Mark Hammar For many people who perform internal audits, there is always a question of the best way to create an audit checklist when preparing your internal audit. Unfortunately, there is no one best way to do this. Audit checklists can take many forms, and there are many ways to create them, but there are a few things that should be remembered when preparing these documents.
In a recent article on 13 Steps for ISO 9001 Internal Auditing using ISO 19011, I discussed the steps identified in the ISO 19011 guidelines for performing audits of a quality or environmental management system. In this approach I identified two steps that are critical to the creation of audit checklists: step 2, to review the documents, and step 5, to prepare the working papers. It is during step 2 that you will find the questions you want to include on your audit checklist and in step 5 that you will create the checklist with the questions.
Review of the process documents
During the review of the process documents there are a few things that are important to check, as these things can comprise the most critical questions to ask. Here are a few things to look for during your documentation review:
Corrective action responses: If the documentation has been updated in response to previously identified corrective actions or opportunities for improvement, then this should be looked at. If the follow up for the corrective action has not yet been performed, this is a good time to do so by checking the effectiveness of the updates to ensure that the previously identified problems do not recur. Also, check that the change has been properly implemented and that all employees who need to understand the change know what is happening.
Process or procedure updates and improvements: Even if there have been updates that were not in response to identified problems, it is good to follow up on these changes to make sure they have been properly implemented and communicated.
Unchanged areas: If you are dealing with a process for which the documentation, or portions of the documentation, have not been updated for a long time, you might want to focus a bit of attention on verifying that the documented process is still accurate. If the process in place has been improved by employees implementing best practices, this is great – but you need to make sure that this does not contradict what is in the procedures.
Preparing the audit checklist
The ISO 19011 document calls this “preparing the working papers,” but it is commonly called an audit checklist. The checklist becomes a list of information and questions that the auditor wants to ask during the audit to verify that the process is performing according to plan. Along with the items identified in the documentation review, here are some other things that are important to consider when creating the audit checklist:
The ISO 9001 requirements: It is critical that part of the internal audit is to ensure that the requirements of ISO 9001 are met in the process. This is especially important if the process does not have a documented procedure associated with it. As such, including questions that will verify that the process is conforming to the requirements of the ISO 9001 standard is imperative.
Process Overview: When the process approach was introduced to the ISO 9001 standard, many auditors implemented a process overview style of audit (sometimes called a “turtle diagram,” because some people think it looks like a turtle). This approach allows you to look at the elements of the process even if there is no documented procedure. The focus is to ensure that each part of the turtle is understood, consistent, and supports the effectiveness of the process, as well as the other processes before and after the process. In some cases a marked-up version of the turtle diagram could become the completed audit checklist for a simple process.
Inputs and Outputs: One area of the process approach to quality management that often has difficulty is ensuring that the outputs from one process are correctly received as inputs by the next process. Does the output include all the information needed by the next process (if the next process employees are searching for information that could be easily included, this is a waste of time)? Is the output even used by another process (if not, question why the output exists)? Checking for these problems will help your internal processes flow much better, saving time and money.
Process Objectives and Key Performance Indicators (KPI): All processes have some sort of indicator of the acceptable results (as indicated in the turtle diagram). Verifying the process performance against these expected results can help you, as an auditor, to understand whether the overall process is performing as expected. It can also help you to understand how well the resources are applied and implemented if the indication shows that improvement is needed.
Understanding your initial sample: In order to audit the process for the review of contracts (to ensure they are completed and approved), you will not want to look at every contract. It is important to understand this going into the audit and to identify to yourself how many samples you want to start with and how you will choose them (hint: the person being audited should probably not choose what data you want to look at). This could be choosing from a list, or the first contract per week for the last five weeks, or any criteria you choose.
Preparation is the key to a successful audit
However you choose to document your audit checklist: as a process diagram, a list of questions, a list of activities to observe for consistency, a copy of the procedure with highlighted areas to check, or a list of documents to verify for completeness, it is important to make sure you are prepared with your starting points. An audit query can lead to further questions or documents to verify (the audit trail), but the checklist needs to include the starting point so that you don’t try to write your questions from scratch as you audit. Good preparation will help make your audit more professional, and therefore more trusted and accepted, and this will make it easier to have any corrective actions accepted to improve your system.
For a better understanding of the audit process, see this free online training: ISO 9001:2015 Internal Auditor Course.
