Every IATF 16949 certified plant faces surveillance audits between recertification cycles. The scope is narrower than a full audit, but the expectations are the same: you must demonstrate that your quality management system is not just documented, but operating as intended.
Daily checks — changeover verifications, in-process checks, line clearance confirmations — are a frequent audit target. They sit at the intersection of several IATF clauses, and they're where the gap between "what we say we do" and "what we can prove we do" tends to show up.
This article covers what auditors typically examine, where plants most commonly struggle, and how to prepare — whether you're running paper-based controls or digital ones.
What the auditor is actually looking for
A surveillance auditor examining daily checks isn't checking whether your checklist exists. They're checking whether your process works reliably and whether you can prove it.
Specifically, they tend to focus on five things:
1. Evidence that controls are performed as specified in the control plan
Your control plan says that a changeover verification is performed after every component exchange on Line 3. The auditor will ask for records from a specific date — often chosen randomly. If you can produce complete, attributable records within a reasonable time, you pass. If you can't, you have a gap.
The key word is "as specified." If your control plan says verification happens before production restarts, your records should show timestamps that confirm the check was completed before the first piece was produced — not after.
How Daily Checks helps
Every check record is automatically timestamped at the moment each control point is completed — not when the form is submitted. The auditor can pull up any line, any date, and see the exact time each step was executed. There is no way to back-fill or pre-fill entries, so the timestamps are a reliable reflection of what actually happened on the floor.
2. Completeness of records
A checklist with 12 checkpoints should have 12 completed entries. Blank fields, dashes, or "N/A" written where a measurement should be raise questions. The auditor isn't trying to catch you — they're trying to verify that the person performing the check actually assessed every point.
Common finding: checklists where the first 8 fields are carefully filled in and the last 4 are rushed or incomplete. This pattern suggests the operator was interrupted or under time pressure — which is a process problem, not a person problem.
How Daily Checks helps
The system displays one control point at a time and does not allow the operator to advance to the next step until the current one is evaluated as OK or NOK. Skipping a checkpoint is technically impossible. Every submitted check record has 100% of fields completed — which is exactly what an auditor wants to see.
3. Traceability — who, when, what
IATF 16949 (and ISO 9001 Clause 7.5.2) requires that records are identifiable and traceable. For daily checks, this means:
- Who performed the check (name or ID, not just "shift A")
- When it was performed (date and time, not just date)
- What was checked (which line, which product, which checkpoint)
- What was the result (OK/NOK, with specifics on NOK)
Handwritten signatures that are illegible, forms with only a date (no time), or records where "Line 2" is assumed but not explicitly recorded all create traceability gaps.
How Daily Checks helps
Every check record is automatically linked to the logged-in operator by name, the specific line and product series the checklist was created for, and the exact timestamp of each entry. The auditor sees a complete, unambiguous record: name — line — series — checkpoint — result — time. No assumptions, no interpretation required.
4. Reaction to non-conformances
If a daily control reveals a NOK condition, the auditor will ask: What happened next? They're looking for evidence that:
- The non-conformance was recorded with enough detail to understand what was wrong
- Someone was notified (and you can show who and when)
- Containment action was taken (suspect product identified and segregated)
- The issue was resolved and documented
This is where paper-based processes most frequently fail. The NOK may have been discovered and resolved, but the evidence trail — from detection through escalation to resolution — is often incomplete or scattered across different documents.
How Daily Checks helps
When an operator marks a checkpoint as NOK, the system immediately requires them to select an error category and specify the reason — the record cannot be closed without this detail. For urgent non-conformances, the operator can trigger an instant escalation notification to a supervisor directly from the check screen. The supervisor receives the alert within minutes, not at the end of the shift. The full trail — NOK detected, reason recorded, supervisor notified, timestamp of each action — is stored in a single record and exportable on demand.
5. Version control of the checklist itself
The auditor may ask: "How do you ensure that operators are using the current version of this checklist?" If different shifts are using different versions, or if the version on the floor doesn't match the version referenced in your control plan, that's a finding.
This sounds trivial, but it comes up regularly. When checklists are managed as Excel files, printed, and distributed manually, version drift is almost inevitable.
How Daily Checks helps
Checklists are managed centrally by a supervisor role. When a checklist is updated and set as active, it immediately becomes the version all operators see — there are no printed copies to collect, no old files to remove from the floor. Operators always open the current version by default. Previous versions are automatically archived with their original content preserved, so historical records remain accurate even after updates are made.
The 5 most common findings related to daily checks
Based on published IATF audit trend data and common quality management observations:
Finding 1: "Records do not demonstrate that the process is performed as documented"
This is the most common formulation. It doesn't say you're not doing the checks — it says you can't prove you're doing them. The gap is almost always in the records, not in the actual work.
Root cause: The recording mechanism (paper, Excel) doesn't enforce completeness. Operators perform checks but don't always document every step. Over time, partial documentation becomes normalised.
How Daily Checks helps
The step-by-step enforcement means the digital record is a direct reflection of what was physically assessed. Each checkpoint requires an explicit OK/NOK evaluation before the next one appears. The result is a complete, structured record for every check performed — one that demonstrates the process was followed exactly as documented.
Finding 2: "Nonconformity reaction process is not consistently followed"
The plant has a procedure for handling NOK conditions found during daily checks. But the evidence shows that some NOK situations were resolved without following the defined escalation path — or the escalation path was followed but not documented.
Root cause: Paper-based escalation depends on the operator knowing who to notify and choosing to do so. There's no system-enforced mechanism.
How Daily Checks helps
Escalation is built into the NOK workflow. When an operator flags a checkpoint as NOK, the system prompts them to categorize the issue and, if urgent, send an immediate notification to the responsible supervisor. This happens at the point of detection, not retrospectively. The system records whether an escalation was triggered and when — so the auditor can verify that the defined reaction process was followed for every NOK event, not just the ones someone remembered to document.
Finding 3: "Changeover verification records are not retrievable within a reasonable time"
The auditor asked for records from a specific date and line. It took 40 minutes to find the right binder, locate the right page, and confirm it was the right checklist. In some cases, the records were never found.
Root cause: Physical storage. Binders get moved, pages get misfiled, entire days go missing when someone forgets to collect the completed forms.
How Daily Checks helps
All check records are stored digitally and searchable by line, series, auditor, and date. Retrieving a specific record takes seconds — filter by line and date, and the complete record appears immediately. Records are retained for a minimum of two years and are exportable to PDF at any time, making audit evidence retrieval a matter of minutes rather than a search through physical storage.
Finding 4: "Checklist version in use does not match the referenced document in the control plan"
Three versions of the same checklist are in circulation. The control plan references Rev. 5. Line operators are using Rev. 3 (never updated), Rev. 5 (correct), and a modified version created by a shift leader (no revision number).
Root cause: No central version management. Once an Excel file is printed, it's disconnected from the source.
How Daily Checks helps
There is a single source of truth for every checklist — the version managed by the supervisor in the system. Operators cannot create or modify their own versions. When a supervisor updates a checklist and activates it, every operator on every shift immediately works from the same updated version. Old versions are archived automatically. The risk of multiple conflicting versions in circulation is eliminated by design.
Finding 5: "No evidence of monitoring daily control completion rates"
IATF 16949 Clause 9.1.1 requires monitoring and measurement of processes. The auditor asks: "How do you know that daily checks are being performed on every line, every shift?" If the answer is "we trust our team leaders" without supporting data, that's insufficient.
Root cause: With paper-based controls, there's no automatic monitoring. Knowing whether controls were completed requires someone to physically check every binder, every shift — which nobody does consistently.
How Daily Checks helps
The supervisor dashboard shows completion rates broken down by line, series, and time period (current week, current month, financial year). NOK rates are tracked by the same dimensions. Supervisors receive a weekly report every Friday with a full summary: checks completed, non-conformances found, and performance by auditor. This data is always available — not assembled before an audit, but captured continuously as part of normal operations.
Self-assessment checklist: are you audit-ready?
Before your next surveillance audit, walk through these questions for your daily checks process:
Records completeness
- Can you produce a complete, fully filled-in daily control record for any random date and line within 15 minutes?
- Are all fields completed — no blanks, no dashes, no "N/A" where a value should be?
- Do records include both date and time of completion?
Traceability
- Is the person who performed each check identifiable (name or ID, not just shift designation)?
- Is the specific line, product, and checkpoint clearly recorded on every form?
- Can you trace the record back to the corresponding control plan requirement?
Non-conformance handling
- For every NOK recorded in the last 3 months, can you show who was notified, when, and what action was taken?
- Is there a clear trail from NOK detection → escalation → containment → resolution?
- Are NOK records stored with or clearly linked to the daily control record (not in a separate system)?
Version control
- Is every operator on every shift using the same, current version of the checklist?
- Can you show when the checklist was last updated and who approved the change?
- Does the version on the floor match the version referenced in your control plan?
Process monitoring
- Do you know what percentage of daily checks were fully completed last month?
- Do you have trend data on NOK rates by line, shift, or period?
- Can you demonstrate to an auditor that you actively monitor daily control performance?
If you answered "no" or "not sure" to more than 3 of these questions, you have gaps that a surveillance auditor is likely to identify.
How to close the gaps — regardless of your current system
The structural problems described above aren't caused by bad people. They're caused by processes that don't enforce themselves.
If you're staying with paper/Excel
- Assign a specific person each shift to verify completeness before the binder is filed
- Implement a weekly spot-check: pick 3 random records, verify all fields are complete and traceable
- Maintain a version log: when a checklist is updated, physically collect and destroy old versions from the floor
- Create a NOK log separate from the daily control forms — but cross-reference by date and line
If you're considering digital tools
- Prioritise sequential enforcement (the ability to prevent skipping steps) over feature richness
- Ensure the tool creates an automatic audit trail (who, when, what, result) without relying on operator discipline
- Look for instant escalation on NOK — not just recording, but notification
- Verify that records are exportable in a format an auditor can review (PDF, structured data)
The goal isn't to impress the auditor with technology. The goal is to have reliable, complete, retrievable evidence that your daily checks are performed as specified. How you achieve that is secondary.
Key takeaways
- Surveillance auditors target daily checks because they reveal how well your QMS actually operates — not just how well it's documented.
- The most common findings aren't about missing checks — they're about missing evidence. The work gets done; the proof is incomplete.
- Paper-based processes have structural weaknesses (no enforcement, no real-time visibility, no version control) that training alone cannot fix.
- You can audit-proof your daily checks by ensuring: complete records, full traceability, documented NOK handling, version control, and process monitoring.
- Start preparing now, not the week before the audit. If your records are complete and retrievable every day, audit preparation becomes trivial.