Featured Product
This Week in Quality Digest Live
Quality Insider Features
Alexander Khomich
Healthcare software opens up opportunities for clinics in both management and patient care
Drawing lessons from the compound eyes of trilobites, NIST researchers fabricate tiny lenses that see both near and far.
Dale Crawford
Electrical contractors and other skilled trades are losing institutional knowledge
Luk Van Wassenhove
The process must be grounded in knowledge and fact-based decision-making
Emily Newton
Three challenges to reducing energy consumption while maintaining productivity

More Features

Quality Insider News
Hexagon’s calibration service meets advanced manufacturing needs in Canada
Attendees will learn how three top manufacturing companies use quality data to predict and prevent problems, improve efficiency, and reduce costs
Unique global product configuration event fosters an atmosphere of learning, not selling
Project annotations, images, videos, and more in a stereo microscope’s field of view
More than 40% of directors surveyed cite the ability of companies to execute as one of the biggest threats to improving ESG performance
How to quickly prototype 4x machine vision applications on one small embedded system
Industry research finds sustainability challenges remain for automakers in the electric vehicle market
MPLS sensor is fast and accurate, well-suited for in-line control requirements

More News

Jorge A. Correa

Quality Insider

Time to Rethink the Checklist Audit

Optimizing company resources with a process approach to auditing

Published: Monday, October 21, 2013 - 11:11

Organizations today face unprecedented challenges to increase productivity and performance. Having an effective internal audit system is an important tool that allows organizations to determine where key strengths and weaknesses exist within their processes. Once identified they can build on their strengths and allocate resources to improve the weaknesses.

However, many organizations have limited resources yet must still find ways to perform effective audits. Organizations with multiple management systems (e.g., quality and environmental) may discover that their internal audits are utilizing too many resources or they’re simply not providing the necessary value. In some cases the internal audit program may concentrate more on one standard than the other depending on the auditor’s background and experience. Organizations are facing considerable competition and price sensitivity in today’s economy. They must find smarter and more efficient ways to manage and glean the value from their audit processes.

The unflowable checklist

Many organizations still perform audits using a traditional checklist approach even though the checklists can be very cumbersome and may not flow the way the organization’s business processes are defined.

Auditors using standard checklists based on subclauses of a standard (e.g., ISO 9001) have a hard time maintaining focus. They have to continuously jump from one section of the standard to another. Or in many cases auditors have to go to the same area of the company several times to cover different requirements that relate to different processes. The checklist-based approach can be an inefficient use of the auditor’s time.

By contrast, a process-based approach to an audit is not only flexible, it allows companies to structure their audits to fit their specific business processes. Where organizations have worked to integrate their management systems to maximize efficiency, internal and external auditors should be utilizing integrated auditing techniques. This further streamlines the audit process, making the most effective use of the audit time and resources as well as helping to identify areas of strength and weakness across multiple management system standards. This article will focus primarily on the basics of a process-based auditing approach. TÜV SÜD America is offering a follow-up webinar, "Integrated Auditing Using the Process Approach for Quality and Environmental Management Systems," which will expand upon the application of process auditing to integrated management system audits.

A process approach to auditing

As per the ISO 9001 guidance document for the use of the process approach, a process is “set of interrelated or interacting activities, which transforms inputs into outputs.” These activities require allocation of resources such as people and materials. According to ISO 9001:2008: “The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management to produce the desired outcome, can be referred to as the ‘process approach.’”

In practical terms, a process-based audit would take a specific process and start the audit by understanding process objectives and performance measurements together with the interaction of other processes. The objectives and performance information would be used to target specific areas of the process that pose the highest risk to the organization or its customers and stakeholders. The audit would not only look at the actual process steps, but also the resources (i.e., materials, equipment, personnel) as well as the established methods for running the process. This provides in-depth coverage of the organization’s operations.

In contrast, the clause-based approach has a very narrow focus, as the auditor only looks at conformity to a stand-alone requirement of the standard, without checking interactions, risks, or links. The narrow focus normally results in auditors missing key weaknesses and risks within the operations being audited. In fact, this was one of the chief problems and complaints with early versions of ISO 9001.

When you use the process approach to auditing you are actually covering several of the ISO standard clauses or subclauses in a given process. To understand how much more comprehensive (and sensible) a process approach to auditing is, consider this example:

If an auditor was auditing, for instance, the procurement (purchasing) process using a clause-based approach, she would only focus on the requirements of subclauses 7.4.1 and 7.4.2. However, if using the process approach, she would cover many other subclauses, such as 4.1 (general requirements); 4.2.3 and 4.2.4 (document and record control); 5.3 (quality policy); 5.4.1 (quality objectives); 5.5.1 (responsibility and authority); 6.1 (provision of resources); 6.2 (human resources); 8.2.3 (monitoring and measurement of processes); 8.4 (analysis of data) and 8.5 (improvement).

An integrated audit with ISO 14001 for an environmental management system would also cover 4.1 (general requirements); 4.2 (environmental policy); 4.3.1 (environmental aspects); 4.3.3 (objectives, targets, and programs); 4.4.1 (roles and responsibilities); 4.4.2 (competence and training) 4.4.3 (communication); 4.4.5 (document control); 4.4.6c (operational controls/contractor/supplier management); 4.5.3 (nonconformity, corrective/preventive action); and 4.5.4 (record control).

To ensure that all requirements of an ISO management standard are covered, auditors use a process matrix to plot processes vs. subclauses. Keep in mind that many subclauses will be covered in more than one process, e.g., 4.1 (general requirements) 4.2.4 (control of records); and 8.2.3 (monitoring and measurement of processes).

Is a process-based audit more difficult?

A clause-based audit is slightly easier to plan, because the same basic plan can be used to audit many different organizations. However, auditing to the process approach is easier because it follows the natural flow of the organization’s operations and activities. It does take some initial practice and experience to understand how different subclauses apply to each process (and which ones apply to all processes), but once the auditor performs a few audits, it becomes quite simple.

By contrast, a clause-based audit, because it is so narrowly focused on a specific requirement of the standard, in many cases forces the auditor to return to the same process or activity several times to obtain the information and evidence needed. Even if the clause approach is, in theory, easier to plan, all the disadvantages, inefficiencies and nonvalue-added results of a clause-based audit make any difficulty in planning a process-based audit worthwhile. This is particularly true if you keep in mind that after a few audits, it will become easier to plan process-approach audits.

An audit is not necessarily faster or slower using one approach or the other. The key difference is that audits using the process approach make a more effective and efficient use of the time that is available for the audit. Additionally, process-based audits lead to audit findings that are more meaningful to an organization, since the audit is tailored to the company’s processes rather than segmenting the audit to match a checklist of the standard.


Implementing a process-based audit can strengthen an organization’s quality management system, create a more effective audit process, and increase the overall value of the auditing process.

In general, a process-based approach is going to provide better results, that is, you are more likely to find weaknesses in your process. It’s easy to miss key process weaknesses using a clause or checklist approach. For example, when auditing the receiving process, an auditor would focus only on auditing the requirements of subclause 7.4.3 and check if the organization has “established and implemented the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements.” However, when you follow the process approach, the auditor would find out which specific areas of the activity may have weaknesses such as poor performing suppliers or customer complaints related to a supplier issue. This could easily be missed if the process approach is not used.

Preparing for a process-based audit

So how do you get started? First of all, of course, auditors need be trained in the process approach using a combination of classroom training, mock audits, and on-the-job training audits.

When it comes time to performing a real process audit, the auditor will need the organization’s management system manuals that show the organization’s defined processes. This process information will be used to prepare the plan and determine the specific processes to be audited against the applicable subclauses. Auditors should also obtain process and organizational performance information to determine which processes pose the highest risk.


A process-based approach makes more sense than a clause-based approach to auditing. Although it requires a bit more planning, a process approach to auditing is more efficient, more logical, and most important, adds more value to the organization. Because the purpose of an internal or external audit is to validate whether your company is running optimally and providing true value for its customers and stakeholders, you want an audit that truly reflects the way your company runs. That is what a process-based audit gives you.

To take process-based auditing a step further, organizations with integrated quality and environmental management systems should be taking advantage of integrated audits. For more information on a process-based approach for integrated audits, attend the webinar “Integrated Auditing Using the Process Approach for Quality and Environmental Management Systems” on Nov. 1, 2013.


About The Author

Jorge A. Correa’s picture

Jorge A. Correa

Jorge Correa is the Technical Director and Quality Management Systems Program Manager for Intertek. He has more than 30 years of work experience in automotive manufacturing, consulting, training and certification services industries. Jorge holds a Master’s of Business Administration and Bachelor of Science in Aeronautical Engineering.

Intertek is a leading Total Quality Assurance provider to industries worldwide. Our network of more than 1,000 laboratories and offices and over 42,000 people in more than 100 countries, delivers innovative and bespoke Assurance, Testing, Inspection and Certification solutions for our customers’ operations and supply chains. Intertek Total Quality Assurance expertise, delivered consistently with precision, pace and passion, enabling our customers to power ahead safely.


And the interactions between them

After several rounds of auditing the processes in a new system for a start-up company, I started finding that the real value was determining the interactions between key processes and auditing them for effectiveness. So often I found that the light bulb and the switch worked fine, but the wiring between them was broken!

Time To Rethink the Checklist Audit

Really useful information about Audit Checklist


Time To Rethink the Checklist Audit????

I would be VERY careful with a process audit approach in leue of a checklist. The process approach requires much more up front time, requires a higher level of auditor skill, and true may save time while auditing, may not be as comprehensive as a well thought out checklist.

We went to a process based audit approach 3-5 years ago and have just converted back to a checklist approach. Why... the process approach audit did not reveal or unveil as many system issues or areas for improvement. In addition, our customer conducted audits of us as a supplier using audit checklists and were able to find areas for improvement we missed with a process based approach to auditing... While both process and checklist approaches can be effective if done right... the customer audits in a general sense seem to actually favor a audit checklist versus a process approach to auditing.

Ken Kaniecki