ISO 9001 Internal Audit Checklist for Quality Management Systems

Run this checklist to perform an internal audit on a quality management system (QMS) against the ISO 9001:2015 requirements.

Introduction:

Enter basic details

Preparing for the audit:

Establish context of the audit

Establish objectives of the audit

Establish scope of the audit

Establish criteria of the audit

Ensure audit monitoring systems are in place

Request documented information from auditee

Assign audit roles and responsibilities:

Assign audit team

Assign audit team lead

Reviewing documented information:

Review auditee's documented information

(Conditional) Resolve documented information issue(s)

Prepare an audit plan

Assign work to audit team

Initiating the audit:

Make arrangements with the auditee

Conduct open meeting

Ensure relevant audit information is accessible

Collecting evidence (context of the organization):

Assess the organization and its context

Assess needs and expectations of interested parties

Assess scope of QMS

Collecting evidence (leadership):

Assess leadership of the QMS

Assess customer focus

Assess quality policy

Assess organizational roles and responsibilities

Collecting evidence (QMS planning):

Assess documentation of risks and opportunities

Assess quality objectives

Assess procedures for changes to QMS

Collecting evidence (support):

Assess organization and allocation of QMS resources

Assess HR integration with QMS

Assess QMS infrastructure

Assess QMS work environment

Assess systems for monitoring and measurement of resources

Assess organizational knowledge of the QMS

Assess QMS competence

Assess QMS awareness

Assess communication of QMS within the organization

Assess documented information

Collecting evidence (operation):

Assess process control

Assess determination of requirements for products and services

Assess design and development of products and services

Assess design and development inputs

Assess design and development controls

Assess design and development outputs

Assess design and development changes

Assess control of externally provided products and services

Assess type and extent of control

Assess information for external providers

Assess control of production and service provision

Assess identification and traceability of production control

Assess control of external provider/customer property

Assess preservation procedures

Assess post-delivery activities

Assess control of changes

Assess release of products and services

Assess control of nonconforming outputs

Collecting evidence (performance evaluation):

Assess QMS performance evaluation

Assess customer satisfaction

Assess performance analysis and evaluation procedures

Assess internal audit procedures

Assess management review procedures

Collecting evidence (improvement):

Assess procedures for nonconformity and corrective action

Assess procedures for continuous improvement

Audit findings:

Review audit evidence and findings

Closing the audit:

Prepare audit report

Issue audit report

(Conditional) Prepare for audit follow-up

Prepare for closing meeting

Conduct closing meeting

Complete the audit

Sources:

Related checklists:

Introduction:

There are four main objectives of an ISO 9001 audit:

To verify opportunities to improve the QMS,
To verify conformance to applicable standards,
To verify conformance to documented processes and procedures,
To verify effectiveness of business processes.

This checklist is not intended to be a script that the auditor follows verbatim. Rather, it should be used as a tool to ensure that the basic requirements have been addressed and that adequate evidence has been recorded.

"The most effective audits are those during which auditors simply talk with the auditees to learn everything they can about the process being audited." - Ann W. Phillips, from ISO 9001:2015 Internal Audits Made Easy

This checklist is designed as a supplement, and is not intended to replace ISO 9001.

For best results, users are encouraged to edit the checklist and modify the contents to best suit their use cases, as it cannot provide specific guidance on the particular risks and controls applicable to every situation.

Typically, management system auditors will prepare custom checklists that reflect the specific scope, scale, and objectives of the quality management system being audited.

Enter basic details

Before beginning preparations for the audit, enter some basic details using the form fields below.

Audit programme manager information

Audit programme manager first name

Audit programme manager second name

Auditee information

Auditee

Additional auditee information

If this process involves multiple people, you can use the members form field to allow the person running this checklist to select and assign additional individuals.

For example, if management is running this checklist, they may wish to assign the lead internal auditor after completing the basic audit details.

Preparing for the audit:

Establish context of the audit

In order to understand the context of the audit, the audit programme manager should take into account the auditee’s:

1

Business goals and objectives
2

Relevant external and internal issues
3

The needs and expectations of relevant interested parties
4

Information security and confidentiality requirements of the quality management system

Record the context of the audit in the form field below.

Context of the audit

Establish objectives of the audit

The audit programme manager needs to establish objectives of the QMS audit.

Individual audit objectives need to be consistent with the context of the auditee, including the following factors:

1

Extent of the QMS to be audited
2

Capacity of the QMS to help the organization to meet relevant regulatory requirements
3

Effectiveness of the QMS in producing its intended results
4

Opportunities for QMS improvements
5

Suitability of the QMS with respect to overall strategic context and business objectives of the auditee

Audit objectives

Establish scope of the audit

Audit scope should be consistent with the context of the auditee.

Consider the following factors, and define the audit scope in the form field below:

1

Audit location
2

Audit function
3

Audit activities
4

Processes to be audited
5

Audit time-frame

Audit scope

Establish criteria of the audit

For individual audits, criteria should be defined to be used as a reference against which conformity will be determined.

Individual audit criteria might include:

1

Relevant policies
2

Processes and standard operating proceudures
3

Performance objectives and KPIs
4

Statutory and other relevant regulatory requirements
5

Management system requirements (e.g. other ISO standards)
6

Risks and opportunities as determined by the auditee
7

Internal codes of conduct

Record individual audit criteria in the form field below:

Audit criteria

Ensure audit monitoring systems are in place

Audit programme managers should also make sure that tools and systems are in place to ensure adequate monitoring of the audit and all relevant activities.

Relevant activities to be monitored might include any of the following:

1

Timeliness of the audit (whether deadlines and schedules are being met)
2

Performance of the audit team members (including lead auditor)
3

Successful implementation of audit plans
4

Feedback from auditee and other relevant parties
5

Documentation of audit activities

Request documented information from auditee

Request all existing relevant QMS documentation from the auditee. You can use the form field below to quickly and easily request this information

Assign audit roles and responsibilities:

Assign audit team

Audit programme managers should assign audit team members.

When deciding on your audit team, consider the following:

1

Overall competence required by the audit team
2

Audit complexity
3

Combined or joint audit?
4

Audit methods
5

Ability of the audit team to work and interact effectively with the auditee
6

Relevant internal and external issues (e.g. auditee language barriers)
7

Type and complexity of processes to be audited (do they require specialized knowledge?)

Use the members fields below to assign audit team members.

Audit team member #1 full name

Audit team member #2 full name

Audit team member #3 full name

Should you require fewer or more audit team members, edit this template to your requirements.

Assign audit team lead

Audit programme managers should be responsible for assigning the audit team leader.

This should be done well ahead of the scheduled date of the audit, to be sure that planning can take place in a timely manner.

A dynamic due date has been set for this task, for one month before the scheduled start date of the audit.

Use the form fields below to record the details of the lead auditor.

Lead auditor first name

Lead auditor second name

Additional lead auditor details

Reviewing documented information:

Review auditee's documented information

The lead auditor should obtain and review all documentation of the auditee's management system.

This will help to prepare for individual audit activities, and will serve as a high-level overview from which the lead auditor will be able to better identify and understand areas of concern or nonconformity.

Documented information is an umbrella term that could refer to:

Processes (either recorded on paper or with software)
Management system documents and records
Previous audit reports

The above list is by no means exhaustive. The lead auditor should also take into account individual audit scope, objectives, and criteria.

Reference material, such as individual ISO standards, will be useful at this point.

Using the form-fields below, record any issues of nonconformities observed.

Issue(s) with documented information?

(Conditional) Resolve documented information issue(s)

Using the form field below, describe the issue(s) with documented information so far, and the steps taken to resolve the issue(s).

Issue(s) with documented information

How were documented information issue(s) resolved?

Prepare an audit plan

The lead auditor should prepare an audit plan for the individual audit.

This plan should involve the following components and considerations:

1

Roles and responsibilities of each audit team member
2

Risk-based approach to audit planning
3

Scheduling and coordination of audit activities
4

Scope and complexity of the audit
5

Sampling techniques for collecting evidence
6

Opportunities for improvement
7

Risks of inadequate planning
8

Impact of the audit on auditee activities

Audit plan

Assign work to audit team

The lead auditor should assign work to the audit team.

Work to be assigned should be outlined in the audit plan.

You can use Process Street's task assignment feature to assign specific tasks in this checklist to individual members of your audit team.

Initiating the audit:

Make arrangements with the auditee

The lead auditor should make contact with the auditee and ensure the following:

1

Basic introduction and clear outline of lead auditor roles and responsibilities
2

Clarify the methods of communication
3

Permission has been granted to proceed with the audit
4

The auditee understands the audit programme so far
5

Relevant information is accessible to all parties involved with the audit
6

Request access to additional relevant information
7

Determine if there are any additional regulatory requirements that will impact audit activities
8

Confirm information security policies
9

Confirm audit scheduling
10

Location-specific arrangements are made
11

Auditee understands requirements for additional observers/guides etc.
12

Risk areas of note are communicated
13

Outstanding issues are resolved

Any scheduling of audit activities should be made well in advance.

For example, the dates of the opening and closing meetings should be provisionally declared for planning purposes.

Date of opening meeting

Conduct open meeting

An opening meeting between the auditee and all relevant parties should be held.

It's advised that the opening meeting should be led by the lead auditor.

The scheduling for this meeting should have already been determined earlier in the checklist.

During the opening meeting, confirm the following with all relevant parties:

1

Audit programme plans
2

Individual audit scope
3

Individual audit objectives
4

Individual audit criteria
5

Individual audit plans
6

Roles and responsibilities of the audit team
7

That all planned activities can be performed, and proper authorization is acquired
8

Language of the audit
9

Information security protocol
10

Relevant access and arrangements for the audit team
11

Notable on-site activities that could impact audit process

Typically, such an opening meeting will involve the auditee's management, as well as crucial actors or specialists in relation to processes and procedures to be audited.

This meeting is a great opportunity to ask any questions about the audit process and generally clear the air of uncertainties or reservations.

Depending on the size and scope of the audit (and as such the organization being audited) the opening meeting might be as simple as announcing that the audit is starting, with a simple explanation of the nature of the audit.

Familiarity of the auditee with the audit process is also an important factor in determining how extensive the opening meeting should be.

During the opening meeting, the following items should be clearly communicated:

1

Methods for reporting and communicating audit progress
2

Conditions of audit termination
3

Procedures for dealing with audit findings during the audit
4

Procedures for receiving feedback from the auditee in response to findings during the audit

Ensure relevant audit information is accessible

Where, when, and how information is accessible is a crucial factor during the audit.

It's important to make clear where all relevant interested parties can find important audit information.

Make sure important information is readily accessible by recording the location in the form fields of this task.

You may want to consider uploading important information to a secure central repository (URL) that can be easily shared to relevant interested parties.

Audits can store important information both physically and/or virtually.

Location of relevant audit information

Collecting evidence (context of the organization):

Assess the organization and its context

Understanding the context of the organization is necessary when developing a quality management system in order to identify, analyze, and understand the business environment in which the organization conducts its business and realizes its product.

Record information pertaining to the organization and its context in the form fields below.

Internal issues information

External issues information

Relevant interested parties information

Nonconformity with organization and its context?

Record conformities for organization and its context

Record nonconformities for organization and its context

Suggestions for organization and its context

Assess needs and expectations of interested parties

Provide a record of evidence gathered relating to the needs and expectations of interested parties in the form fields below.

Needs and expectations of interested parties information

Nonconformity with needs and expectations of interested parties?

Record conformities for needs and expectations of interested parties

Record nonconformities for needs and expectations of interested parties

Suggestions for needs and expectations of interested parties

Assess scope of QMS

The scope of the QMS is basically a description of the processes, procedures, services, and products that the QMS applies to.

Provide a record of evidence gathered relating to the QMS scope in the form fields below.

QMS scope information

Nonconformity with QMS scope?

Record conformities for QMS scope

Record nonconformities for QMS scope

Suggestions for QMS scope

Collecting evidence (leadership):

Assess leadership of the QMS

Provide a record of evidence gathered relating to the QMS leadership in the form fields below.

QMS leadership information

Nonconformity with QMS leadership?

Record conformities for QMS leadership

Record nonconformities for QMS leadership

Suggestions for QMS leadership

Assess customer focus

Provide a record of evidence gathered relating to the QMS customer focus in the form fields below.

QMS customer focus information

Nonconformity with QMS customer focus?

Record conformities for QMS customer focus

Record nonconformities for QMS customer focus

Suggestions for QMS customer focus

Assess quality policy

Provide a record of evidence gathered relating to the QMS quality policy in the form fields below.

QMS quality policy information

Nonconformity with QMS quality policy?

Record conformities for QMS quality policy

Record nonconformities for QMS quality policy

Suggestions for QMS quality policy

Assess organizational roles and responsibilities

Provide a record of evidence gathered relating to the organizational roles, responsibilities, and authorities of the QMS in the form fields below.

QMS roles and responsibilities information

Nonconformity with QMS roles and responsibilities?

Record conformities for QMS roles and responsibilities

Record nonconformities for QMS roles and responsibilities

Suggestions for QMS roles and responsibilities

Collecting evidence (QMS planning):

Assess documentation of risks and opportunities

Provide a record of evidence gathered relating to the documentation of risks and opportunities in the QMS using the form fields below.

QMS risks information

Procedures for risk mitigation information

QMS opportunities information

Procedures for engaging opportunities information

Nonconformity with documentation of QMS risks and opportunities?

Record conformities for QMS risks and opportunities

Record nonconformities for QMS risks and opportunities

Suggestions for QMS risks and opportunities

Assess quality objectives

Provide a record of evidence gathered relating to the QMS quality objectives in the form fields below.

QMS quality objectives information

Nonconformity with QMS quality objectives?

Record conformities for QMS quality objectives

Record nonconformities for QMS quality objectives

Suggestions for QMS quality objectives

Assess procedures for changes to QMS

Provide a record of evidence gathered relating to the QMS procedures for implementing changes in the form fields below.

Procedures for change information

Nonconformity with procedures for change?

Record conformities for procedures for change

Record nonconformities for procedures for change

Suggestions for procedures for change

Collecting evidence (support):

Assess organization and allocation of QMS resources

Provide a record of evidence gathered relating to the QMS organization and allocation of resources in the form fields below.

Organization and allocation of resources information

Nonconformity for organization and allocation of resources?

Record conformities for organization and allocation of resources

Record nonconformities for organization and allocation of resources

Suggestions for organization and allocation of resources

Assess HR integration with QMS

Provide a record of evidence gathered relating to the integration of HR within the QMS using the form fields below.

HR integration information

Nonconformity with HR integration?

Record conformities for HR integration

Record nonconformities for HR integration

Suggestions for HR integration

Assess QMS infrastructure

Provide a record of evidence gathered relating to the QMS infrastructure in the form fields below.

QMS infrastructure information

Nonconformity with QMS infrastructure?

Record conformities for QMS infrastructure

Record nonconformities for QMS infrastructure

Suggestions for QMS infrastructure

Assess QMS work environment

Provide a record of evidence gathered relating to the QMS work environment in the form fields below.

QMS work environment information

Nonconformity with QMS work environment?

Record conformities for QMS work environment

Record nonconformities for QMS work environment

Suggestions for QMS work environment

Assess systems for monitoring and measurement of resources

Provide a record of evidence gathered relating to the QMS systems for monitoring and measuring resources using the form fields below.

Systems for monitoring and measuring resources information

Nonconformity with systems for monitoring and measuring resources?

Record conformities for systems for monitoring and measuring resources

Record nonconformities for systems for monitoring and measuring resources

Suggestions for monitoring and measuring resources

Assess organizational knowledge of the QMS

Provide a record of evidence gathered relating to the QMS organizational knowledge in the form fields below.

Organizational knowledge of QMS information

Nonconformity with organizational knowledge of QMS informaiton?

Record conformities for organizational knowledge of QMS information

Record nonconformities for organizational knowledge of QMS information

Suggestions for organizational knowledge of QMS information

Assess QMS competence

Provide a record of evidence gathered relating to the QMS competence in the form fields below.

QMS competence information

Nonconformity with QMS competence?

Record conformities for QMS competence

Record nonconformities for QMS competence

Suggestions for QMS competence

Assess QMS awareness

Provide a record of evidence gathered relating to the QMS awareness in the form fields below.

QMS awareness information

Nonconformity with QMS awareness?

Record conformities for QMS awareness

Record nonconformities for QMS awareness

Suggestions for QMS awareness

Assess communication of QMS within the organization

Provide a record of evidence gathered relating to the communication of the QMS within the organization using the form fields below.

Communication of QMS information

Nonconformity with communication of QMS?

Record conformities for communication of QMS

Record nonconformities for communication of QMS

Suggestions for communication of QMS

Assess documented information

Provide a record of evidence gathered relating to the documented information of the QMS in the form fields below.

Documented information notes

Nonconformity with documented information?

Record conformities for documented information

Record nonconformities for documented information

Suggestions for documented information

Collecting evidence (operation):

Assess process control

Provide a record of evidence gathered relating to the QMS process control in the form fields below.

Process control information

Nonconformity with process control?

Record conformities for process control

Record nonconformities for process control

Suggestions for process control

Assess determination of requirements for products and services

Provide a record of evidence gathered relating to the determination of specific requirements for products and services within the QMS in the form fields below.

Determination of requirements for products and services information

Nonconformity with determination of requirements for products and services?

Record conformities for determination of requirements for product and services

Record nonconformities for determination of requirements for product and services

Suggestions for determination of requirements for product and services

Assess design and development of products and services

Provide a record of evidence gathered relating to the development and design of products and services within the QMS in the form fields below.

Design and development of products and services information

Nonconformity with design and development of products and services?

Record conformities for design and development of products and services

Record nonconformities for design and development of products and services

Suggestions for design and development of products and services

Assess design and development inputs

Provide a record of evidence gathered relating to the design and development inputs of the QMS in the form fields below.

Design and development inputs information

Nonconformity with design and development inputs?

Record conformities for design and development inputs

Record nonconformities for design and development inputs

Suggestions for design and development inputs

Assess design and development controls

Provide a record of evidence gathered relating to the design and development controls of the QMS in the form fields below.

Design and development controls information

Nonconformity with design and development controls?

Record conformities for design and development controls

Record nonconformities for design and development controls

Suggestions for design and development controls

Assess design and development outputs

Provide a record of evidence gathered relating to the design and development outputs of the QMS in the form fields below.

Design and development outputs information

Nonconformity with design and development outputs?

Record conformities for design and development outputs

Record nonconformities for design and development outputs

Suggestions for design and development outputs

Assess design and development changes

Provide a record of evidence gathered relating to the design and development changes of the QMS in the form fields below.

Design and development changes information

Nonconformity with design and development changes?

Record conformities for design and development changes

Record nonconformities for design and development changes

Suggestions for design and development changes

Assess control of externally provided products and services

Provide a record of evidence gathered relating to externally provided products and services within the QMS using the form fields below.

Control of externally provided products and services information

Nonconformity with control of externally provided products and services?

Record conformities for control of externally provided products and services

Record nonconformities for control of externally provided products and services

Suggestions for control of externally provided products and services

Assess type and extent of control

Provide a record of evidence gathered relating to type and extent of control in the QMS using the form fields below.

Type and extent of control information

Nonconformity with type and extent of control?

Record conformities for type and extent of control

Record nonconformities for type and extent of control

Suggestions for type and extent of control

Assess information for external providers

Provide a record of evidence gathered relating to the information for external providers of the QMS using the form fields below.

Information for external providers information

Nonconformity with information for external providers?

Record conformities for information for external providers

Record nonconformities for information for external providers

Suggestions for information for external providers

Assess control of production and service provision

Provide a record of evidence gathered relating to the control of production and services provision of the QMS using the form fields below.

Control of production and service provision information

Nonconformity with control of production and service provision?

Record conformities for control of production and service provision

Record nonconformities for control of production and service provision

Suggestions for control of production and service provision

Assess identification and traceability of production control

Provide a record of evidence gathered relating to the identification and traceability of production control of the QMS using the form fields below.

Identification and traceability of production control information

Nonconformity with identification and traceability of production control?

Record conformities for identification and traceability of production control

Record nonconformities for identification and traceability of production control

Suggestions for identification and traceability of production control

Assess control of external provider/customer property

Provide a record of evidence gathered relating to the control of external provider (or customer) property in the QMS using the form fields below.

Control of external provider/customer property information

Nonconformity with control of external provider/customer property?

Record conformities for control of external provider/customer property

Record nonconformities for control of external provider/customer property

Suggestions for control of external provider/customer property

Assess preservation procedures

Provide a record of evidence gathered relating to the preservation procedures documented and implemented by the QMS using the form fields below.

Preservation procedures information

Nonconformity with preservation procedures?

Record conformities for preservation procedures

Record nonconformities for preservation procedures

Suggestions for preservation procedures

Assess post-delivery activities

Provide a record of evidence gathered relating to the post-delivery activities documented and implemented by the QMS using the form fields below.

Post-delivery activities information

Nonconformity with post-delivery activities?

Record conformities for post-delivery activities

Record nonconformities for post-delivery activities

Suggestions for post-delivery activities

Assess control of changes

Provide a record of evidence gathered relating to the documentation and implementation of control of changes in the QMS using the form fields below.

Control of changes information

Nonconformity with control of changes?

Record conformities for control of changes

Record nonconformities for control of changes

Suggestions for control of changes

Assess release of products and services

Provide a record of evidence gathered relating to the documentation and implementation of release of products and services in the QMS using the form fields below.

Release of products and services information

Nonconformity with release of products and services?

Record conformities for release of products and services

Record nonconformities for release of products and services

Suggestions for release of products and services

Assess control of nonconforming outputs

Provide a record of evidence gathered relating to the documentation and implementation of control of nonconforming outputs in the QMS using the form fields below.

Control of nonconforming outputs information

Nonconformity with control of nonconforming outputs?

Record conformities for control of nonconforming outputs

Record nonconformities for control of nonconforming outputs

Suggestions for control of nonconforming outputs

Collecting evidence (performance evaluation):

Assess QMS performance evaluation

Provide a record of evidence gathered relating to the documentation and implementation of performance evaluation in the QMS using the form fields below.

QMS performance evaluation information

Nonconformity with QMS performance evaluation?

Record conformities for QMS performance evaluation

Record nonconformities for QMS performance evaluation

Suggestions for QMS performance evaluation

Assess customer satisfaction

Provide a record of evidence gathered relating to the documentation and implementation of customer satisfaction in the QMS using the form fields below.

Customer satisfaction information

Nonconformity with customer satisfaction?

Record conformities for customer satisfaction

Record nonconformities for customer satisfaction

Suggestions for customer satisfaction

Assess performance analysis and evaluation procedures

Provide a record of evidence gathered relating to the documentation and implementation of performance analysis and evaluation procedures in the QMS using the form fields below.

Performance analysis and evaluation procedures information

Nonconformity with performance analysis and evaluation of procedures?

Record conformities for performance analysis and evaluation of procedures

Record nonconformities for performance analysis and evaluation of procedures

Suggestions for performance analysis and evaluation of procedures

Assess internal audit procedures

Provide a record of evidence gathered relating to the documentation and implementation of internal audit procedures in the QMS using the form fields below.

Internal audit procedures information

Nonconformity with internal audit procedures?

Record conformities for internal audit procedures

Record nonconformities for internal audit procedures

Suggestions for internal audit procedures

Assess management review procedures

Provide a record of evidence gathered relating to the documentation and implementation of management review procedures in the QMS using the form fields below.

Management review procedures information

Nonconformity with management review procedures?

Record conformities for management review procedures

Record nonconformities for management review procedures

Suggestions for management review procedures

Collecting evidence (improvement):

Assess procedures for nonconformity and corrective action

Provide a record of evidence gathered relating to the documentation and implementation of procedures for nonconformity and corrective action in the QMS using the form fields below.

Procedures for nonconformity and corrective action information

Nonconformity with procedures for nonconformity and corrective action?

Record conformities for procedures for nonconformity and corrective action

Record nonconformities for procedures for nonconformity and corrective action

Suggestions for procedures for nonconformity and corrective action

Assess procedures for continuous improvement

Provide a record of evidence gathered relating to the documentation and implementation of procedures for continuous improvement in the QMS using the form fields below.

Procedures for continuous improvement information

Nonconformity with procedures for continuous improvement?

Record conformities for continuous improvement procedures

Record nonconformities for continuous improvement procedures

Suggestions for continuous improvement procedures

Audit findings:

Review audit evidence and findings

So far, you'll have made records of the auditee's documentation and implementation of QMS policies and procedures using the form fields in the completed tasks so far (audit evidence).

You should also have made notes on both conformities and nonconformities alongside relevant suggestions for corrective action or opportunities for improvement (audit findings).

Below is an overview of the audit so far.

Context of the organization

Organization and its context

Internal issues: {{form.Internal_issues_information}}

External issues: {{form.External_issues_information}}

Relevant interested parties: {{form.Relevant_interested_parties_information}}

Any nonconformities?: {{form.Nonconformity_with_organization_and_its_context?}}

Recorded conformities: {{form.Record_conformities_for_organization_and_its_context}}

Recorded nonconformities: {{form.Record_nonconformities_for_organization_and_its_context_2}}

Suggestions: {{form.Suggestions_for_organization_and_its_context}}

Needs and expectations of interested parties

Information: {{form.Needs_and_expectations_of_interested_parties_information}}

Any nonconformities?: {{form.Nonconformity_with_needs_and_expectations_of_interested_parties?}}

Recorded conformities: {{form.Record_conformities_for_needs_and_expectations_of_interested_parties}}

Recorded nonconformities: {{form.Record_nonconformities_for_needs_and_expectations_of_interested_parties_2}}

Suggestions: {{form.Suggestions_for_needs_and_expectations_of_interested_parties}}

QMS scope

Information: {{form.QMS_scope_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_scope?}}

Recorded conformities: {{form.Record_conformities_for_QMS_scope}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_scope_2}}

Suggestions: {{form.Suggestions_for_QMS_scope}}

Leadership

QMS leadership

Information: {{form.QMS_leadership_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_leadership?}}

Recorded conformities: {{form.Record_conformities_for_QMS_leadership}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_leadership_2}}

Suggestions: {{form.Suggestions_for_QMS_leadership}}

Customer focus

Information: {{form.QMS_customer_focus_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_customer_focus?}}

Recorded conformities: {{form.Record_conformities_for_QMS_customer_focus}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_customer_focus_2}}

Suggestions: {{form.Suggestions_for_QMS_customer_focus}}

Quality policy

Information: {{form.QMS_quality_policy_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_quality_policy?}}

Recorded conformities: {{form.Record_conformities_for_QMS_quality_policy}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_quality_policy_2}}

Suggestions: {{form.Suggestions_for_QMS_quality_policy}}

Organizational roles and responsibilities

Information: {{form.QMS_roles_and_responsibilities_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_roles_and_responsibilities?}}

Recorded conformities: {{form.Record_conformities_for_QMS_roles_and_responsibilities}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_roles_and_responsibilities_2}}

Suggestions: {{form.Suggestions_for_QMS_roles_and_responsibilities}}

QMS planning

Documentation of risks and opportunities

Risks information: {{form.QMS_risks_information}}

Procedures for risk mitigation information: {{form.Procedures_for_risk_mitigation_information}}

Opportunities information: {{form.QMS_opportunities_information}}

Procedures for engaging opportunities information: {{form.Procedures_for_engaging_opportunities_information}}

Any nonconformities?: {{form.Nonconformity_with_documentation_of_QMS_risks_and_opportunities?}}

Recorded conformities: {{form.Record_conformities_for_QMS_risks_and_opportunities}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_risks_and_opportunities_2}}

Suggestions: {{form.Suggestions_for_QMS_risks_and_opportunities}}

Quality objectives

Information: {{form.QMS_quality_objectives_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_quality_objectives?}}

Recorded conformities: {{form.Record_conformities_for_QMS_quality_objectives}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_quality_objectives}}

Suggestions: {{form.Suggestions_for_QMS_quality_objectives}}

Procedures for change to QMS

Information: {{form.Procedures_for_change_information}}

Any nonconformities?: {{form.Nonconformity_with_procedures_for_change?}}

Recorded conformities: {{form.Record_conformities_for_procedures_for_change}}

Recorded nonconformities: {{form.Record_nonconformities_for_procedures_for_change_2}}

Suggestions: {{form.Suggestions_for_procedures_for_change}}

Support

Organization and allocation of QMS resources

Information: {{form.Organization_and_allocation_of_resources_information}}

Any nonconformities?: {{form.Nonconformity_for_organization_and_allocation_of_resources?}}

Recorded conformities: {{form.Record_conformities_for_organization_and_allocation_of_resources}}

Recorded nonconformities: {{form.Record_nonconformities_for_organization_and_allocation_of_resources_2}}

Suggestions: {{form.Suggestions_for_organization_and_allocation_of_resources}}

HR integration

Information: {{form.HR_integration_information}}

Any nonconformities?: {{form.Nonconformity_with_HR_integration?}}

Recorded conformities: {{form.Record_conformities_for_HR_integration}}

Recorded nonconformities: {{form.Record_nonconformities_for_HR_integration_2}}

Suggestions: {{form.Suggestions_for_HR_integration}}

QMS infrastructure

Information: {{form.QMS_infrastructure_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_infrastructure?}}

Recorded conformities: {{form.Record_conformities_for_QMS_infrastructure}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_infrastructure_2}}

Suggestions: {{form.Suggestions_for_QMS_infrastructure}}

QMS work environment

Information: {{form.QMS_work_environment_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_work_environment?}}

Recorded conformities: {{form.Record_conformities_for_QMS_work_environment}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_work_environment_2}}

Suggestions: {{form.Suggestions_for_QMS_work_environment}}

Systems for monitoring and measurement of resources

Information: {{form.Systems_for_monitoring_and_measuring_resources_information}}

Any nonconformities?: {{form.Nonconformity_with_systems_for_monitoring_and_measuring_resources?}}

Recorded conformities: {{form.Record_conformities_for_systems_for_monitoring_and_measuring_resources}}

Recorded nonconformities: {{form.Record_nonconformities_for_systems_for_monitoring_and_measuring_resources_2}}

Suggestions: {{form.Suggestions_for_monitoring_and_measuring_resources}}

Organizational knowledge of the QMS

Information: {{form.Organizational_knowledge_of_QMS_information}}

Any nonconformities?: {{form.Nonconformity_with_organizational_knowledge_of_QMS_informaiton?}}

Recorded conformities: {{form.Record_conformities_for_organizational_knowledge_of_QMS_information}}

Recorded nonconformities: {{form.Record_nonconformities_for_organizational_knowledge_of_QMS_information_2}}

Suggestions: {{form.Suggestions_for_organizational_knowledge_of_QMS_information}}

QMS competence

Information: {{form.QMS_competence_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_competence?}}

Recorded conformities: {{form.Record_conformities_for_QMS_competence}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_competence_2}}

Suggestions: {{form.Suggestions_for_QMS_competence}}

QMS awareness

Information: {{form.QMS_awareness_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_awareness?}}

Recorded conformities: {{form.Record_conformities_for_QMS_awareness}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_awareness_2}}

Suggestions: {{form.Suggestions_for_QMS_awareness}}

Communication of QMS within the organization

Information: {{form.Communication_of_QMS_information}}

Any nonconformities?: {{form.Nonconformity_with_communication_of_QMS?}}

Recorded conformities: {{form.Record_conformities_for_communication_of_QMS}}

Recorded nonconformities: {{form.Record_nonconformities_for_communication_of_QMS_2}}

Suggestions: {{form.Suggestions_for_communication_of_QMS}}

Documented information

Information: {{form.Documented_information_notes}}

Any nonconformities?: {{form.Nonconformity_with_documented_information?}}

Recorded conformities: {{form.Record_conformities_for_documented_information}}

Recorded nonconformities: {{form.Record_nonconformities_for_documented_information_2}}

Suggestions: {{form.Suggestions_for_documented_information}}

Operation

Process control

Information: {{form.Process_control_information}}

Any nonconformities?: {{form.Nonconformity_with_process_control?}}

Recorded conformities: {{form.Record_conformities_for_process_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_process_control_2}}

Suggestions: {{form.Suggestions_for_process_control}}

Determination of requirements for products and services

Information: {{form.Determination_of_requirements_for_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_determination_of_requirements_for_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_determination_of_requirements_for_product_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_determination_of_requirements_for_product_and_services_2}}

Suggestions: {{form.Suggestions_for_determination_of_requirements_for_product_and_services}}

Design and development of products and services

Information: {{form.Design_and_development_of_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_of_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_of_products_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_of_products_and_services_2}}

Suggestions: {{form.Suggestions_for_design_and_development_of_products_and_services}}

Design and development inputs

Information: {{form.Design_and_development_inputs_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_inputs?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_inputs}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_inputs_2}}

Suggestions: {{form.Suggestions_for_design_and_development_inputs}}

Design and development controls

Information: {{form.Design_and_development_controls_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_controls?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_controls}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_controls_2}}

Suggestions: {{form.Suggestions_for_design_and_development_controls}}

Design and development outputs

Information: {{form.Design_and_development_outputs_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_outputs?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_outputs}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_outputs_2}}

Suggestions: {{form.Suggestions_for_design_and_development_outputs}}

Design and development changes

Information: {{form.Design_and_development_changes_information}}

Any nonconformities?: {{form.Nonconformity_with_design_and_development_changes?}}

Recorded conformities: {{form.Record_conformities_for_design_and_development_changes}}

Recorded nonconformities: {{form.Record_nonconformities_for_design_and_development_changes_2}}

Suggestions: {{form.Suggestions_for_design_and_development_changes}}

Control of externally provided products and services

Information: {{form.Control_of_externally_provided_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_externally_provided_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_control_of_externally_provided_products_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_externally_provided_products_and_services_2}}

Suggestions: {{form.Suggestions_for_control_of_externally_provided_products_and_services}}

Type and extent of control

Information: {{form.Type_and_extent_of_control_information}}

Any nonconformities?: {{form.Nonconformity_with_type_and_extent_of_control?}}

Recorded conformities: {{form.Record_conformities_for_type_and_extent_of_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_type_and_extent_of_control_2}}

Suggestions: {{form.Suggestions_for_type_and_extent_of_control}}

Information for external providers

Information: {{form.Information_for_external_providers_information}}

Any nonconformities?: {{form.Nonconformity_with_information_for_external_providers?}}

Recorded conformities: {{form.Record_conformities_for_information_for_external_providers}}

Recorded nonconformities: {{form.Record_nonconformities_for_information_for_external_providers_2}}

Suggestions: {{form.Suggestions_for_information_for_external_providers}}

Control of production and service provision

Information: {{form.Control_of_production_and_service_provision_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_production_and_service_provision?}}

Recorded conformities: {{form.Record_conformities_for_control_of_production_and_service_provision}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_production_and_service_provision_2}}

Suggestions: {{form.Suggestions_for_control_of_production_and_service_provision}}

Type and extent of control

Information: {{form.Type_and_extent_of_control_information}}

Any nonconformities?: {{form.Nonconformity_with_type_and_extent_of_control?}}

Recorded conformities: {{form.Record_conformities_for_type_and_extent_of_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_type_and_extent_of_control_2}}

Suggestions: {{form.Suggestions_for_type_and_extent_of_control}}

Information for external providers

Information: {{form.Information_for_external_providers_information}}

Any nonconformities?: {{form.Nonconformity_with_information_for_external_providers?}}

Recorded conformities: {{form.Record_conformities_for_information_for_external_providers}}

Recorded nonconformities: {{form.Record_nonconformities_for_information_for_external_providers_2}}

Suggestions: {{form.Suggestions_for_information_for_external_providers}}

Control of production and service provision

Information: {{form.Control_of_production_and_service_provision_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_production_and_service_provision?}}

Recorded conformities: {{form.Record_conformities_for_control_of_production_and_service_provision}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_production_and_service_provision_2}}

Suggestions: {{form.Suggestions_for_control_of_production_and_service_provision}}

Identification and traceability of production control

Information: {{form.Identification_and_traceability_of_production_control_information}}

Any nonconformities?: {{form.Nonconformity_with_identification_and_traceability_of_production_control?}}

Recorded conformities: {{form.Record_conformities_for_identification_and_traceability_of_production_control}}

Recorded nonconformities: {{form.Record_nonconformities_for_identification_and_traceability_of_production_control_2}}

Suggestions: {{form.Suggestions_for_identification_and_traceability_of_production_control}}

Control of external provider/customer property

Information: {{form.Control_of_external_provider/customer_property_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_external_provider/customer_property?}}

Recorded conformities: {{form.Record_conformities_for_control_of_external_provider/customer_property}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_external_provider/customer_property_2}}

Suggestions: {{form.Suggestions_for_control_of_external_provider/customer_property}}

Preservation procedures

Information: {{form.Preservation_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_preservation_procedures?}}

Recorded conformities: {{form.Record_conformities_for_preservation_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_preservation_procedures_2}}

Suggestions: {{form.Suggestions_for_preservation_procedures}}

Post-delivery activities

Information: {{form.Post-delivery_activities_information}}

Any nonconformities?: {{form.Nonconformity_with_post-delivery_activities?}}

Recorded conformities: {{form.Record_conformities_for_post-delivery_activities}}

Recorded nonconformities: {{form.Record_nonconformities_for_post-delivery_activities_2}}

Suggestions: {{form.Suggestions_for_post-delivery_activities}}

Control of changes

Information: {{form.Control_of_changes_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_changes?}}

Recorded conformities: {{form.Record_conformities_for_control_of_changes}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_changes_2}}

Suggestions: {{form.Suggestions_for_control_of_changes}}

Release of products and services

Information: {{form.Release_of_products_and_services_information}}

Any nonconformities?: {{form.Nonconformity_with_release_of_products_and_services?}}

Recorded conformities: {{form.Record_conformities_for_release_of_products_and_services}}

Recorded nonconformities: {{form.Record_nonconformities_for_release_of_products_and_services_2}}

Suggestions: {{form.Suggestions_for_release_of_products_and_services}}

Control of nonconforming outputs

Information: {{form.Control_of_nonconforming_outputs_information}}

Any nonconformities?: {{form.Nonconformity_with_control_of_nonconforming_outputs?}}

Recorded conformities: {{form.Record_conformities_for_control_of_nonconforming_outputs}}

Recorded nonconformities: {{form.Record_nonconformities_for_control_of_nonconforming_outputs_2}}

Suggestions: {{form.Suggestions_for_control_of_nonconforming_outputs}}

Performance evaluation

QMS performance evaluation

Information: {{form.QMS_performance_evaluation_information}}

Any nonconformities?: {{form.Nonconformity_with_QMS_performance_evaluation?}}

Recorded conformities: {{form.Record_conformities_for_QMS_performance_evaluation}}

Recorded nonconformities: {{form.Record_nonconformities_for_QMS_performance_evaluation_2}}

Suggestions: {{form.Suggestions_for_QMS_performance_evaluation}}

Customer satisfaction

Information: {{form.Customer_satisfaction_information}}

Any nonconformities?: {{form.Nonconformity_with_customer_satisfaction?}}

Recorded conformities: {{form.Record_conformities_for_customer_satisfaction}}

Recorded nonconformities: {{form.Record_nonconformities_for_customer_satisfaction_2}}

Suggestions: {{form.Suggestions_for_customer_satisfaction}}

Performance analysis and evaluation procedures

Information: {{form.Performance_analysis_and_evaluation_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_performance_analysis_and_evaluation_of_procedures?}}

Recorded conformities: {{form.Record_conformities_for_performance_analysis_and_evaluation_of_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_performance_analysis_and_evaluation_of_procedures_2}}

Suggestions: {{form.Suggestions_for_performance_analysis_and_evaluation_of_procedures}}

Internal audit procedures

Information: {{form.Internal_audit_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_internal_audit_procedures?}}

Recorded conformities: {{form.Record_conformities_for_internal_audit_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_internal_audit_procedures_2}}

Suggestions: {{form.Suggestions_for_internal_audit_procedures}}

Management review procedures

Information: {{form.Management_review_procedures_information}}

Any nonconformities?: {{form.Nonconformity_with_management_review_procedures?}}

Recorded conformities: {{form.Record_conformities_for_management_review_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_management_review_procedures_2}}

Suggestions: {{form.Suggestions_for_management_review_procedures}}

Improvement

Procedures for nonconformity and corrective action

Information: {{form.Procedures_for_nonconformity_and_corrective_action_information}}

Any nonconformities?: {{form.Nonconformity_with_procedures_for_nonconformity_and_corrective_action?}}

Recorded conformities: {{form.Record_conformities_for_procedures_for_nonconformity_and_corrective_action}}

Recorded nonconformities: {{form.Record_nonconformities_for_procedures_for_nonconformity_and_corrective_action_2}}

Suggestions: {{form.Suggestions_for_procedures_for_nonconformity_and_corrective_action}}

Procedures for continuous improvement

Information: {{form.Procedures_for_continuous_improvement_information}}

Any nonconformities?: {{form.Nonconformity_with_procedures_for_continuous_improvement?}}

Recorded conformities: {{form.Record_conformities_for_continuous_improvement_procedures}}

Recorded nonconformities: {{form.Record_nonconformities_for_continuous_improvement_procedures_2}}

Suggestions: {{form.Suggestions_for_continuous_improvement_procedures}}

Additional recommendations

Unresolved issues

Closing the audit:

Prepare audit report

Audit reports should be issued within 24 hours of the audit to ensure the auditee is given opportunity to take corrective action in a timely, thorough fashion

If the report is issued several weeks after the audit, it will typically be lumped onto the "to-do" pile, and much of the momentum of the audit, including discussions of findings and feedback from the auditor, will have faded.

The lead auditor should prepare the audit report.

This task has been assigned a dynamic due date set to 24 hours after the audit evidence has been evaluated against criteria.

The audit report is the final record of the audit; the high-level document that clearly outlines a complete, concise, clear record of everything of note that happened during the audit.

Use the sub-checklist below to check off important items included within the audit report:

1

Audit programme objectives
2

Individual audit objectives
3

Individual audit scope
4

Individual audit criteria
5

An overview of the auditee & their context
6

Roles and responsibilities of the audit team
7

Key dates and locations of the audit
8

Complete audit findings and corresponding evidence
9

Audit conclusions
10

Assessment of audit criteria
11

Unresolved conflicts of opinion between audit team and auditee

Use the form field below to upload the completed audit report.

Complete audit report

Need for follow-up action?

Issue audit report

As stressed in the previous task, that the audit report is distributed in a timely manner is one of the most important aspects of the entire audit process.

Use the email widget below to quickly and easily distribute the audit report to all relevant interested parties.

By default, the widget will send the report to:

The auditee main point of contact (Auditee main point of contact)
The audit programme manager (Audit programme manager email
The lead auditor (Lead auditor email)

Should you want to distribute the report to additional interested parties, simply add their email addresses to the email widget below:

(Conditional) Prepare for audit follow-up

Depending on the outcome of the audit, there may be a need for follow-up action.

Follow-up action might include:

Corrective action in response to nonconformities
Opportunities for improvement
Actions to address risks and opportunities

A time-frame should be agreed upon between the audit team and auditee within which to carry out follow-up action.

As part of the follow-up actions, the auditee will be responsible for keeping the audit team informed of any relevant activities undertaken within the agreed time-frame. The completion and effectiveness of these actions will need to be verified - this may be part of a subsequent audit.

In any case, recommendations for follow-up action should be prepared ahead of the closing meetingand shared accordingly with relevant interested parties.

Use the form fields below to record follow-up action suggestions.

Follow-up actions

Prepare for closing meeting

Before the closing meeting, the audit team should make adequate preparations.

Make sure the following items are resolved ahead of the closing meeting:

1

All audit findings are reviewed against audit objectives
2

Audit conclusions are agreed upon
3

Recommendations are prepared, if necessary
4

Follow-up action has been discussed and agreed upon

Date of closing meeting

Conduct closing meeting

Just like the opening meeting, it's a great idea to conduct a closing meeting to orient everyone with the proceedings and outcome of the audit, and provide a firm resolution to the whole process.

The main point of the closing meeting should be to present audit findings and conclusions.

Lead auditors should be responsible for presenting audit findings and conclusions.

You can use the sub-checklist below as a kind of attendance sheet to make sure all relevant interested parties are in attendance at the closing meeting:

1

Auditee management
2

Audit programme manager
3

Individuals responsible for the processes and procedures being audited
4

The audit client
5

All members of the audit team
6

Other relevant interested parties, as determined by the auditee/audit programme

Once attendance has been taken, the lead auditor should go over the complete audit report, with special attention placed on:

1

If applicable, first addressing any special occurrences or situations that might have impacted the reliability of audit conclusions
2

Making sure all present are familiar with or have access to the complete audit report
3

Making sure the auditee is familiar with the audit process
4

Confirming the time-frame for audit follow-up actions
5

Diverging opinions / disagreements in relation to audit findings between any relevant interested parties
6

Opportunities for improvement

Depending on the situation and context of the audit, formality of the closing meeting can vary.

For more formal audits, minutes and records of attendance can be kept.

For more informal (e.g. internal) audits, it can be sufficient to simply communicate audit findings and audit conclusions.

In any case, during the course of the closing meeting, the following should be clearly communicated to the auditee:

1

That audit evidence is based on sample information, and therefore cannot be fully representative of the overall effectiveness of the processes being audited
2

The specific methods of audit reporting used
3

Complete audit findings and conclusions
4

Advice for how to proceed in light of audit findings
5

Consequences if audit findings are not addressed
6

Recommendations for post-audit follow-up activities
7

The fact that recommendations are not binding

Complete the audit

The audit is to be considered formally complete when all planned activities and tasks have been completed, and any recommendations or future actions have been agreed upon with the audit client.

All information documented during the course of the audit should be retained or disposed of, depending on:

The nature of the information (sensitive, proprietary, etc.)
Requirements for particular management system standards
Any other agreements between relevant interested parties

It should be assumed that any information collected during the audit should not be disclosed to external parties without written approval of the auditee/audit client.

However, it may sometimes be a legal requirement that certain information be disclosed. Should that be the case, the auditee/audit client must be informed as soon as possible.