by Dennis Arter
There continues to be much discussion about the use of audit checklists during a management system audit. Most of the conversation has focused on quality management systems, but the principles apply to environmental, safety, and security management systems as well. Some are stating that the registrars (aerospace, automotive, etc.) do not even allow the use of checklists. While I find this hard to believe, I think I understand why those statements are being made.
I think that many folks think of the standard 57-page detailed list of international standard requirements when they hear the word “checklist.” I was guilty of publishing one of these as an appendix in the back of the second edition of my book on auditing. It wasn’t 57 pages long, but it was written to address all the clauses of the ISO 9001:1987 standard. Big mistake. It was removed in the third (and current) edition.
These extensive lists of requirements for a particular international standard can be harmful for several reasons. They shut down the mind. They allow an auditor to proceed without exploring the processes and methods. They result in boring reports. They are indeed evil!
We know that the most laudable concepts – Thou shalt not steal; thou shalt not lust after another’s property – are no good without local methods and boundaries. Often these local strategies and tactics are expressed in site-specific manuals and procedures. Work product specifications are contained in drawings and assembly sheets and test plans. The whole idea behind the “process approach” to auditing is to see if these local documents support the standards and regulations and they actually work. We must drill down deeper than just the NQA-1 or AS 9100 or ISO 14001 layer.
A standard set of checklist questions, based upon the external standard or regulation, is a good starting point. But it must be customized to include the auditee manuals, procedures, and specifications. Then it becomes a very useful tool for gathering data. These data are used to form conclusions – the fourth of four rules for auditing. No data, no conclusions.
We can apply a number of different techniques to customize our checklists. Flowcharts are perhaps the most used (and useful). Turtle diagrams help to open our minds and explore the many facets of process control. (I gave a lecture on this to our Section several years ago. Files are still available on the web site: asq614.org.) Sure, this extra work takes time and concentration. But to do an audit without such customization is a disservice to all stakeholders: auditee, audit boss, and the internal or supplier organization.
Some of my pals who work for registration firms tell me that they wish they could customize their checklists for each assigned audit. But the market will not support this. So the work-around is to have no checklist at all. I do not believe that is a viable solution.
I will continue to teach and advise my friends that checklists are your friends. But they must be customized down to the process level in order to get all of their inherent benefit. No system audit checklist should ever be the same. Sure, questions can and should be recycled. But we need to engage the little grey cells of the mind before proceeding with the fieldwork.
About the author
Dennis Arter is an author, consultant and trainer from Kennewick, Washington State, USA. He earned a bachelor’s degree in chemistry from the University of Illinois and became a nuclear submarine officer. After military service, Arter wrote Quality Audits for Improved Performance, a best seller published by ASQ Quality Press. He teaches and publishes on auditing, management systems, and risk. Arter is an ASQ Fellow, Certified Quality Auditor, and former member of the Board of Directors. Over 10,000 people have learned to audit from his teachings.