by Denise Robitaille
As a third-party auditor I’ve long been annoyed by the use of checklists as audit reports. Although I embrace the concepts of brevity and efficiency, the average checklists don’t provide adequate information to be construed as official audit reports. I have even written up nonconformances for incomplete records of audits conducted.
Granted, the completed checklists provide the requisite evidence that an audit was conducted. However, do they reflect audit conclusions, make note of good practices, or articulate perceived risks? The answer in most cases is “no.” Predictably, these checklists are also often formatted to elicit either a “yes” or “no” answer.
“Did the auditor have the current revision of the engineer’s drawings?”
“Was the field service report signed by the customer?”
“Were training records up-to-date?”
All the completed checklist shows is that the auditor asked questions to which a “yes” or “no” answer was given. In many cases, audit checklists are even formatted with “Y” and “N” check boxes. Accordingly, the audit reports are really just long lists of “Ys” and “Ns.” There’s no mention of the jobs that were being worked on, what field services were being performed (or when or where), or which training records were reviewed. There is no evidence to substantiate the audit conclusion that the process is well controlled.
Additionally, there’s no reflection of the process approach or the assessment of control of interdependencies, communication, or effectiveness. This is less than half a job. Because they create little value—except in those instances when an auditor finally gets a “no” answer and writes up a corrective action request—these internal audits devolve into a mundane bother that carry no appreciable benefit or significance to anyone. Essentially, the whole audit program is a waste of time and money.
It’s possible to use checklists for the audit reports and still experience both efficiency and value. The checklist must be formatted to allow open-ended questions. “Can you explain what quotation you’re working on and what you need to complete it?” “Would you describe the next step in the process after you complete the first phase design review?” The answers that result will demonstrate the auditee’s understanding of requirements. They will allow the auditor to ask further questions about tools, documents, calibrated instruments, traceability, and contingencies if something goes wrong. The auditor gets a complete picture of the process.
The checklist should have room for comments and for reporting the evidence observed. What design project was being worked on? Are there test results embedded in the first review? Was there a list of deliverables or action items that came out of the design review? To whom were they assigned? Recording the information shows that the process was well enough controlled so that the auditor was able to follow it.
If it’s to serve a dual purpose, the audit checklist should accommodate audit conclusions. It should have a brief summary, articulation of concerns, and statement of any nonconformities. There should also be room allocated for closing out corrective actions from previous audits that have been verified.
When these kinds of checklists are presented as audit reports, the individuals reviewing them can understand what processes were audited and whether there are any concerns. It will also pinpoint what was actually audited. The expression “snapshot in time” is often applied to audits. Auditors can’t see everything every time. So, recording what jobs were assessed during one audit provides two benefits. It tees things up for the next audit and it explains why things go awry despite the fact that a recent internal audit showed everything to be hunky-dory. The answer is simply that that particular job wasn’t running the last time an audit was conducted.
Because review of audit results is an input into the management review process, the more valuable the information is, the likelier the top managers will be to pay attention to the results. If the audit report is just a meandering trail of “Ys” and “Ns,” executives may just give it a mouthful of “ZZZZZZZZZ.”
About the author
Denise Robitaille is the author of 10 books on various quality topics. She’s an internationally recognized speaker who brings years of experience in business and industry to her work in the quality profession. As the principal of Robitaille Associates, she has helped numerous companies in diverse fields to achieve ISO 9001 registration and to improve their quality management systems. Robitaille is vice chair of the U.S. TAG to ISO/TC 176, the committee responsible for updating the ISO 9000 family of standards. She’s also a RABQSA-certified lead assessor, an ASQ Certified Quality Auditor, and a fellow of ASQ.
Her books include The Corrective Action Handbook, The Management Review Handbook, The Preventive Action Handbook, Root Cause Analysis, Managing Supplier-Related Processes, and Document Control, all published byPaton Professional. She also co-authored The Insiders’ Guide to ISO 9001:2008.