by Don Brecken
The process approach to auditing alone doesn’t always work for me. There are times when I still want to know if my organization is compliant with its policies and procedures. There are also times when I want to use a checklist but don’t have time to create one. Checklists are tricky. They can be very effective, but they can also be too broad and restrictive, and the time spent creating a checklist might be better spent gathering information on the audit trail. According to ISO 19011, “The use of checklists and forms should not restrict the extent of audit activities…” As an audit team leader, what do you do?
Audits generate working papers that auditors must keep as part of the audit record. Checklists are one type of audit record that should be kept. A completed checklist should tell what, where, and when we audited; whether the item was compliant or not; and who performed the audit. Checklists or other such means of recording audit results should be adequately prepared for the audit team prior to an audit. The audit leader should specify the audit checklist for the other team members to use.
ISO 9001, ISO/TS 16949, AS9100, and other international standards have requirements for particular procedures “…determined by the organization to be necessary to ensure the effective planning, operation, and control of its processes.” As already mentioned, there are times when I would like to know an organization’s compliance to these procedures.
The process of scouring source documents required by standards and internal organizational requirements for items to turn into checklist questions can be quite time consuming. To save time, I started handing out the actual procedure or work instruction to my internal audit team members to use directly. They would return these documents to me as part of their working papers. I would then include these as part of the audit record. This seemed like a reasonable practice.
However, my third-party aerospace auditor didn’t like this practice. All the working papers in the audit record were initialed and dated by the internal auditor who performed the assessment, but in most cases, this was the only annotation made on the document. The aerospace auditor argued that this practice didn’t provide him with enough information. He wanted to know if my internal auditor found the requirements audited to be satisfied, and, if not, if there opportunities for improvement or nonconformances. I couldn’t disagree with his assessment.
Checklists: A novel approach
Instead of reverting back to creating checklists for auditing these policies, procedures, and work instructions, I chose to transpose these source documents into checklists with the help of simple rubber ink stamps, shown in figures 1 and 2. The stamp that reads “lead auditor” is clearly mine and the other is the stamp I use to turn source documents into audit checklists for my internal audit team to use.
The check boxes in my stamps are loosely based on those found in AS9101, the checklist used by aerospace auditors to assess aerospace quality management systems. The “S” stands for satisfactory, “OFI” stands for opportunity for improvement, “NC” is for nonconformance, and “NE” indicates not evaluated. The last box is for the auditor’s initials and date.
The rubber ink stamp I use to transpose a policy, procedure, or work instruction into a checklist could be considered acceptance authority media and should be controlled (see AS9100C, 7.5.3 Identification and Traceability).
As the lead auditor, whether you are leading your internal quality audit program or you are leading third-party surveillance or registration audits, you should be the only one who specifies the working documents, such as checklists, to your audit team. To quickly prepare your audit team members with the working documents they require, consider using the source document itself as the checklist. If you use a stamp to transpose these documents into checklists as I have, be sure to control the stamp.
About the author
Don Brecken is the director of quality for Commercial Tool & Die Inc. His background includes quality leadership, management consulting, registration and surveillance audits, and quality system implementation.
Brecken is a fellow of the American Society for Quality (ASQ), a certified manager of quality and organizational excellence, an RABQSA business improvement auditor, and has served on the board of examiners for the Malcolm Baldrige National Quality Award. He is also a deputy regional director for ASQ’s region 10.
Brecken earned his MBA in strategic management from Davenport University’s Sneden Graduate School. He also has three undergraduate degrees in business with a technical specialty in quality leadership. He instructs a variety of quality and management-related courses for Ferris State University and Davenport University’s undergraduate and graduate programs. Check out his blog, The Quality Advisor.