Featured Book of the Month:

Title: The Quality Audit for ISO 9001: 2000 : A Practical Guide

Author: David Wealleans

Publisher: Gower Pub Co

Notes: This book aims to teach the entire process of auditing without any of the dogmatism so common in quality management. I have tried to make it comprehensive yet flexible so that it is of use to novices and beginners. The approach, especially for internal audits, is geared towards improvement and assessing objectives, as I have always taught - this now fits in well with the philosophy of the 2000 version of ISO 9001 and so I have included a chapter explaining what the new standard requires.

You can order this book from internal-auditor.com at: http://www.internal-auditor.com/books.htm

Developing Checklists from Procedures 

Most internal auditors rely on some sort of checklist when conducting internal audits. But why do we use them? Where do they come from? Do they tell us what we need to know? Let's look at checklists to discover why they are used, and how we can better use them to audit a process or procedure.

What is a Checklist

A checklist is tool used by internal auditors, which normally incorporates a series of questions that an auditor must find the answers to. Each question correlates to a specific requirement of the audit criteria. Checklists often yield a yes or no (pass or fail) answer and usually have a space available for noting the evidence observed, or to write additional follow-up questions.

Why use a Checklist

There are a number of reasons to use a checklist. The main reason is to maintain the integrity of the audit. The checklist helps the auditor by:· 

• Identifying and communicating the scope of the audit· 
• Providing a structured list of points to evaluate and process· 
• Helping to guide the course of the audit· 
• Aiding the pacing of the audit

The checklist keeps the auditor on track and ensures that all aspects of the audited area become audited. But the checklist is only as good as the auditor preparation. An inadequately prepared checklist will do little to ensure the adequacy of the audit.

Use of "Canned" Checklist

There are many ways to obtain a checklist. One of the easiest is to visit the web and search for a checklist. Don't just say "checklist"; instead say something like "ISO 9001:2000 checklist" make sure you use the search engine advanced features and specify the result must use all the words. That will greatly limit the amount of resources you will have listed. One such site is the ISO 9000 Checklist. See our Auditor resources section for more information. Some websites provide checklists free, and others charge for them. Usually those that charge will offer a sample page for free.

The problem with canned checklists is they, by nature can only cover the requirements of the standard. They cannot include the requirements of your organization's own documentation. If you want a complete checklist, you will have to either generate one of your own or supplement a generic checklist with questions from your own procedures.

Generating a Checklist From Procedures

When generating a checklist based on procedures there is some information that must be made first. For each line (or sentence) of the procedure, ask yourself these questions:

• Who is either responsible or is performing the procedure?
• What is this person doing?
• What evidence would prove that they are following the procedure?

Sometimes on a line-by-line basis, as in this case, the answers will be revealed in following lines or paragraphs. The answers to these questions could form the base of the checklist. From there you can easily add follow-up questions to ensure those performing the procedure do in fact know it. Other questions can relate to your organization's document and data control, or control of quality records. You can also tie in training or calibration. One thing though; the auditor must have a copy of the procedure well in advance and have sufficient time to develop the checklist.

Putting it Together

Let's look at parts of a fictitious procedure for Supplier Monitoring.

Procedure: 

1. Suppliers (Categories 1, 2 & 3) are monitored on a quarterly basis by the Purchasing Manager (Ref. P7.5). 

2. The Quality Manager is responsible for assembling a report of nonconformances as a result of incoming inspection and/or problems discovered during processing. This report is created for each supplier and submitted to the Purchasing Manager at the end of the third month of the quarter.

3. The Purchasing Manager compiles delivery records for each supplier and includes any nonconformance for the quarter. Delivery and nonconformances are reported per lot and as a percentage of the total received lot during the quarter. A copy of the report is sent to the supplier.

4. Suppliers with less than two occurrences of late deliveries and/or nonconformance's are listed as suppliers in good standing.

5. Suppliers with two or more occurrences of late deliveries and/or nonconformance's are listed as "Probationary Suppliers". These suppliers are required to submit SCAR F8.9 corrective action reports (P8.7) within 30 days. An internal Quality Alert is also issued to Receiving Inspection requiring 100% inspection of all incoming lots from this supplier.

6. A second quarter of less than acceptable status will require the Supplier to attend a meeting at our plant to discuss corrective action with our Material Review Board. A timeline for corrective action is developed at this meeting for the Supplier to become compliant. Failure to fulfill this timeline removes the Supplier from the Approved Supplier List. The Supplier can only be re-added to the list after evaluation as a new Supplier, see P7.5.*
   *Procedure courtesy of MMTC

In this example, your checklist may begin with these questions:

1. Who is responsible for monitoring supplier performance?
2. How often does the monitoring take place?
3. What factors are monitored?
4. When is a supplier considered probationary?

These are examples of questions that may be asked. It is important that you generate your own questions based on your own procedures. Your checklist should cover the entire procedure and include all applicable forms and work instructions. Note that the questions should become fairly obvious as you read the procedure. The questions should also be simple for the auditees to understand. Don't try to make your questions sound "official". The simpler the language, the greater chance you and the auditee will both know what you are asking.

Using the Checklist

When using the checklist pay attention to what the auditee is telling you. They might not know the name or number of a form, but might be able to quickly grab one, or describe it. The audit is not intended to determine if the auditee knows all forms and documentation by number, but if the auditee is able to perform the procedure.

Summary:

Developing checklists from procedures can be time consuming. It requires the auditor to study the procedures ahead of time and generate a checklist based on that examination. In some organizations this work is done for the auditor by someone else. I often recommend that this be accomplished as the procedure is being written. That way the procedure writer takes performance effectiveness into account during the development of the procedure. There is no requirement to use a checklist. But if you use one, make sure it accurately reflects what you do, not just what the standard says.

As always...Good Auditing!

Checklists come in all shapes and sizes. Many can be downloaded for free at various websites. Some websites charge for their checklists. One such site is ISO 9000 Checklist at http://www.iso9000checklist.com . I must admit, I've not seen their checklist, and they want a fair price for it. But they offer much more than a checklist. It is available in either a binder, or download. If you use them, let me know, and I'll post the results.

Q – We are QS. Do have to use the QSA?

A – Not unless you want to. Remember the QSA only reflects the requirements of QS-9000. It will not address your procedures and work instructions. You might want to create a supplement to QSA for your documentation requirements. 

top of page

ISO-9001:2000 Clause 6.1Provision of resources

" The organization shall determine and provide resources needed
b) to enhance customer satisfaction by meeting customer requirements."

Part a) of this sub-clause dealt with the QMS. This part deals with the product/service. We must ensure we have all of the necessary resources required to meet all of the customer requirements. This extends well beyond product/service specifications. When we deal with customers, we do more than just provide a specific product (service) for a specified price. Customers also have other requirements that are not specified. Such things as correct billing, timely communication and complaint resolution all must have resources appropriate to them as well. 

top of page

July 2001’s question:

You are still auditing purchasing. One of the auditees is the Purchasing Clerk. The Purchasing Manager is also at the interview. You ask about the purchasing procedures for vendor control. The Purchasing Clerk says there is only one procedure, the one that governs how vendor records are maintained, and how vendors are evaluated. The Purchasing Manager corrects the Purchasing Clerk, indicating there is also one for initial selection and qualification of new vendors. The Purchasing Manager explains that the Purchasing Clerk is not involved in this procedure and does not need to know about the procedure. The Purchasing Clerk just shrugs her shoulders.

The answer:

When auditing it is important to remember who we are interviewing. Many times the person that knows the answer to question 1 might not be involved in question 3. If the Purchasing Clerk is not involved with the vendor selection procedures, there is no reason to expect the Purchasing Clerk to be familiar with the procedure. She probably should know that a procedure exists in the department however. At the most this would be an observation of that "probably should".

 top of page

It is spring now in Michigan. It will not be long before the trees and flowers will begin to bloom. It is also tax time, when our income taxes are due. I'm not going to go into detail, but you can guess which of the above we look forward to and which we don't. Internal auditing can be like that too! How we go about our jobs can make our auditees look at us a breath of spring air, or a visit to the Internal Revenue Service. Our attitude does a lot to determine which. 

During a recent internal auditor class, I had participants interview each other. The only rule was they could not interview someone they knew. One of the interview questions related to why they wanted to become an internal auditor. One response was the future auditor wanted to "get Joe"! Not exactly the best attitude for an auditor. Help Joe, maybe, but not get Joe. 

Our job as internal auditors is to help the auditee. We should not be a pushover, nor should we be vindictive and biased. We are mirrors. What we should do is to show the organization what it really looks like, not what we or others want it to look like.

Dave

...Good auditing!

Copyright notice: internal-auditor.com is fully protected under US and International copyright laws. Copying, or re-transmitting all, or any part of internal-auditor.com is expressly forbidden without prior written consent from Ruth Ellen Carey Communications.
internal-auditor.com is a publication of Ruth Ellen Carey Communications. 

Because this site uses information from many different sources, it must be pointed out that any advice, tips, information, etc., provided should be regarded as opinion and not fact! What works well for one company may be a disaster for another. Also, what one registrar, or auditor may allow, another may not. As always, reflect on what you read, see if it fits into your own quality system, and if it conflicts with your auditor...you've got to make a decision