SBS - The Best Value in QMS software

Too Simple an Internal Audit Check Sheet?

K

kiwilass

#1
We have been redeveloping our QMS using a process mapping software system which links in all the information needed to carry out the process (i.e. forms, SOPs, policies etc) into each relevant process and ties in the requirements of about 15 different accreditation standards.

On the basis that our Quality department ensures that they have are aware of where the accreditation gaps are and work on addressing these with the relevant team and track where exactly each accreditation requirement is demonstrated within our system to show that we fulfil the specific requirement listed.

I would like to formalise an generic internal audit sheet to be used by our internal auditors against any chosen processes, which would cover the following points:

- Process name and version number being assessed.
- Auditor and Auditees and date of audit
- Is the process documented being followed as described?
- Are staff involved aware and understand the process and have access to the procedure and how are they informed of changes to the process?
- Has the procedure being reviewed in the timescale required?​
- Training - Are staff involved in the process trained and do they have training records for staff to confirm training has taken place?
- Maintenance and service records - is there any maintenance or service (including calibration) required to be carried out? Records available to show service has been carried out and are these being conducted on time?
- Testing ? Is there any testing required as a direct result of the procedure are these within expected limits and samples taken as required?
- Records ? verify that the records being described by the process are being filled out to completion and signatures are identifiable and records are kept for time frame specified?
- Document Control - are the documents described within the process being utilised and/or displayed and are the correct version number? There are no other documents being utilised that aren't controlled (confirmed) as described within the process?
- Inspection of equipment ? is equipment utilised in a clean state and suitable for use? Is cleaning being carried out as scheduled?
- Process improvement - are suggestions for improvement to the process being reviewed and responded to accordingly?​


Ideally I don't want to have to go down the path of formalising individual audit sheets that cover each variation and detail within the process. However is the above too simple in terms of an internal audit sheet? Is there anything glaring that I have missed out completely?


Thank you in advance for any feedback given.
 
Elsmar Forum Sponsor
#2
Kiwilass:

Are you proposing these be the questions your auditors ask? Or at least be what they go and check on? If so, you are started down the wrong road, IMHO.

I have done remedial training after organizations have chosen this method - because their auditors didn't like doing the audits. They have no "stake" in planning and preparing and therefore no reason to do a good job. In fact, you are taking away from them, one vital thing they really need to work on - preparation. By making auditors responsible, you won't have to prepare more sheets, either!

These may be the things you keep to guide them through preparation, such that they can tell you, when they sit down to plan their audit what their approach is going to be.

Also, you've added a lot of things into the questions which may not be worth asking. For example, if the crew working hasn't changed etc. why ask about training? You seem to have phrased questions like an external auditor which aren't really appropriate. Your auditors should be asking about how your system works. Why would you be asking about maintenance? You may be asking the wrong people, so the scope has to be precise!

You mention "accreditation gaps" - what do you mean?
 
T

treesei

#3
I agree with Andy. Giving a detailed checklist to the internal auditors is a great way to de-motivate them by taking away their ownership of the audit they are responsible for.
 
K

kiwilass

#4
Thanks Andy for your feedback.

Yes I was proposing that auditors read through and understand the process prior and then go on and check on the relevant questions and confirm whether the process was being followed.

With regards to your comments about the auditors being prepared and plan their audits and what their approach is going to be - are you inferring that the internal auditors should be responsible for designing and creating their own questions to ask during an audit?

In terms of accreditation gaps what I mean is that there are some areas in which our business still has to progress on, for example ensuring we have a documented crisis management plan.
 
#5
With regards to your comments about the auditors being prepared and plan their audits and what their approach is going to be - are you inferring that the internal auditors should be responsible for designing and creating their own questions to ask during an audit?
Not just inferring :yes: They should sit down and prepare their whole audit. They should be able to describe to you, at the end (or even before they start studying) what they would do to audit a particular scope and the associated criteria. You may have to work with them to ensure that level of competency, of course.
 

John Broomfield

Staff member
Super Moderator
#6
Thanks Andy for your feedback.

Yes I was proposing that auditors read through and understand the process prior and then go on and check on the relevant questions and confirm whether the process was being followed.

With regards to your comments about the auditors being prepared and plan their audits and what their approach is going to be - are you inferring that the internal auditors should be responsible for designing and creating their own questions to ask during an audit?

In terms of accreditation gaps what I mean is that there are some areas in which our business still has to progress on, for example ensuring we have a documented crisis management plan.
kiwilass,

Train and mentor your auditors so you trust them or replace them. But do not attempt to control them.

After all, your auditors are meant to have the authority to gather and evaluate evidence of conformity and effectiveness and to report the results impartially and objectively.

You must also protect their independence so be careful not to allow auditing (8.2.2) to replace monitoring (8.2.3). Indeed, your auditors should be free to audit the effectiveness of process monitoring.

John
 

mihzago

Trusted Information Resource
#7
I'll add that auditors should not be auditing to a generic set of questions but prepare an audit based on the scope of the audit i.e. federal regulations or standards. They should prepare their own questions, checklists or other materials based on the particular requirements they're auditing against; for example sec. 7.6 of ISO 13485.
 

Hershal

Metrologist-Auditor
Staff member
Super Moderator
#9
Excellent advice has been given. However, given you repeatedly refer to accreditations, and some 15 standards, you may have to watch out for some potential traps.

For example, if you have ISO9001 and ISO/IEC 17025, you likely will need two different checklists, due to the significant differences in the standards involved. I use these as examples, as you mention processes which is typical for ISO9001, and testing which comes under ISO/IEC 17025. However, the same may be true for other standards.

You also need to look at auditor qualifications. For example, an auditor may be able to work on one standard but not another.

As for having the auditors potentially develop the worksheets, that can be a good idea. They should also be involved in the audit planning, but looking at standards and SOPs used by the auditees, and selecting some portion, then preparing an agenda. The report at the end should reflect the agenda also.

Hope this helps.
 
#10
Excellent advice has been given. However, given you repeatedly refer to accreditations, and some 15 standards, you may have to watch out for some potential traps.

For example, if you have ISO9001 and ISO/IEC 17025, you likely will need two different checklists, due to the significant differences in the standards involved. I use these as examples, as you mention processes which is typical for ISO9001, and testing which comes under ISO/IEC 17025. However, the same may be true for other standards.

You also need to look at auditor qualifications. For example, an auditor may be able to work on one standard but not another.

As for having the auditors potentially develop the worksheets, that can be a good idea. They should also be involved in the audit planning, but looking at standards and SOPs used by the auditees, and selecting some portion, then preparing an agenda. The report at the end should reflect the agenda also.

Hope this helps.
Only if you are using the standards as your audit criteria. Internal auditors shouldn't really be using the standards as their audit criteria (certainly not exclusively).
 
Thread starter Similar threads Forum Replies Date
I How to determine "generic/me too" device? Japan Medical Device Regulations 0
A MDR requirement where unit of use packaging is too small for UDI carrier EU Medical Device Regulations 1
C CMM Granite too hard General Measurement Device and Calibration Topics 4
G Too many customer complaints Customer Complaints 16
M Do I Expect Too Much of Job Candidates? Career and Occupation Discussions 33
M Informational From RAPS – Another Notified Body Bows Out Ahead of EU MDR: ‘Investment Too High’ Medical Device and FDA Regulations and Standards News 2
M Informational FDA Panel: Too early to pull textured breast implants over cancer risk, need more data Medical Device and FDA Regulations and Standards News 0
F Looking for a Japan MAH recommendation that is not too expensive Japan Medical Device Regulations 6
S FDA Inspections and Pest Control - Pallets too close to walls 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 15
D IATF 16949: Do we have too many processes? Are they all the same? Registrars and Notified Bodies 7
L Nonconformity's risk is too low, so don't report it? General Auditing Discussions 25
O Is the Quality Objective for Company-wide Training as >90% too high? Training - Internal, External, Online and Distance Learning 4
J Thread Gauge Calibration Failure for Pitch Diameter being too large General Measurement Device and Calibration Topics 3
GStough Rejecting a Supplier's Corrective Action Plan When It's Too Weak Supplier Quality Assurance and other Supplier Issues 22
B Is the ISO 13485 auditor being too picky concerning CMDCAS? ISO 13485:2016 - Medical Device Quality Management Systems 5
J Sourcing a Sterile Product - Asking for supplier for too much regulatory stuff? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
Q Reduced Device License Fee was rejected for being sent in too early Canada Medical Device Regulations 2
N Calibration Lab unable to issue Accredited Certificate when error is too high? General Measurement Device and Calibration Topics 3
H "Too little" variation in gage R&R Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 2
J ISO13485 File-Index getting too large Document Control Systems, Procedures, Forms and Templates 2
N Boss is too hard on me.... Career and Occupation Discussions 48
C How to Write Procedures without too many Details ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
L How to deal with too many CARs (Corrective Action Requests), PARs (Preventive Action) Nonconformance and Corrective Action 25
Sidney Vianna The frequent flyers that flew too much... Unlimited AAirpass Coffee Break and Water Cooler Discussions 11
B Management Review Meetings too Long - How to Shorten and Improve Effectiveness Management Review Meetings and related Processes 7
B NAFTA Requirements - Finished Product or Materials/Parts from Suppliers, too? RoHS, REACH, ELV, IMDS and Restricted Substances 2
A When a Company is Too Big for Quality Service Industry Specific Topics 20
C ARGH Too Many Internal Audits Internal Auditing 22
Q Document Control Procedure - Too much detail? Document Control Systems, Procedures, Forms and Templates 8
G Histogram Interpretation when a process is "running too high" or "running too low"? Quality Tools, Improvement and Analysis 4
somashekar Too much data, Too little analysis - Manual Stages Assembly Shop Data Collection Quality Tools, Improvement and Analysis 2
B Can the Variation on Data be too small in a Variables Data Gage R&R Study Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 4
A Customer SQE - Within Specification but too much Variance Customer Complaints 7
A What to do when customer requirements are too much? Quality Manager and Management Related Issues 29
A Are Risk Analysis Studies required only for devices, or other processes too? ISO 13485:2016 - Medical Device Quality Management Systems 11
R MSDS Sheets for Products - How much is too much - Or is there ever too much? Occupational Health & Safety Management Standards 12
BradM Definitely too old to Trick or Treat Funny Stuff - Jokes and Humour 0
Jim Wynne Is this ISO 9001 Registration Scope Statement Too Vague? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
J Late CA (Corrective Action) excuse or I'm too important or no response Nonconformance and Corrective Action 19
4 Change Control Systems - How much is too much? Document Control Systems, Procedures, Forms and Templates 10
Q How much detail in DHR (Device History Record) is too much? US Food and Drug Administration (FDA) 3
J The Dude abides, and this weekend Hub ?Lebowski? fans will, too Coffee Break and Water Cooler Discussions 2
Q Issuance of Corrective Action - Too many related to safety ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Sidney Vianna Too many competing schemes for "approval of responsible recyclers"? ASQ, ANAB, UKAS, IAF, IRCA, Exemplar Global and Related Organizations 0
R Audit N/C - Quality Policy too generic? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
Jim Wynne Another way to tell that you've got too much money Coffee Break and Water Cooler Discussions 16
Randy I got a new ride too! 1990 'Vette Coffee Break and Water Cooler Discussions 50
J How to know how many procedures are too many? Document Control Systems, Procedures, Forms and Templates 7
P Improvement Problem - Too few data points and scope is wide Six Sigma 6
P Too Many purchasing/supplier procedures How do I fix them? Document Control Systems, Procedures, Forms and Templates 6

Similar threads

Top Bottom