Introduction:

This Process Street checklist was built to help auditors conduct an effective audit on the implementation of the AS9100D aerospace quality management standard. 

This checklist is not meant to be followed verbatim. Instead, it should be used as a framework to supplement your audits and make sure that the basic requirements are being met.

The checklist takes you step-by-step, through the entire auditing process. Each task is supplemented with even more information to help further build context and leave no questions unanswered. This checklist also uses various form fields to give you the ability to record all your audit findings and notes as you move through the process.

We recommend that you edit the contents of this checklist to better suit your particular needs, if necessary.

Preparation for the audit:

Record basic details

First thing, before beginning the audit, take a moment to enter some basic details using the form fields below.

Audit programme manager information
Auditee information

If this process will involves multiple people, feel free to use the members form field to be able to assign additional individuals.

Establish context of the audit

After you've recorded the basic details, you should establish the context of the audit. To be able to properly understand the context of the audit, you should take into account the auditee’s:

  • 1
    Business goals
  • 2
    Relevant external & internal issues
  • 3
    Relevant interested parties needs and expectations
  • 4
    Information security and confidentiality QMS requirements

Use the form fields below to write notes and record the finalized context of the audit.

Establish objectives of the audit

Next, you need to establish objectives of the audit.

The audit objectives should be consistent with the context of the auditee and include the following information:

  • 1
    Extent of the QMS that will be audited
  • 2
    The QMS's capacity to help the organization meet relevant regulatory requirements
  • 3
    The QMS's effectiveness in achieving its goals
  • 4
    Areas for QMS improvements
  • 5
    Suitability of the QMS in the auditee's strategic context and business

Use the form fields below to write notes and record the finalized audit objectives.

Establish scope of the audit

Now, you should establish the scope of the audit.

The scope of the audit should be consistent with the auditee's context and include the following information:

  • 1
    Audit location
  • 2
    Audit function
  • 3
    Audit activities
  • 4
    Processes to be audited
  • 5
    Audit time-frame

Use the form fields below to write notes and record the finalized audit scope.

Establish criteria of the audit

After you're finished establishing the audit scope, you need to establish the audit criteria.

The criteria should be defined while keeping in mind that it will be used as a reference to which the QMS's conformity will be evaluated.

The audit criteria might include:

  • 1
    Any relevant policies
  • 2
    Recurring processes and standard operating procedures
  • 3
    Performance goals and KPIs
  • 4
    Statutory and other relevant regulatory requirements
  • 5
    Management system requirements
  • 6
    Risks and opportunities as determined by the auditee
  • 7
    Internal codes of conduct

Use the form fields below to write notes and record the finalized audit criteria.

Ensure audit monitoring systems are in place

You should also make sure all necessary tools and systems are in place to ensure effective monitoring of the audit.

Audit monitoring systems might include any of the following:

  • 1
    Whether audit deadlines and schedules are being met
  • 2
    Audit team member(s) performance
  • 3
    Successful implementation of audit plans
  • 4
    Auditee feedback
  • 5
    Documentation of audit procedures

Request documented information from auditee

Next, you should request all relevant documentation from the auditee

Use the form fields below to write notes.

Assign audit team and lead auditor

You should now take some time to assign audit team and lead auditor.

When deciding on your audit team, keep in mind:

  • 1
    Overall required competence of the audit team
  • 2
    Audit complexity
  • 3
    Whether a combined or joint audit
  • 4
    Audit methods
  • 5
    Ability of the audit team to work effectively with the auditee
  • 6
    Relevant internal and external issues
  • 7
    Type of processes to be audited

Use the fields below to assign audit team members.

Now, you should assign the audit team leader.

Use the form fields below to record the details of the lead auditor.

Review documented information:

Review auditee's documented information

Now that you've made all the necessary preparations for the audit, you should, review all of the auditee's documented information pertaining to the management system.

This will serve as a great jumping off point for the lead auditor and allow them to easily pinpoint any problem areas in the auditee's QMS.

The documented information could take the form of things such as:

  • Processes (paper and/or software)
  • Management system documents and records
  • Previous audit reports

Using the form-fields below, record any issues observed in the documentation.

[Conditional] Resolve the documented information issues

Use the form fields below to record the issues found in the documented information, and what actions you've taken to resolve these issues.

Prepare an audit plan

Now that you've reviewed all the documented information and resolved any issues, you should prepare an audit plan.

The audit plan should contain the following information:

  • 1
    Audit team member responsibilities
  • 2
    Risk-based approach to audit planning
  • 3
    Audit activities schedule
  • 4
    Audit scope
  • 5
    Sampling techniques for documenting evidence
  • 6
    Areas for improvement
  • 7
    Risks of poor planning
  • 8
    Intended impact of the audit on auditee processes

Upload your finalized audit plan below:

Assign work to audit team

Now that your audit plan is all set, you just need to assign work to the audit team.

All the work that will be assigned should have been detailed in the audit plan.

This is a great opportunity to use Process Street's task assignment feature for assigning individual tasks in this checklist to specific audit team members.

Initiating the audit:

Make arrangements with auditee

To begin the audit, you should first make contact with the auditee and make sure the following factors are in order:

  • 1
    Basic introduction and outline of lead auditor responsibilities
  • 2
    Clarified methods of communication
  • 3
    Permission has been granted to perform the audit
  • 4
    The auditee fullly understands the audit programme as it currently stands
  • 5
    All relevant information has been made accessible to all parties involved
  • 6
    Access to additional relevant information has been requested
  • 7
    Any additional regulatory requirements that might impact the audit have been determined
  • 8
    Information security policies have been confirmed
  • 9
    Audit schedule has been confirmed
  • 10
    All location-specific arrangements have been made
  • 11
    Auditee understands the requirements for additional observers
  • 12
    Risk areas have been communicated
  • 13
    Any outstanding issues have been resolved

Use the form field below to select the date of the opening meeting.

Conduct open meeting

After you've made all the necessary arrangements with the auditee and scheduled the opening meeting, what's next is to actually conduct the meeting.

The opening meeting should be hosted by the lead auditor.

During the opening meeting, make sure to confirm the following information with the team:

  • 1
    Audit programme plans
  • 2
    Audit scope
  • 3
    Audit goals
  • 4
    Audit criteria
  • 5
    Audit plans
  • 6
    Audit team responsibilities
  • 7
    That all planned activities can be conducted with proper authorization
  • 8
    Audit language
  • 9
    Information security protocol
  • 10
    Audit team access and arrangements
  • 11
    On-site activities that could potentially impact audit process

Usually, an opening meeting will include the auditee's management, in addition to specialists that work closely with the processes being audited.

Use this meeting as an opportunity to ask any the necessary questions about the audit process and clear up any gaps of knowledge you may have. The meeting can range in size and scope depending on the organization being audited.

It's important that during the opening meeting, the following information is clearly communicated:

  • 1
    Methods for communicating the audit progress
  • 2
    Audit termination conditions
  • 3
    Procedures for dealing with audit findings
  • 4
    Procedures for receiving feedback from the auditee

Ensure relevant audit information is accessible

Any relevant audit information should be made easily accessible to all the relevant parties. This can be done by documenting the location of the information in the form field below.

You may also want to consider uploading any additional crucial information to a secure central repository that can be easily shared with the auditee.

Context of the organization (4.0):

Assess the organization and its context

Assessing the organization and its context is vital when developing a quality management system. It helps to to pinpoint, analyze, and develop a better understanding of the auditee's business environment.

Record information regarding the organization and its context in the form fields below.

Assess the needs and expectations of interested parties

After assessing the organization and its context, you should assess the needs and expectations of the interested parties.

After you've gathered the information, document any evidence that pertains to the needs and expectations of interested parties in the form fields below.

Assess scope of QMS

Now, you should assess the scope of the QMS.

Simply put, the scope of the QMS is a description of the processes, procedures, services, and products that the QMS was developed for.

After you've gathered the information, document any evidence that pertains to the QMS scope in the form fields below.

Leadership (5.0):

Assess leadership of the QMS

After assessing the scope of the QMS, you should then assess the QMS leadership.

After you've gathered the information, document any evidence that pertains to the QMS leadership in the form fields below.

Assess customer focus

Now, you should assess the QMS customer focus.

After you've gathered the information, document any evidence that pertains to the QMS customer focus in the form fields below.

Assess quality policy

After assessing the QMS customer focus, you should assess the QMS quality policy.

After you've gathered the information, document any evidence that pertains to the QMS quality policy in the form fields below.

Assess organizational roles and responsibilities

Now, you should assess the organizational roles and responsibilities of the QMS.

After you've gathered the information, document any evidence that pertains to the organizational roles and responsibilities of the QMS in the form fields below.

Planning (6.0):

Assess documentation of risks and opportunities

After assessing the QMS organizational roles and responsibilities, you should assess the documentation of risks and opportunities in the QMS.

After you've gathered the information, document any evidence that pertains to the documentation of risks and opportunities in the QMS in the form fields below.

Assess quality objectives

Now, you should assess the QMS quality objectives.

After you've gathered the information, document any evidence that pertains to the QMS quality objectives in the form fields below.

Assess change management procedures

After assessing the QMS quality objectives, you should assess the QMS change management procedures.

After you've gathered the information, document any evidence that pertains to the QMS change management procedures in the form fields below.

Support (7.0):

Assess organization and allocation of QMS resources

Now, you should assess the organization and allocation of QMS resources.

After you've gathered the information, document any evidence that pertains to the organization and allocation of QMS resources in the form fields below.

Assess HR integration with QMS

After assessing the organization and allocation of QMS resources, you should assess the HR integration with QMS.

After you've gathered the information, document any evidence that pertains to the HR integration with QMS in the form fields below.

Assess QMS infrastructure

Then you should assess the QMS infrastructure.

After you've gathered the information, document any evidence that pertains to the QMS infrastructure in the form fields below.

Assess QMS work environment

Now, you should assess the QMS work environment.

After you've gathered the information, document any evidence that pertains to the QMS work environment in the form fields below.

Assess monitoring and measurement of resources

After assessing the QMS work environment, you should assess the QMS monitoring and measurement of resources.

After you've gathered the information, document any evidence that pertains to the QMS monitoring and measurement of resources in the form fields below.

Assess organizational knowledge of QMS

Now, you should assess the organizational knowledge of QMS.

After you've gathered the information, document any evidence that pertains to the organizational knowledge of QMS in the form fields below.

Assess QMS competence

After assessing the QMS organizational knowledge, you should assess the QMS competence.

After you've gathered the information, document any evidence that pertains to the QMS competence in the form fields below.

Assess QMS awareness

Now, you should assess the QMS awareness.

After you've gathered the information, document any evidence that pertains to the QMS awareness in the form fields below.

Assess communication of QMS within the organization

After assessing the QMS awareness, you should assess the communication of QMS within the organization.

After you've gathered the information, document any evidence that pertains to the communication of QMS within the organization in the form fields below.

Assess documented information

Now, you should assess the documented information.

After you've gathered the information, document any evidence that pertains to the documented information in the form fields below.

Operation (8.0):

Assess operational planning and control

After assessing the documented information, you should assess the operational planning and control.

After you've gathered the information, document any evidence that pertains to the operational planning and control in the form fields below.

Assess operational risk management

Now, you should assess the operational risk management.

After you've gathered the information, document any evidence that pertains to the operational risk management in the form fields below.

Assess configuration management

After assessing the operational risk management, you should assess the configuration management.

After you've gathered the information, document any evidence that pertains to the configuration management in the form fields below.

Assess product safety

Now, you should assess the product safety.

After you've gathered the information, document any evidence that pertains to the product safety in the form fields below.

Assess prevention of counterfeit parts

After assessing the product safety, you should assess the prevention of counterfeit parts.

After you've gathered the information, document any evidence that pertains to the prevention of counterfeit parts in the form fields below.

Assess requirements for products and services

Now, you should assess the requirements for products and services

After you've gathered the information, document any evidence that pertains to the requirements for products and services in the form fields below.

Assess customer communication

After assessing the requirements for products and services, you should assess the customer communication.

After you've gathered the information, document any evidence that pertains to the customer communication in the form fields below.

Assess requirements for products and services

Determine, review, changes

Now, you should assess the requirements for products and services.

After you've gathered the information, document any evidence that pertains to the requirements for products and services in the form fields below.

Assess design and development of products and services

After assessing the requirements for products and services, you should assess the design and development of products and services.

After you've gathered the information, document any evidence that pertains to the design and development of products and services in the form fields below.

Assess control of externally provided services and processes

Now, you should assess the control of externally provided services and processes.

After you've gathered the information, document any evidence that pertains to the control of externally provided services and processes in the form fields below.

Assess type and extent of control

After assessing the control of externally provided services and processes, you should assess the type and extent of control.

After you've gathered the information, document any evidence that pertains to the type and extent of control in the form fields below.

Assess information of external providers

Now, you should assess the information of external providers.

After you've gathered the information, document any evidence that pertains to the information of external providers in the form fields below.

Assess production and service provision

After assessing the information of external providers, you should assess the production and service provision.

After you've gathered the information, document any evidence that pertains to the production and service provision in the form fields below.

Assess control of production and service provision

Now, you should assess the control of production and service provision.

After you've gathered the information, document any evidence that pertains to the control of production and service provision in the form fields below.

Assess identification and traceability

After assessing the control of production and service provision, you should assess the identification and traceability.

After you've gathered the information, document any evidence that pertains to the identification and traceability in the form fields below.

Assess property belonging to customers or external providers

Now, you should assess the property belonging to customers or external providers.

After you've gathered the information, document any evidence that pertains to the property belonging to customers or external providers in the form fields below.

Assess preservation procedures

After assessing the property belonging to customers or external providers, you should assess the preservation procedures.

After you've gathered the information, document any evidence that pertains to the preservation procedures in the form fields below.

Assess post-delivery activities

Now, you should assess the post-delivery activities.

After you've gathered the information, document any evidence that pertains to the post-delivery activities in the form fields below.

Assess control of changes

After assessing the post-delivery activities, you should assess the control of changes.

After you've gathered the information, document any evidence that pertains to the control of changes in the form fields below.

Assess release of products and services

Now, you should assess the release of products and services.

After you've gathered the information, document any evidence that pertains to the release of products and services in the form fields below.

Assess control of nonconforming outputs

After assessing the release of products and services, you should assess the control of nonconforming outputs.

After you've gathered the information, document any evidence that pertains to the control of nonconforming outputs in the form fields below.

Performance evaluation (9.0):

Assess systems and procedures for QMS monitoring

Now, you should assess the systems and procedures for QMS monitoring.

After you've gathered the information, document any evidence that pertains to the systems and procedures for QMS monitoring in the form fields below.

Assess customer satisfaction

After assessing the systems and procedures for QMS monitoring, you should assess the customer satisfaction.

After you've gathered the information, document any evidence that pertains to the customer satisfaction in the form fields below.

Assess analysis and evaluation procedures

Now, you should assess the analysis and evaluation procedures.

After you've gathered the information, document any evidence that pertains to the analysis and evaluation procedures in the form fields below.

Assess previous internal audits

After assessing the analysis and evaluation procedures, you should assess the previous internal audits.

After you've gathered the information, document any evidence that pertains to the previous internal audits in the form fields below.

Assess management review procedures

Now, you should assess the management review procedures.

After you've gathered the information, document any evidence that pertains to the management review procedures in the form fields below.

Improvement (10.0):

Assess continuous improvement policy

After assessing the management review procedures, you should assess the continuous improvement policy.

After you've gathered the information, document any evidence that pertains to the continuous improvement policy in the form fields below.

Assess nonconformity and corrective action

Now, you should assess the nonconformity and corrective action.

After you've gathered the information, document any evidence that pertains to the nonconformity and corrective action in the form fields below.

Approval: Final Approval

Will be submitted for approval:
  • Record basic details
    Will be submitted
  • Establish context of the audit
    Will be submitted
  • Establish objectives of the audit
    Will be submitted
  • Establish scope of the audit
    Will be submitted
  • Establish criteria of the audit
    Will be submitted
  • Ensure audit monitoring systems are in place
    Will be submitted
  • Request documented information from auditee
    Will be submitted
  • Assign audit team and lead auditor
    Will be submitted
  • Review auditee's documented information
    Will be submitted
  • [Conditional] Resolve the documented information issues
    Will be submitted
  • Prepare an audit plan
    Will be submitted
  • Assign work to audit team
    Will be submitted
  • Make arrangements with auditee
    Will be submitted
  • Conduct open meeting
    Will be submitted
  • Ensure relevant audit information is accessible
    Will be submitted
  • Assess the organization and its context
    Will be submitted
  • Assess the needs and expectations of interested parties
    Will be submitted
  • Assess scope of QMS
    Will be submitted
  • Assess leadership of the QMS
    Will be submitted
  • Assess customer focus
    Will be submitted
  • Assess quality policy
    Will be submitted
  • Assess organizational roles and responsibilities
    Will be submitted
  • Assess documentation of risks and opportunities
    Will be submitted
  • Assess quality objectives
    Will be submitted
  • Assess change management procedures
    Will be submitted
  • Assess organization and allocation of QMS resources
    Will be submitted
  • Assess HR integration with QMS
    Will be submitted
  • Assess QMS infrastructure
    Will be submitted
  • Assess QMS work environment
    Will be submitted
  • Assess monitoring and measurement of resources
    Will be submitted
  • Assess organizational knowledge of QMS
    Will be submitted
  • Assess QMS competence
    Will be submitted
  • Assess QMS awareness
    Will be submitted
  • Assess communication of QMS within the organization
    Will be submitted
  • Assess documented information
    Will be submitted
  • Assess operational planning and control
    Will be submitted
  • Assess operational risk management
    Will be submitted
  • Assess configuration management
    Will be submitted
  • Assess product safety
    Will be submitted
  • Assess prevention of counterfeit parts
    Will be submitted
  • Assess requirements for products and services
    Will be submitted
  • Assess customer communication
    Will be submitted
  • Assess requirements for products and services
    Will be submitted
  • Assess design and development of products and services
    Will be submitted
  • Assess control of externally provided services and processes
    Will be submitted
  • Assess type and extent of control
    Will be submitted
  • Assess information of external providers
    Will be submitted
  • Assess production and service provision
    Will be submitted
  • Assess control of production and service provision
    Will be submitted
  • Assess identification and traceability
    Will be submitted
  • Assess property belonging to customers or external providers
    Will be submitted
  • Assess preservation procedures
    Will be submitted
  • Assess post-delivery activities
    Will be submitted
  • Assess control of changes
    Will be submitted
  • Assess release of products and services
    Will be submitted
  • Assess control of nonconforming outputs
    Will be submitted
  • Assess systems and procedures for QMS monitoring
    Will be submitted
  • Assess customer satisfaction
    Will be submitted
  • Assess analysis and evaluation procedures
    Will be submitted
  • Assess previous internal audits
    Will be submitted
  • Assess management review procedures
    Will be submitted
  • Assess continuous improvement policy
    Will be submitted
  • Assess nonconformity and corrective action
    Will be submitted

Sources:

Sign up for a FREE account and
search thousands of checklists in our library.

Sign up for a FREE account and search thousands of checklists in our library.