Use of Audit Checklists with ISO 9001:2000

Although audit checklists have never been required by ISO 9001, most organizations use them to ensure their internal audits address all the documented requirements. Auditing courses promote the use of checklists and provide practice in creating them.

However, audits to ISO 9001:2000 should cause us to rethink our use of checklists. As interview tools, they should help us audit effectively and provide valuable feedback on the results of the quality management system. If not, why are we still using them?

Well, there are good reasons to use them. Checklists, if developed and used properly:

  • Promote planning for the assigned audit
  • Ensure a consistent audit approach
  • Act as a sampling plan and time manager
  • Serve as a memory aid and confidence builder
  • Provide a repository for notes on evidence

However, checklists also have some drawbacks. Relying repeatedly on a canned checklist that is not tailored for the audit will result in poor coverage. Restricting your interview questions because of the checklist will cause it to be viewed as a limited tick list instead of a valuable audit guide. And, if your checklist hasn’t been updated to reflect the new requirements and process focus of ISO 9001:2000, it should not be used.

While you want internal auditors to use common methods, consistency should not be achieved by restricting interviews to a limited set of predetermined questions. The audit outcome should not be viewed as simply a completed checklist. Auditors should use the checklist as a planning tool for their assignment and be willing to pursue other areas of investigation.

Audits examine compliance from three perspectives:

1. Documents (or definitions) that indicate the process is adequate
2. Records that show the process is implemented (being practiced)
3. Results that prove the process is effective (objectives are met)

A checklist based on ISO 9001:2000 should guide auditors through the system flow from quality policy, to objectives, to processes, to measurements, to results, to actions, and eventually to continual improvement. In fact, the checklist could identify a simple set of criteria to be covered during the audit instead of trying to develop specific, detailed questions.

There are four basic categories of requirements to consider when preparing a checklist: standards requirements, customer requirements, organizational requirements, and legal requirements. Checklists should also take into account that evidence is gathered by interviewing personnel, observing operations, reviewing documents, and examining records.

Checklists that are revised for ISO 9001:2000 will focus more on the effectiveness of the system. Internal auditors may spend more time preparing for the audits, but they will gather more valuable information for management. Hopefully, the areas being audited will recognize that the auditors are looking more at process performance and less for simple compliance.