Centuries ago, when the church bells sounded, oftentimes it wasn’t a call for the good town folks to gather for their weekly prayers. Byzantines made use of a beacon-based semaphore system.
Precursors to the modern-day siren were distributed in densely populated areas after World War I.
All these tools share a common purpose: they act as early warning systems (EWS).
With any system of early detection, the success of the outcome relies on putting the right actions and reactions and monitoring activities in place.
In the area of document control, having a document control audit checklist is invaluable.
Why is document control important?
According to the American Institute of Certified Public Accountants (AICPA), an alarming number of nonconformity issues within an organization are related to lack of sufficient document control. Non-conformance is especially disastrous for highly regulated businesses, such as those in manufacturing, as well as organizations seeking ISO 9001 certification for their quality management system (QMS).
A sound document control system not only helps avert nonconformity disasters, but also reduces financial risk from fraud or loss, aids management in the decision-making process, and ensures all operations run cost-effectively, time efficiently, and according to organizational objectives.
What documents are needed for a document control audit?
An organization seeking QMS certification is required to abide by a system of internal controls for document management. International standards developed by the International Organization for Standardization (ISO), provide direction for document control. The most up-to-date standard for QMS is ISO 9001:2015.
More flexible than previous standards, ISO 9001:2015 has a shortlist of required documents and records:
- The organization’s QMS policy
- A description of the QMS scope
- A detailed explanation of QMS objectives
- Any document or record essential to the support of an individual organization’s QMS processes, including standard operating procedures (SOP)
Although a quality manual is no longer one of the ISO documentation requirements, many organizations find it helpful to incorporate the first three requirements into one published item as a single source of truth for all QMS-related materials.
When evaluating the document control system within an organization an internal auditor’s most valuable tool is a document control audit checklist.
What is a document control audit checklist?
A document control audit checklist is an indicator used to verify that all documented information is maintained according to established standards. In other words, an audit checklist is like the bells and beacons of yesteryear.
If you’re wondering exactly how an internal audit checklist acts as an early warning system in auditing, let’s look at the criteria used to create an effective mechanism for the prevention of disasters.
An article published in the International Journal of Disaster Risk Science describes “four interconnected key elements” that make for an effective EWS:
- Informed through the “systematic collection of data and disaster risk assessments”
- “Detection, monitoring, analysis, and forecasting of the hazards and possible consequences”
- Relevant information is communicated in the form of “authoritative, timely, accurate and actionable warnings”
- The proper response preparedness exists at all levels
Whether auditing for document control processes, compliance, or internal controls over financial reporting, the EWS criteria define an audit checklist faultlessly.
The only difference: instead of declaring potential threats from marauders or enemies or earthquakes, the EWS of a document control audit checklist sounds the sirens regarding risks, compliance issues, production inefficiencies, QMS non-conformities, and any other red flags that could result in FDA warnings, noncompliance fines, or litigation.
What should a document control checklist include?
To assure the warning system uncovers any potential disasters, the auditor begins by verifying all the required documents are available and current. While specific audit procedures will vary based on the organization, the audit checklist must include a review of the organization’s document control procedures.
Document control procedures are cautionary measures used by the board of directors and management to review, approve, revise, and organize documents and records. The audit report signals whether an organization’s document management procedures include controls reflecting the guidelines set forth by the ISO. Some examples of document control procedures:
- Management reviews new documents for accuracy, clarity, and accessibility
- Process owners are responsible for approval of document changes or re-approval
- Document revisions are monitored and approved by the proper authorities and the revision status is monitored
- Supervisors maintain an up-to-date distribution list to ensure every team member has access to the most current version of a document at every point of use
- Procedures are in place to prevent the unintended use of obsolete documents
- Management creates similar controls for all external documents and maintains a master list for distribution
By using a document control audit checklist, internal auditors can more efficiently identify areas where corrective and preventive actions are needed before they are discovered through an external audit.
The unforeseen tragedy in the wake of the 2004 Indian Ocean tsunami prompted a global push to improve and or implement EWS systems in hopes of minimizing future losses. Although not comparable to the devastation experienced in Thailand, audit findings expose issues that could devastate an operation and alert an organization to the need for continued improvement of internal controls and processes.
A quality audit relies on a high-functioning document control system. If file cabinets filled with forms and flowcharts, reports and reviews, and procedures and policies prevent your organization from completing a document control audit easily, let ZenGRC help.
The benefit of an automated method for document control is invaluable. Not only does our software make document control processes simpler (some with the click of a mouse), when used to its fullest, ZenGRC’s compliance dashboard is there to sound the alarm before disaster strikes.