ISO 9001:2008 Internal Audit Checklist

Internal audits should always assess the effectiveness of the Quality Management System and an organization's overall performance. ISO 9001:2008 Para 8.2.2 requires that your internal audits demonstrate compliance with your 'planned arrangements' (e.g. quality manual, policy and procedures, etc.) and that the planned arrangements are effectively implemented and maintained.

An Internal audit of your key quality management activities will always be more relevant and produce more meaningful results than a simple procedural audit. Most of these questions may be used to supplement your own audit checklist as part of your routine internal auditing process. You may well want to refine your audit checklist based on special concerns and risks faced by your company. Decide what matters most to your organization and focus your audit process on those aspects.

Five Powerful Internal Audit Questions...

1. Are Personnel made Aware of the Quality Policy & Objectives?
This question directly reflects on an organization's ability to communicate what matters most to its success. Comprehending objectives means that people understand specifically what they can do to improve the organization as well as appreciating the significance of their roles and how their jobs link to the organization's larger mission.

Related questions for the internal audit:

- How are objectives determined?
- How employees are made aware of the quality policy and objectives?
- What processes or tools exist to help achieve objectives?

2. What Happens to Non-conforming Products?
This question reflects on the organization's ability to deal with product problems in a systematic way. Controlling non-conformances is a basic discipline and one that smart auditors always probe. The answer to this question should be compared to the documented procedure(s) and, more importantly, to the auditor's own observations.

Related questions include:

- How are non-conformances identified?
- What responsibilities and authorities exist for dealing with non-conformances?
- How is disposal determined and implemented?
- Where are the records of non-conformances and actions taken on them?
- Are there trends in non-conformance data and what's being done about it?
- How is the procedure linked to the corrective action process?

3. How are Customer Complaints Handled?
The Internal Audit and Auditor is looking for evidence of a systematic approach to dealing with complaints. The link between the complaint process and corrective action also requires special scrutiny (Para. 8.5.2).

Related questions include:

- What's the largest complaint category?
- What's being done about it?
- Has the number of complaints changed over time?
- How customers are made aware of actions involving their complaints?
- What tools are used to identify the causes of complaints?

4. How is Continual Improvement Demonstrated? (8.5.1)
This question can be asked of everyone, especially top management. In organizations that have developed improvement tools and provided opportunities for their application, this is an easy question. In organizations where improvement efforts are very narrowly applied, it becomes a much harder question for the Internal Audit. There should certainly be some evidence of continual improvement within the scope of most, if not all, audits.

Related questions include:

- Who's involved in improvement efforts?
- What tools are used to pursue continual improvement?
- How are personnel trained to use improvement tools?
- How are ideas for improvement prioritised?
- How employees are made aware of improvement efforts and successes?

5. How are Training Needs Determined?
This Internal Audit question attempts to probe the degree of planning that goes into developing these resources. Is training performed as a knee-jerk activity with no real objectives, or is it geared toward empowering each employee with the skills and knowledge needed to move the organization forward?

Related questions include:

- What kind of training is given to new employees?
- How personnel are made aware of the organization's objectives?
- How is the effectiveness of training evaluated?
- What happens when training is determined to have been ineffective?
- What records of training are maintained?

Summary
All these questions are based on the specific requirements of the standard and in light of ISO 9001:2008 Paragraph 8.2.2, the unavoidable implication is that internal auditors must now have an understanding of ISO 9001 rather than solely focusing on procedures. Therefore, the results of internal audits are perhaps one of the best and most widely used measuring techniques since the information they provide is focused, meaningful and directly relevant to your operation.

Video Source: Youtube