An audit checklist is a tool used during the conduct of an audit. Defined broadly, audit is an inspection or a systematic, independent and documented review of an organisation’s financial activities or management systems.
As ISO standards adoption continues to grow along with new regulations, it is inevitable that performing an audit with the relevant external or internal audit checklists are required to ensure compliance.
Furthermore, the concept of conducting an audit can be applied across multiple industries. Therefore, having knowledge on audit checklists and being able to perform and audit will definitely benefit yourself as well as your organisation.
At this end of this article, you will be able to understand:
- What is an audit checklist and its purpose
- When is an audit checklist required
- How to prepare an audit checklist
- The process of managing your audit programme
What is an Audit Checklist?
An audit checklist may be a document or tool that to facilitate an audit programme which contains documented information such as the scope of the audit, evidence collection, audit tests and methods, analysis of the results as well as the conclusion and follow up actions such as corrective and preventive actions.
An audit checklist also allows the auditor performing the audit to take reference to the standard’s requirements, ensuring your organisation’s compliance to the relevant standards.
What is the purpose of an Audit Checklist?
The purpose of an audit checklist is to facilitate the collection of evidence based on a set of requirements specified by industry standards.
These industry standards may be related to the implementation of your organisation’s management system such as food safety, information security, occupational health and safety or a quality management system.
With an audit checklist, your organisation will be able to conduct various types of internal and external audits such as first, second or third party audits. Through these audits, your organisation’s process performance and effectiveness will be checked ensuring that compliance with the industry standards.
Is an Audit Checklist required?
An audit checklist although not mandatory, is usually required and it is highly recommended that your organisation has one or more external or internal audit checklist as it serves as an avenue for the collection of evidence to identify non-compliance, findings and improvements within the procedures and processes that have been implemented.
How do you prepare an Audit Checklist?
To start preparing an audit checklist, it is important for your organisation to understand what needs to be audited. This leads to the identification of the audit scope, objectives and criteria.
Most often, audits are conducted based on standards such as ISO 19011 – Guidelines for auditing management systems, for various types of management systems such as ISO 9001, ISO 27001, ISO 13485, ISO 22000, ISO 45001, ISO 14001 and many more.
Once your organisation is able to identify the standard to be audited against, you may then list down the requirements with a section for documenting audit evidences. An external or internal audit checklist should be thorough such that all areas are covered.
What are the 5 steps to managing an Audit Programme?
The five steps to manage an audit programme are:
- Establish the audit programme objectives
- Prepare the audit plan
- Perform the audit
- Report the audit results
- Follow up on post-audit activities
Before starting your journey to perform external or internal audits, it is important that your organisation has the resources and competency to conduct the audit. This includes having employees that are trained to be internal auditors. Sending your employees for internal auditor courses allows your company to sufficiently prepare for any certification, surveillance or unannounced audits.
Establish the audit programme objectives
Audit programme objectives may arise from management system, supplier, customer, product, contractual or legal requirements. Before conducting the audit, objectives shall be determined and established first. This will allow your organisation to determine the scope of the audit and if the audit shall be conducted as a first party, second part or a third party audit.
To find out more on the various types of ISO audits, do check out this link here. With the audit objectives set in place, you may then prepare your audit checklist catered to the various types of ISO audits.
Prepare the audit plan
To prepare the audit plan, you will be required to determine the following information:
- Audit objectives
The audit objectives usually refers to the area to be audited such as a documentation or a process audit to check your organisation’s compliance to a certain standard internally. Audit objectives can also be determined for external parties to ensure that the processes and methods used by your suppliers are compliant or if improvement is required.
- Expected dates of the audit and its location (Online, Offline or On-site audit)
The expected dates of the audit and its location is an important information for the respective personnel or department being audited to prepare ahead in time for the documentation or process audit. The audit location shall also be coordinated to ensure that the mode of communication is smooth for collection of audit evidence.
- Audit committee such as the lead auditors and observers as well as the department or personnel to be audited
The audit committee should be clearly defined for the auditees to understand the scope, processes and documentation that will be audited. This information also prevents any conflict of interest in the auditors conducting the documentation or process audit.Internal auditors selected to perform the audit shall also be sufficiently trained to be able to conduct internal audits in accordance with the required standards.
- Audit criteria
Audit criteria can be a list of standards required by your organisation to comply with or a set of processes specified by your organisation for your suppliers or external stakeholders to comply with.
- Methods of audit
The methods of audit will aid the auditee in preparing ahead the required documentation and evidences for the actual audit. Methods such as documentation, interview and observational audits may be performed depending on the scope of the audit. This will also affect the location of the audit and will allow you to manage the audit better.
With the following information, you may then request for an audit. The audit plan can be disseminated to the respective departments or personnel to prepare the relevant documentation and records for the audit. The external or internal audit checklist can also be shared along with the audit plan to the receiving party to be audited.
Perform the audit
To perform the audit, your organisation should already be equipped with the external or internal audit checklist. The audit should follow the schedule as planned. During the audit, the lead auditor usually opens the meeting by briefing all members involved in the audit.
Next, the lead auditor or any supporting auditor will begin to assess all the processes and procedures as required and specified by the relevant standards with the audit checklist. This is done through the review of documented information, records for evidence of compliance.
Some evidence may not be readily available or documented and hence, other methods such as the interview of personnel or observation of actual on the ground processes may be performed.
Once all the areas have been audited, the lead auditor and supporting auditor may record down the evidences identified in the external or internal audit checklist. Focus of the audit should not be finding non conformance but rather, areas of improvement.
Report the audit results
After the audit has been performed, the lead auditor will compile the results of the audit and close the audit by summarising and briefing the auditees on both the positive and negative findings. An audit report shall then be issued together with the completed external or internal audit checklist for the organisation to follow up on the audit findings.
Any discrepancies may be addressed with the lead auditor before finalisation of the audit report.
Follow up on post-audit activities
With the audit report and checklist available, the next step will be to follow up on the findings from the audit. This includes assigning the relevant personnel to perform root cause analysis, determine corrective and preventive actions as well as track the implementation of the corrective and preventive actions.
The result of the audit shall also serve as inputs for your organisation’s management review where significant changes, audit findings and actions to be taken are discussed. The audit results also serves as an indicator of the performance and effectiveness as well as compliance of the management systems or standards that are implemented within your organisation.
In a nutshell, an audit checklist is an important piece of document that is essential for the conduct of audits.
Not only does it serves as a guide for external and internal auditors to check all areas of your organisation’s compliance to the standard, it may also be used by your organisation on external parties such as your suppliers to assess and focus on their performance and effectiveness of their capabilities to provide the required services.
Should you or your organisation require any support to manage your audit process in terms of external or internal audit training, services or help with developing your own audit checklist, feel free to contact us.
At Stendard, we can support your organisation to ensure audit requirements are met, including the provision of audit checklists ensuring compliance.