1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice
You must be a registered member in order to post messages and view/download attached files in this forum.
Click here to register.

Internal Audit

Discussion in 'ISO 9001:2015 - Quality Management Systems' started by Nasha, Feb 3, 2021.

  1. Nasha

    Nasha Member

    Joined:
    Dec 29, 2020
    Messages:
    8
    Likes Received:
    3
    Trophy Points:
    2
    Hi,

    Is there a simple internal audit checklist that can be followed or does it have to include all the clauses?
     
  2. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    709
    Likes Received:
    510
    Trophy Points:
    92
    Location:
    Upper Midwest- USA
    Good day @Nasha and welcome to this site.


    No. There is no requirement to audit "all of the clauses". Be cautious not to "see" more in the standard than what is written.
    ISO 9001:2015 requires simply that your organization...

    9.2.1
    * conduct internal audits ...at...
    * planned intervals...to...
    * provide information

    (to determine if the the quality management system:
    - meets your organization’s own requirements for its quality management system;
    - meets the requirements of this International Standard
    ;


    It then goes on in to describe loosely "how" (the parameters for) establishing a plan and conducting those audits, within 9.2.2

    I would caution against this. Clause 9.2.2 of the standard is consistent with the standard's emphasis on risk based thinking. In other words, the internal audits are intended to prioritize processes/aspects of your organization that are highest "importance" and/or have recently had "changes" and/or been shown as problematic during "previous audits". A checklist can tend to box in an auditor and make an audit a mechanical script instead of an open interaction with the auditee. Ask questions...then LISTEN. Allow (get) the auditee to talk. The responses often lead to more questions. Becoming a competent internal auditor requires understanding, application, experience (and hopefully the mentorship of a competent internal auditor).

    There are numerous helpful individuals on this site. Don't hesitate to continue reaching out.

    Hope this helps.
    Be well.

    Hope this helps

    Be well.
     
  3. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    In addition to the great, sage advice from @John C. Abnet, it is vitally important that an internal auditor should prepare for their own audit assignment, a bit like creating a shopping list for a grocery shopping trip. Using some "simple" list, someone else put together isn't going to be much good! Indeed, you might end up doing so much burdensome editing, you wished you hadn't asked for it in the first place. To be truly effective, 80% of any audit is sitting down and planning it. A checklist is the product (output) of this important step. No template needed, either, although some of us use a form to order our thoughts.
     
    John C. Abnet likes this.
  4. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Turn off "Echo" on your settings, @John C. Abnet :D;)
     
    John C. Abnet likes this.
  5. Nasha

    Nasha Member

    Joined:
    Dec 29, 2020
    Messages:
    8
    Likes Received:
    3
    Trophy Points:
    2
    Thank you very much Andy and John.
     
    John C. Abnet and Andy Nichols like this.
  6. Rustle

    Rustle Member

    Joined:
    Jun 23, 2020
    Messages:
    29
    Likes Received:
    4
    Trophy Points:
    2
    Location:
    Scotchland
    Nasha I recommend completing an audit covering all the clauses once if you want to avoid issues as I find many auditors argue that you're not able to demonstrate that meeting the requirements of the standard if you've not audited all the clauses.
    This approach allows the following internal audits to focus on what should be audited without having to worry about ISO compliance.
     
  7. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    In which case, Nasha should ask the auditor to leave, refuse to pay for their "service" and call the CB to make a complaint about their auditor!
     
  8. Rustle

    Rustle Member

    Joined:
    Jun 23, 2020
    Messages:
    29
    Likes Received:
    4
    Trophy Points:
    2
    Location:
    Scotchland
    I used to resist and point to a correlation document that showed we had checked every clause and therefore why also audit everything but also kind of understand the logic of saying if you've not audited it how can you be sure it's compliant. In the end I decided it was easier to just repackage the correlation as an internal audit and keep the iso-clause-puritan auditors happy.
    I think you maybe enjoy arguing with auditors Andy ;)
     
  9. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Never argue with an auditor... Actually, all you need to do is simply ask them to leave. Let's not overlook that it's commonly held that as soon as a CB (lead) auditor finds a "major" they can stop the audit and leave! This is, of course totally bogus and a breach of contract, but many auditors, consultants and auditor trainers hold on to this silliness as being true. Maybe power hungry idiots. No-one can argue with those people.
     
  10. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    There is no requirement that you have to audit all the clauses. The ISO/TS 9002:2016 (Guidelines for the application of ISO 9001:2015) mentioned in its clause 9.2.1 this statement: "While the organization should always try to ensure that its quality management system complies with all the applicable requirements of ISO 9001, there is no requirement for every clause of ISO 9001, or process in the quality management system, to be evaluated during every audit".
     
    John C. Abnet and Andy Nichols like this.
  11. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    Excellent point, Tony. There's an often blurred line between doing what's required and doing things to "satisfy" someone who visits once a year and wants their implied requirements met... Most organizations don't run to the whim of someone who isn't even a paying customer. Dangerous!
     
    tony s likes this.
  12. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    Lots of good advice here.

    We in various QA forums consistently advise against "canned" checklists for many reasons. Highlights include (there are certainly more)
    • Canned checklists make it difficult, if not almost impossible, to do a process audit.
    • None of the processes are associated with all of the standards' clauses, so having so many unused lines on a page could actually confuse an auditor instead of help.
    • "Auditing to the clause" makes it very difficult to really observe, think critically, and/or notice problems.
    • The standards lay out an expectation that the system gets audited, which as others here have stressed does not mean all of the clauses need to be audited. The processes are all expected to be audited, but there is nothing that says they must all be audited every year. While an internal auditor I once got an Opportunity for Improvement from a TS auditor when learning we were running on a 5-year schedule. If he had issued a nonconformity we would have disputed it to the CB, and he knew it. He knew too that we would have won the dispute. But it seemed reasonable to shift to a 3-year schedule because we ran on a 3-year certificate, so we did.
    • The rote nature of "canned" checklists makes it very difficult, if not impossible, to audit effectiveness because they are generally formatted as yes/no absolutes.
    Audit program managers use canned checklists when they think their auditors don't understand the standard well enough to operate without this crutch. If it's true that the auditors don't understand the requirements they are verifying conformance to in support of continuing certification, they need more education and practice or they need to be replaced.

    I hope this helps.
     
    tony s and John C. Abnet like this.
  13. Golfman25

    Golfman25 Well-Known Member

    Joined:
    Nov 6, 2015
    Messages:
    816
    Likes Received:
    402
    Trophy Points:
    62
    What we find helpful is to create our own checklists based on our processes. That we we are able to highlight things we want to focus on, and past problematic areas. The checklists can be update each audit to cover new issues and disregard old issues. You can, as necessary cross reference the standard clauses applicable to each of your processes with the checklists. Good luck.
     
    tony s likes this.
  14. John C. Abnet

    John C. Abnet Well-Known Member

    Joined:
    May 23, 2017
    Messages:
    709
    Likes Received:
    510
    Trophy Points:
    92
    Location:
    Upper Midwest- USA
    Good point @Golfman25
    I can understand (and have seen in practice) that some tailored checklists can indeed be helpful. What I always recommend, however, is that the checklist is considered last as simply a "safety net" to ensure no intended items are overlooked. Prior to referencing the checklist, the tenets of good auditing techniques and questions should be employed, which will mature the auditors and prevent missing the identification of any "new" issues that were not identified on the checklist.

    There simply is no good substitute for proper auditing practices and competent auditors. I do, however, acknowledge that this can be (is) a challenge for many organizations.

    Hope this helps.

    Be well.
     
    Andy Nichols likes this.
  15. Andy Nichols

    Andy Nichols Moderator Staff Member

    Joined:
    Jul 30, 2015
    Messages:
    5,086
    Likes Received:
    2,553
    Trophy Points:
    112
    Location:
    In the "Rust Belt"
    As many of us know, 80% of accomplishing any task is planning and most of us are really rubbish at planning. Dwight Eisenhower is quoted as saying, "Plans are useless, but planning is essential." It's the studying of the requirements (audit criteria) and those points made by @Golfman25 which are so essential to an effective audit. Further, it gives an opportunity to demonstrate that the audit process itself is free from bias. Now, THAT never comes up in a CB audit but the fact remains that the creation of a checklist (which is a bit of a misnomer) is critical in having auditors prepare for their assignments. Too often, scant regard is given to this activity. Instead people prefer to worry about bizarre things like auditing all the clauses etc.
     
  16. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    I agree with @Jennifer Kirley and @Golfman25 in refraining from using "canned" or generic checklist. It won't add value to the process being audited. A checklist should reference the criteria/requirements that a certain process must fulfill and should document the collected information relevant to the criteria/requirements to produce sound audit findings. A checklist shouldn't be a list of questions but a list of criteria/requirements.

    Additional guidelines can be obtained from this link.
     
    Nasha and Andy Nichols like this.
  17. Gilbert

    Gilbert Member

    Joined:
    Feb 2, 2021
    Messages:
    8
    Likes Received:
    1
    Trophy Points:
    2
    With regards to INTERNAL AUDIT, who are allowed to audit the Internal Auditors in the organization?
     
  18. tony s

    tony s Well-Known Member

    Joined:
    Sep 10, 2015
    Messages:
    1,350
    Likes Received:
    1,054
    Trophy Points:
    112
    Location:
    Laguna Philippines
    You don't audit the internal auditors. You audit the internal audit process. Somebody with the relevant seniority and authority who knows what to expect and that can demonstrate impartiality and objectivity is preferable to audit the internal audit process.
     
  19. wessex

    wessex Member

    Joined:
    Jan 27, 2016
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Andy

    charging for no audit !!! They did that to the company I have joined !!! their reason that during covid the "company " did not give them sufficient notice to cancel the audit !!! Im livid what are these accreditation companies on !!! never had that before not charged for nothing !!!
     
  20. Jennifer Kirley

    Jennifer Kirley Moderator Staff Member

    Joined:
    Jul 31, 2015
    Messages:
    1,071
    Likes Received:
    722
    Trophy Points:
    112
    Location:
    USA
    wessex, do I correctly understand that your company canceled the audit? If yes, how much notice was given when canceling?

    It is understandable that you are upset, but please check your contract which I am guessing was made before COVID. CBs and their auditors are usually not able to replace the assignment in a short period. Auditors these days are usually contract, and might go without compensation if not given enough time to obtain a new assignment. Airline tickets are very possibly already obtained and paid for, etc. For this reason it is not uncommon for CBs to include this type of penalty if a cancellation comes too close to the audit date.
     
    John C. Abnet and Andy Nichols like this.