quality Manager and Management Related Issues 18
G New to Internal Auditing - Best questions to ask? Internal Auditing 17
C When is the Best Time to Conduct Internal Audits Internal Auditing 22
H Quality Management Best Practices for Internal Auditing Internal Auditing 6
M Internal tool calibration program - Best source to become "knowledgeable"? General Measurement Device and Calibration Topics 5
K AS9100 6.2.2 - Internal ISO 17025 Laboratory - Clause 5.2 Personnel Best Practices ISO 17025 related Discussions 1
B What is the best way to Improve an Internal Auditors Effectiveness? Internal Auditing 26
earl62 What is the best way to control special characteristics in Control plan? Is it Mandatory to have SPC for IATF 16949? IATF 16949 - Automotive Quality Systems Standard 5
J ISO 13485 System 'soft start' - How to best reflect this in initial audits, management review minutes and other records? ISO 13485:2016 - Medical Device Quality Management Systems 3
S What is the best method to bond urethane foam to urethane foam? Manufacturing and Related Processes 4
Watchcat Best Regulatory Oversight for Off-Shore Device Manufacturing? Other Medical Device Regulations World-Wide 1
E Best way to keep up with pharmaceutical quality knowledge and current affairs Service Industry Specific Topics 1
K Best Measurement Systems Demos in California? General Measurement Device and Calibration Topics 1
qualprod Best approach to get a real value as average? Statistical Analysis Tools, Techniques and SPC 6
CPhelan Best metrics for monitoring low volume (<1000) parts per vendors Supply Chain Security Management Systems 1
DuncanGibbons Best practice for identifying "items" of parts for DFMEA analysis AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
I What kind of wine best complements the Friday that you close out your external audit findings? Opinions are welcome. Coffee Break and Water Cooler Discussions 12
I Non-Conformance vs OFI -- your best descriptions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 61
A What are Practical data center best practices IEC 27001 - Information Security Management Systems (ISMS) 0
G Best Practices for IT auditing - Is a session-id necessary for a complete audit trail? IEC 27001 - Information Security Management Systems (ISMS) 0
S Best software for customer support/complaints? Customer Complaints 0
R Bill of Materials for a complex product - Industry best practice ISO 13485:2016 - Medical Device Quality Management Systems 2
G Oversized Threads - What sized stab pin would be best to quickly check for oversized thread holes General Measurement Device and Calibration Topics 5
D What is the best software used for the pharma compliance management? Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
M Informational MHRA launches consultation on how to best engage patients and the public Medical Device and FDA Regulations and Standards News 0
optomist1 Mobility Field Manufacturing Best - Worst Practices Manufacturing and Related Processes 5
qualprod Best criteria to measure Corrective Action effectiveness - Poor Maintenance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
N Best practices for capturing audit objective evidence in a practical manner? Internal Auditing 3
S How to Learn all aspects of ISO 27001:2013 | The best way to grab the knowledge on 27001:2013 (Step by Step) IEC 27001 - Information Security Management Systems (ISMS) 7
I Best visual description for SOPs? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
Z Best Practices - small volume medical device tube cutting (0.020" to 0.080" OD)? Manufacturing and Related Processes 3
M Over-labelling - Any requirements or best-practices? Other Medical Device Regulations World-Wide 0
M Informational DITTA White Paper on Cybersecurity: Best Practices in the Medical Technology Manufacturing Environment Medical Device and FDA Regulations and Standards News 0
M Informational BSI – MDR Documentation Submissions Best Practices Guidelines Medical Device and FDA Regulations and Standards News 0
K Which clause would best fit this Nonconformance? (Supplier Related) Internal Auditing 2
P How to have employees buy-in of quality procedures. Best practices? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
S Expiry date vs. Best Before Date - Reagents ISO 13485:2016 - Medical Device Quality Management Systems 9
C Will anyone please share training material for ISO:13485:2016 for best practices Training - Internal, External, Online and Distance Learning 0
E Best GD&T training - Your suggestions and recommendations please Training - Internal, External, Online and Distance Learning 3
M Best Practice for setting tolerances on a Drawing Inspection, Prints (Drawings), Testing, Sampling and Related Topics 8
M PCBA Drawing Best Practices IPC Class 3 ISO 13485:2016 - Medical Device Quality Management Systems 1
Ron Rompen Best Practices in CMM Correlation Studies General Measurement Device and Calibration Topics 3
B Best place is to purchase IEC 60417 labels that will pass markings test IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
P Best approach to tackle difficult certifications Career and Occupation Discussions 2
E Best Ways to Close a Project APQP and PPAP 3
S Opinions on the "Best" CMM for High Accuracy Machining General Measurement Device and Calibration Topics 9
C What is the best ISO 22000 template pack to purchase? Food Safety - ISO 22000, HACCP (21 CFR 120) 2
M Best Type of Grease for Vex Plastic Gears Manufacturing and Related Processes 5

Similar threads

Top Bottom